Laravel 12.28.0 Shift

[lancepioch]

This pull request includes updates for the recent minor version release of Laravel as well as bumps your package dependencies. You may review the full list of changes in the Laravel Release Notes, or highlighted changes and tips in the weekly Shifty Bits newsletter.

Before merging, you need to:

• Checkout the shift-ci-v12.28.0 branch
• Review all pull request comments for additional changes
• Run composer update
• Thoroughly test your application (no tests?, no CI?)

[coderabbitai]

📝 Walkthrough

Walkthrough

Updated composer.json to bump version constraints for several PHP dependencies (AWS SDK, Guzzle, Laravel framework and packages, Sanctum, Socialite, Spatie Permission). No other files or logic were changed.

Changes

Cohort / File(s)	Summary
Dependency version bumps composer.json	Increased constraints: aws/aws-sdk-php ^3.351→^3.356; guzzlehttp/guzzle ^7.9→^7.10; laravel/framework ^12.23→^12.28; laravel/helpers ^1.7→^1.8; laravel/sanctum ^4.1→^4.2; laravel/socialite ^5.21→^5.23; spatie/laravel-permission ^6.20→^6.21

Possibly related PRs

• Laravel 12.22.1 Shift #1580: Also updates composer.json, changing laravel/framework constraint.
• Laravel 12.23.1 Shift #1604: Subsequent composer.json update adjusting laravel/framework to ^12.28.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

composer.json (1)

96-98: Align composer “platform.php” (8.2) with supported PHP (^8.2 || ^8.3 || ^8.4).

With platform fixed at 8.2, dependency resolution won’t take advantage of PHP 8.3/8.4 builds and may mask 8.3/8.4 constraints. Consider setting platform.php to your production runtime (or removing it in CI and pinning only in release builds).

Example:
{
"config": {
"platform": { "php": "8.4" }
}
}

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 02f788a and 639fdd7.

⛔ Files ignored due to path filters (1)

• composer.lock is excluded by !**/*.lock

📒 Files selected for processing (1)

• composer.json (2 hunks)

🔇 Additional comments (3)

composer.json (3)

19-23: Upgrade to Laravel 12.28 and first‑party packages: run compatibility checks and full test pass.

Looks good as constraints, but please verify no breaking changes in app code (auth, middleware, URL generation, Sanctum guards, Socialite providers). Also confirm no constraint conflicts with laravel/ui, tinker, spatie packages.

Suggested quick checks locally/CI:

• composer validate && composer update -W
• php artisan about && php artisan config:cache && php artisan route:cache
• php artisan migrate --pretend --no-interaction
• php artisan test or pest
• composer outdated --direct

---

13-13: AWS SDK bump: sanity‑check S3 integrations.

Minimal risk, but confirm uploads, multipart operations, presigned URLs, and regional endpoints behave the same after update (esp. if using dualstack/accelerate).

---

40-40: spatie/laravel-permission bump: remember cache reset in deploys.

No issues expected; ensure you run permission cache reset on deploy to avoid stale roles/permissions after update.

Command: php artisan permission:cache-reset

[Boy132]

Superseded by #1651