Skip to content

v0.102.0 — security hardening

Choose a tag to compare

@wishborn wishborn released this 06 Jul 03:02

Resolves all 25 open security alerts:

  • laravel/framework constraint raised to ^12.61.1|^13.12.0, excluding the CRLF-injection (email rule) and temporary-signed-URL advisories. Laravel 11 support is dropped — all 11.x releases fall in the vulnerable ranges and no patched 11.x exists.
  • Docs toolchain moved to VitePress 2 (vite 7 / esbuild ≥0.25) + npm audit fix — clears all 20 npm advisories; npm audit now reports 0 vulnerabilities.
  • Workflows now declare least-privilege permissions: contents: read (code-scanning findings).

No package code changes; full suite green (1542 tests, PHPStan clean).