fix(deps): update dependency laravel/framework to v10 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
laravel/framework (source)	^7.0 -> ^10.0

GitHub Vulnerability Alerts

CVE-2021-43808

A security researcher has disclosed a possible XSS vulnerability in the Blade templating engine.

Given the following two Blade templates:

resources/views/parent.blade.php:

@​section('content')
<input value="">
@&#8203;show

resources/views/child.blade.php:

@​extends('parent')

@​section('content')
<input value="">
@&#8203;endsection

And a route like the following:

Route::get('/example', function() {
    $value = '//localhost/###parent-placeholder-040f06fd774092478d450774f5ba30c5da78acc8## onclick=location.assign(this.value);//';

    return view('child', ['value' => $value]);
});

The broken HTML element may be clicked and the user is taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an XSS vulnerability can be exposed.

This vulnerability has been patched by determining the parent placeholder at runtime and using a random hash that is unique to each request.

CVE-2024-52301

Description

When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request.

Resolution

The framework now ignores argv values for environment detection on non-cli SAPIs.

CVE-2025-27515

When using wildcard validation to validate a given file or image field array (files.*), a user-crafted malicious request could potentially bypass the validation rules.

---

Release Notes

laravel/framework (laravel/framework)

v10.48.29

Compare Source

v10.48.28

Compare Source

v10.48.27

Compare Source

v10.48.26

Compare Source

• [10.x] Refine error messages for detecting lost connections (Debian bookworm compatibility) by @​mfn in https://github.com/laravel/framework/pull/53794
• [10.x] Bump minimum league/commonmark by @​crynobone in https://github.com/laravel/framework/pull/53829
• [10.x] Backport 11.x PHP 8.4 fix for str_getcsv deprecation by @​aka-tpayne in https://github.com/laravel/framework/pull/54074

v10.48.25

Compare Source

• [10.x] PHP 8.4 Code Compatibility by @​crynobone in https://github.com/laravel/framework/pull/53612

v10.48.24

Compare Source

v10.48.23

Compare Source

• [10.x] Ensure headers are only attached to illuminate responses by @​timacdonald in https://github.com/laravel/framework/pull/53019
• [10.x] Fix append and prepend batch to chain by @​Bencute in https://github.com/laravel/framework/pull/53455

v10.48.22

Compare Source

v10.48.21

Compare Source

• [10.x] Fixes whereDate, whereDay, whereMonth, whereTime, whereYear and whereJsonLength to ignore invalid $operator by @​crynobone in https://github.com/laravel/framework/pull/52704
• Fix arguments passed to artisan commands that start with 'env' by @​willrowe in https://github.com/laravel/framework/pull/52748

v10.48.20

Compare Source

• [10.x] fix: prevent casting empty string to array from triggering json error by @​calebdw in https://github.com/laravel/framework/pull/52415

v10.48.19

Compare Source

• Add compatible query type to Model::resolveRouteBindingQuery by @​sebj54 in https://github.com/laravel/framework/pull/52339
• [10.x] Fix Factory::afterCreating callable argument type by @​villfa in https://github.com/laravel/framework/pull/52335
• [10.x] backport #​52204 by @​calebdw in https://github.com/laravel/framework/pull/52389
• [10.x] In MySQL, harvest last insert ID immediately after query is executed by @​piurafunk in https://github.com/laravel/framework/pull/52390

v10.48.18

Compare Source

• [10.x] backport #​52188 by @​calebdw in https://github.com/laravel/framework/pull/52293
• [10.x] Fix runPaginationCountQuery not working properly for union queries by @​chinleung in https://github.com/laravel/framework/pull/52314

v10.48.17

Compare Source

• [10.x] Fix PHP_CLI_SERVER_WORKERS warning by suppressing it by @​pelomedusa in https://github.com/laravel/framework/pull/52094
• [10.x] Backport #​51615 by @​GrahamCampbell in https://github.com/laravel/framework/pull/52215

v10.48.16

Compare Source

• [10.x] Fix Http::retry so that throw is respected for call signature Http::retry([1,2], throw: false) by @​paulyoungnb in https://github.com/laravel/framework/pull/52002
• [10.x] Set application_name and character set as PostgreSQL DSN string by @​sunaoka in https://github.com/laravel/framework/pull/51985

v10.48.15

Compare Source

• [10.x] Set previous exception on HttpResponseException by @​hafezdivandari in https://github.com/laravel/framework/pull/51986

v10.48.14

Compare Source

• [10.x] Fixes unable to call another command as a initialized instance of Command class by @​crynobone in https://github.com/laravel/framework/pull/51824
• [10.x] fix handle shift() on an empty collection by @​Treggats in https://github.com/laravel/framework/pull/51841
• [10.x] Ensureschema:dump will dump the migrations table only if it exists by @​NickSdot in https://github.com/laravel/framework/pull/51827

v10.48.13

Compare Source

• [10.x] Fix typo in return comment of createSesTransport method by @​zds-s in https://github.com/laravel/framework/pull/51688
• [10.x] Fix collection shift less than one item by @​faissaloux in https://github.com/laravel/framework/pull/51686
• [10.x] Turn Enumerable unless() $callback parameter optional by @​faissaloux in https://github.com/laravel/framework/pull/51701
• Revert "[10.x] Turn Enumerable unless() $callback parameter optional" by @​taylorotwell in https://github.com/laravel/framework/pull/51707

v10.48.12

Compare Source

• [10.x] Fix typo by @​Issei0804-ie in https://github.com/laravel/framework/pull/51535
• [10.x] Fix SQL Server detection in database store by @​staudenmeir in https://github.com/laravel/framework/pull/51547
• [10.x] - Fix batch list loading in Horizon when serialization error by @​jeffortegad in https://github.com/laravel/framework/pull/51551
• [10.x] Fixes explicit route binding with BackedEnum by @​CAAHS in https://github.com/laravel/framework/pull/51586

v10.48.11

Compare Source

• [10.x] Backport: Fix SesV2Transport to use correct EmailTags argument by @​Tietew in https://github.com/laravel/framework/pull/51352
• [10.x] Fix PHPDoc typo by @​staudenmeir in https://github.com/laravel/framework/pull/51390
• [10.x] Fix apa on non ASCII characters by @​faissaloux in https://github.com/laravel/framework/pull/51428
• [10.x] Fixes view engine resolvers leaking memory by @​nunomaduro in https://github.com/laravel/framework/pull/51450
• [10.x] Do not use app() Foundation helper on ViewServiceProvider by @​rodrigopedra in https://github.com/laravel/framework/pull/51522

v10.48.10

Compare Source

• [10.x] Fix typo in signed URL tampering tests by @​Krisell in https://github.com/laravel/framework/pull/51238
• [10.x] Add "Server has gone away" to DetectsLostConnection by @​Jubeki in https://github.com/laravel/framework/pull/51241
• [10.x] Fix support for the LARAVEL_STORAGE_PATH env var (#​51238) by @​dunglas in https://github.com/laravel/framework/pull/51243

v10.48.9

Compare Source

• [10.x] Binding order is incorrect when using cursor paginate with multiple unions with a where by @​thijsvdanker in https://github.com/laravel/framework/pull/50884
• [10.x] Fix cursor paginate with union and column alias by @​thijsvdanker in https://github.com/laravel/framework/pull/50882
• [10.x] Address Null Parameter Deprecations in UrlGenerator by @​aldobarr in https://github.com/laravel/framework/pull/51148

v10.48.8

Compare Source

• [10.x] Fix error when using orderByRaw() in query before using cursorPaginate() by @​axlon in https://github.com/laravel/framework/pull/51023
• [10.x] Database layer fixes by @​saadsidqui in https://github.com/laravel/framework/pull/49787

v10.48.7

Compare Source

• Fix more query builder methods by @​taylorotwell in laravel/framework@95ef230

v10.48.6

Compare Source

• [10.x] Added eachById and chunkByIdDesc to BelongsToMany by @​lonnylot in https://github.com/laravel/framework/pull/50991

v10.48.5

Compare Source

• [10.x] Prevent Redis connection error report flood on queue worker by @​kasus in https://github.com/laravel/framework/pull/50812
• [10.x] Laravel 10x optional withSize for hasTable by @​apspan in https://github.com/laravel/framework/pull/50888
• [10.x] Add serializeAndRestore() to NotificationFake by @​dbpolito in https://github.com/laravel/framework/pull/50935

v10.48.4

Compare Source

• [10.x] Fix Collection::concat() return type by @​axlon in https://github.com/laravel/framework/pull/50669
• [10.x] Fix command alias registration and usage by @​crynobone in https://github.com/laravel/framework/pull/50695

v10.48.3

Compare Source

• Re-tag version

v10.48.2

Compare Source

• [10.x] Update mockery conflict to just disallow the broken version by @​GrahamCampbell in https://github.com/laravel/framework/pull/50472
• [10.x] Conflict with specific release by @​driesvints in https://github.com/laravel/framework/pull/50473
• [10.x] Fix for attributes being escaped on Dynamic Blade Components by @​pascalbaljet in https://github.com/laravel/framework/pull/50471
• [10.x] Revert PR 50403 by @​driesvints in https://github.com/laravel/framework/pull/50482

v10.48.1

Compare Source

• [10.x] Add conflict for Mockery v1.6.8 by @​driesvints in https://github.com/laravel/framework/pull/50468

v10.48.0

Compare Source

• fix: allow null, string and string array as allowed tags by @​maartenpaauw in https://github.com/laravel/framework/pull/50409
• [10.x] Allow Expression at more places in Query Builder by @​pascalbaljet in https://github.com/laravel/framework/pull/50402
• [10.x] Sleep syncing by @​timacdonald in https://github.com/laravel/framework/pull/50392
• [10.x] Cleaning Trait on multi-lines by @​gcazin in https://github.com/laravel/framework/pull/50413
• fix: incomplete type for Builder::from property by @​sebj54 in https://github.com/laravel/framework/pull/50426
• [10.x] After commit callback throwing an exception causes broken transactions afterwards by @​oprypkhantc in https://github.com/laravel/framework/pull/50423
• [10.x] Anonymous component bound attribute values are evaluated twice by @​danharrin in https://github.com/laravel/framework/pull/50403
• [10.x] Fix for sortByDesc ignoring multiple attributes by @​TWithers in https://github.com/laravel/framework/pull/50431
• [10.x] Allow sync with carbon to be set from fake method by @​abenerd in https://github.com/laravel/framework/pull/50450
• [10.x] Improves Illuminate\Mail\Mailables\Envelope docblock by @​crynobone in https://github.com/laravel/framework/pull/50448
• [10.x] Incorrect return in FileSystem.php by @​gcazin in https://github.com/laravel/framework/pull/50459
• [10.x] fix return types by @​imahmood in https://github.com/laravel/framework/pull/50461
• fix: phpstan issue - right side of || always false by @​Carnicero90 in https://github.com/laravel/framework/pull/50453

v10.47.0

Compare Source

• [10.x] Allow for relation key to be an enum by @​AJenbo in https://github.com/laravel/framework/pull/50311
• FIx for "empty" strings passed to Str::apa() by @​tiagof in https://github.com/laravel/framework/pull/50335
• [10.x] Fixed header mail text component to not use markdown by @​dmyers in https://github.com/laravel/framework/pull/50332
• [10.x] Add test for the "empty strings in Str::apa()" fix by @​osbre in https://github.com/laravel/framework/pull/50340
• [10.x] Fix the cache cannot expire cache with 0 TTL by @​kayw-geek in https://github.com/laravel/framework/pull/50359
• [10.x] Add fail on timeout to queue listener by @​saeedhosseiinii in https://github.com/laravel/framework/pull/50352
• [10.x] Support sort option flags on sortByMany Collections by @​TWithers in https://github.com/laravel/framework/pull/50269
• [10.x] Add whereAll and whereAny methods to the query builder by @​musiermoore in https://github.com/laravel/framework/pull/50344
• [10.x] Adds Reverb broadcasting driver by @​joedixon in https://github.com/laravel/framework/pull/50088

v10.46.0

Compare Source

• [10.x] Ensure lazy-loading for trashed morphTo relations works by @​nuernbergerA in https://github.com/laravel/framework/pull/50176
• [10.x] Arr::select not working when $keys is a string by @​Sicklou in https://github.com/laravel/framework/pull/50169
• [10.x] Added passing loaded relationship to value callback by @​dkulyk in https://github.com/laravel/framework/pull/50167
• [10.x] Fix optional charset and collation when creating database by @​GrahamCampbell in https://github.com/laravel/framework/pull/50168
• [10.x] update doc block in PendingProcess.php by @​saMahmoudzadeh in https://github.com/laravel/framework/pull/50198
• [10.x] Fix Accepting nullable Parameters, updated doc block, and null pointer exception handling in batchable trait by @​saMahmoudzadeh in https://github.com/laravel/framework/pull/50209
• Make GuardsAttributes fillable property DocBlock more specific by @​liamduckett in https://github.com/laravel/framework/pull/50229
• [10.x] Add only and except methods to Enum validation rule by @​Anton5360 in https://github.com/laravel/framework/pull/50226
• [10.x] Fixes on nesting operations performed while applying scopes. by @​Guilhem-DELAITRE in https://github.com/laravel/framework/pull/50207
• [10.x] Custom RateLimiter increase by @​khepin in https://github.com/laravel/framework/pull/50197
• [10.x] Add Lateral Join to Query Builder by @​Bakke in https://github.com/laravel/framework/pull/50050
• [10.x] Update return type by @​AmirRezaM75 in https://github.com/laravel/framework/pull/50252
• [10.x] Fix dockblock by @​michaelnabil230 in https://github.com/laravel/framework/pull/50259
• [10.x] Add Conditionable in enum rule by @​michaelnabil230 in https://github.com/laravel/framework/pull/50257
• [10.x] Update Facade::$app to nullable by @​villfa in https://github.com/laravel/framework/pull/50260
• [10.x] Truncate sqlite table name with prefix by @​kitloong in https://github.com/laravel/framework/pull/50251
• Correction comment for Str::orderedUuid() - https://github.com/larave… by @​wq9578 in https://github.com/laravel/framework/pull/50268

v10.45.1

Compare Source

• Fix typehint for ResetPassword::toMailUsing() by @​KKSzymanowski in https://github.com/laravel/framework/pull/50163
• [10.x] Fix Process::fake() never matching multi-line commands by @​SjorsO in https://github.com/laravel/framework/pull/50164

v10.45.0

Compare Source

• [10.x] Update Stringable phpdoc by @​milwad-dev in https://github.com/laravel/framework/pull/50075
• [10.x] Allow Collection::select() to work on ArrayAccess by @​axlon in https://github.com/laravel/framework/pull/50072
• [10.x] Add before to the PendingBatch by @​xiCO2k in https://github.com/laravel/framework/pull/50058
• [10.x] Adjust rules call sequence by @​driesvints in https://github.com/laravel/framework/pull/50084
• [10.x] Fixes Illuminate\Support\Str::fromBase64() return type by @​SamAsEnd in https://github.com/laravel/framework/pull/50108
• [10.x] Actually fix fromBase64 return type by @​GrahamCampbell in https://github.com/laravel/framework/pull/50113
• [10.x] Fix warning and deprecation for Str::api by @​driesvints in https://github.com/laravel/framework/pull/50114
• [10.x] Mark model instanse as not exists on deleting MorphPivot relation. by @​dkulyk in https://github.com/laravel/framework/pull/50135
• [10.x] Adds Tappable and Conditionable to Relation class by @​DarkGhostHunter in https://github.com/laravel/framework/pull/50124
• [10.x] Added getQualifiedMorphTypeName to MorphToMany by @​dkulyk in https://github.com/laravel/framework/pull/50153

v10.44.0

Compare Source

• [10.x] Fix empty request for HTTP connection exception by @​driesvints in https://github.com/laravel/framework/pull/49924
• [10.x] Add Collection::select() method by @​morrislaptop in https://github.com/laravel/framework/pull/49845
• [10.x] Refactor getPreviousUrlFromSession method in UrlGenerator by @​milwad-dev in https://github.com/laravel/framework/pull/49944
• [10.x] Add POSIX compliant cleanup to artisan serve by @​Tofandel in https://github.com/laravel/framework/pull/49943
• [10.x] Fix infinite loop when global scopes query contains aggregates by @​mateusjunges in https://github.com/laravel/framework/pull/49972
• [10.x] Adds PHPUnit 11 as conflict by @​nunomaduro in https://github.com/laravel/framework/pull/49957
• Revert "[10.x] fix Before/After validation rules" by @​taylorotwell in https://github.com/laravel/framework/pull/50013
• [10.x] Fix the phpdoc for replaceMatches in Str and Stringable helpers by @​joke2k in https://github.com/laravel/framework/pull/49990
• [10.x] Added setAbly() method for AblyBroadcaster by @​Rijoanul-Shanto in https://github.com/laravel/framework/pull/49981
• [10.x] Fix in appendExceptionToException method exception type check by @​t1nkl in https://github.com/laravel/framework/pull/49958
• [10.x] DB command: add sqlcmd -C flag when 'trust_server_certificate' is set by @​hulkur in https://github.com/laravel/framework/pull/49952
• Allows Setup and Teardown actions to be reused in alternative TestCase for Laravel by @​crynobone in https://github.com/laravel/framework/pull/49973
• [10.x] Add toBase64() and fromBase64() methods to Stringable and Str classes by @​mtownsend5512 in https://github.com/laravel/framework/pull/49984
• [10.x] Allows to defer resolving pcntl only if it's available by @​crynobone in https://github.com/laravel/framework/pull/50024
• [10.x] Fixes missing Throwable import and handle if originalExceptionHandler or originalDeprecationHandler property isn't used by alternative TestCase by @​crynobone in https://github.com/laravel/framework/pull/50021
• [10.x] Type hinting for conditional validation rules by @​lorenzolosa in https://github.com/laravel/framework/pull/50017
• [10.x] Introduce new Arr::take() helper by @​ryangjchandler in https://github.com/laravel/framework/pull/50015
• [10.x] Improved Handling of Empty Component Slots with HTML Comments or Line Breaks by @​comes in https://github.com/laravel/framework/pull/49966
• [10.x] Introduce Observe attribute for models by @​emargareten in https://github.com/laravel/framework/pull/49843
• [10.x] Add ScopedBy attribute for models by @​emargareten in https://github.com/laravel/framework/pull/50034
• [10.x] Update reserved names in GeneratorCommand by @​xurshudyan in https://github.com/laravel/framework/pull/50043
• [10.x] fix Validator::validated get nullable array by @​helitik in https://github.com/laravel/framework/pull/50056
• [10.x] Pass Herd specific env variables to "artisan serve" by @​mpociot in https://github.com/laravel/framework/pull/50069
• Remove regex case insensitivity modifier in UUID detection to speed it up slightly by @​maximal in https://github.com/laravel/framework/pull/50067
• [10.x] HTTP retry method can accept array as first param by @​me-shaon in https://github.com/laravel/framework/pull/50064
• [10.x] Fix DB::afterCommit() broken in tests using DatabaseTransactions by @​oprypkhantc in https://github.com/laravel/framework/pull/50068

v10.43.0

Compare Source

• [10.x] Add storage:unlink command by @​salkovmx in https://github.com/laravel/framework/pull/49795
• [10.x] Unify \Illuminate\Log\LogManager method definition comments with \Psr\Logger\Interface by @​eusonlito in https://github.com/laravel/framework/pull/49805
• [10.x] class-name string argument for global scopes by @​emargareten in https://github.com/laravel/framework/pull/49802
• [10.x] Add hasIndex() and minor Schema enhancements by @​hafezdivandari in https://github.com/laravel/framework/pull/49796
• [10.x] Do not touch BelongsToMany relation when using withoutTouching by @​mateusjunges in https://github.com/laravel/framework/pull/49798
• [10.x] Check properties on mailables are initialized before sharing with the view by @​j3j5 in https://github.com/laravel/framework/pull/49813
• [10.x] Remove duplicate actions/checkout from queue workflow by @​Jubeki in https://github.com/laravel/framework/pull/49828
• [10.x] Add insertOrIgnoreUsing for Eloquent by @​trovster in https://github.com/laravel/framework/pull/49827
• [10.x] Make hasIndex() Order-sensitive by @​hafezdivandari in https://github.com/laravel/framework/pull/49840
• [10.x] Release action by @​driesvints in https://github.com/laravel/framework/pull/49838
• [10.x] Add MariaDb1060Platform by @​driesvints in https://github.com/laravel/framework/pull/49848
• [10.x] Unified Pivot and Model Doc Block $guarded by @​eusonlito in https://github.com/laravel/framework/pull/49851
• [10.x] Introducing beforeStartingTransaction callback and use it in LazilyRefreshDatabase by @​pascalbaljet in https://github.com/laravel/framework/pull/49853
• [10.x] fix password max validation message by @​MrPunyapal in https://github.com/laravel/framework/pull/49861
• [10.x] Fix validation message used for max file size by @​mateusjunges in https://github.com/laravel/framework/pull/49879
• Update README.md by @​foremtehan in https://github.com/laravel/framework/pull/49878
• [10.x] Adds FormRequest@getRules() method by @​cosmastech in https://github.com/laravel/framework/pull/49860
• [10.x] add addGlobalScopes method by @​emargareten in https://github.com/laravel/framework/pull/49880
• [10.x] Allow brick/math 0.12 by @​LogicSatinn in https://github.com/laravel/framework/pull/49883
• [10.x] Add support for streamed JSON Response by @​pelmered in https://github.com/laravel/framework/pull/49873
• [10.x] Using the native fopen exception in LockableFile.php by @​eusonlito in https://github.com/laravel/framework/pull/49895
• [10.x] Fix LazilyRefreshDatabase when testing artisan commands by @​iamgergo in https://github.com/laravel/framework/pull/49914
• [10.x] Fix expressions in with-functions doing aggregates by @​tpetry in https://github.com/laravel/framework/pull/49912
• [10.x] Fix redis tag entries never becoming stale if cache ttl is past time by @​jagers in https://github.com/laravel/framework/pull/49864
• [10.x] Fix - The Translator may incorrectly report the locale of a missing translation key by @​VicGUTT in https://github.com/laravel/framework/pull/49900
• [10.x] fix Before/After validation rules by @​MrPunyapal in https://github.com/laravel/framework/pull/49871

v10.42.0

Compare Source

• [10.x] Switch to hash_equals in File::hasSameHash() by @​simonhamp in https://github.com/laravel/framework/pull/49721
• [10.x] fix Rule::unless for callable $condition by @​dbakan in https://github.com/laravel/framework/pull/49726
• [10.x] Adds JobQueueing event by @​dmason30 in https://github.com/laravel/framework/pull/49722
• [10.x] Fix decoding issue in MailLogTransport by @​rojtjo in https://github.com/laravel/framework/pull/49727
• [10.x] Implement "max" validation rule for passwords by @​angelej in https://github.com/laravel/framework/pull/49739
• [10.x] Add multiple channels/routes to AnonymousNotifiable at once by @​iamgergo in https://github.com/laravel/framework/pull/49745
• [10.x] Sort service providers alphabetically by @​buismaarten in https://github.com/laravel/framework/pull/49762
• [10.x] Global default options for the http factory by @​timacdonald in https://github.com/laravel/framework/pull/49767
• [10.x] Only use Carbon if accessed from Laravel or also uses illuminate/support by @​crynobone in https://github.com/laravel/framework/pull/49772
• [10.x] Add Str::unwrap by @​stevebauman in https://github.com/laravel/framework/pull/49779
• [10.x] Allow Uuid and Ulid in Carbon::createFromId() by @​kylekatarnls in https://github.com/laravel/framework/pull/49783
• [10.x] Test Improvements by @​crynobone in https://github.com/laravel/framework/pull/49785

v10.41.0

Compare Source

• [10.x] Add a threshold parameter to the Number::spell helper by @​caendesilva in https://github.com/laravel/framework/pull/49610
• Revert "[10.x] Make ComponentAttributeBag Arrayable" by @​luanfreitasdev in https://github.com/laravel/framework/pull/49623
• [10.x] Fix return value and docblock by @​dwightwatson in https://github.com/laravel/framework/pull/49627
• [10.x] Add an option to specify the default path to the models directory for php artisan model:prune by @​dbhynds in https://github.com/laravel/framework/pull/49617
• [10.x] Allow job chains to be conditionally dispatched by @​fjarrett in https://github.com/laravel/framework/pull/49624
• [10.x] Add test for existing empty test by @​lioneaglesolutions in https://github.com/laravel/framework/pull/49632
• [10.x] Add additional context to Mailable assertion messages by @​lioneaglesolutions in https://github.com/laravel/framework/pull/49631
• [10.x] Allow job batches to be conditionally dispatched by @​fjarrett in https://github.com/laravel/framework/pull/49639
• [10.x] Revert parameter name change by @​timacdonald in https://github.com/laravel/framework/pull/49659
• [10.x] Printing Name of The Method that Calls ensureIntlExtensionIsInstalled in Number class. by @​devajmeireles in https://github.com/laravel/framework/pull/49660
• [10.x] Update pagination tailwind.blade.php by @​anasmorahhib in https://github.com/laravel/framework/pull/49665
• [10.x] feat: add base argument to Stringable->toInteger() by @​adamczykpiotr in https://github.com/laravel/framework/pull/49670
• [10.x]: Remove unused class ShouldBeUnique when make a job by @​Kenini1805 in https://github.com/laravel/framework/pull/49669
• [10.x] Add tests for Eloquent methods by @​milwad-dev in https://github.com/laravel/framework/pull/49673
• Implement draft workflow by @​driesvints in https://github.com/laravel/framework/pull/49683
• [10.x] Fixing Types, Word and Returns of Numberclass. by @​devajmeireles in https://github.com/laravel/framework/pull/49681
• [10.x] Test Improvements by @​crynobone in https://github.com/laravel/framework/pull/49679
• [10.x] Officially support floats in trans_choice and Translator::choice by @​philbates35 in https://github.com/laravel/framework/pull/49693
• [10.x] Use static function by @​michaelnabil230 in https://github.com/laravel/framework/pull/49696
• [10.x] Revert "[10.x] Improve numeric comparison for custom casts" by @​driesvints in https://github.com/laravel/framework/pull/49702
• [10.x] Add exit code to queue:clear, and queue:forget commands by @​bytestream in https://github.com/laravel/framework/pull/49707
• [10.x] Allow StreamInterface as raw HTTP Client body by @​janolivermr in https://github.com/laravel/framework/pull/49705

v10.40.0

Compare Source

• [10.x] Model::preventAccessingMissingAttributes() raises exception for enums & primitive castable attributes that were not retrieved by @​cosmastech in https://github.com/laravel/framework/pull/49480
• [10.x] Include system versioned tables for MariaDB by @​hafezdivandari in https://github.com/laravel/framework/pull/49509
• [10.x] Fixes the Arr::dot() method to properly handle indexes array by @​kayw-geek in https://github.com/laravel/framework/pull/49507
• [10.x] Expand Gate::allows & Gate::denies signature by @​antonkomarev in https://github.com/laravel/framework/pull/49503
• [10.x] Improve numeric comparison for custom casts by @​imahmood in https://github.com/laravel/framework/pull/49504
• [10.x] Add session except method by @​xurshudyan in https://github.com/laravel/framework/pull/49520
• [10.x] Add Number::clamp by @​jbrooksuk in https://github.com/laravel/framework/pull/49512
• [10.x] Fix Schedule test by @​michaelnabil230 in https://github.com/laravel/framework/pull/49538
• [10.x] Use correct format of date by @​buismaarten in https://github.com/laravel/framework/pull/49541
• [10.x] Clean Arr by @​michaelnabil230 in https://github.com/laravel/framework/pull/49530
• [10.x] Make ComponentAttributeBag Arrayable by @​iamgergo in https://github.com/laravel/framework/pull/49524
• [10.x] Fix whenAggregated when default is not specified by @​lovePizza in https://github.com/laravel/framework/pull/49521
• [10.x] Update AsArrayObject.php to use ARRAY_AS_PROPS flag by @​pintend in https://github.com/laravel/framework/pull/49534
• [10.x] Remove invalid RedisCluster::client() call by @​tillkruss in https://github.com/laravel/framework/pull/49560
• [10.x] Remove unused code from PhpRedisConnector by @​tillkruss in https://github.com/laravel/framework/pull/49559
• [10.x] Flush about command during test runs by [@​timacdonald](https://r

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: composer.lock

Command failed: composer update laravel/framework:10.48.29 --with-dependencies --ignore-platform-req='ext-*' --ignore-platform-req='lib-*' --no-ansi --no-interaction --no-scripts --no-autoloader --no-plugins --minimal-changes
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Root composer.json requires laravel/framework ^10.0 -> satisfiable by laravel/framework[v10.48.29].
    - laravel/framework v10.48.29 requires php ^8.1 -> your php version (7.4.33) does not satisfy that requirement.

Use the option --with-all-dependencies (-W) to allow upgrades, downgrades and removals for packages currently locked to specific versions.