Skip to content

Bump the composer group across 2 directories with 5 updates#6

Merged
pixelated-au merged 1 commit intomainfrom
dependabot/composer/composer-d1a1faaf2b
Feb 11, 2026
Merged

Bump the composer group across 2 directories with 5 updates#6
pixelated-au merged 1 commit intomainfrom
dependabot/composer/composer-d1a1faaf2b

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 11, 2026

Bumps the composer group with 3 updates in the / directory: composer/composer, laravel/framework and psy/psysh.
Bumps the composer group with 2 updates in the /workbench directory: composer/composer and psy/psysh.

Updates composer/composer from 2.8.6 to 2.9.3

Release notes

Sourced from composer/composer's releases.

2.9.3

  • Security: Fixed ANSI sequence injection (GHSA-59pp-r3rg-353g / CVE-2025-67746)
  • Fixed COMPOSER_NO_SECURITY_BLOCKING env var not being respected for updates done via the install command, and added --no-security-blocking flag to install as well (#12677)
  • Fixed update --lock / update mirrors not working when locked packages contain vulnerabilities (#12645)
  • Fixed client-certificate authentication implementation (#12667)
  • Fixed php-ext schema not being validated in ValidatingArrayLoader (#12694)
  • Fixed crash when --bump-after-update is used and the lock file is disabled (#12660)
  • Fixed support for SecureTransport + LibreSSL on macOS (#12615)
  • Fixed display of reasons for why advisories are ignored (#12668)
  • Fixed compatibility issues when git has log.showSignature enabled (#12666)
  • Fixed curl downloader not retrying when a timeout (err 28) failure occurs (#12662)
  • Fixed EventDispatcher requiring a full Composer instance to function (#12629)

Full Changelog: composer/composer@2.9.2...2.9.3

2.9.2

  • Added new --no-security-blocking flag to disable/configure security blocking (#12617)
  • Added a way to set audit > ignore to act only on audits or only on security blocking (#12618, #12612)
  • Fixed config command not being able to set the new audit settings (#12609)
  • Fixed handling audit.ignore to support CVE ids while doing security blocking, but advisory IDs are still preferred for performance reasons (#12624)
  • Fixed partial updates failing when another package in the lock file has a known security advisory (#12626)

Full Changelog: composer/composer@2.9.1...2.9.2

2.9.1

  • Fixed regression in phpunit binary proxies (#12601)
  • Fixed script handler autoloading issues (#12606)
  • Fixed null call of Command::setDescription in some cases (#12605)
  • Fixed --prefer-lowest builds sometimes failing due to the filtering of versions with known vulnerabilities (#12603)

Full Changelog: composer/composer@2.9.0...2.9.1

2.9.0

Read the Composer 2.9 Release Announcement for more details on the release highlights.

Full Changelog

  • Bumped composer-plugin-api to 2.9.0
  • Added automatic blocking of packages with security advisories from updates (#11956)
  • Added audit > block-insecure config setting to control blocking of updates to package versions with known security advisories (defaults to true) (#11956)
  • Added audit > block-abandoned config setting to control blocking of updates to abandoned packages (defaults to false) (#11956)
  • Added audit > ignore-abandoned config setting to ignore some packages (#12572)
  • Added --ignore-unreachable flag to audit command to allow running audit in environments that do not have access to some repos (#12470)
  • Added repository command to add, remove, or update repositories more easily (#12388)
  • Updated repositories structure to contain a name attribute and being stored preferably as list instead of object (#12388)
  • Added support for --minimal-changes full updates where only packages that need changing to satisfy modified constraints are updated (#12349)
  • Added update-with-minimal-changes config setting (and COMPOSER_MINIMAL_CHANGES env var) to default to minimal changes (#12545)
  • Added support for forgejo / codeberg.org repositories (#12307)
  • Added automatic recovery of simple lock file conflicts when running update with a file that has a content-hash conflict (#11517)
  • Added support for HTTP/3 if libcurl supports it (#12363)

... (truncated)

Changelog

Sourced from composer/composer's changelog.

[2.9.3] 2025-12-30

  • Security: Fixed ANSI sequence injection (GHSA-59pp-r3rg-353g / CVE-2025-67746)
  • Fixed COMPOSER_NO_SECURITY_BLOCKING env var not being respected for updates done via the install command, and added --no-security-blocking flag to install as well (#12677)
  • Fixed update --lock / update mirrors not working when locked packages contain vulnerabilities (#12645)
  • Fixed client-certificate authentication implementation (#12667)
  • Fixed php-ext schema not being validated in ValidatingArrayLoader (#12694)
  • Fixed crash when --bump-after-update is used and the lock file is disabled (#12660)
  • Fixed support for SecureTransport + LibreSSL on macOS (#12615)
  • Fixed display of reasons for why advisories are ignored (#12668)
  • Fixed compatibility issues when git has log.showSignature enabled (#12666)
  • Fixed curl downloader not retrying when a timeout (err 28) failure occurs (#12662)
  • Fixed EventDispatcher requiring a full Composer instance to function (#12629)

[2.9.2] 2025-11-19

  • Added new --no-security-blocking flag to disable/configure security blocking (#12617)
  • Added a way to set audit > ignore to act only on audits or only on security blocking (#12618, #12612)
  • Fixed config command not being able to set the new audit settings (#12609)
  • Fixed handling audit.ignore to support CVE ids while doing security blocking, but advisory IDs are still preferred for performance reasons (#12624)
  • Fixed partial updates failing when another package in the lock file has a known security advisory (#12626)

[2.9.1] 2025-11-13

  • Fixed regression in phpunit binary proxies (#12601)
  • Fixed script handler autoloading issues (#12606)
  • Fixed null call of Command::setDescription in some cases (#12605)
  • Fixed --prefer-lowest builds sometimes failing due to the filtering of versions with known vulnerabilities (#12603)

[2.9.0] 2025-11-13

  • Fixed a couple minor issues with --bump-after-update (#12598)
  • Various docs fixes

[2.9.0-RC1] 2025-11-07

  • Bumped composer-plugin-api to 2.9.0
  • Added automatic blocking of packages with security advisories from updates (#11956)
  • Added audit > block-insecure config setting to control blocking of updates to package versions with known security advisories (defaults to true) (#11956)
  • Added audit > block-abandoned config setting to control blocking of updates to abandoned packages (defaults to false) (#11956)
  • Added audit > ignore-abandoned config setting to ignore some packages (#12572)
  • Added --ignore-unreachable flag to audit command to allow running audit in environments that do not have access to some repos (#12470)
  • Added repository command to add, remove, or update repositories more easily (#12388)
  • Updated repositories structure to contain a name attribute and being stored preferably as list instead of object (#12388)
  • Added support for --minimal-changes full updates where only packages that need changing to satisfy modified constraints are updated (#12349)
  • Added update-with-minimal-changes config setting (and COMPOSER_MINIMAL_CHANGES env var) to default to minimal changes (#12545)
  • Added support for forgejo / codeberg.org repositories (#12307)
  • Added automatic recovery of simple lock file conflicts when running update with a file that has a content-hash conflict (#11517)
  • Added support for HTTP/3 if libcurl supports it (#12363)
  • Added support for custom header authentication (#12372)

... (truncated)

Commits

Updates laravel/framework from 11.44.0 to 11.48.0

Release notes

Sourced from laravel/framework's releases.

v11.47.0

v11.46.2

v11.46.1

v11.46.0

No release notes provided.

v11.45.3

v11.45.2

v11.45.1

v11.45.0

v11.44.7

No release notes provided.

... (truncated)

Commits

Updates league/commonmark from 2.6.1 to 2.8.0

Release notes

Sourced from league/commonmark's releases.

2.8.0

What's Changed

Added

  • Added a new HighlightExtension for marking important text using == syntax (#1100)

Fixed

  • Fixed AutolinkExtension incorrectly matching URLs after invalid www. prefix (#1095, #1103)

New Contributors

Full Changelog: thephpleague/commonmark@2.7.1...2.8.0

2.7.1

Notable Changes

Changed

  • Optimized several regular expressions in RegexHelper to improve performance (#674, #1086)

Fixed

  • EmbedProcessor no longer calls updateEmbeds() when there are no embeds to update (#1081)
  • Fixed missing benchmark.php CSV path validation for non-existent files (#1068, #1085)

New Contributors

Full Changelog: thephpleague/commonmark@2.7.0...2.7.1

2.7.0

This is a security release to address a potential cross-site scripting (XSS) vulnerability when using the AttributesExtension with untrusted user input.

Added

  • Added attributes/allow config option to specify which attributes users are allowed to set on elements (default allows virtually all attributes)

Changed

  • The AttributesExtension blocks all attributes starting with on unless explicitly allowed via the attributes/allow config option
  • The allow_unsafe_links option is now respected by the AttributesExtension when users specify href and src attributes

2.6.2

Fixed

  • Fixed Attributes extension parsing regression (#1071)

Other Changes

... (truncated)

Changelog

Sourced from league/commonmark's changelog.

[2.8.0] - 2025-11-26

Added

  • Added a new HighlightExtension for marking important text using == syntax (#1100)

Fixed

  • Fixed AutolinkExtension incorrectly matching URLs after invalid www. prefix (#1095, #1103)

[2.7.1] - 2025-07-20

Changed

  • Optimized several regular expressions in RegexHelper to improve performance (#674, #1086)

Fixed

  • EmbedProcessor no longer calls updateEmbeds() when there are no embeds to update (#1081)
  • Fixed missing benchmark.php CSV path validation for non-existent files (#1068, #1085)

[2.7.0] - 2025-05-05

This is a security release to address a potential cross-site scripting (XSS) vulnerability when using the AttributesExtension with untrusted user input.

Added

  • Added attributes/allow config option to specify which attributes users are allowed to set on elements (default allows virtually all attributes)

Changed

  • The AttributesExtension blocks all attributes starting with on unless explicitly allowed via the attributes/allow config option
  • The allow_unsafe_links option is now respected by the AttributesExtension when users specify href and src attributes

[2.6.2] - 2025-04-18

Fixed

  • Fixed Attributes extension parsing regression (#1071)
Commits
  • 4efa10c Bump branch alias
  • 43c6111 Prepare to release 2.8.0
  • 5ebf420 Merge pull request #1103 from thephpleague/copilot/fix-autolink-extension-issue
  • 9de288b Merge remote-tracking branch 'origin/2.7'
  • 629da94 Fix AutolinkExtension to anchor regex and add test cases
  • e770275 Initial plan
  • b703d32 Merge pull request #1100 from ossobuffo/main
  • fdd5ef4 Fix frontmatter
  • 9fad6b6 Update docs and CHANGELOG
  • d45a244 Merge remote-tracking branch 'origin/main' into ossobuffo-main
  • Additional commits viewable in compare view

Updates symfony/http-foundation from 7.2.3 to 7.4.5

Release notes

Sourced from symfony/http-foundation's releases.

v7.4.5

Changelog (symfony/http-foundation@v7.4.4...v7.4.5)

v7.4.4

Changelog (symfony/http-foundation@v7.4.3...v7.4.4)

v7.4.3

Changelog (symfony/http-foundation@v7.4.2...v7.4.3)

v7.4.1

Changelog (symfony/http-foundation@v7.4.0...v7.4.1)

v7.4.0

Changelog (symfony/http-foundation@v7.4.0-RC3...v7.4.0)

  • no significant changes

v7.4.0-RC1

Changelog (symfony/http-foundation@v7.4.0-BETA2...v7.4.0-RC1)

v7.4.0-BETA2

Changelog (symfony/http-foundation@v7.4.0-BETA1...v7.4.0-BETA2)

v7.4.0-BETA1

Changelog (symfony/http-foundation@v7.3.4...v7.4.0-BETA1)

v7.3.11

... (truncated)

Changelog

Sourced from symfony/http-foundation's changelog.

CHANGELOG

8.0

  • Drop HTTP method override support for methods GET, HEAD, CONNECT and TRACE
  • Add argument $subtypeFallback to Request::getFormat()
  • Remove the following deprecated session options from NativeSessionStorage: referer_check, use_only_cookies, use_trans_sid, sid_length, sid_bits_per_character, trans_sid_hosts, trans_sid_tags
  • Trigger PHP warning when using Request::sendHeaders() after headers have already been sent; use a StreamedResponse instead
  • Add arguments $v4Bytes and $v6Bytes to IpUtils::anonymize()
  • Add argument $partitioned to ResponseHeaderBag::clearCookie()
  • Add argument $expiration to UriSigner::sign()
  • Remove Request::get(), use properties ->attributes, query or request directly instead
  • Remove accepting null $format argument to Request::setFormat()

7.4

  • Add #[WithHttpStatus] to define status codes: 404 for SignedUriException and 403 for ExpiredSignedUriException
  • Add support for the QUERY HTTP method
  • Add support for structured MIME suffix
  • Add Request::set/getAllowedHttpMethodOverride() to list which HTTP methods can be overridden
  • Deprecate using Request::sendHeaders() after headers have already been sent; use a StreamedResponse instead
  • Deprecate method Request::get(), use properties ->attributes, query or request directly instead
  • Make Request::createFromGlobals() parse the body of PUT, DELETE, PATCH and QUERY requests
  • Deprecate HTTP method override for methods GET, HEAD, CONNECT and TRACE; it will be ignored in Symfony 8.0
  • Deprecate accepting null $format argument to Request::setFormat()

7.3

  • Add support for iterable of string in StreamedResponse
  • Add EventStreamResponse and ServerEvent classes to streamline server event streaming
  • Add support for valkey: / valkeys: schemes for sessions
  • Request::getPreferredLanguage() now favors a more preferred language above exactly matching a locale
  • Allow UriSigner to use a ClockInterface
  • Add UriSigner::verify()

7.2

  • Add optional $requests parameter to RequestStack::__construct()
  • Add optional $v4Bytes and $v6Bytes parameters to IpUtils::anonymize()
  • Add PRIVATE_SUBNETS as a shortcut for private IP address ranges to Request::setTrustedProxies()
  • Deprecate passing referer_check, use_only_cookies, use_trans_sid, trans_sid_hosts, trans_sid_tags, sid_bits_per_character and sid_length options to NativeSessionStorage

7.1

... (truncated)

Commits
  • 446d0db Merge branch '7.3' into 7.4
  • 5347db9 Merge branch '6.4' into 7.3
  • f1a490c [HttpFoundation] Fix PdoSessionHandler charset-collation mismatch with the Do...
  • 977a554 Merge branch '7.3' into 7.4
  • cc4ae96 Merge branch '6.4' into 7.3
  • a7c652d [HttpFoundation] Fix double-prefixing of session keys when using redis/memcached
  • a85bc9c Merge branch '7.3' into 7.4
  • 66e496a Merge branch '6.4' into 7.3
  • 4a673e9 do not use PHPUnit mock objects without configured expectations
  • a70c745 [HttpFoundation] Improve doc blocks in ParameterBag
  • Additional commits viewable in compare view

Updates psy/psysh from 0.12.7 to 0.12.20

Release notes

Sourced from psy/psysh's releases.

PsySH v0.12.20

Project trust edge case fixes

Fixed several edge cases with the Restricted Mode introduced in v0.12.19 where non-interactive contexts (piped input, execute() calls, Composer proxy scripts) could incorrectly trigger trust prompts or restrict trusted functionality.

Fixes #913

Commands work better outside the shell

Decoupled commands from ShellOutput via a new ShellOutputAdapter, so commands degrade gracefully when used in non-interactive contexts rather than failing on missing shell features.

Improvements

  • Added downstream compatibility tests for local and CI workflows
  • Moved internal helper scripts from bin/ to scripts/

PsySH v0.12.19

⚠️ Security fix

Fixed a CWD configuration poisoning vulnerability (CVE-2026-25129) where a malicious .psysh.php file in an attacker-writable directory could execute arbitrary code when a victim runs PsySH from that directory. This affects all versions prior to v0.12.19 and v0.11.23, including downstream consumers like Laravel Tinker, when invoked from an attacker-writable CWD.

Fixed in v0.12.19 and v0.11.23. Upgrade ASAP.

Restricted Mode

PsySH now requires explicit trust before loading project-local config (.psysh.php), local PsySH binaries, or Composer autoloads from untrusted projects. Trust decisions are persisted per-project in trusted_projects.json.

Configure with trustProject:

'trustProject' => 'prompt',  // default — ask interactively
'trustProject' => 'always',  // trust all projects
'trustProject' => 'never',   // always run restricted

Or use --trust-project / --no-trust-project CLI flags, or the PSYSH_TRUST_PROJECT env var.

Non-interactive sessions automatically skip untrusted features with a warning.

Magic method and property support 🪄

Tab completion, ls, doc, and show commands now recognize @method and @property docblock tags. Magic members display in magenta so you can tell them apart from real methods and properties.

Inheritance works as expected — magic members from parent classes, interfaces, and traits are included, with child declarations taking precedence.

Also fixes parsing of generic types (e.g., array<int, string>) in docblock tags, which previously broke on whitespace inside angle brackets.

See #905

... (truncated)

Commits
  • 19678eb Merge branch 'release/v0.12.20'
  • f09d6ba Bump to v0.12.20
  • abcfdf9 Decouple commands from ShellOutput via ShellOutputAdapter
  • 7ad4f00 Clearer Actions output
  • 7aa3cf9 Clearer Actions output
  • 0b40a63 Add downstream compatibility tests for local and CI workflows
  • 3f27b87 Move internal helper scripts from bin/ to scripts/
  • 21aa946 Merge branch 'fix/project-trust-edge-cases'
  • 81f6547 Harden stdin pipe detection heuristics
  • fc9d9d2 Avoid untrusted handoff for current Composer proxy
  • Additional commits viewable in compare view

Updates composer/composer from 2.8.4 to 2.9.3

Release notes

Sourced from composer/composer's releases.

2.9.3

  • Security: Fixed ANSI sequence injection (GHSA-59pp-r3rg-353g / CVE-2025-67746)
  • Fixed COMPOSER_NO_SECURITY_BLOCKING env var not being respected for updates done via the install command, and added --no-security-blocking flag to install as well (#12677)
  • Fixed update --lock / update mirrors not working when locked packages contain vulnerabilities (#12645)
  • Fixed client-certificate authentication implementation (#12667)
  • Fixed php-ext schema not being validated in ValidatingArrayLoader (#12694)
  • Fixed crash when --bump-after-update is used and the lock file is disabled (#12660)
  • Fixed support for SecureTransport + LibreSSL on macOS (#12615)
  • Fixed display of reasons for why advisories are ignored (#12668)
  • Fixed compatibility issues when git has log.showSignature enabled (#12666)
  • Fixed curl downloader not retrying when a timeout (err 28) failure occurs (#12662)
  • Fixed EventDispatcher requiring a full Composer instance to function (#12629)

Full Changelog: composer/composer@2.9.2...2.9.3

2.9.2

  • Added new --no-security-blocking flag to disable/configure security blocking (#12617)
  • Added a way to set audit > ignore to act only on audits or only on security blocking (#12618, #12612)
  • Fixed config command not being able to set the new audit settings (#12609)
  • Fixed handling audit.ignore to support CVE ids while doing security blocking, but advisory IDs are still preferred for performance reasons (#12624)
  • Fixed partial updates failing when another package in the lock file has a known security advisory (#12626)

Full Changelog: composer/composer@2.9.1...2.9.2

2.9.1

  • Fixed regression in phpunit binary proxies (#12601)
  • Fixed script handler autoloading issues (#12606)
  • Fixed null call of Command::setDescription in some cases (#12605)
  • Fixed --prefer-lowest builds sometimes failing due to the filtering of versions with known vulnerabilities (#12603)

Full Changelog: composer/composer@2.9.0...2.9.1

2.9.0

Read the Composer 2.9 Release Announcement for more details on the release highlights.

Full Changelog

  • Bumped composer-plugin-api to 2.9.0
  • Added automatic blocking of packages with security advisories from updates (#11956)
  • Added audit > block-insecure config setting to control blocking of updates to package versions with known security advisories (defaults to true) (#11956)
  • Added audit > block-abandoned config setting to control blocking of updates to abandoned packages (defaults to false) (#11956)
  • Added audit > ignore-abandoned config setting to ignore some packages (#12572)
  • Added --ignore-unreachable flag to audit command to allow running audit in environments that do not have access to some repos (#12470)
  • Added repository command to add, remove, or update repositories more easily (#12388)
  • Updated repositories structure to contain a name attribute and being stored preferably as list instead of object (#12388)
  • Added support for --minimal-changes full updates where only packages that need changing to satisfy modified constraints are updated (#12349)
  • Added update-with-minimal-changes config setting (and COMPOSER_MINIMAL_CHANGES env var) to default to minimal changes (#12545)
  • Added support for forgejo / codeberg.org repositories (#12307)
  • Added automatic recovery of simple lock file conflicts when running update with a file that has a content-hash conflict (#11517)
  • Added support for HTTP/3 if libcurl supports it (#12363)

... (truncated)

Changelog

Sourced from composer/composer's changelog.

[2.9.3] 2025-12-30

  • Security: Fixed ANSI sequence injection (GHSA-59pp-r3rg-353g / CVE-2025-67746)
  • Fixed COMPOSER_NO_SECURITY_BLOCKING env var not being respected for updates done via the install command, and added --no-security-blocking flag to install as well (#12677)
  • Fixed update --lock / update mirrors not working when locked packages contain vulnerabilities (#12645)
  • Fixed client-certificate authentication implementation (#12667)
  • Fixed php-ext schema not being validated in ValidatingArrayLoader (#12694)
  • Fixed crash when --bump-after-update is used and the lock file is disabled (#12660)
  • Fixed support for SecureTransport + LibreSSL on macOS (#12615)
  • Fixed display of reasons for why advisories are ignored (#12668)
  • Fixed compatibility issues when git has log.showSignature enabled (#12666)
  • Fixed curl downloader not retrying when a timeout (err 28) failure occurs (#12662)
  • Fixed EventDispatcher requiring a full Composer instance to function (#12629)

[2.9.2] 2025-11-19

  • Added new --no-security-blocking flag to disable/configure security blocking (#12617)
  • Added a way to set audit > ignore to act only on audits or only on security blocking (#12618, #12612)
  • Fixed config command not being able to set the new audit settings (#12609)
  • Fixed handling audit.ignore to support CVE ids while doing security blocking, but advisory IDs are still preferred for performance reasons (#12624)
  • Fixed partial updates failing when another package in the lock file has a known security advisory (#12626)

[2.9.1] 2025-11-13

  • Fixed regression in phpunit binary proxies (#12601)
  • Fixed script handler autoloading issues (#12606)
  • Fixed null call of Command::setDescription in some cases (#12605)
  • Fixed --prefer-lowest builds sometimes failing due to the filtering of versions with known vulnerabilities (#12603)

[2.9.0] 2025-11-13

  • Fixed a couple minor issues with --bump-after-update (#12598)
  • Various docs fixes

[2.9.0-RC1] 2025-11-07

  • Bumped composer-plugin-api to 2.9.0
  • Added automatic blocking of packages with security advisories from updates (#11956)
  • Added audit > block-insecure config setting to control blocking of updates to package versions with known security advisories (defaults to true) (#11956)
  • Added audit > block-abandoned config setting to control blocking of updates to abandoned packages (defaults to false) (

@dependabot
Bump the composer group across 2 directories with 5 updates
245988b 
Bumps the composer group with 3 updates in the / directory: [composer/composer](https://github.com/composer/composer), [laravel/framework](https://github.com/laravel/framework) and [psy/psysh](https://github.com/bobthecow/psysh).
Bumps the composer group with 2 updates in the /workbench directory: [composer/composer](https://github.com/composer/composer) and [psy/psysh](https://github.com/bobthecow/psysh).


Updates `composer/composer` from 2.8.6 to 2.9.3
- [Release notes](https://github.com/composer/composer/releases)
- [Changelog](https://github.com/composer/composer/blob/main/CHANGELOG.md)
- [Commits](composer/composer@2.8.6...2.9.3)

Updates `laravel/framework` from 11.44.0 to 11.48.0
- [Release notes](https://github.com/laravel/framework/releases)
- [Changelog](https://github.com/laravel/framework/blob/12.x/CHANGELOG.md)
- [Commits](laravel/framework@v11.44.0...v11.48.0)

Updates `league/commonmark` from 2.6.1 to 2.8.0
- [Release notes](https://github.com/thephpleague/commonmark/releases)
- [Changelog](https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md)
- [Commits](thephpleague/commonmark@2.6.1...2.8.0)

Updates `symfony/http-foundation` from 7.2.3 to 7.4.5
- [Release notes](https://github.com/symfony/http-foundation/releases)
- [Changelog](https://github.com/symfony/http-foundation/blob/8.1/CHANGELOG.md)
- [Commits](symfony/http-foundation@v7.2.3...v7.4.5)

Updates `psy/psysh` from 0.12.7 to 0.12.20
- [Release notes](https://github.com/bobthecow/psysh/releases)
- [Commits](bobthecow/psysh@v0.12.7...v0.12.20)

Updates `composer/composer` from 2.8.4 to 2.9.3
- [Release notes](https://github.com/composer/composer/releases)
- [Changelog](https://github.com/composer/composer/blob/main/CHANGELOG.md)
- [Commits](composer/composer@2.8.6...2.9.3)

Updates `psy/psysh` from 0.12.7 to 0.12.20
- [Release notes](https://github.com/bobthecow/psysh/releases)
- [Commits](bobthecow/psysh@v0.12.7...v0.12.20)

---
updated-dependencies:
- dependency-name: composer/composer
  dependency-version: 2.9.3
  dependency-type: direct:development
  dependency-group: composer
- dependency-name: laravel/framework
  dependency-version: 11.48.0
  dependency-type: indirect
  dependency-group: composer
- dependency-name: league/commonmark
  dependency-version: 2.8.0
  dependency-type: indirect
  dependency-group: composer
- dependency-name: symfony/http-foundation
  dependency-version: 7.4.5
  dependency-type: indirect
  dependency-group: composer
- dependency-name: psy/psysh
  dependency-version: 0.12.20
  dependency-type: indirect
  dependency-group: composer
- dependency-name: composer/composer
  dependency-version: 2.9.3
  dependency-type: direct:development
  dependency-group: composer
- dependency-name: psy/psysh
  dependency-version: 0.12.20
  dependency-type: indirect
  dependency-group: composer
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file php Pull requests that update php code labels Feb 11, 2026
This was referenced Feb 11, 2026
Closed
Closed
Closed
@pixelated-au pixelated-au merged commit d50ec68 into main Feb 11, 2026
3 checks passed
@pixelated-au pixelated-au deleted the dependabot/composer/composer-d1a1faaf2b branch February 11, 2026 22:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file php Pull requests that update php code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pixelated-au