fix(deps): update dependency laravel/framework to v11.44.1 [security] (main)

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	OpenSSF
laravel/framework (source)	require	minor	11.41.3 -> 11.44.1

GitHub Vulnerability Alerts

CVE-2025-27515

When using wildcard validation to validate a given file or image field array (files.*), a user-crafted malicious request could potentially bypass the validation rules.

---

Release Notes

laravel/framework (laravel/framework)

v11.44.1

Compare Source

• [11.x] Add valid values to ensure method by @​lancepioch in https://github.com/laravel/framework/pull/54840
• Fix attribute name used on Validator instance within certain rule classes by @​crynobone in https://github.com/laravel/framework/pull/54845
• [11.x] Fix Application::interBasePath() fails to resolve application when project name is "vendor" by @​crynobone in https://github.com/laravel/framework/pull/54871
• [11.x] Test improvements by @​crynobone in https://github.com/laravel/framework/pull/54879

v11.44.0

Compare Source

• [11.x] Fix parsing PHP_CLI_SERVER_WORKERS as string instead of int by @​crynobone in https://github.com/laravel/framework/pull/54724
• [11.x] Rename Redis parse connection for cluster test method to follow naming conventions by @​jackbayliss in https://github.com/laravel/framework/pull/54721
• [11.x] Allow readAt method to use in database channel by @​utsavsomaiya in https://github.com/laravel/framework/pull/54729
• [11.x] Fix: Custom Exceptions with Multiple Arguments does not properly rein… by @​pandiselvamm in https://github.com/laravel/framework/pull/54705
• [11.x] Update ConcurrencyTest exception reference to use namespace by @​jackbayliss in https://github.com/laravel/framework/pull/54732
• [11.x] Deprecate Factory::$modelNameResolver by @​samlev in https://github.com/laravel/framework/pull/54736
• [11x.] Improved typehints for InteractsWithDatabase by @​cosmastech in https://github.com/laravel/framework/pull/54748
• [11.x] Improved typehints for InteractsWithExceptionHandling && ExceptionHandlerFake by @​cosmastech in https://github.com/laravel/framework/pull/54747

v11.43.2

Compare Source

• [11.x] Add missing test for implode() by @​nuernbergerA in https://github.com/laravel/framework/pull/54704
• [11.x] Enhance eventStream to Support Custom Events and Start Messages by @​devhammed in https://github.com/laravel/framework/pull/54695
• Revert "[11.x] Enhance eventStream to Support Custom Events and Start Messages" by @​taylorotwell in https://github.com/laravel/framework/pull/54714
• [11.x] Replace MD5 with xxh128 in File::hasSameHash() by @​vlakoff in https://github.com/laravel/framework/pull/54690
• [11.x] Add parameter typing for closure to addGlobalScope method by @​jnoordsij in https://github.com/laravel/framework/pull/54677
• [11.x] assertOnlyJsonValidationErrors / assertOnlyInvalid by @​gdebrauwer in https://github.com/laravel/framework/pull/54678
• [11.x] Allow for assertions against QueueFake::pushRaw() by @​cosmastech in https://github.com/laravel/framework/pull/54703
• [11.x] Fix: Handles non nested explode of multiple Date and Numeric rules in ValidationRuleParser by @​AlexandreMeledandri in https://github.com/laravel/framework/pull/54718

v11.43.1

Compare Source

• [11.x] Fix "Divide by Zero" regression bug introduced in #​54650 by @​crynobone in https://github.com/laravel/framework/pull/54685
• Revert "Fix Collection::implode with \Stringable objects" by @​crynobone in https://github.com/laravel/framework/pull/54691

v11.43.0

Compare Source

• Remove Incorrect @​mixin Annotation in BuildsQueries Trait by @​daniel-de-wit in https://github.com/laravel/framework/pull/54596
• make withoutScopedBindings usable on RouteRegistrar by @​ssninnni in https://github.com/laravel/framework/pull/54592
• [11.x] Update Broadcasting Install Command For Bun Version 1.1.39^ by @​realpoke in https://github.com/laravel/framework/pull/54605
• [11.x] Add isTtySupported to Process facade by @​Riley19280 in https://github.com/laravel/framework/pull/54604
• [11.x] fix: pagination generics by @​calebdw in https://github.com/laravel/framework/pull/54601
• Convert closures to arrow functions in the Model class by @​alikhosravidev in https://github.com/laravel/framework/pull/54599
• [11.x] Document hashedValue as non-nullable by @​JurianArie in https://github.com/laravel/framework/pull/54615
• [11.x] Prohibited If Declined and Prohibited If Accepted validation rules by @​osama-98 in https://github.com/laravel/framework/pull/54608
• [11.x] Fix param types for orWhereHasMorph method by @​simonellensohn in https://github.com/laravel/framework/pull/54659
• [11.x] Add pascal alias for studly string helper by @​da-mask in https://github.com/laravel/framework/pull/54655
• [11.x] make the Eloquent missing attribute handler more accurate by changing offsetExists by @​koenvu in https://github.com/laravel/framework/pull/54654
• [11.x] use exec function if the symlink function is unavailable by @​aisuvro in https://github.com/laravel/framework/pull/54651
• [11.x] use value helper for $perPage as used for $total by @​rodrigopedra in https://github.com/laravel/framework/pull/54650
• [11.x] [cleanup] used illuminate str contains by @​daison12006013 in https://github.com/laravel/framework/pull/54647
• [11.x] Allow can attribute on group by @​utsavsomaiya in https://github.com/laravel/framework/pull/54648
• Test Improvements by @​crynobone in https://github.com/laravel/framework/pull/54645
• Fixes Factory Using Wrong Model Name by @​SameOldNick in https://github.com/laravel/framework/pull/54644
• [11.x] fix 'parsePipeString' in pipeline helper by @​igzard in https://github.com/laravel/framework/pull/54643
• Update old() docblock by @​AJenbo in https://github.com/laravel/framework/pull/54641
• [11.x] Feature: Array reject by @​liamduckett in https://github.com/laravel/framework/pull/54638
• [11.x] Blade @​include performance by @​AlliBalliBaba in https://github.com/laravel/framework/pull/54633
• Fix Collection::implode with \Stringable objects by @​timkelty in https://github.com/laravel/framework/pull/54630
• [11.x] Fix serve command with PHP_CLI_SERVER_WORKERS by @​crynobone in https://github.com/laravel/framework/pull/54606
• [11.x] new: ddJson method on TestResponse class by @​chester-sykes in https://github.com/laravel/framework/pull/54673
• [11.x] Add find sole query builder method by @​zepfietje in https://github.com/laravel/framework/pull/54667
• [11.x] Fix regression bug with global Factory::guessModelNamesUsing() by @​crynobone in https://github.com/laravel/framework/pull/54665
• [11.x] Fix routeCollection get method return value when searching by dot not… by @​abdel-aouby in https://github.com/laravel/framework/pull/54672
• [11.x] Add withWhereRelation method to builder by @​utsavsomaiya in https://github.com/laravel/framework/pull/54668

v11.42.1

Compare Source

• Add Taylor's inspiring quote - We must ship by @​1weiho in https://github.com/laravel/framework/pull/54579
• Type the callback for Relation::noConstraints by @​simon-tma in https://github.com/laravel/framework/pull/54572
• [11.x] fix: getQualified{Created,Updated}AtColumn never returning null by @​calebdw in https://github.com/laravel/framework/pull/54568
• [11.x] assertStreamed and assertNotStreamed by @​gdebrauwer in https://github.com/laravel/framework/pull/54566
• [11.x] Add assertJsonFragments assertion by @​lioneaglesolutions in https://github.com/laravel/framework/pull/54576
• [11.x] doesntContain on eloquent collection by @​gdebrauwer in https://github.com/laravel/framework/pull/54567
• [11.x] Allow batching a Closure by @​cosmastech in https://github.com/laravel/framework/pull/54587

v11.42.0

Compare Source

• docs: clarify use of hasOption() by @​jezmck in https://github.com/laravel/framework/pull/54415
• Test Improvements by @​crynobone in https://github.com/laravel/framework/pull/54427
• [11.x] add Generics to Paginator's ArrayAccess methods by @​taka-oyama in https://github.com/laravel/framework/pull/54428
• [11.x] Fix docblocks for code that calls enum_value() by @​cosmastech in https://github.com/laravel/framework/pull/54432
• [11.x] Fix assertContent on laravel test that respond with Symfony Response Object by @​tben in https://github.com/laravel/framework/pull/54467
• [11.x] Add Higher Order Messaging support for last by @​fernandokbs in https://github.com/laravel/framework/pull/54459
• [11.x] Database testing traits has impact to artisan calls by @​nivseb in https://github.com/laravel/framework/pull/54458
• [11.x] Add precision to Number::currency() by @​benjibee in https://github.com/laravel/framework/pull/54456
• [11.x] Add generics to lazy queries by @​axlon in https://github.com/laravel/framework/pull/54453
• [11.x] Merge in eager loads from nested where queries by @​ollieread in https://github.com/laravel/framework/pull/54455
• [11.x] Fluent numeric validation by @​xoesae in https://github.com/laravel/framework/pull/54425
• [11.x] Fix casts + withAttributes by @​tontonsb in https://github.com/laravel/framework/pull/54422
• [11.x] Ensure batched jobs are actually batchable by @​josepostiga in https://github.com/laravel/framework/pull/54442
• [11.x] Update PHPStan to 2.x by @​tamiroh in https://github.com/laravel/framework/pull/53716
• Test Improvements by @​crynobone in https://github.com/laravel/framework/pull/54475
• Add relative date shorthands to Query Builder by @​jasonmccreary in https://github.com/laravel/framework/pull/54408
• [11.x] feat: add better closure typing in QueriesRelationships by @​calebdw in https://github.com/laravel/framework/pull/54452
• [11.x] Fix the method explodeExplicitRule to support Numeric Validation by @​mrvipchien in https://github.com/laravel/framework/pull/54478
• Add Builder On Clone callback support by @​ralphjsmit in https://github.com/laravel/framework/pull/54477
• Support relative paths to SQLite databases by @​LukeTowers in https://github.com/laravel/framework/pull/54480
• [11.x] Where doesnt have nullable morph by @​liamduckett in https://github.com/laravel/framework/pull/54363
• [11.x] Add the ability to skip migrations within tests by @​cosmastech in https://github.com/laravel/framework/pull/54441
• Queue Integration Tests with Redis Cluster by @​vadimonus in https://github.com/laravel/framework/pull/54218
• [11.x] Optimize PendingBatch@ensureJobIsBatchable by @​cosmastech in https://github.com/laravel/framework/pull/54485
• [11.x] Supports PHPUnit 12.0 by @​crynobone in https://github.com/laravel/framework/pull/54316
• [11.x] Fix spelling in comment by @​lorenzolosa in https://github.com/laravel/framework/pull/54503
• [11.x] Add Context "missing" method by @​vbergerondev in https://github.com/laravel/framework/pull/54499
• [11.x] feat: add generics to Container methods by @​MrMeshok in https://github.com/laravel/framework/pull/54543
• [11.x] Add a setAssetRoot method to the UrlGenerator class by @​ollieread in https://github.com/laravel/framework/pull/54530
• [11.x] Handle Null Check in Str::startsWith and Str::endsWith by @​onairmarc in https://github.com/laravel/framework/pull/54520
• [11.x] Improve check for relative sqlite databases by @​LukeTowers in https://github.com/laravel/framework/pull/54513
• Revert "[11.x] Use Str::wrap() instead of nesting Str::start() inside Str::finish()" by @​shaedrich in https://github.com/laravel/framework/pull/54528
• [11.x] Job Batches with Redis Cluster by @​vadimonus in https://github.com/laravel/framework/pull/54522
• [11.x] fix: specify type of TClass generic in Container by @​MrMeshok in https://github.com/laravel/framework/pull/54545
• [11.x] Improve docblocks for morph maps in Relation by @​cosmastech in https://github.com/laravel/framework/pull/54560
• docs: fix return type documentation for initializeSignal method by @​nzsys in https://github.com/laravel/framework/pull/54553
• [11.x] Add support for middlewares & failed handler on broadcastable events by @​Jacobs63 in https://github.com/laravel/framework/pull/54562
• [11.x] json assertions on streamed content by @​gdebrauwer in https://github.com/laravel/framework/pull/54565

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.