Bump the composer group with 4 updates

[dependabot]

Bumps the composer group with 4 updates: laravel/framework, phpoffice/phpspreadsheet, symfony/http-foundation and symfony/process.

Updates laravel/framework from 10.33.0 to 10.48.23

Release notes

Sourced from laravel/framework's releases.

v10.48.23

• [10.x] Ensure headers are only attached to illuminate responses by @​timacdonald in laravel/framework#53019
• [10.x] Fix append and prepend batch to chain by @​Bencute in laravel/framework#53455

v10.48.22

No release notes provided.

v10.48.21

• [10.x] Fixes whereDate, whereDay, whereMonth, whereTime, whereYear and whereJsonLength to ignore invalid $operator by @​crynobone in laravel/framework#52704
• Fix arguments passed to artisan commands that start with 'env' by @​willrowe in laravel/framework#52748

v10.48.20

• [10.x] fix: prevent casting empty string to array from triggering json error by @​calebdw in laravel/framework#52415

v10.48.19

• Add compatible query type to Model::resolveRouteBindingQuery by @​sebj54 in laravel/framework#52339
• [10.x] Fix Factory::afterCreating callable argument type by @​villfa in laravel/framework#52335
• [10.x] backport #52204 by @​calebdw in laravel/framework#52389
• [10.x] In MySQL, harvest last insert ID immediately after query is executed by @​piurafunk in laravel/framework#52390

v10.48.18

• [10.x] backport #52188 by @​calebdw in laravel/framework#52293
• [10.x] Fix runPaginationCountQuery not working properly for union queries by @​chinleung in laravel/framework#52314

v10.48.17

• [10.x] Fix PHP_CLI_SERVER_WORKERS warning by suppressing it by @​pelomedusa in laravel/framework#52094
• [10.x] Backport #51615 by @​GrahamCampbell in laravel/framework#52215

v10.48.16

• [10.x] Fix Http::retry so that throw is respected for call signature Http::retry([1,2], throw: false) by @​paulyoungnb in laravel/framework#52002
• [10.x] Set application_name and character set as PostgreSQL DSN string by @​sunaoka in laravel/framework#51985

v10.48.15

• [10.x] Set previous exception on HttpResponseException by @​hafezdivandari in laravel/framework#51986

v10.48.14

• [10.x] Fixes unable to call another command as a initialized instance of Command class by @​crynobone in laravel/framework#51824
• [10.x] fix handle shift() on an empty collection by @​Treggats in laravel/framework#51841
• [10.x] Ensureschema:dump will dump the migrations table only if it exists by @​NickSdot in laravel/framework#51827

v10.48.13

• [10.x] Fix typo in return comment of createSesTransport method by @​zds-s in laravel/framework#51688
• [10.x] Fix collection shift less than one item by @​faissaloux in laravel/framework#51686
• [10.x] Turn Enumerable unless() $callback parameter optional by @​faissaloux in laravel/framework#51701
• Revert "[10.x] Turn Enumerable unless() $callback parameter optional" by @​taylorotwell in laravel/framework#51707

v10.48.12

• [10.x] Fix typo by @​Issei0804-ie in laravel/framework#51535
• [10.x] Fix SQL Server detection in database store by @​staudenmeir in laravel/framework#51547
• [10.x] - Fix batch list loading in Horizon when serialization error by @​jeffortegad in laravel/framework#51551

... (truncated)

Commits

• 625269c Update version to v10.48.23
• 8c07b63 check for running in console
• 7ccb4dc [10.x] Fix append and prepend batch to chain (#53455)
• 646520a Ensure headers are only attached to illuminate responses (#53019)
• 1b3ef8f Update CHANGELOG
• c4ea52b Update version to v10.48.22
• 0124751 wip
• 58c2053 Fix arguments passed to artisan commands that start with 'env' (#52748)
• 80cdd87 [10.x] Fixes whereDate, whereDay, whereMonth, whereTime, whereYear ...
• 05a9554 Update CHANGELOG
• Additional commits viewable in compare view

Updates phpoffice/phpspreadsheet from 1.29.0 to 1.29.4

Release notes

Sourced from phpoffice/phpspreadsheet's releases.

1.29.4 - 2024-11-10

Fixed

• 1.29.3 omitted
• Backported security patches.
• Write ignoredErrors Tag Before Drawings. Backport of [PR #4212](PHPOffice/PhpSpreadsheet#4212) intended for 3.4.0.
• Changes to ROUNDDOWN/ROUNDUP/TRUNC. Backport of [PR #4214](PHPOffice/PhpSpreadsheet#4214) intended for 3.4.0.
• Replace str_starts_with in Drawing. [Issue #4215](PHPOffice/PhpSpreadsheet#4215)

Added

• Method to Test Whether Csv Will Be Affected by Php9. Backport of [PR #4189](PHPOffice/PhpSpreadsheet#4189) intended for 3.4.0.

1.29.2 - 2024-09-29

Fixed

• Backported security patches.
• Support for Php8.4.
• Change to Csv Reader (see below under Deprecated). Backport of PR #4162 intended for 3.0.0. [Issue #4161](PHPOffice/PhpSpreadsheet#4161)
• Tweaks to ROUNDUP, ROUNDDOWN, TRUNC, AMORDEGRC (results had been different under 8.4).

Changed

• Images will not be added to spreadsheet if they cannot be validated as images.

Security Patch

1.29.1 - 2024-09-03

Fixed

• Backported security patches from PR #4119 and PR #3957.

Changelog

Sourced from phpoffice/phpspreadsheet's changelog.

1.29.4 - 2024-11-10

Fixed

• 1.29.3 omitted
• Backported security patches.
• Write ignoredErrors Tag Before Drawings. Backport of [PR #4212](PHPOffice/PhpSpreadsheet#4212) intended for 3.4.0.
• Changes to ROUNDDOWN/ROUNDUP/TRUNC. Backport of [PR #4214](PHPOffice/PhpSpreadsheet#4214) intended for 3.4.0.
• Replace str_starts_with in Drawing. [Issue #4215](PHPOffice/PhpSpreadsheet#4215)

Added

• Method to Test Whether Csv Will Be Affected by Php9. Backport of [PR #4189](PHPOffice/PhpSpreadsheet#4189) intended for 3.4.0.

1.29.2 - 2024-09-29

Fixed

• Backported security patches.
• Support for Php8.4.
• Change to Csv Reader (see below under Deprecated). Backport of PR #4162 intended for 3.0.0. [Issue #4161](PHPOffice/PhpSpreadsheet#4161)
• Tweaks to ROUNDUP, ROUNDDOWN, TRUNC, AMORDEGRC (results had been different under 8.4).

Changed

• Images will not be added to spreadsheet if they cannot be validated as images.

Deprecated

• Php8.4 will deprecate the escape parameter of fgetcsv. Csv Reader is affected by this; code is changed to be unaffected, but this will mean a breaking change is coming with Php9. Any code which uses the default escape value of backslash will fail in Php9. It is recommended to explicitly set the escape value to null string before then.

1.29.1 - 2024-09-03

Fixed

• Backported security patches.

Commits

• 7ca7e32 Fix Changelog - Wrong Tag Was Applied
• 31d7f79 Backport Security Patch
• 15e028f Backport PR #4189 Csv Method
• 3a5a818 Update Changelog
• f0219ff Restore 2 Disabled Tests
• d95bc29 Backport Security Patch
• 9c90ed6 Used Named Parameter but Still Need to Support Php7.4
• 8b9b378 Html Writer Validate Hyperlink Protocols
• fa657fd More Tests
• ec0d4af AMORDEGRC and Csv Reader
• Additional commits viewable in compare view

Updates symfony/http-foundation from 6.3.8 to 6.4.15

Release notes

Sourced from symfony/http-foundation's releases.

v6.4.15

Changelog (symfony/http-foundation@v6.4.14...v6.4.15)

• no significant changes

v6.4.14

Changelog (symfony/http-foundation@v6.4.13...v6.4.14)

• security symfony/symfony#cve-2024-50345 [HttpFoundation] Reject URIs that contain invalid characters (@​nicolas-grekas)

v6.4.13

Changelog (symfony/http-foundation@v6.4.12...v6.4.13)

• bug symfony/symfony#58619 [HttpFoundation][Lock] Ensure compatibility with ext-mongodb v2 (@​GromNaN)

v6.4.12

Changelog (symfony/http-foundation@v6.4.11...v6.4.12)

• bug symfony/symfony#58181 [HttpFoundation] Update links for X-Accel-Redirect and fail properly when X-Accel-Mapping is missing (@​nicolas-grekas)
• bug symfony/symfony#58218 Work around parse_url() bug (@​nicolas-grekas)

v6.4.10

Changelog (symfony/http-foundation@v6.4.9...v6.4.10)

• bug symfony/symfony#57585 [HttpFoundation] Fix MockArraySessionStorage to generate more conform ids (@​Seldaek)

v6.4.8

Changelog (symfony/http-foundation@v6.4.7...v6.4.8)

• bug symfony/symfony#54910 [HttpFoundation]  filter out empty HTTP header parts (@​xabbuh)
• bug symfony/symfony#54816 [Cache] Fix support for predis/predis:^2.0 (@​mfettig)

v6.4.7

Changelog (symfony/http-foundation@v6.4.6...v6.4.7)

• bug symfony/symfony#54506 [HttpFoundation] Set content-type header in RedirectResponse (@​smnandre)

v6.4.4

Changelog (symfony/http-foundation@v6.4.3...v6.4.4)

• bug symfony/symfony#53733 [HttpFoundation] Prevent duplicated headers when using Early Hints (@​dunglas)
• bug symfony/symfony#53703 [HttpFoundation] Fix clearing CHIPS cookies (@​misaert)

v6.4.3

Changelog (symfony/http-foundation@v6.4.2...v6.4.3)

• bug symfony/symfony#53432 [HttpFoundation] Request without content-type or content-length header should result in null values, not empty strings (@​priyadi)

v6.4.2

Changelog (symfony/http-foundation@v6.4.1...v6.4.2)

... (truncated)

Changelog

Sourced from symfony/http-foundation's changelog.

CHANGELOG

7.1

• Add optional $expirationParameter argument to UriSigner::__construct()
• Add optional $expiration argument to UriSigner::sign()
• Rename $parameter argument of UriSigner::__construct() to $hashParameter
• Add UploadedFile::getClientOriginalPath()
• Add QueryParameterRequestMatcher
• Add HeaderRequestMatcher
• Add support for \SplTempFileObject in BinaryFileResponse
• Add verbose argument to response test constraints

7.0

• Calling ParameterBag::filter() throws an UnexpectedValueException on invalid value, unless flag FILTER_NULL_ON_FAILURE is set
• Calling ParameterBag::getInt() and ParameterBag::getBool() throws an UnexpectedValueException on invalid value
• Remove classes RequestMatcher and ExpressionRequestMatcher
• Remove Request::getContentType(), use Request::getContentTypeFormat() instead
• Throw an InvalidArgumentException when calling Request::create() with a malformed URI
• Require explicit argument when calling JsonResponse::setCallback(), Response::setExpires/setLastModified/setEtag(), MockArraySessionStorage/NativeSessionStorage::setMetadataBag(), NativeSessionStorage::setSaveHandler()
• Add argument $statusCode to Response::sendHeaders() and StreamedResponse::sendHeaders()

6.4

• Make HeaderBag::getDate(), Response::getDate(), getExpires() and getLastModified() return a DateTimeImmutable
• Support root-level Generator in StreamedJsonResponse
• Add UriSigner from the HttpKernel component
• Add partitioned flag to Cookie (CHIPS Cookie)
• Add argument bool $flush = true to Response::send()
• Make MongoDbSessionHandler instantiable with the mongodb extension directly

6.3

• Calling ParameterBag::getDigit(), getAlnum(), getAlpha() on an array throws a UnexpectedValueException instead of a TypeError
• Add ParameterBag::getString() to convert a parameter into string and throw an exception if the value is invalid
• Add ParameterBag::getEnum()
• Create migration for session table when pdo handler is used
• Add support for Relay PHP extension for Redis
• The Response::sendHeaders() method now takes an optional HTTP status code as parameter, allowing to send informational responses such as Early Hints responses (103 status code)
• Add IpUtils::isPrivateIp()
• Add Request::getPayload(): InputBag
• Deprecate conversion of invalid values in ParameterBag::getInt() and ParameterBag::getBoolean(),
• Deprecate ignoring invalid values when using ParameterBag::filter(), unless flag FILTER_NULL_ON_FAILURE is set

... (truncated)

Commits

• 9b3165e require Cache component versions compatible with Redis 6.1
• ba020a3 Merge branch '5.4' into 6.4
• 168b77c security #cve-2024-50345 [HttpFoundation] Reject URIs that contain invalid ch...
• 4875486 Merge branch '5.4' into 6.4
• 32310ff [HttpFoundation] Reject URIs that contain invalid characters
• 38bd9bc [HttpFoundation] Remove invalid HTTP method from exception message
• 3f38426 Ensure compatibility with mongodb v2
• 4c0341b Merge branch '5.4' into 6.4
• 35f7b4c session names must not be empty
• 3363819 Merge branch '5.4' into 6.4
• Additional commits viewable in compare view

Updates symfony/process from 6.3.4 to 6.4.15

Release notes

Sourced from symfony/process's releases.

v6.4.15

Changelog (symfony/process@v6.4.14...v6.4.15)

• no significant changes

v6.4.14

Changelog (symfony/process@v6.4.13...v6.4.14)

• security symfony/symfony#cve-2024-51736 [Process] Use PATH before CD to load the shell on Windows (@​nicolas-grekas)
• bug symfony/symfony#58752 [Process] Fix escaping /X arguments on Windows (@​nicolas-grekas)
• bug symfony/symfony#58735 [Process] Return built-in cmd.exe commands directly in ExecutableFinder (@​Seldaek)
• bug symfony/symfony#58723 [Process] Properly deal with not-found executables on Windows (@​nicolas-grekas)
• bug symfony/symfony#58711 [Process] Fix handling empty path found in the PATH env var with ExecutableFinder (@​nicolas-grekas)

v6.4.13

Changelog (symfony/process@v6.4.12...v6.4.13)

• no significant changes

v6.4.12

Changelog (symfony/process@v6.4.11...v6.4.12)

• bug symfony/symfony#58291 [Process] Fix finding executables independently of open_basedir (@​BlackbitDevs)
• bug symfony/symfony#58195 [Process] Fix the removal of host-specific configuration when managing the ini settings in PhpSubprocess (@​M-arcus)

v6.4.8

Changelog (symfony/process@v6.4.7...v6.4.8)

• bug symfony/symfony#54863 [Process] Return false when open_basedir prevents access to /dev/tty (@​mjauvin)

v6.4.7

Changelog (symfony/process@v6.4.6...v6.4.7)

• no significant changes

v6.4.4

Changelog (symfony/process@v6.4.3...v6.4.4)

• bug symfony/symfony#54006 [Process] Fix the command -v exception (@​kayw-geek)
• bug symfony/symfony#53821 [Process] Fix Inconsistent Exit Status in proc_get_status for PHP Versions Below 8.3 (@​Luc45)

v6.4.3

Changelog (symfony/process@v6.4.2...v6.4.3)

• bug symfony/symfony#53481 [Process] Fix executable finder when the command starts with a dash (@​kayw-geek)

v6.4.2

Changelog (symfony/process@v6.4.1...v6.4.2)

• bug symfony/symfony#52864 [HttpClient][Mailer][Process] always pass microseconds to usleep as integers (@​xabbuh)

... (truncated)

Changelog

Sourced from symfony/process's changelog.

CHANGELOG

7.1

• Add Process::setIgnoredSignals() to disable signal propagation to the child process

6.4

• Add PhpSubprocess to handle PHP subprocesses that take over the configuration from their parent
• Add RunProcessMessage and RunProcessMessageHandler

5.2.0

• added Process::setOptions() to set Process specific options
• added option create_new_console to allow a subprocess to continue to run after the main script exited, both on Linux and on Windows

5.1.0

• added Process::getStartTime() to retrieve the start time of the process as float

5.0.0

• removed Process::inheritEnvironmentVariables()
• removed PhpProcess::setPhpBinary()
• Process must be instantiated with a command array, use Process::fromShellCommandline() when the command should be parsed by the shell
• removed Process::setCommandLine()

4.4.0

• deprecated Process::inheritEnvironmentVariables(): env variables are always inherited.
• added Process::getLastOutputTime() method

4.2.0

• added the Process::fromShellCommandline() to run commands in a shell wrapper
• deprecated passing a command as string when creating a Process instance
• deprecated the Process::setCommandline() and the PhpProcess::setPhpBinary() methods
• added the Process::waitUntil() method to wait for the process only for a specific output, then continue the normal execution of your application

... (truncated)

Commits

• 3cb242f Merge branch '5.4' into 6.4
• 5d1662f normalize paths to avoid failures if a path is referenced by different names
• 25214ad Merge branch '5.4' into 6.4
• 0190687 [Process] Fix test
• 88638b9 Merge branch '5.4' into 6.4
• ee75984 security #cve-2024-51736 [Process] Use %PATH% before %CD% to load the shell o...
• 05c2ccc [Process] Use %PATH% before %CD% to load the shell on Windows
• 0776b99 Merge branch '5.4' into 6.4
• d94dda5 [Process] Fix escaping /X arguments on Windows
• 836d34f Merge branch '5.4' into 6.4
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 30.33%. Comparing base (1081438) to head (b8d96f5).

Additional details and impacted files

@@            Coverage Diff            @@
##             master     #382   +/-   ##
=========================================
  Coverage     30.33%   30.33%           
  Complexity      523      523           
=========================================
  Files            79       79           
  Lines          2001     2001           
=========================================
  Hits            607      607           
  Misses         1394     1394           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.