fix: 🐛 Leave null cache.serializable_classes untouched under Laravel 13

Laravel 13's cache.serializable_classes is tri-state: null disables
deserialization enforcement entirely, false blocks all objects, and an
array is an allow-list. The auto-registration introduced in 13.2.0
coerced null into an array, silently switching the whole application
into strict allow-list mode and breaking cache reads for any class
outside this package.

Return early when the value is null so apps that run with enforcement
disabled are left as they were. The false-to-array path is preserved so
hardened Laravel 13 apps still get working geocoder caching.

Seed the Laravel 13 default (false) in the test environment so the
discovery tests exercise the real hardened starting point instead of
the implicit null Testbench leaves in place.

Fixes #210

Author: mikebronner

src/Providers/GeocoderService.php

@@ -56,11 +56,21 @@ protected function registerSerializableClasses(): void
             return;
         }
 
+        $existing = config("cache.serializable_classes");
+
+        // Laravel 13 treats a `null` `serializable_classes` as "enforcement
+        // disabled" — any class may be unserialized from the cache. Converting
+        // it to an array here would silently switch the entire application into
+        // strict allow-list mode, breaking cache reads for classes outside this
+        // package. When enforcement is off there is nothing to register. See #210.
+        if ($existing === null) {
+            return;
+        }
+
         if (self::$discoveredSerializableClasses === []) {
             self::$discoveredSerializableClasses = $this->discoverSerializableClasses();
         }
 
-        $existing = config("cache.serializable_classes");
         $existing = is_array($existing)
             ? $existing
             : [];

tests/CreatesApplication.php

@@ -23,5 +23,9 @@ protected function getEnvironmentSetUp($app)
             'serialize' => false,
         ]);
         $app['config']->set('geocoder.cache.store', 'geocode');
+        // Mirror the Laravel 13 default so discovery tests exercise the real
+        // hardened starting point (`false`) rather than the implicit null
+        // Testbench would otherwise leave in place.
+        $app['config']->set('cache.serializable_classes', false);
     }
 }

tests/Feature/Providers/GeocoderServiceTest.php

@@ -431,6 +431,17 @@
     expect($registered)->toContain(Collection::class);
 });
 
+it('leaves a null cache.serializable_classes untouched (Laravel 13 enforcement disabled)', function () {
+    config(['cache.serializable_classes' => null]);
+
+    $provider = new GeocoderService(app());
+    $method = new \ReflectionMethod($provider, 'registerSerializableClasses');
+    $method->setAccessible(true);
+    $method->invoke($provider);
+
+    expect(config('cache.serializable_classes'))->toBeNull();
+});
+
 it('skips auto-registration when geocoder.cache.auto_register_serializable_classes is false', function () {
     config([
         'geocoder.cache.auto_register_serializable_classes' => false,