Upgrade dependencies and modernize project configuration#31
Upgrade dependencies and modernize project configuration#31
Conversation
Bump framework to ^12.0 and align first-party packages (sanctum ^4.0, tinker ^2.10, ui ^4.6). Raise PHP requirement to ^8.2, update dev dependencies (phpunit ^11.5, collision ^8.6, sail ^1.41, mockery ^1.6, ignition ^2.9, faker ^1.23, guzzle ^7.9), switch larastan to the renamed larastan/larastan ^3.1 package, and allow the discovery/pest composer plugins needed by the 12.x tooling. Migrate phpunit.xml to the PHPUnit 11 schema (coverage source element) and update phpstan.neon.dist to reference the new larastan path. https://claude.ai/code/session_01RN5P7MwKdvk9K16scxPmJv
|
Warning Rate limit exceeded
Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 27 minutes and 10 seconds. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (4)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: a4750de59e
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| "phpunit/phpunit": "^9.5.10", | ||
| "spatie/laravel-ignition": "^2.0" | ||
| "fakerphp/faker": "^1.23", | ||
| "larastan/larastan": "^3.1", |
There was a problem hiding this comment.
This change requires larastan/larastan, but composer.lock was not updated and still references nunomaduro/larastan; in this repo, running composer install --dry-run fails with Required (in require-dev) package "larastan/larastan" is not present in the lock file. Because installs in CI/deploy use the lock file, this commit breaks dependency installation until a refreshed composer.lock is committed.
Useful? React with 👍 / 👎.
Refresh the lock file so CI (composer install) resolves against the new constraints: laravel/framework 12.x, sanctum 4.x, phpunit 11.x, collision 8.x, and the renamed larastan/larastan 3.x package. Previously `composer install` failed with "Required (in require-dev) package 'larastan/larastan' is not present in the lock file". Verified locally with `vendor/bin/phpunit`: 23 tests, 26 assertions, all passing on PHP 8.4 with Laravel 12.56.0. https://claude.ai/code/session_01RN5P7MwKdvk9K16scxPmJv
CI runs on PHP 8.2 but the previous lock file was regenerated on PHP 8.4, which pulled in Symfony 8.x components that require PHP >=8.4. This caused `composer install` in CI to exit with code 2. Set `config.platform.php` to 8.2 in composer.json so dependency resolution always targets the minimum supported PHP version, and regenerate composer.lock. The affected symfony/* packages are downgraded from v8.0.8 back to v7.4.8. Tests still green locally: 23 tests, 26 assertions. https://claude.ai/code/session_01RN5P7MwKdvk9K16scxPmJv
Bump the minimum PHP to ^8.5, set composer platform to 8.5, and update the laravel-tests workflow to use php-version '8.5'. Regenerate composer.lock, which upgrades symfony/clock, css-selector, event-dispatcher, string, translation, and yaml from v7.4.8 to v8.0.8 (these require PHP >=8.4). Verified locally with PHP 8.5.5 + PHPUnit 11.5.55: 23 tests, 26 assertions, all passing. https://claude.ai/code/session_01RN5P7MwKdvk9K16scxPmJv
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 8eca9f2aca
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| "laravel/sanctum": "^3.2", | ||
| "laravel/tinker": "^2.8", | ||
| "laravel/ui": "^4.2" | ||
| "php": "^8.5", |
There was a problem hiding this comment.
Requiring "php": "^8.5" is a hard breaking change for any deployment or CI runner still on PHP 8.2–8.4, even though Laravel 12 itself supports those versions. In those environments composer install will fail immediately on platform checks, so this upgrade becomes non-installable unless every runtime is upgraded to 8.5 first.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Pull request overview
Upgrades the project’s PHP/Laravel toolchain and related configuration files to support newer framework and tooling versions (Laravel 12, PHPUnit 11, Larastan 3).
Changes:
- Bumps Composer runtime/dev dependencies (Laravel framework + related packages, PHPUnit, Larastan, etc.) and adds Composer plugin allowlist/platform overrides.
- Modernizes PHPUnit configuration by switching from
<coverage>to<source>and updates the XSD path. - Updates PHPStan/Larastan configuration to the new package/extension location and removes deprecated settings.
Reviewed changes
Copilot reviewed 4 out of 5 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
phpunit.xml |
Updates PHPUnit schema path and migrates coverage configuration to the newer <source> element. |
phpstan.neon.dist |
Points PHPStan at the new Larastan extension and removes a deprecated config setting. |
composer.json |
Upgrades framework/tooling versions; adds Composer allow-plugins and pins config.platform.php. |
.github/workflows/laravel.yml |
Updates CI to run on the new PHP version. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "php": "8.5" | ||
| }, | ||
| "allow-plugins": { | ||
| "pestphp/pest-plugin": true, |
There was a problem hiding this comment.
config.allow-plugins explicitly allows pestphp/pest-plugin, but that plugin is not present in composer.lock. Since Composer plugins execute code during install/update, it’s safer to only allow plugins that are actually required by the dependency graph. Consider removing pestphp/pest-plugin from the allowlist unless you’re also adding Pest to the project.
| "pestphp/pest-plugin": true, |
| - uses: shivammathur/setup-php@15c43e89cdef867065b0213be354c2841860869e | ||
| with: | ||
| php-version: '8.2' | ||
| php-version: '8.5' |
There was a problem hiding this comment.
CI is now pinned to PHP 8.5, but the PR description claims the minimum supported version is ^8.2. Please keep CI’s PHP version in sync with the actual supported range (ideally test the lowest supported version, and optionally add a matrix for newer versions).
| "php": "^8.5", | ||
| "guzzlehttp/guzzle": "^7.9", | ||
| "laravel/framework": "^12.0", | ||
| "laravel/sanctum": "^4.0", | ||
| "laravel/tinker": "^2.10", | ||
| "laravel/ui": "^4.6" |
There was a problem hiding this comment.
PR description says the minimum PHP version is being bumped to ^8.2, but composer.json now requires ^8.5 (and sets config.platform.php to 8.5). Please align the actual constraint with the intended supported PHP versions (either update composer.json/platform to ^8.2/8.2.x, or update the PR description + any supporting docs to reflect an 8.5 minimum).
Bump laravel/framework from ^12.0 to ^13.0 (installs v13.5.0) and laravel/tinker from ^2.10 to ^3.0 (tinker 3.x is the first release to support Laravel 13). symfony/* components are upgraded from v7.4.8 to v8.0.8 as part of the transitive resolution. Drop pestphp/pest-plugin from config.allow-plugins since Pest is not present in the dependency graph; only explicitly allow plugins that are actually required. Verified locally with PHP 8.5.5 + Laravel 13.5.0 + PHPUnit 11.5.55: 23 tests, 26 assertions, all passing. https://claude.ai/code/session_01RN5P7MwKdvk9K16scxPmJv
Summary
This PR upgrades the project dependencies to support modern versions of Laravel and PHP, updates testing and static analysis configurations to align with newer tool versions, and adds plugin allowlist configuration for Composer.
Key Changes
^8.1to^8.2^10.4to^12.0^3.2→^4.0), Tinker (^2.8→^2.10), and UI (^4.2→^4.6)^9.5.10to^11.5^1.9.1to^1.23^7.0to^8.6^1.18to^1.41^1.4.4to^1.6^2.0to^2.9nunomaduro/larastantolarastan/larastan(^3.1)allow-pluginsconfiguration to explicitly allowpestphp/pest-pluginandphp-http/discovery./prefix)<coverage>element with<source>element for code coverage configurationlarastan/larastanpackage location and removed deprecatedcheckMissingIterableValueTypesettingNotable Details
The migration from
nunomaduro/larastanto the standalonelarastan/larastanpackage reflects the community's shift toward a dedicated static analysis tool for Laravel projects. The PHPUnit configuration changes align with PHPUnit 10+ standards for specifying code coverage sources.https://claude.ai/code/session_01RN5P7MwKdvk9K16scxPmJv