Skip to content

chore(deps-dev): Bump laravel/sail from 1.46.0 to 1.47.0 #117

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps-dev): Bump laravel/sail from 1.46.0 to 1.47.0 #117

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 1, 2025

Bumps laravel/sail from 1.46.0 to 1.47.0.

Release notes

Sourced from laravel/sail's releases.

v1.47.0

Changelog

Sourced from laravel/sail's changelog.

v1.47.0 - 2025-10-28

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps-dev): Bump laravel/sail from 1.46.0 to 1.47.0
eff905b 
Bumps [laravel/sail](https://github.com/laravel/sail) from 1.46.0 to 1.47.0.
- [Release notes](https://github.com/laravel/sail/releases)
- [Changelog](https://github.com/laravel/sail/blob/1.x/CHANGELOG.md)
- [Commits](laravel/sail@v1.46.0...v1.47.0)

---
updated-dependencies:
- dependency-name: laravel/sail
  dependency-version: 1.47.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file php Pull requests that update php code labels Nov 1, 2025
@sourceant
Copy link

sourceant bot commented Nov 1, 2025

Code Review Summary

✨ This review covers significant dependency updates and one package removal in the composer.lock file. The changes primarily involve upgrading to newer versions of dragonmantank/cron-expression, nette/schema, and several symfony components, alongside the removal of webmozart/assert. These updates align with best practices for maintaining a healthy and secure project dependency ecosystem.

🚀 Key Improvements

  • Dependency upgrades across multiple packages ensure the project benefits from the latest features, bug fixes, and security enhancements.
  • The removal of webmozart/assert from dependencies simplifies the project's dependency graph, potentially reducing complexity and improving build times.
  • Increased minimum PHP version requirements for several packages push the project towards a more modern PHP environment, fostering better performance and security practices.

💡 Minor Suggestions

  • Verify PHP runtime compatibility: Ensure that the development and production environments support the new minimum PHP requirements, especially ^8.2 for dragonmantank/cron-expression.

sourceant[bot]
sourceant bot approved these changes Nov 1, 2025
View reviewed changes
Copy link

@sourceant sourceant bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review complete. See the overview comment for a summary.

composer.lock
Comment on lines 816 to +817
"type": "zip",
"url": "https://api.github.com/repos/dragonmantank/cron-expression/zipball/8c784d071debd117328803d86b2097615b457500",
"reference": "8c784d071debd117328803d86b2097615b457500",
"url": "https://api.github.com/repos/dragonmantank/cron-expression/zipball/d61a8a9604ec1f8c3d150d09db6ce98b32675013",
Copy link

@sourceant sourceant bot Nov 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The update for dragonmantank/cron-expression to v3.6.0 includes a significant increase in the minimum PHP version requirement from ^7.2|^8.0 to ^8.2|^8.3|^8.4|^8.5. Ensure that the project's deployment environment is compatible with this new PHP version. This also benefits from the removal of webmozart/assert from its direct dependencies, which simplifies the overall dependency graph.

Suggested change
"type": "zip",
"url": "https://api.github.com/repos/dragonmantank/cron-expression/zipball/8c784d071debd117328803d86b2097615b457500",
"reference": "8c784d071debd117328803d86b2097615b457500",
"url": "https://api.github.com/repos/dragonmantank/cron-expression/zipball/d61a8a9604ec1f8c3d150d09db6ce98b32675013",
"require": {
"php": "^8.2|^8.3|^8.4|^8.5"
},

composer.lock
Comment on lines 3871 to +3873
},
"autoload": {
"psr-4": {
Copy link

@sourceant sourceant bot Nov 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The update to nette/schema (v1.3.3) explicitly adds a psr-4 autoload configuration. While classmap is still present, the addition of psr-4 is a good practice for modern PHP packages, offering more explicit and potentially faster class resolution.

Suggested change
},
"autoload": {
"psr-4": {
"autoload": {
"psr-4": {
"Nette\\": "src"
},
"classmap": [
"src/"
]
},

composer.lock
Comment on lines -8216 to -8270
"version": "1.12.0",
"source": {
"type": "git",
"url": "https://github.com/webmozarts/assert.git",
"reference": "541057574806f942c94662b817a50f63f7345360"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/webmozarts/assert/zipball/541057574806f942c94662b817a50f63f7345360",
"reference": "541057574806f942c94662b817a50f63f7345360",
"shasum": ""
},
"require": {
"ext-ctype": "*",
"ext-date": "*",
"ext-filter": "*",
"php": "^7.2 || ^8.0"
},
"suggest": {
"ext-intl": "",
"ext-simplexml": "",
"ext-spl": ""
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "1.10-dev"
}
},
"autoload": {
"psr-4": {
"Webmozart\\Assert\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Bernhard Schussek",
"email": "[email protected]"
}
],
"description": "Assertions to validate method input/output with nice error messages.",
"keywords": [
"assert",
"check",
"validate"
],
"support": {
"issues": "https://github.com/webmozarts/assert/issues",
"source": "https://github.com/webmozarts/assert/tree/1.12.0"
},
"time": "2025-10-20T12:43:39+00:00"
Copy link

@sourceant sourceant bot Nov 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The webmozart/assert package has been entirely removed from the composer.lock file. This is a positive change, as it reduces the total number of dependencies, simplifying the project's footprint and potentially improving composer install performance. It indicates that its functionality is no longer required or has been absorbed by other dependencies.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@sourceant sourceant[bot] sourceant[bot] approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file php Pull requests that update php code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant