chore(deps): bump the production-dependencies group with 3 updates

[dependabot]

Bumps the production-dependencies group with 3 updates: laragear/webauthn, spatie/laravel-data and symfony/cache.

Updates laragear/webauthn from 5.0.1 to 5.0.2

Release notes

Sourced from laragear/webauthn's releases.

Final release

In light of the recent release of the official Laravel Passkeys implementation, this package is now unmaintained.

Project maintainers should migrate to the official library.

The current laragear/webauthn will not be updated any longer. It will remain as-is.

[!WARNING]

This library is considered abandoned for all purposes. Security patches won't be released in the future.

Commits

• 719ba97 Update abandoned package from 'laravel/passkeys-server' to 'laravel/passkeys'
• a808d17 Update README to reflect new package link
• f624aee Superseded package
• See full diff in compare view

Updates spatie/laravel-data from 4.22.1 to 4.23.0

Release notes

Sourced from spatie/laravel-data's releases.

4.23.0

A round of bug fixes for validation rules, install resolution, and rule overrides.

Run rules() overrides regardless of property defaults (#1187)

Properties with a default value were silently dropping rules declared in the rules() method when the property was missing from the payload, so conditional rules like required, required_if, and prohibited_if never fired. The skip in DataValidationRulesResolver was originally there to stop auto-generated rules from rejecting empty payloads on all-default data classes (#441), but it also short-circuited explicit overrides.

Overrides are now resolved upfront, and the default-value skip only applies when no override exists for that property. #[WithoutValidation] no longer suppresses an override for the same key. If you wrote rules(), you own them. Thanks @​rubenvanassche.

Fix install conflict on PHP 8.4 with Pest installed (#1186)

composer require spatie/laravel-data failed when Pest was already installed, because Pest's chain pulls phpdocumentor/reflection-docblock 6.0.3 while the phpdocumentor/reflection ^6.0 meta package hard-pinned reflection-docblock ^5. The meta package is now dropped in favour of direct dependencies on the three sub-packages we use, with widened constraints:

-        "phpdocumentor/reflection" : "^6.0",
+        "phpdocumentor/type-resolver" : "^1.7 || ^2.0",
+        "phpdocumentor/reflection-common" : "^2.2",
+        "phpdocumentor/reflection-docblock" : "^5.3 || ^6.0",

The phpDocumentor APIs we call are identical across both majors, so no code changes are required. Thanks @​rubenvanassche.

Allow float values for Min, Max and Size validation attributes (#1185)

The constructors typed their value as int|ExternalReference, and because those classes don't declare strict types, PHP silently coerced floats to int. #[Min(0.01)] became min:0, letting 0 pass validation, even though Laravel's validator accepts floats for these rules. Types are now widened to int|float|ExternalReference, mirroring MultipleOf:

#[Min(0.01), Max(99.99)]
public float $price;

Digit-count rules (Digits, MinDigits, MaxDigits, DigitsBetween) and Password length stay int. Thanks @​rubenvanassche.

What's Changed

• Allow float values for Min, Max and Size validation attributes by @​rubenvanassche in spatie/laravel-data#1185
• Fix install conflict on PHP 8.4 with Pest installed by @​rubenvanassche in spatie/laravel-data#1186
• Run rules() overrides regardless of property defaults by @​rubenvanassche in spatie/laravel-data#1187

Full Changelog: spatie/laravel-data@4.22.1...4.23.0

Changelog

Sourced from spatie/laravel-data's changelog.

4.23.0 - 2026-05-08

A round of bug fixes for validation rules, install resolution, and rule overrides.

Run rules() overrides regardless of property defaults (#1187)

Properties with a default value were silently dropping rules declared in the rules() method when the property was missing from the payload, so conditional rules like required, required_if, and prohibited_if never fired. The skip in DataValidationRulesResolver was originally there to stop auto-generated rules from rejecting empty payloads on all-default data classes (#441), but it also short-circuited explicit overrides.

Overrides are now resolved upfront, and the default-value skip only applies when no override exists for that property. #[WithoutValidation] no longer suppresses an override for the same key. If you wrote rules(), you own them. Thanks @​rubenvanassche.

Fix install conflict on PHP 8.4 with Pest installed (#1186)

composer require spatie/laravel-data failed when Pest was already installed, because Pest's chain pulls phpdocumentor/reflection-docblock 6.0.3 while the phpdocumentor/reflection ^6.0 meta package hard-pinned reflection-docblock ^5. The meta package is now dropped in favour of direct dependencies on the three sub-packages we use, with widened constraints:

-        "phpdocumentor/reflection" : "^6.0",
+        "phpdocumentor/type-resolver" : "^1.7 || ^2.0",
+        "phpdocumentor/reflection-common" : "^2.2",
+        "phpdocumentor/reflection-docblock" : "^5.3 || ^6.0",

The phpDocumentor APIs we call are identical across both majors, so no code changes are required. Thanks @​rubenvanassche.

Allow float values for Min, Max and Size validation attributes (#1185)

The constructors typed their value as int|ExternalReference, and because those classes don't declare strict types, PHP silently coerced floats to int. #[Min(0.01)] became min:0, letting 0 pass validation, even though Laravel's validator accepts floats for these rules. Types are now widened to int|float|ExternalReference, mirroring MultipleOf:

#[Min(0.01), Max(99.99)]
public float $price;

Digit-count rules (Digits, MinDigits, MaxDigits, DigitsBetween) and Password length stay int. Thanks @​rubenvanassche.

What's Changed

• Allow float values for Min, Max and Size validation attributes by @​rubenvanassche in spatie/laravel-data#1185
• Fix install conflict on PHP 8.4 with Pest installed by @​rubenvanassche in spatie/laravel-data#1186
• Run rules() overrides regardless of property defaults by @​rubenvanassche in spatie/laravel-data#1187

Full Changelog: spatie/laravel-data@4.22.1...4.23.0

Commits

• 2305437 Run rules() overrides regardless of property defaults (#1187)
• ba02934 Fix install conflict on PHP 8.4 with Pest installed (#1186)
• de6404a Merge pull request #1185 from spatie/fix/min-max-size-float-values
• c50ca60 Allow float values for Min, Max and Size validation attributes
• 71d9a10 Update CHANGELOG
• See full diff in compare view

Updates symfony/cache from 7.4.8 to 8.0.10

Release notes

Sourced from symfony/cache's releases.

v8.0.10

Changelog (symfony/cache@v8.0.9...v8.0.10)

• bug #64122 Ensure compatibility with Relay extension 0.22.0 (@​nicolas-grekas)
• bug #63858 Remove conflict with dbal<4.3 (@​flack)

v8.0.9

Changelog (symfony/cache@v8.0.8...v8.0.9)

• bug #64060 Normalize default_lifetime for pools wrapped by ChainAdapter (@​ostrolucky)
• bug #63964 Ensure internal state is cleared in TagAwareAdapter::reset() … (@​KevinMartinsDev)
• bug #63860 Fix Psr16Cache::getMultiple() returning wrapper values when using TTL (@​nicolas-grekas)

v8.0.8

Changelog (symfony/cache@v8.0.7...v8.0.8)

• bug #63818 Ensure compatibility with Relay extension 0.21.0 (@​lyrixx)
• bug #63747 Fix Psr16Cache::getMultiple() returning ValueWrapper with TagAwareAdapter (@​pcescon)
• bug #63736 Fix undefined array key when tag save fails in AbstractTagAwareAdapter (@​pcescon)
• bug #63655 Fix ChainAdapter ignoring item expiry when propagating to earlier adapters (@​guillaumeVDP)

v8.0.7

Changelog (symfony/cache@v8.0.6...v8.0.7)

• bug #63592 Add timeout and slot eviction to LockRegistry stampede prevention (@​nicolas-grekas)

v8.0.6

Changelog (symfony/cache@v8.0.5...v8.0.6)

• bug #63437 Wrap DoctrineDbalAdapter::doSave() in savepoint to prevent transaction poisoning (@​lacatoire)
• bug #63391 Align Redis sentinel auth handling across components (@​nicolas-grekas)
• bug #63324 Fix DSN auth not passed to Redis/RedisCluster/Relay in RedisTrait (@​ckrack)
• bug #63306 Revert "Fix DSN auth not passed to clusters in RedisTrait" (@​nicolas-grekas)
• bug #63272 Fix forwarding SSL settings to the redis sentinel (@​CientistaDaWeb)
• bug #63230 fix engine declaration on mysql pdo table creations (@​tandev)

v8.0.5

Changelog (symfony/cache@v8.0.4...v8.0.5)

• bug #63137 Fix PdoSessionHandler charset-collation mismatch with the Doctrine DBAL (@​samy-mahmoudi)

v8.0.4

Changelog (symfony/cache@v8.0.3...v8.0.4)

• bug #62852 Fix DSN auth not passed to clusters in RedisTrait (@​wikando-ck)

v8.0.3

Changelog (symfony/cache@v8.0.2...v8.0.3)

• bug symfony/symfony#62873 [Cache] Fix namespace of chained pools when using another chain as template (@​nicolas-grekas)

... (truncated)

Changelog

Sourced from symfony/cache's changelog.

CHANGELOG

8.0

• Remove CouchbaseBucketAdapter, use CouchbaseCollectionAdapter instead

7.4

• Bump ext-redis to 6.1 and ext-relay to 0.12 minimum

7.3

• Add support for \Relay\Cluster in RedisAdapter
• Add support for valkey: / valkeys: schemes
• Add support for namespace-based invalidation
• Rename options "redis_cluster" and "redis_sentinel" to "cluster" and "sentinel" respectively

7.2

• igbinary_serialize() is no longer used instead of serialize() by default when the igbinary extension is installed, due to behavior compatibilities between the two
• Add optional Psr\Clock\ClockInterface parameter to ArrayAdapter

7.1

• Add option sentinel_master as an alias for redis_sentinel
• Deprecate CouchbaseBucketAdapter, use CouchbaseCollectionAdapter
• Add support for URL encoded characters in Couchbase DSN
• Add support for using DSN with PDOAdapter
• The algorithm for the default cache namespace changed from SHA256 to XXH128

7.0

• Add parameter $isSameDatabase to DoctrineDbalAdapter::configureSchema()
• Drop support for Postgres < 9.5 and SQL Server < 2008 in DoctrineDbalAdapter

6.4

• EarlyExpirationHandler no longer implements MessageHandlerInterface, rely on AsMessageHandler instead

6.3

... (truncated)

Commits

• 8ff96cd Merge branch '7.4' into 8.0
• 8c5fbb4 Merge branch '6.4' into 7.4
• 6ae5a11 [Cache] More relay traits fixes
• 1731486 Merge branch '7.4' into 8.0
• 6332edc Merge branch '6.4' into 7.4
• a9fee75 Fix up
• 02ac570 [Cache] Ensure compatibility with Relay extension 0.22.0
• d3af335 [Cache] Remove conflict with dbal<4.3
• 2866a18 Merge branch '7.4' into 8.0
• 3860fa1 Merge branch '6.4' into 7.4
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions