Bump the minor-updates group across 1 directory with 11 updates

[dependabot]

Bumps the minor-updates group with 9 updates in the / directory:

Package	From	To
dedoc/scramble	0.12.36	0.13.28
flowframe/laravel-trend	0.4.0	0.5.0
gotenberg/gotenberg-php	2.21.0	2.23.0
laravel/octane	2.17.4	2.17.5
owen-it/laravel-auditing	14.0.3	14.0.4
fumeapp/modeltyper	3.10.0	3.11.0
larastan/larastan	3.9.6	3.10.0
laravel/pint	1.29.1	1.29.3
laravel/sail	1.60.0	1.62.0

Updates dedoc/scramble from 0.12.36 to 0.13.28

Release notes

Sourced from dedoc/scramble's releases.

v0.13.28

What's Changed

• Fix pre-serialized class map (failed in some cases due to new data on property definition)

Full Changelog: dedoc/scramble@v0.13.27...v0.13.28

v0.13.27

What's Changed

• Silence some PHP 8.5 deprecations (null array offset, preg_replace null) by @​dabrandstetter in dedoc/scramble#1155
• Add ability to cache OpenAPI document by @​romalytvynenko in dedoc/scramble#1178
• Plain objects documnetation by @​romalytvynenko in dedoc/scramble#1181

New Contributors

• @​dabrandstetter made their first contribution in dedoc/scramble#1155

Full Changelog: dedoc/scramble@v0.13.26...v0.13.27

v0.13.26

What's Changed

• Fix missing Reference type during parameters serialization by @​romalytvynenko in dedoc/scramble#1177

Full Changelog: dedoc/scramble@v0.13.25...v0.13.26

v0.13.25

What's Changed

• Add #[IgnoreParam] attribute support by @​WendellAdriel in dedoc/scramble#1176
• Add UI renderers support (Scalar, etc.) by @​romalytvynenko in dedoc/scramble#1175

New Contributors

• @​WendellAdriel made their first contribution in dedoc/scramble#1176

Full Changelog: dedoc/scramble@v0.13.24...v0.13.25

v0.13.24

What's Changed

• Improve inference: __ support, facades support, array destructuring support by @​romalytvynenko in dedoc/scramble#1167 and dedoc/scramble#1172
• Add include/exclude filtering to scramble.api_path by @​romalytvynenko in dedoc/scramble#1168
• Automatically document API authentication by @​romalytvynenko in dedoc/scramble#1170
• Improve inference by dropping type of calls to non-existing methods in unions in dedoc/scramble#1171
• Added newCollection support on models by @​romalytvynenko in dedoc/scramble#1171
• Add Responsable support by @​romalytvynenko in dedoc/scramble#1173

Full Changelog: dedoc/scramble@v0.13.23...v0.13.24

v0.13.23

What's Changed

• Support real-time Facades by @​jcsoriano in dedoc/scramble#1146
• Support type inference for method calls and property access on union types by @​romalytvynenko in dedoc/scramble#1151

... (truncated)

Commits

• e50927c Fix styling
• 3a4b813 improved class definition serialization
• fc49ce9 fix test
• 5b067b1 Plain objects documnetation (#1181)
• d89bf45 Add ability to cache OpenAPI document (#1178)
• ad1233f fix: silence PHP 8.5 deprecations for null array offset and preg_replace null...
• 5ca42b5 fix reference (#1177)
• 6198566 fix tests
• 5b593da Add UI renderers support (Scalar, etc.) (#1175)
• 04ddbae Add IgnoreParam attribute support (#1176)
• Additional commits viewable in compare view

Updates flowframe/laravel-trend from 0.4.0 to 0.5.0

Release notes

Sourced from flowframe/laravel-trend's releases.

v0.5.0

What's Changed

• Laravel 13.x Compatibility by @​laravel-shift in Flowframe/laravel-trend#96

Full Changelog: Flowframe/laravel-trend@v0.4.0...v0.5.0

Commits

• 1b968af Laravel 13.x Compatibility (#96)
• See full diff in compare view

Updates gotenberg/gotenberg-php from 2.21.0 to 2.23.0

Release notes

Sourced from gotenberg/gotenberg-php's releases.

v2.23.0

This release brings the client up-to-date with the latest Gotenberg version.

New class:

• Gotenberg\FacturX

New methods:

• $chromium->pdf->facturX
• $libreoffice->facturX
• $pdfengines->facturX
• $pdfengines->injectFacturX
• ->allowPrinting (Chromium, LibreOffice, PDF Engines)
• ->allowCopying (Chromium, LibreOffice, PDF Engines)
• ->allowModifying (Chromium, LibreOffice, PDF Engines)
• ->allowAnnotating (Chromium, LibreOffice, PDF Engines)
• ->allowFillingForms (Chromium, LibreOffice, PDF Engines)
• ->allowAssembling (Chromium, LibreOffice, PDF Engines)

See https://github.com/gotenberg/gotenberg/releases/tag/v8.34.0 for more details.

v2.22.0

This release brings the client up-to-date with the latest Gotenberg version.

New method:

• $chromium->screenshot->deviceScaleFactor

See https://github.com/gotenberg/gotenberg/releases/tag/v8.33.0 for more details.

Commits

• fb33203 feat(pdfengines): add Factur-X API and encryption permissions
• 2c27c89 chore(deps): bump codecov/codecov-action from 6 to 7
• d2a6f10 feat(chromium): add deviceScaleFactor for screenshots
• 955f02d docs(README): switch logo URL [skip ci]
• See full diff in compare view

Updates guzzlehttp/guzzle from 7.10.3 to 7.12.0

Release notes

Sourced from guzzlehttp/guzzle's releases.

7.12.0

Added

• Added RequestOptions constants for curl, retries, and stream_context

Changed

• Adjusted guzzlehttp/psr7 version constraint to ^2.12
• Constrain cURL transport sharing to safe libcurl DNS and SSL session support
• Resolve proxy environment variables in the cURL handlers; libcurl no longer reads the environment itself
• Ignore proxy environment variables when the proxy request option makes a decision
• Disable proxy environment variables on Windows SAPIs other than CLI (httpoxy hardening)
• Redact proxy credentials from cURL handler error messages, following Psr7\Utils::redactUserInfo()
• Normalize no-proxy domain and IP literal matching across the cURL and stream handlers

Deprecated

• Deprecated the request-level handler option, which will be ignored in 8.0
• Deprecated raw cURL request options outside the built-in cURL handlers' allow-list
• Deprecated the CURLOPT_PROXYTYPE cURL request option; set the proxy type via a scheme-prefixed proxy URL
• Deprecated PHP stream context options outside the built-in stream handler allow-list
• Deprecated passing ntlm as a built-in auth type
• Deprecated Utils::describeType()
• Deprecated non-finite floats in the query and form_params options; 8.0 rejects them
• Deprecated non-string scalar values in the body option; 8.0 rejects them

Fixed

• Fix cURL TLS and HTTP/2 capability detection using libcurl feature checks
• Fix proxy no list matches being re-proxied through environment-configured proxies by libcurl
• Fix no list and NO_PROXY matching to support IP CIDR ranges, matching libcurl
• Fix the stream handler not applying scheme-less proxies and their credentials

7.11.2

Fixed

• Fixed non-finite float values emitting coercion warnings on PHP 8.5

Release 7.11.1

Fixed

• Ignore request-level transport_sharing, matching other unknown request options

Release 7.11.0

Added

• Added support for providing the proxy request option's no value as a comma-delimited string
• Added the protocols request option to restrict allowed URI schemes for request transfers
• Added cert_type and ssl_key_type request options for TLS certificate and private-key file types
• Added PHP stream handler support for the ssl_key request option

... (truncated)

Changelog

Sourced from guzzlehttp/guzzle's changelog.

7.12.0 - 2026-06-16

Added

• Added RequestOptions constants for curl, retries, and stream_context

Changed

• Adjusted guzzlehttp/psr7 version constraint to ^2.12
• Constrain cURL transport sharing to safe libcurl DNS and SSL session support
• Resolve proxy environment variables in the cURL handlers; libcurl no longer reads the environment itself
• Ignore proxy environment variables when the proxy request option makes a decision
• Disable proxy environment variables on Windows SAPIs other than CLI (httpoxy hardening)
• Redact proxy credentials from cURL handler error messages, following Psr7\Utils::redactUserInfo()
• Normalize no-proxy domain and IP literal matching across the cURL and stream handlers

Deprecated

• Deprecated the request-level handler option, which will be ignored in 8.0
• Deprecated raw cURL request options outside the built-in cURL handlers' allow-list
• Deprecated the CURLOPT_PROXYTYPE cURL request option; set the proxy type via a scheme-prefixed proxy URL
• Deprecated PHP stream context options outside the built-in stream handler allow-list
• Deprecated passing ntlm as a built-in auth type
• Deprecated Utils::describeType()
• Deprecated non-finite floats in the query and form_params options; 8.0 rejects them
• Deprecated non-string scalar values in the body option; 8.0 rejects them

Fixed

• Fix cURL TLS and HTTP/2 capability detection using libcurl feature checks
• Fix proxy no list matches being re-proxied through environment-configured proxies by libcurl
• Fix no list and NO_PROXY matching to support IP CIDR ranges, matching libcurl
• Fix the stream handler not applying scheme-less proxies and their credentials

7.11.2 - 2026-06-12

Fixed

• Fixed non-finite float values emitting coercion warnings on PHP 8.5

7.11.1 - 2026-06-07

Fixed

• Ignore request-level transport_sharing, matching other unknown request options

7.11.0 - 2026-06-02

... (truncated)

Commits

• eaa8159 Release 7.12.0
• e0d3349 Adjusted guzzlehttp/psr7 version constraint and corrected links (#3646)
• 8ca9415 Normalize scalar body request options (#3644)
• 1a8d3aa Translate scheme-less proxies and their credentials in the stream handler (#3...
• 751f7a5 Revert too aggressive authenticated proxy tunnel reuse mitigation (#3641)
• d5be98c Deprecate the CURLOPT_PROXYTYPE cURL request option (#3632)
• fa33c8e Deprecate non-string scalar values in the body request option (#3631)
• a19ce18 Deprecate non-finite floats in the query and form_params options (#3623)
• 03cada3 Merge branch '7.11' into 7.12
• bf5f35a Release 7.11.2
• Additional commits viewable in compare view

Updates laravel/framework from 12.60.2 to 12.62.0

Release notes

Sourced from laravel/framework's releases.

v12.62.0

• [12.x] Add JSON Schema array deserializer by @​pushpak1300 in laravel/framework#60387
• [12.x] Skip pg_collation lookup in compileColumns() on PostgreSQL servers before 9.1 by @​fissible in laravel/framework#60400
• [12.x] Add multi-type union support to Illuminate JsonSchema by @​pushpak1300 in laravel/framework#60462

v12.61.1

• [12.x] Preserve empty HTTP attach contents by @​GrahamCampbell in laravel/framework#60291
• Fix @​params typo in Fluent and MessageBag toPrettyJson() docblocks by @​Amirhf1 in laravel/framework#60313
• [12.x] Fix regex typo in Env::addVariableToEnvContents that prevented quotin… by @​Amirhf1 in laravel/framework#60312
• [12.x] Fix Number::trim() returning null for INF and NAN values by @​Amirhf1 in laravel/framework#60322
• [12.x] Fix FIFO queue name normalization in Cloud managed queues by @​kieranbrown in laravel/framework#60316
• [12.x] Fix Number::pairs() infinite loop when $by is zero or negative by @​Amirhf1 in laravel/framework#60324
• [12.x] Ensure path seperators aren't encoded in LocalFilesystemAdapter by @​jackbayliss in laravel/framework#60350
• [12.x] Ensure config is bound before trying to log deprecation notice by @​crynobone in laravel/framework#60376

v12.61.0

• [12.x] Accept Symfony's new control-characters exception message in mailer test by @​kieranbrown in laravel/framework#60203
• [12.x] Fix queue:failed command to show real class name by @​clementmas in laravel/framework#60279
• [12.x] Throw ManagedQueueNotFoundException when a managed queue is missing by @​kieranbrown in laravel/framework#60276

Commits

• f7e61eb Update version to v12.62.0
• 0d23f6a [12.x] Add multi-type union support to Illuminate JsonSchema (#60462)
• cf6681c [12.x] Skip pg_collation lookup in compileColumns() on PostgreSQL servers bef...
• 127dcda [12.x] Add JSON Schema array deserializer (#60387)
• d01a390 Update CHANGELOG
• e8472ca Update version to v12.61.1
• 61d5557 [12.x] Ensure config is bound before trying to log deprecation notice (#60376)
• 12df688 [12.x] Ensure path seperators aren't encoded in LocalFilesystemAdapter (#60350)
• 33afd1e [12.x] Fix Number::pairs() infinite loop when $by is zero or negative (#60324)
• e854b8c Fix FIFO queue name normalization in Cloud managed queues (#60316)
• Additional commits viewable in compare view

Updates laravel/octane from 2.17.4 to 2.17.5

Release notes

Sourced from laravel/octane's releases.

v2.17.5

• fix: prevent frankenphp-worker from spitting html into stdout by @​Carnicero90 in laravel/octane#1127
• Enhance Boost guidelines with comprehensive Octane AI context by @​rupeshstha in laravel/octane#1122
• GitHub Actions hardening by @​nunomaduro in laravel/octane#1131
• Bump actions/checkout from 4.3.1 to 6.0.3 in the github-actions group by @​dependabot[bot] in laravel/octane#1132
• [2.x] Fix Symfony 8.1 compatibility for Swoole by @​crynobone in laravel/octane#1134
• Pin pull requests and issues workflows to least-privilege reusable workflows by @​nunomaduro in laravel/octane#1136
• Pin pull requests and issues workflows to latest laravel/.github by @​nunomaduro in laravel/octane#1137
• Add Dependabot cooldown of 5 days by @​nunomaduro in laravel/octane#1138
• Enable Dependabot auto-merge by @​nunomaduro in laravel/octane#1139

Changelog

Sourced from laravel/octane's changelog.

v2.17.5 - 2026-06-04

• fix: prevent frankenphp-worker from spitting html into stdout by @​Carnicero90 in laravel/octane#1127
• Enhance Boost guidelines with comprehensive Octane AI context by @​rupeshstha in laravel/octane#1122
• GitHub Actions hardening by @​nunomaduro in laravel/octane#1131
• Bump actions/checkout from 4.3.1 to 6.0.3 in the github-actions group by @​dependabot[bot] in laravel/octane#1132
• [2.x] Fix Symfony 8.1 compatibility for Swoole by @​crynobone in laravel/octane#1134
• Pin pull requests and issues workflows to least-privilege reusable workflows by @​nunomaduro in laravel/octane#1136
• Pin pull requests and issues workflows to latest laravel/.github by @​nunomaduro in laravel/octane#1137
• Add Dependabot cooldown of 5 days by @​nunomaduro in laravel/octane#1138
• Enable Dependabot auto-merge by @​nunomaduro in laravel/octane#1139

Commits

• 058ae4d Enable Dependabot auto-merge (#1139)
• 2789524 Add Dependabot cooldown of 5 days (#1138)
• 218dfb0 Merge pull request #1137 from laravel/chore/pin-reusable-workflows-latest
• 2881126 Pin pull requests and issues workflows to latest laravel/.github
• 39fc747 Merge pull request #1136 from laravel/fix/pin-least-privilege-reusable-workflows
• 4086bfb Pin pull requests and issues workflows to least-privilege reusable workflows
• 53bdeab [2.x] Fix Symfony 8.1 compatibility for Swoole (#1134)
• adf4f86 Merge pull request #1132 from laravel/dependabot/github_actions/github-action...
• 2a4b35c Bump actions/checkout from 4.3.1 to 6.0.3 in the github-actions group
• 0bd60a5 Merge pull request #1131 from laravel/chore/github-actions-hardening
• Additional commits viewable in compare view

Updates owen-it/laravel-auditing from 14.0.3 to 14.0.4

Release notes

Sourced from owen-it/laravel-auditing's releases.

v14.0.4

What's Changed

• Refactor model property access using ReflectionClass by @​erikn69 in owen-it/laravel-auditing#1055
• Avoid stopping other update events when restoring by @​erikn69 in owen-it/laravel-auditing#1054

Full Changelog: owen-it/laravel-auditing@v14.0.3...v14.0.4

Commits

• 4268b7a Avoid stopping other update events when restoring (#1054)
• a712249 Refactor model property access using ReflectionClass (#1055)
• See full diff in compare view

Updates fumeapp/modeltyper from 3.10.0 to 3.11.0

Release notes

Sourced from fumeapp/modeltyper's releases.

v3.11.0

What's Changed

• fix composer stan issues from latest larastan update by @​tcampbPPU in fumeapp/modeltyper#125
• Honour optional flag in $laravelModel->interfaces to support optional relationships by @​cjholowatyj in fumeapp/modeltyper#123
• Follow up to #110: set-only mutators with enum casts by @​lorenzodalaqua in fumeapp/modeltyper#124

New Contributors

• @​cjholowatyj made their first contribution in fumeapp/modeltyper#123

Full Changelog: fumeapp/modeltyper@v3.10.0...v3.11.0

Commits

• fe803e4 Follow up to #110: set-only mutators with enum casts (#124)
• 58ca0f5 Honour optional flag in $laravelModel->interfaces to support optional relatio...
• e5824e8 fix composer stan issues from latest larastan update (#125)
• See full diff in compare view

Updates larastan/larastan from 3.9.6 to 3.10.0

Release notes

Sourced from larastan/larastan's releases.

3.10.0

What's Changed

Added

• PHPStan 2.2.0 compatibility
• Update codestyle check to latest version by @​jnoordsij in larastan/larastan#2484
• Add export-ignore for assets directory in .gitattributes by @​joke2k in larastan/larastan#2490
• Add type narrowing for where method on collections by @​jnoordsij in larastan/larastan#2483

Fixed

• fix: invalid parameter name by @​calebdw in larastan/larastan#2488
• Fix failing tests on Windows by @​jnoordsij in larastan/larastan#2486

Internal

• Allow PHPUnit v13 by @​jnoordsij in larastan/larastan#2485
• docs: update coding style guidelines in CONTRIBUTING.md by @​haratake22 in larastan/larastan#2447

New Contributors

• @​joke2k made their first contribution in larastan/larastan#2490

Full Changelog: larastan/larastan@v3.9.6...v3.10.0

Commits

• 2970f83 feat: add type narrowing for where method on collections (#2483)
• 936f20b fix failing tests on Windows (#2486)
• c856507 Add export-ignore for assets directory in .gitattributes (#2490)
• 9b014b5 chore: bump phpstan memory limit
• d58d982 chore: run SA on Laravel 13 too
• 7c4347c docs: use correct coding standard name
• 1e243f1 docs: update coding style guidelines in CONTRIBUTING.md (#2447)
• 45a4414 chore: update codestyle check to latest version (#2484)
• 0e774c5 chore: allow PHPUnit v13 (#2485)
• 9ef66e1 fix: invalid parameter name (#2488)
• Additional commits viewable in compare view

Updates laravel/pint from 1.29.1 to 1.29.3

Release notes

Sourced from laravel/pint's releases.

v1.29.3

Full Changelog: laravel/pint@v1.29.2...v1.29.3

v1.29.2

• fix: no longer accepts loading a configuration over insecure http
• fix: sends errors to stderr
• chore: various actions regarding github security
• chore: uses laravel/agent-detector

Changelog

Sourced from laravel/pint's changelog.

Release Notes

Unreleased

v1.29.2 - 2026-06-16

• fix: no longer accepts loading a configuration over insecure http
• fix: sends errors to stderr
• chore: various actions regarding github security
• chore: uses laravel/agent-detector

Commits

• da1d111 Release 1.29.3
• 998226b chore: fixes release process
• fc69589 Update CHANGELOG
• 88493e9 Release 1.29.2
• 5ba17b6 chore: bumps php cs fixer
• bf8bda0 chore: bump dependencies
• 066c2d9 Reject loading configuration over plaintext HTTP (#441)
• f6f38c9 Bump actions/checkout from 6.0.2 to 6.0.3 in the github-actions group (#442)
• ad2f64a Enable Dependabot auto-merge (#440)
• 1c0660c Add Dependabot cooldown of 5 days (#439)
• Additional commits viewable in compare view

Updates laravel/sail from 1.60.0 to 1.62.0

Release notes

Sourced from laravel/sail's releases.

v1.62.0

Full Changelog: laravel/sail@v1.61.0...v1.62.0

v1.61.0

• [1.x] Fix RabbitMQ service stub using invalid env var names (#873) by @​YoussefMansour9 in laravel/sail#874

Changelog

Sourced from laravel/sail's changelog.

v1.62.0 - 2026-05-27

Full Changelog: laravel/sail@v1.61.0...v1.62.0

v1.61.0 - 2026-05-23

• [1.x] Fix RabbitMQ service stub using invalid env var names (#873) by @​YoussefMansour9 in laravel/sail#874

Commits

• 3aaeefc Update CHANGELOG
• 68ef350 Fix RabbitMQ service stub using invalid env var names (#874)
• 9541d21 Update CHANGELOG
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions