Skip to content

⬆️ Updates Nov 2025 #202

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
wunc merged 9 commits into from
Nov 19, 2025
Merged

⬆️ Updates Nov 2025 #202

wunc merged 9 commits into from
Nov 19, 2025

Conversation

@wunc
Copy link
Collaborator

@wunc wunc commented Nov 18, 2025

Dependency updates, including security fixes. Also, notably:

  • Remove puppeteer as a project dependency. This should be installed globally on the server instead.
  • Override Laravel Mix dependency webpack-dev-server with newer version to explicitly address security
  • Update browsershot
    • this will require upgrading Node, Puppeteer, and Chrome on the server when deployed
    • allow configuring basic auth for PDF generator calls
  • Update Sentry to enable logging feature
  • Update Trix and disable the Trix editor file upload feature

wunc added 8 commits November 14, 2025 18:02
@wunc
Composer updates
2645ffe 
Package operations: 1 install, 120 updates, 2 removals
- Removing symfony/polyfill-php72 (v1.29.0)
- Removing doctrine/cache (2.2.0)
- Upgrading php-http/discovery (1.19.4 => 1.20.0)
- Upgrading voku/portable-ascii (2.0.1 => 2.0.3)
- Upgrading symfony/polyfill-php80 (v1.29.0 => v1.33.0)
- Upgrading symfony/polyfill-mbstring (v1.29.0 => v1.33.0)
- Upgrading symfony/polyfill-ctype (v1.29.0 => v1.33.0)
- Upgrading phpoption/phpoption (1.9.2 => 1.9.4)
- Upgrading graham-campbell/result-type (v1.1.2 => v1.1.3)
- Upgrading vlucas/phpdotenv (v5.6.0 => v5.6.2)
- Upgrading symfony/css-selector (v7.1.1 => v7.3.6)
- Upgrading tijsverkoyen/css-to-inline-styles (v2.2.7 => v2.3.0)
- Upgrading symfony/deprecation-contracts (v3.5.0 => v3.6.0)
- Upgrading symfony/var-dumper (v6.4.8 => v6.4.26)
- Upgrading symfony/polyfill-uuid (v1.29.0 => v1.33.0)
- Upgrading symfony/uid (v6.4.8 => v6.4.24)
- Upgrading symfony/routing (v6.4.8 => v6.4.28)
- Upgrading symfony/process (v6.4.15 => v6.4.26)
- Upgrading symfony/polyfill-intl-normalizer (v1.29.0 => v1.33.0)
- Upgrading symfony/polyfill-intl-idn (v1.29.0 => v1.33.0)
- Upgrading symfony/mime (v6.4.8 => v6.4.26)
- Upgrading symfony/service-contracts (v3.5.0 => v3.6.1)
- Upgrading symfony/event-dispatcher-contracts (v3.5.0 => v3.6.0)
- Upgrading symfony/event-dispatcher (v7.1.1 => v7.3.3)
- Upgrading psr/log (3.0.0 => 3.0.2)
- Upgrading egulias/email-validator (4.0.2 => 4.0.4)
- Upgrading symfony/mailer (v6.4.8 => v6.4.27)
- Upgrading symfony/polyfill-php83 (v1.29.0 => v1.33.0)
- Upgrading symfony/http-foundation (v6.4.15 => v6.4.29)
- Upgrading symfony/error-handler (v6.4.8 => v6.4.26)
- Upgrading symfony/http-kernel (v6.4.8 => v6.4.29)
- Upgrading symfony/finder (v6.4.8 => v6.4.27)
- Upgrading symfony/polyfill-intl-grapheme (v1.29.0 => v1.33.0)
- Upgrading symfony/string (v7.1.1 => v7.3.4)
- Upgrading symfony/console (v6.4.8 => v6.4.27)
- Upgrading ramsey/collection (2.0.0 => 2.1.1)
- Upgrading brick/math (0.12.1 => 0.12.3)
- Upgrading ramsey/uuid (4.7.6 => 4.9.1)
- Upgrading nunomaduro/termwind (v1.15.1 => v1.17.0)
- Upgrading symfony/translation-contracts (v3.5.0 => v3.6.1)
- Upgrading symfony/translation (v6.4.8 => v6.4.26)
- Upgrading nesbot/carbon (2.72.5 => 2.73.0)
- Upgrading monolog/monolog (3.6.0 => 3.9.0)
- Upgrading league/mime-type-detection (1.15.0 => 1.16.0)
- Upgrading league/flysystem (3.28.0 => 3.30.2)
- Upgrading league/flysystem-local (3.28.0 => 3.30.2)
- Upgrading nette/utils (v4.0.4 => v4.0.8)
- Upgrading nette/schema (v1.3.0 => v1.3.3)
- Upgrading dflydev/dot-access-data (v3.0.2 => v3.0.3)
- Upgrading league/commonmark (2.4.2 => 2.7.1)
- Upgrading laravel/serializable-closure (v1.3.3 => v1.3.7)
- Upgrading laravel/framework (v10.48.23 => v10.49.1)
- Upgrading laravel/prompts (v0.1.23 => v0.1.25)
- Upgrading guzzlehttp/uri-template (v1.0.3 => v1.0.5)
- Upgrading dragonmantank/cron-expression (v3.3.3 => v3.6.0)
- Upgrading doctrine/inflector (2.0.10 => 2.1.0)
- Upgrading aws/aws-crt-php (v1.2.5 => v1.2.7)
- Upgrading barryvdh/reflection-docblock (v2.1.1 => v2.4.0)
- Upgrading composer/pcre (3.1.4 => 3.3.2)
- Upgrading composer/class-map-generator (1.3.4 => 1.6.2)
- Upgrading doctrine/deprecations (1.1.3 => 1.1.5)
- Upgrading doctrine/dbal (3.8.5 => 3.10.3)
- Upgrading fakerphp/faker (v1.23.1 => v1.24.1)
- Upgrading guzzlehttp/psr7 (2.6.2 => 2.8.0)
- Upgrading guzzlehttp/promises (2.0.2 => 2.3.0)
- Upgrading guzzlehttp/guzzle (7.8.1 => 7.10.0)
- Upgrading jean85/pretty-package-versions (2.0.6 => 2.1.1)
- Upgrading nikic/php-parser (v4.19.1 => v4.19.4)
- Upgrading psy/psysh (v0.12.4 => v0.12.14)
- Upgrading laravel/tinker (v2.9.0 => v2.10.1)
- Upgrading laravel/ui (v4.5.2 => v4.6.1)
- Upgrading mtdowling/jmespath.php (2.7.0 => 2.8.0)
- Upgrading aws/aws-sdk-php (3.314.2 => 3.359.13)
- Upgrading league/flysystem-aws-s3-v3 (3.28.0 => 3.30.1)
- Upgrading league/glide (2.3.0 => 2.3.2)
- Upgrading hamcrest/hamcrest-php (v2.0.1 => v2.1.1)
- Upgrading filp/whoops (2.15.4 => 2.18.4)
- Upgrading nunomaduro/collision (v7.10.0 => v7.12.0)
- Installing orchestra/sidekick (v1.2.17)
- Upgrading owen-it/laravel-auditing (v13.6.7 => v13.7.2)
- Upgrading symfony/options-resolver (v7.1.1 => v7.3.3)
- Upgrading php-http/message (1.16.1 => 1.16.2)
- Upgrading php-http/httplug (2.4.0 => 2.4.1)
- Upgrading php-http/client-common (2.7.1 => 2.7.2)
- Upgrading webmozart/assert (1.11.0 => 1.12.1)
- Upgrading phpstan/phpdoc-parser (1.29.1 => 2.3.0)
- Upgrading phpdocumentor/type-resolver (1.8.2 => 1.10.0)
- Upgrading phpdocumentor/reflection-docblock (5.4.1 => 5.6.3)
- Upgrading sebastian/recursion-context (5.0.0 => 5.0.1)
- Upgrading sebastian/exporter (5.1.2 => 5.1.4)
- Upgrading sebastian/comparator (5.0.1 => 5.0.4)
- Upgrading theseer/tokenizer (1.2.3 => 1.3.0)
- Upgrading phpunit/php-code-coverage (10.1.14 => 10.1.16)
- Upgrading myclabs/deep-copy (1.12.0 => 1.13.4)
- Upgrading phpunit/phpunit (10.5.20 => 10.5.58)
- Upgrading symfony/filesystem (v7.1.1 => v7.3.6)
- Upgrading spatie/array-to-xml (3.3.0 => 3.4.1)
- Upgrading netresearch/jsonmapper (v4.4.1 => v4.5.0)
- Upgrading fidry/cpu-core-counter (1.1.0 => 1.3.0)
- Upgrading felixfbecker/language-server-protocol (v1.5.2 => v1.5.3)
- Upgrading composer/semver (3.4.0 => 3.4.4)
- Upgrading amphp/amp (v2.6.4 => v2.6.5)
- Upgrading vimeo/psalm (5.24.0 => 5.26.1)
- Upgrading orchestra/testbench-core (v8.24.3 => v8.39.0)
- Upgrading psalm/plugin-laravel (v2.11.0 => v2.12.1)
- Upgrading nyholm/psr7 (1.8.1 => 1.8.2)
- Upgrading symfony/http-client-contracts (v3.5.0 => v3.6.0)
- Upgrading symfony/http-client (v7.1.8 => v7.3.6)
- Upgrading spatie/temporary-directory (2.2.1 => 2.3.0)
- Upgrading spatie/image-optimizer (1.7.5 => 1.8.0)
- Upgrading spatie/error-solutions (1.0.0 => 1.1.3)
- Upgrading spatie/backtrace (1.6.1 => 1.8.1)
- Upgrading spatie/flare-client-php (1.7.0 => 1.10.1)
- Upgrading spatie/laravel-package-tools (1.16.4 => 1.92.7)
- Upgrading spatie/db-dumper (3.6.0 => 3.8.0)
- Upgrading spatie/laravel-backup (8.8.1 => 8.8.2)
- Upgrading spatie/ignition (1.15.0 => 1.15.1)
- Upgrading spatie/laravel-ignition (2.8.0 => 2.9.1)
- Upgrading maennchen/zipstream-php (3.1.0 => 3.2.0)
- Upgrading spatie/laravel-translatable (6.7.1 => 6.11.4)
- Upgrading spatie/eloquent-sortable (4.4.0 => 4.5.2)
- Upgrading spatie/laravel-tags (4.6.1 => 4.10.1)
- Upgrading ezyang/htmlpurifier (v4.17.0 => v4.19.0)
@wunc
More composer updates
faf8051 
Lock file operations: 0 installs, 2 updates, 0 removals
  - Upgrading aws/aws-sdk-php (3.359.13 => 3.360.0)
  - Upgrading theseer/tokenizer (1.3.0 => 1.3.1)
@wunc
⬆️ updates browsershot v3 to v5
2025a03 
* ⬆️ updates browsershot
* 🔧 updates PDF config. Allows PDF HTTP auth.
@wunc
⬆️ Upgrades sentry-laravel v3 to v4
3eb2992 
Lock file operations: 0 installs, 3 updates, 11 removals
  - Removing clue/stream-filter (v1.7.0)
  - Removing http-interop/http-factory-guzzle (1.2.0)
  - Removing php-http/client-common (2.7.2)
  - Removing php-http/discovery (1.20.0)
  - Removing php-http/httplug (2.4.1)
  - Removing php-http/message (1.16.2)
  - Removing php-http/message-factory (1.1.0)
  - Removing php-http/promise (1.3.1)
  - Removing sentry/sdk (3.6.0)
  - Removing symfony/http-client (v7.3.6)
  - Removing symfony/http-client-contracts (v3.6.0)
  - Upgrading sentry/sentry (3.22.1 => 4.18.1)
  - Upgrading sentry/sentry-laravel (3.8.2 => 4.19.0)
  - Upgrading symfony/psr-http-message-bridge (v2.3.1 => v7.3.0)
@wunc
Npm updates
8713ddf 
- remove puppeteer (this will be installed globally instead)
- update Trix
@wunc
⬆️ NPM security audit fixes
b198aa5 
- Override laravel-mix dependency `webpack-dev-server` to address security. We don't use this on this project, anyway.
@wunc
Recompile assets
7feb00a
@wunc
🔒️ Hide, remove, and disable Trix file uploads
c57661a
@wunc wunc added 📦️ dependencies Update, change, or remove a dependency 🔒 security Security-related labels Nov 18, 2025
@wunc wunc linked an issue Nov 18, 2025 that may be closed by this pull request
PDF export: config for authentication #168
Closed
@wunc wunc merged commit 0ac522f into develop Nov 19, 2025
2 checks passed
@wunc wunc deleted the updates-nov-2025 branch November 19, 2025 00:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

📦️ dependencies Update, change, or remove a dependency 🔒 security Security-related

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

PDF export: config for authentication

2 participants

@wunc