v0.102.0 — security hardening
Resolves all 25 open security alerts:
- laravel/framework constraint raised to
^12.61.1|^13.12.0, excluding the CRLF-injection (email rule) and temporary-signed-URL advisories. Laravel 11 support is dropped — all 11.x releases fall in the vulnerable ranges and no patched 11.x exists. - Docs toolchain moved to VitePress 2 (vite 7 / esbuild ≥0.25) +
npm audit fix— clears all 20 npm advisories;npm auditnow reports 0 vulnerabilities. - Workflows now declare least-privilege
permissions: contents: read(code-scanning findings).
No package code changes; full suite green (1542 tests, PHPStan clean).