chore(deps): Update Composer dependencies (security-patch)

[nielsdrost7]

Composer Dependency Update

This PR updates Composer dependencies.

Update Type:
Triggered by: schedule

Updated Packages

## Direct Dependencies (from composer.json)

doctrine/dbal: 4.4.1 → 4.4.3
filament/actions: v5.0.0 → v5.4.4
filament/filament: v5.0.0 → v5.4.4
laravel/framework: v12.47.0 → v12.56.0
maatwebsite/excel: 3.1.67 → 3.1.68
nwidart/laravel-modules: v12.0.4 → v12.0.5
spatie/laravel-permission: 6.24.0 → 6.25.0
barryvdh/laravel-debugbar: v3.16.3 → v4.2.4
driftingly/rector-laravel: 2.1.9 → 2.2.0
larastan/larastan: v3.9.0 → v3.9.3
laravel/boost: v1.8.10 → v2.4.1
laravel/pail: v1.2.4 → v1.2.6
laravel/sail: v1.52.0 → v1.56.0
laravel/tinker: v2.11.0 → v3.0.0
nunomaduro/collision: v8.8.3 → v8.9.2
phpunit/phpunit: 11.5.48 → 11.5.55
rector/rector: 2.3.1 → 2.4.0

## Transient Dependencies (indirect)

blade-ui-kit/blade-heroicons: 2.6.0 → 2.7.0
blade-ui-kit/blade-icons: 1.8.0 → 1.9.0
brick/math: 0.14.1 → 0.14.8
chillerlan/php-settings-container: 3.2.1 → 3.3.0
danharrin/livewire-rate-limiting: v2.1.0 → v2.2.0
doctrine/deprecations: 1.1.5 → 1.1.6
filament/forms: v5.0.0 → v5.4.4
filament/infolists: v5.0.0 → v5.4.4
filament/notifications: v5.0.0 → v5.4.4
filament/query-builder: v5.0.0 → v5.4.4
filament/schemas: v5.0.0 → v5.4.4
filament/support: v5.0.0 → v5.4.4
filament/tables: v5.0.0 → v5.4.4
filament/widgets: v5.0.0 → v5.4.4
guzzlehttp/psr7: 2.8.0 → 2.9.0
kirschbaum-development/eloquent-power-joins: 4.2.11 → 4.3.1
laravel/prompts: v0.3.10 → v0.3.16
laravel/serializable-closure: v2.0.8 → v2.0.10
league/commonmark: 2.8.0 → 2.8.2
league/flysystem: 3.30.2 → 3.33.0
league/flysystem-local: 3.30.2 → 3.31.0
league/uri: 7.8.0 → 7.8.1
league/uri-components: 7.8.0 → 7.8.1
league/uri-interfaces: 7.8.0 → 7.8.1
livewire/livewire: v4.0.1 → v4.2.4
nesbot/carbon: 3.11.0 → 3.11.3
nette/php-generator: v4.2.0 → v4.2.2
nette/schema: v1.3.3 → v1.3.5
nette/utils: v4.1.1 → v4.1.3
nunomaduro/termwind: v2.3.3 → v2.4.0
ryangjchandler/blade-capture-directive: v1.1.0 → v1.1.1
spatie/laravel-package-tools: 1.92.7 → 1.93.0
spatie/shiki-php: 2.3.2 → 2.3.3
symfony/clock: v7.4.0 → v7.4.8
symfony/console: v7.4.3 → v7.4.8
symfony/css-selector: v7.4.0 → v7.4.8
symfony/error-handler: v7.4.0 → v7.4.8
symfony/event-dispatcher: v7.4.0 → v7.4.8
symfony/finder: v7.4.3 → v7.4.8
symfony/html-sanitizer: v7.4.0 → v7.4.8
symfony/http-foundation: v7.4.3 → v7.4.8
symfony/http-kernel: v7.4.3 → v7.4.8
symfony/mailer: v7.4.3 → v7.4.8
symfony/mime: v7.4.0 → v7.4.8
symfony/process: v7.4.3 → v7.4.8
symfony/routing: v7.4.3 → v7.4.8
symfony/string: v7.4.0 → v7.4.8
symfony/translation: v7.4.3 → v7.4.8
symfony/uid: v7.4.0 → v7.4.8
symfony/var-dumper: v7.4.3 → v7.4.8
iamcal/sql-parser: v0.6 → v0.7
laravel/mcp: v0.5.2 → v0.6.5
laravel/roster: v0.2.9 → v0.5.1
php-debugbar/php-debugbar: v2.2.6 → v3.7.0
php-debugbar/symfony-bridge: (new) → v1.1.0
phpstan/phpstan: 2.1.33 → 2.1.46
phpunit/php-file-iterator: 5.1.0 → 5.1.1
psy/psysh: v0.12.18 → v0.12.22
sebastian/comparator: 6.3.2 → 6.3.3
symfony/yaml: v7.4.1 → v7.4.8
webmozart/assert: 1.12.1 → 2.1.6
anourvalar/eloquent-serialize: 1.3.5 → (removed)

Checks Performed

• Unit tests passed (commented out until further notice)
• Static analysis completed (commented out until further notice)
• Code formatting checked (commented out until further notice)

Security Audit

Security vulnerabilities detected. Please review audit-report.json.

Review Checklist

• Review updated packages and their changelogs
• Verify all tests pass
• Check for breaking changes
• Update documentation if needed
• Test manually in development environment

---

This PR was automatically created by the Composer Update workflow.

Summary by CodeRabbit

• Chores

  • Updated core dependencies including Filament to v5.4.x, Laravel Framework to v12.56.0, and PHPUnit to v11.5.55
  • Added new dependencies for spreadsheet handling, permissions management, and development utilities
  • Updated Livewire to v4.2.4 and Symfony packages to v7.4.8

• Security

  • Security advisories identified for multiple dependencies including Filament, CommonMark, PHPUnit, PsySH, and Symfony Process

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 9a513e65-3c25-4c8d-a961-7f5ddcab82b5

📥 Commits

Reviewing files that changed from the base of the PR and between cc00605 and 09cc566.

⛔ Files ignored due to path filters (1)

• composer.lock is excluded by !**/*.lock

📒 Files selected for processing (2)

• audit-report.json
• updated-packages.txt

---

📝 Walkthrough

Walkthrough

The pull request updates two dependency-related files: audit-report.json now contains detailed security advisory records for multiple packages (previously empty), and updated-packages.txt reflects a comprehensive Composer dependency upgrade including Filament v5.4, Laravel Framework v12.56.0, PHPUnit v11, and numerous new dependencies alongside updated transitive packages.

Changes

Cohort / File(s)	Summary
Security Audit Records audit-report.json	Populated advisories object with security records for filament/tables, league/commonmark, phpunit/phpunit, psy/psysh, and symfony/process, each including advisory ID, affected versions, CVE, severity, and metadata.
Dependency Management updated-packages.txt	Major version upgrades to direct dependencies (Filament v5.4, Laravel Framework v12.56.0, PHPUnit v11.5.55, Larastan v3.9.3) and addition of new packages (maatwebsite/excel, laravel-modules, laravel-permission, laravel/pail); transitive dependencies updated to compatible versions including Livewire v4.2.4 and Symfony v7.4.8 packages.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• chore(deps): Update Composer dependencies (security-patch) #361: Directly related as it modified the same files (audit-report.json and updated-packages.txt), with this PR expanding on the dependency updates and populating audit advisory data.

Poem

🐰 Hop hop, dependencies align!
Filament hops from four to five just fine,
Advisories logged with care and detail bright,
Laravel Framework updated to delight! ✨
Our carrot patch of code, refreshed and right!

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: a Composer dependency update with security patches. It is concise, specific, and clearly communicates the primary intent of the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch automated/composer-update-30

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}