Support Laravel 13, drop Laravel 12 and update dependencies#25
Merged
Conversation
This is a framework-agnostic library, so Laravel-13 compatibility means aligning PHP/dependency constraints rather than a framework bump: - Bump phpunit/phpunit ^12.4 -> ^13.2 (only outdated major) - Refresh composer.lock to latest (phpunit 13.2.0, collision 8.9.4, carbon 3.11.4, symfony 8.1, ...) - CI: test on PHP 8.4 and 8.5 (both supported by Laravel 13), bump checkout@v5 and cache@v4 - Drop Laravel-specific leftovers: StyleCI preset laravel -> psr12, remove "PHP Package Boilerplate" README section PHP floor kept at >=8.4 (Laravel 13 requires 8.3+; 13.3+ needs 8.4). All 37 tests pass under PHPUnit 13. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Collision was a leftover from the Laravel package boilerplate and was never wired into PHPUnit (no extension registered in phpunit.xml.dist), so it added nothing. Removing it also drops filp/whoops, nunomaduro/termwind and symfony/console from the dev tree. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
marianogoldman
added a commit
that referenced
this pull request
Jun 13, 2026
Rebuild CHANGELOG.md in Keep a Changelog format from every tagged release (v0.0.1 through v4.1.2) using the GitHub release notes and the merged PRs between tags. The Unreleased section also captures the changes already on master without a release yet (#25, #26) alongside the security hardening. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
marianogoldman
added a commit
that referenced
this pull request
Jun 13, 2026
* Harden scheduling against unbounded ranges and invalid input Security review follow-up. No injection or vulnerable dependencies were found; the realistic risks were resource exhaustion and weak input validation. This addresses them: - Cap requested date ranges (DoS guard). WeeklyScheduleAgenda, AgendaSlotter and DaySlotter now take an optional maxDays argument (default 366, 0 disables) and throw DateRangeTooLargeException when the [from, to] window is larger, via a shared DateRangeGuard. - Reject non-positive duration/step (and negative timeAfter/timeBefore) in the slotters with InvalidArgumentException, preventing degenerate zero-interval loops. - Validate WeeklySchedule times strictly as a time of day (HH:MM or HH:MM:SS, 00:00-23:59), rejecting relative expressions such as "now". - Throw a clear Exception on malformed/non-object JSON in WeeklySchedule::fromJson() instead of a TypeError. Docs (README caveats + schema note) and CHANGELOG updated. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]> * Reconstruct historical changelog from past releases Rebuild CHANGELOG.md in Keep a Changelog format from every tagged release (v0.0.1 through v4.1.2) using the GitHub release notes and the merged PRs between tags. The Unreleased section also captures the changes already on master without a release yet (#25, #26) alongside the security hardening. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]> --------- Co-authored-by: Claude Opus 4.8 (1M context) <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Context
puntodev/bookablesis a framework-agnostic library (it does not depend on Laravel). So "Laravel 13 compatibility / dropping Laravel 12" really means aligning the PHP and dependency constraints rather than bumping a framework. In fact it was already installable alongside Laravel 13 (PHP 8.4 ≥ the 8.3 L13 requires; Carbon ^3 is what L13 uses).Changes
composer.json:phpunit/phpunit^12.4→^13.2(the only outdated major). All other constraints already covered the latest releases.composer.lock: refreshed to latest — PHPUnit 13.2.0, collision 8.9.4, carbon 3.11.4, symfony 8.1, etc. No security advisories..github/workflows/php.yml: matrix over PHP8.4+8.5(both supported by Laravel 13),actions/checkout@v5,actions/cache@v4with a per-version cache key..styleci.yml: presetlaravel→psr12(framework-agnostic).README.md: removed the "PHP Package Boilerplate" section (the only Laravel reference).Notes
>=8.4(Laravel 13 requires 8.3+; 13.3+ effectively needs 8.4).collisionv9 yet;8.9.4declaresconflict: phpunit >=14and dev-requireslaravel/framework ^13.5.0, so it is the correct version for L13.Verification
phpunit.xml.dist;failOnPhpunitDeprecation=trueis enabled → zero deprecations).composer validatepasses.🤖 Generated with Claude Code