Laravel 12.31.1 Shift

[lancepioch]

This pull request includes updates for the recent patch version release of Laravel as well as bumps your package dependencies. You may review the full list of changes in the Laravel Release Notes.

Before merging, you need to:

• Checkout the shift-ci-v12.31.1 branch
• Review all pull request comments for additional changes
• Run composer update
• Thoroughly test your application (no tests?, no CI?)

[coderabbitai]

Note

Currently processing new changes in this PR. This may take a few minutes, please wait...

📥 Commits

Reviewing files that changed from the base of the PR and between 9c74ca9 and d706942.

⛔ Files ignored due to path filters (4)

• public/fonts/filament/filament/inter/inter-cyrillic-ext-wght-normal-IYF56FF6.woff2 is excluded by !**/*.woff2
• public/fonts/filament/filament/inter/inter-cyrillic-wght-normal-JEOLYBOO.woff2 is excluded by !**/*.woff2
• public/fonts/filament/filament/inter/inter-greek-ext-wght-normal-EOVOK2B5.woff2 is excluded by !**/*.woff2
• public/fonts/filament/filament/inter/inter-greek-wght-normal-IRE366VL.woff2 is excluded by !**/*.woff2

📒 Files selected for processing (7)

• public/fonts/filament/filament/inter/index.css (1 hunks)
• public/js/filament/forms/components/select.js (1 hunks)
• public/js/filament/notifications/notifications.js (1 hunks)
• public/js/filament/schemas/components/actions.js (1 hunks)
• public/js/filament/schemas/schemas.js (1 hunks)
• public/js/filament/tables/components/columns/select.js (1 hunks)
• public/js/filament/tables/tables.js (1 hunks)

 _________________________________________________
< SNAFU: Situation Normal, All Faults Understood. >
 -------------------------------------------------
  \
   \   (\__/)
       (•ㅅ•)
       / 　 づ

Tip

CodeRabbit can use your project's `phpstan` configuration to improve the quality of PHP code reviews.

Add a configuration file to your project to customize how CodeRabbit runs phpstan.

📝 Walkthrough

Walkthrough

Updates version constraints in composer.json for several PHP packages (aws/aws-sdk-php, guzzlehttp/guzzle, laravel/framework, laravel/sanctum, laravel/socialite, spatie/laravel-permission). No files added or removed; no code or API changes.

Changes

Cohort / File(s)	Summary of Changes
Dependency version bumps composer.json	Updated require versions: aws/aws-sdk-php ^3.351 → ^3.356; guzzlehttp/guzzle ^7.9 → ^7.10; laravel/framework ^12.23 → ^12.31; laravel/sanctum ^4.1 → ^4.2; laravel/socialite ^5.21 → ^5.23; spatie/laravel-permission ^6.20 → ^6.21.

Possibly related PRs

• Laravel 12.22.1 Shift #1580: Also updates composer.json to bump laravel/framework constraint (to ^12.22).
• Laravel 12.23.1 Shift #1604: Also adjusts laravel/framework version in composer.json.

Pre-merge checks

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title "Laravel 12.31.1 Shift" concisely identifies the primary change (upgrading Laravel to v12.31.1) and aligns with the composer.json dependency bump shown in the changeset, so it accurately reflects the main intent of the PR.
Description Check	✅ Passed	The description explicitly states the Laravel v12.31.1 update and package dependency bumps, links the Laravel release notes, and lists required pre-merge steps (checkout branch, run composer update, test), which directly relate to the changes in composer.json.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

composer.json (1)

36-36: spatie/laravel-permission ^6.21: clear permission cache post‑deploy.

Upgrades can leave stale permission caches. Plan to reset cache during deployment.

Suggested steps:

• php artisan permission:cache-reset
• If you cache the app: php artisan cache:clear && php artisan config:clear
• Verify no pending package migrations (none expected for this minor, but check).

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4792542 and 9c74ca9.

⛔ Files ignored due to path filters (1)

• composer.lock is excluded by !**/*.lock

📒 Files selected for processing (1)

• composer.json (2 hunks)

🔇 Additional comments (5)

composer.json (5)

12-12: AWS SDK bump: verify Guzzle compatibility and any custom handlers.

Repo-wide scan for HandlerStack, Middleware::, new Client(...), requestAsync, Pool::batch and HandlerStack::create returned no matches; still manually sanity‑check any custom HandlerStack/middleware, retry handlers, or dynamically‑loaded Guzzle integrations before bumping.

---

17-20: composer.json: platform.php is pinned to 8.2 — confirm CI/production or update platform

composer.json shows config.platform.php = 8.2 while require.php = ^8.2 || ^8.3 || ^8.4. Ensure CI/production runs PHP 8.2 or update config.platform.php (or narrow require.php) to match the runtime to avoid dependency-resolution drift.

---

17-17: composer.lock pins laravel/framework v12.31.1 — run full test suite

composer.lock contains laravel/framework v12.31.1 (OK). Run the full test suite — integration tests and providers reference framework internals (Event::fake, Bus::fake, resolve(), RateLimiter::for, Gate::before), e.g. tests/Integration/** and app/Providers/{AppServiceProvider.php,RouteServiceProvider.php}.

---

19-20: Auth surface bumps (Sanctum, Socialite) — re-run OAuth/API auth flows.

Minor dependency bumps; re-verify SPA token/cookie behavior, stateful domains/expiry, custom token model, and provider redirects/callbacks/scopes.

• Sanctum: check stateful domains and current URL, Sanctum::usePersonalAccessTokenModel(ApiKey::class), overridden createToken/tokens in app/Models/Traits/HasAccessTokens.php, middleware/auth usage and token creation sites: config/sanctum.php, app/Providers/AppServiceProvider.php, app/Models/Traits/HasAccessTokens.php, bootstrap/app.php, app/Filament/Pages/Auth/EditProfile.php, app/Http/Controllers/Api/Client/ApiKeyController.php, app/Services/Users/UserCreationService.php.
• Socialite: re-test registered providers and redirects/callbacks/scopes — Authentik and Discord are registered in app/Providers/Extensions/OAuthServiceProvider.php; Socialite used in app/Filament/Pages/Auth/EditProfile.php and app/Http/Controllers/Auth/OAuthController.php. Steam not found in search — verify if still required.

---

16-16: Guzzle ^7.10 — verify timeouts / handler / 'verify' usage

Search found multiple Guzzle/Laravel HTTP touchpoints; confirm no deprecated APIs or changed transport/cURL semantics affect these paths:

• config/panel.php (guzzle timeout/connect_timeout) — lines ~15–16
• app/Providers/AppServiceProvider.php — withOptions(['verify' => ...]), timeout/connectTimeout — lines ~92–95
• app/Repositories/Daemon/DaemonFileRepository.php — long timeouts (6015, 602) — lines ~161, ~181, ~239
• app/Models/Node.php — connectTimeout(1)->timeout(1) — lines ~363–366, ~383–386
• app/Repositories/Daemon/DaemonServerRepository.php — getHttpClient()->connectTimeout(1)->timeout(1) — line ~23
• app/Services/Helpers/SoftwareVersionService.php — Http::timeout(5)->connectTimeout(1) — lines ~19, ~37
• app/Filament/Admin/Pages/Settings.php — Cloudflare/setting calls using timeout/connectTimeout and GUI defaults — lines ~245–249, ~669–683
• app/Extensions/Captcha/Schemas/Turnstile/TurnstileSchema.php — timeout/connectTimeout — lines ~81–83
• app/Console/Commands/Maintenance/PruneImagesCommand.php — connectTimeout(5)->timeout(30) — lines ~38–41

Manual verification of these call sites (and any custom handler/Pool/HandlerStack usage) recommended to catch deprecation warnings or changed transport assumptions.