Bump the composer group across 1 directory with 10 updates

[dependabot]

Bumps the composer group with 8 updates in the / directory:

Package	From	To
barryvdh/laravel-dompdf	3.1.1	3.1.2
horstoeko/zugferd	1.0.120	1.0.122
jeroennoten/laravel-adminlte	3.15.3	3.16.0
laravel/pulse	1.7.0	1.7.3
laravel/sanctum	4.3.1	4.3.2
laravel/ui	4.6.1	4.6.3
laravolt/avatar	6.3.1	6.4.0
pusher/pusher-php-server	7.2.7	7.2.8

Updates barryvdh/laravel-dompdf from 3.1.1 to 3.1.2

Release notes

Sourced from barryvdh/laravel-dompdf's releases.

v3.1.2

What's Changed

• Fix typo in dompdf.php comment by @​chengkangzai in barryvdh/laravel-dompdf#1076
• PHP 8.5 tests by @​erikn69 in barryvdh/laravel-dompdf#1079
• Laravel 13.x Compatibility by @​laravel-shift in barryvdh/laravel-dompdf#1083

New Contributors

• @​chengkangzai made their first contribution in barryvdh/laravel-dompdf#1076

Full Changelog: barryvdh/laravel-dompdf@v3.1.1...v3.1.2

Commits

• ee3b72b Laravel 13.x Compatibility (#1083)
• 6636325 PHP 8.5 tests (#1079)
• 133f06f Fix typo (#1076)
• See full diff in compare view

Updates guzzlehttp/guzzle from 7.10.0 to 7.10.4

Release notes

Sourced from guzzlehttp/guzzle's releases.

Release 7.10.4

Fixed

• Fix IPv6 literal matching in no-proxy rules
• Handle cURL multi completion messages without handles after cancelled transfers
• Fix magic client request methods such as options() to uppercase inferred HTTP methods

Release 7.10.3

Fixed

• Fail clearly when an HTTP response header line is invalid
• Remove middleware by name when the name is also a callable string
• Treat empty request protocol versions as HTTP/1.1

Release 7.10.2

Fixed

• Normalize HTTP version request options before applying them to PSR-7 requests
• Use string values for headers generated by request preparation and response decoding

Release 7.10.1

Fixed

• Fail clearly when cURL options cannot be applied
• Fail clearly when the certificate option is malformed
• Fail clearly when JSON decode depth is invalid
• Fail clearly when session cookie data is malformed
• Fail clearly when the stream progress option is not callable
• Prevent response creation failures from exposing stale cURL responses

Changelog

Sourced from guzzlehttp/guzzle's changelog.

7.10.4 - 2025-05-22

Fixed

• Fix IPv6 literal matching in no-proxy rules
• Handle cURL multi completion messages without handles after cancelled transfers
• Fix magic client request methods such as options() to uppercase inferred HTTP methods

7.10.3 - 2025-05-20

Fixed

• Fail clearly when an HTTP response header line is invalid
• Remove middleware by name when the name is also a callable string
• Treat empty request protocol versions as HTTP/1.1

7.10.2 - 2026-05-20

Fixed

• Normalize HTTP version request options before applying them to PSR-7 requests
• Use string values for headers generated by request preparation and response decoding

7.10.1 - 2026-05-19

Fixed

• Fail clearly when cURL options cannot be applied
• Fail clearly when the certificate option is malformed
• Fail clearly when JSON decode depth is invalid
• Fail clearly when session cookie data is malformed
• Fail clearly when the stream progress option is not callable
• Prevent response creation failures from exposing stale cURL responses

Commits

• aec528d Release 7.10.4
• 0b8b446 Handle cURL multi messages without handles (#3443)
• a096fa4 Fix magic request method casing (#3439)
• 4676ec0 Fix IPv6 no-proxy matching (#3412)
• 47ba23c Release 7.10.3
• ea432de Fix removing callable string middleware names (#3408)
• 822c6db Handle empty request protocol versions (#3398)
• fb827b8 Reject invalid response header lines (#3395)
• 4bd894b Use string Content-Length in testing docs (#3394)
• aed36fd Release 7.10.2
• Additional commits viewable in compare view

Updates horstoeko/zugferd from 1.0.120 to 1.0.122

Release notes

Sourced from horstoeko/zugferd's releases.

v1.0.122

• Reverted merge of PR #355

v1.0.121

• fix: set private property accessible in reflection for PHP 7 (Thomas Wunner)
• fix: re-enabled PHP 7 compatibility and make sure to always close curl handles (Thomas Wunner)
• Bump actions/upload-artifact from 6 to 7 in the github-actions group (dependabot[bot])
• fixed right method and variable spelling, added new tests and refactored deprecated phpunit calls (Thomas Wunner)
• static code analysis fixes, many English spelling corrections and .editorconfig as it already was in that style (Thomas Wunner)
• trim line endings (Thomas Wunner)
• bump php version to minimal PHP 8.3, updated and migrated dependencies and migrated PHPUnit (Thomas Wunner)
• performance improvement: grouped logical xor as such (Thomas Wunner)
• fixed php lib mismatch to PHP 8.1 and updated dependency accordingly (Thomas Wunner)
• merged from forks (Thomas Wunner)
• security update and comment fix (Thomas Wunner)
• many improvements in document handling, more test coverage and minor adjustments (Thomas Wunner)
• [ENH] #351 Fixed deprecations with PHP 8.4/8.5 (Daniel Erling)
• [ENH] #337 Add Additional Document with BASE64-Encoded data (instead of a filename) -> Added missing test asset (HorstOeko)
• [ENH] #337 Add Additional Document with BASE64-Encoded data (instead of a filename) -> Added missing picture (HorstOeko)
• [ENH] #337 Add Additional Document with BASE64-Encoded data (instead of a filename) (HorstOeko)

Changelog

Sourced from horstoeko/zugferd's changelog.

v1.0.122

❗ There are 2 internal commit(s)

v1.0.121

Previous version v1.0.120

Type	Hash	Date	Author	Subject	Issue(s)
🌑	eb90579	2026-03-17 15:37:59 CET	Thomas Wunner	fix: set private property accessible in reflection for PHP 7
🌑	fe71983	2026-03-16 23:18:53 CET	Thomas Wunner	fix: re-enabled PHP 7 compatibility and make sure to always close curl handles
🌑	28b8486	2026-03-01 07:53:59 CET	Thomas Wunner	fixed right method and variable spelling, added new tests and refactored deprecated phpunit calls
🌑	e48c7b0	2026-03-01 06:36:37 CET	Thomas Wunner	static code analysis fixes, many English spelling corrections and .editorconfig as it already was in that style
🌑	b062388	2026-03-01 05:06:42 CET	Thomas Wunner	trim line endings
🌑	972b259	2026-03-01 04:59:41 CET	Thomas Wunner	bump php version to minimal PHP 8.3, updated and migrated dependencies and migrated PHPUnit
🌑	1743bcf	2026-03-01 04:31:13 CET	Thomas Wunner	performance improvement: grouped logical xor as such
🌑	181fbd0	2026-03-01 04:05:29 CET	Thomas Wunner	fixed php lib mismatch to PHP 8.1 and updated dependency accordingly
🌑	2507626	2026-03-01 03:22:29 CET	Thomas Wunner	merged from forks
🌑	057c9a5	2026-03-01 03:02:31 CET	Thomas Wunner	security update and comment fix
🌑	45d8425	2026-03-01 02:24:50 CET	Thomas Wunner	many improvements in document handling, more test coverage and minor adjustments
🌑	71ae90e	2026-02-09 14:37:11 CET	HorstOeko	Fixed deprecations with PHP 8.4/8.5	#351
🌑	b9b8e70	2026-01-06 22:42:30 CET	HorstOeko	Add Additional Document with BASE64-Encoded data (instead of a filename) -> Added missing test asset	#337
🌑	9e7a9e7	2026-01-06 22:37:08 CET	HorstOeko	Add Additional Document with BASE64-Encoded data (instead of a filename) -> Added missing picture	#337
🌑	8a3fc33	2026-01-06 22:32:24 CET	HorstOeko	Add Additional Document with BASE64-Encoded data (instead of a filename)	#337

❗ There are 4 internal commit(s)

Commits

• b02a6f6 Revert "[DOC] Updated CHANGELOG.md"
• 5a445ff [DOC] Updated CHANGELOG.md
• c419943 Merge pull request #355 from alpham8/master
• eb90579 fix: set private property accessible in reflection for PHP 7
• 2ed3543 Merge branch 'master' into master
• 10f44f4 [INFR] Added synchronize-event to pull_request in CI workflow
• d5e64c5 Merge branch 'master' of github.com:alpham8/zugferd
• fe71983 fix: re-enabled PHP 7 compatibility and make sure to always close curl handles
• 05b054f Merge branch 'master' into master
• 275803d Merge pull request #356 from horstoeko/dependabot/github_actions/github-actio...
• Additional commits viewable in compare view

Updates jeroennoten/laravel-adminlte from 3.15.3 to 3.16.0

Release notes

Sourced from jeroennoten/laravel-adminlte's releases.

v3.16.0

What's Changed

• Bump rollup from 4.34.8 to 4.59.0 by @​dependabot[bot] in jeroennoten/Laravel-AdminLTE#1368
• Update github actions on workflows by @​dfsmania in jeroennoten/Laravel-AdminLTE#1369
• feat: add support for laravel 13 by @​aarongmx in jeroennoten/Laravel-AdminLTE#1370

New Contributors

• @​aarongmx made their first contribution in jeroennoten/Laravel-AdminLTE#1370

Full Changelog: jeroennoten/Laravel-AdminLTE@v3.15.3...v3.16.0

Commits

• dc92e92 feat: add support for laravel 13 (#1370)
• d13981e [github/workflows]: Update github actions (#1369)
• c1cfcad Bump rollup from 4.34.8 to 4.59.0 (#1368)
• See full diff in compare view

Updates laravel/pulse from 1.7.0 to 1.7.3

Release notes

Sourced from laravel/pulse's releases.

v1.7.3

• [1.x] Fix AuthTest for Livewire v4 RequireLivewireHeaders middleware by @​JoshSalway in laravel/pulse#499
• [1.x] Fix RedisTest for Laravel 13 Redis prefix change and updated serialization by @​JoshSalway in laravel/pulse#500
• [1.x] Fix enum_value() undefined on older Laravel versions by @​JoshSalway in laravel/pulse#501
• Fix CI: Livewire 3 version constraint and flaky sampling tests by @​JoshSalway in laravel/pulse#502

v1.7.2

• Remove redundant "When to Apply" section from skill body by @​pushpak1300 in laravel/pulse#491
• [1.x] Add Laravel 13 support by @​hamedelasma in laravel/pulse#489

v1.7.1

• Allow Pulse::record() and Pulse::set() to accept enums by @​devajmeireles in laravel/pulse#486

Changelog

Sourced from laravel/pulse's changelog.

v1.7.3 - 2026-03-26

• [1.x] Fix AuthTest for Livewire v4 RequireLivewireHeaders middleware by @​JoshSalway in laravel/pulse#499
• [1.x] Fix RedisTest for Laravel 13 Redis prefix change and updated serialization by @​JoshSalway in laravel/pulse#500
• [1.x] Fix enum_value() undefined on older Laravel versions by @​JoshSalway in laravel/pulse#501
• Fix CI: Livewire 3 version constraint and flaky sampling tests by @​JoshSalway in laravel/pulse#502

v1.7.2 - 2026-03-18

• Remove redundant "When to Apply" section from skill body by @​pushpak1300 in laravel/pulse#491
• [1.x] Add Laravel 13 support by @​hamedelasma in laravel/pulse#489

v1.7.1 - 2026-03-12

• Allow Pulse::record() and Pulse::set() to accept enums by @​devajmeireles in laravel/pulse#486

Commits

• dfd3b8e Fix CI: Livewire 3 version constraint and flaky sampling tests (#502)
• 4bb792f Fix code styling
• ed348fd [1.x] Fix enum_value() undefined on older Laravel versions (#501)
• 6409f24 [1.x] Fix RedisTest for Laravel 13 Redis prefix change and updated serializat...
• a0b8e2a Fix AuthTest to include required Livewire v4 headers (#499)
• 59f417b Update CHANGELOG
• 998db6c [1.x] Add Laravel 13 support (#489)
• f7e462a Remove redundant "When to Apply" section from skill body (#491)
• 41094fa Update CHANGELOG
• 088d5a5 Fix code styling
• Additional commits viewable in compare view

Updates laravel/sanctum from 4.3.1 to 4.3.2

Release notes

Sourced from laravel/sanctum's releases.

v4.3.2

• [4.x] Update config/sanctum.php to follow skeleton laravel/pint format by @​crynobone in laravel/sanctum#597

Changelog

Sourced from laravel/sanctum's changelog.

v4.3.2 - 2026-04-30

• [4.x] Update config/sanctum.php to follow skeleton laravel/pint format by @​crynobone in laravel/sanctum#597

Commits

• 2a9bccc [4.x] Update config/sanctum.php to follow skeleton pint format (#597)
• 70546ce Update CHANGELOG
• See full diff in compare view

Updates laravel/ui from 4.6.1 to 4.6.3

Release notes

Sourced from laravel/ui's releases.

v4.6.3

• Laravel 13 compatibility by @​jnoordsij in laravel/ui#286
• CI fixes by @​jnoordsij in laravel/ui#287

v4.6.2

• Update supported versions by @​crynobone in laravel/ui#278
• Fix '@​vitejs/plugin-vue' conflict with laravel 12.X by @​zohaibhassan156 in laravel/ui#279
• [4.x] Makes imports consistent by @​nunomaduro in laravel/ui#285

Changelog

Sourced from laravel/ui's changelog.

v4.6.3 - 2026-03-17

• Laravel 13 compatibility by @​jnoordsij in laravel/ui#286
• CI fixes by @​jnoordsij in laravel/ui#287

v4.6.2 - 2026-03-10

• Update supported versions by @​crynobone in laravel/ui#278
• Fix '@​vitejs/plugin-vue' conflict with laravel 12.X by @​zohaibhassan156 in laravel/ui#279
• [4.x] Makes imports consistent by @​nunomaduro in laravel/ui#285

Commits

• ff27db1 CI fixes (#287)
• 9204ed7 Laravel 13 compatibility (#286)
• fcd4598 Update CHANGELOG
• 4acfa33 Makes imports consistent (#285)
• ca4dad0 fix '@​vitejs/plugin-vue' conflict with laravel 12.X (#279)
• 5299b9b chore: Update update-changelog.yml
• 90d5677 chore: update changelog CI permission
• 94e9da8 Update supported versions (#278)
• 3aa8565 Update CHANGELOG
• See full diff in compare view

Updates laravolt/avatar from 6.3.1 to 6.4.0

Release notes

Sourced from laravolt/avatar's releases.

6.4.0

What's Changed

• Laravel 13.x Compatibility by @​laravel-shift in laravolt/avatar#179

Full Changelog: laravolt/avatar@6.3.1...6.4.0

Commits

• fbe1a25 Bump dependencies for Laravel 13 (#179)
• See full diff in compare view

Updates pusher/pusher-php-server from 7.2.7 to 7.2.8

Release notes

Sourced from pusher/pusher-php-server's releases.

7.2.8

• [Fixed] Fix PSR-3 logger context type in webhook error handling (null → [])
• [Fixed] Add unit tests covering webhook logger context paths
• [Changed] Remove paragonie/sodium_compat dependency (redundant since PHP 7.2+)

Changelog

Sourced from pusher/pusher-php-server's changelog.

7.2.8

• [Fixed] Fix PSR-3 logger context type in webhook error handling (null → [])
• [Fixed] Add unit tests covering webhook logger context paths
• [Changed] Remove paragonie/sodium_compat dependency (redundant since PHP 7.2+)

7.2.6

• Bump supported versions to include PHP8.2, 8.3

7.2.5

• Bump supported versions to include PHP8.2, 8.3.

7.2.4

• [Fixed] Timeout option is propagated to guzzle client

7.2.3

• [Fixed] Include socket_id in batch trigger if included.

7.2.2

• [FIXED] composer.phar file removed from package

7.2.1

• [FIXED] authenticateUser returns correct auth value

7.2.0

• [CHANGED] explicit support for 8.1
• [CHANGED] Ignore pull_request_template.md on vendor
• [ADDED] has_mixed_channels method to allow triggering a single event on multiple channels
• [FIXED] path option can be used for proxied servers under subdirectory.
• [CHANGED] base_path's leading slash is trimmed on every call to Guzzle.

7.1.0-beta

• [ADDED] authenticateUser, authorizeChannel and authorizePresenceChannel
• [ADDED] sendToUser and sendToUserAsync
• [ADDED] terminateUserConnections and terminateUserConnectionsAsync
• [FIXED] get_object_vars() error on /src/Pusher.php
• [DEPRECATED] socketAuth and presenceAuth in favour of authorizeChannel and authorizePresenceChannel
• [DEPRECATED] Internal functions make_request and make_batch_request that were exposed as public

7.0.2

• [CHANGED] Add psr/log v2.0 and v3.0 compatibility

... (truncated)

Commits

• 4aa139e Merge pull request #404 from pusher/bump-version-7.2.8
• 6d2509e Bump to version 7.2.8
• 91519be Add unit tests for webhook logger context type
• e56c139 Merge pull request #403 from aceraven777/fix/logger-context-type
• 1d63813 Fix log context type: use empty array instead of null
• a0e8246 Merge pull request #401 from Infomaniak/remove-sodium-compat-dependency
• 18712a3 build(deps): Remove paragonie/sodium_compat dependency
• 301168e Merge pull request #402 from pusher/update-github-actions-workflows
• 3330b31 Fix MiddlewareTest using bare HandlerStack
• 66a2878 Fix acceptance tests passing raw string as event data
• Additional commits viewable in compare view

Updates setasign/fpdi from 2.6.6 to 2.6.7

Release notes

Sourced from setasign/fpdi's releases.

FPDI 2.6.7

Fixes

• Fixed handling of /Prev value in view to recursion when parsing cross-references.
• Fixed handling of recursion in faulty page tree.

Commits

• 388c51e Merge pull request #250 from Setasign/development
• 25e7ef6 Update README.md
• 1695cfc Merge commit from fork
• 7d101f3 Fixed handling of recursion in faulty page tree.
• 13521ef Fixed handling of /Prev value in view to recursion
• 8ba6133 Added tests
• 3be9c28 Added test documents
• 3ddd90e Update composer.lock
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.