Bump mobiledetect/mobiledetectlib from 4.10.0 to 4.11.0

[dependabot]

Bumps mobiledetect/mobiledetectlib from 4.10.0 to 4.11.0.

Release notes

Sourced from mobiledetect/mobiledetectlib's releases.

4.11.0

What's Changed

• perf(bench): overhaul phpbench suite + advisory CI + release hygiene by @​serbanghita in serbanghita/Mobile-Detect#1015

Full Changelog: serbanghita/Mobile-Detect@4.10.0...4.11.0

Changelog

Sourced from mobiledetect/mobiledetectlib's changelog.

4.11.0

Security

• GHSA-mgj4-qjmw-v56v — the bundled Detection\Cache\Cache is now bounded (default 1000 entries, FIFO eviction). Prevents unbounded in-memory growth when one MobileDetect instance is reused across many distinct User-Agents in a long-running PHP runtime (RoadRunner, Laravel Octane, FrankenPHP worker mode, Swoole, ReactPHP, queue workers). Not applicable to classic PHP-FPM / mod_php deployments — the cache dies with the request. Custom PSR-16 adapters (Redis, APCu, Memcached, Filesystem) are out of scope; their eviction policy is the operator's responsibility.

Added

• Detection\Cache\Cache::__construct(int $maxEntries = Cache::DEFAULT_MAX_ENTRIES) — tune the in-memory cap via new MobileDetect(new Cache($n)).
• Cache::DEFAULT_MAX_ENTRIES constant (1000) and Cache::getMaxEntries() accessor.

Changed

• README-EXAMPLES.md "Long-Running Processes" — worker example now uses clear() (was evictExpired(), which is a no-op against fresh entries under the default 86 400 s TTL); added explicit note framing in-memory cache bounding as a systems-level concern with the bundled cap, and pointing operators at their own adapter's eviction for custom PSR-16 backends.
• Cache::evictExpired() docblock — clarified that it bounds by expiration, not by cardinality. Method behavior is unchanged.

Commits

• ab39168 fix(cache): bound in-memory Cache to prevent unbounded growth (GHSA-mgj4-qjmw...
• 6e6937e perf(bench): overhaul phpbench suite + advisory CI + release hygiene (#1015)
• 21277ca docs(known-limitations): add full-page edge cache incompatibility note
• c91cc4b docs(readme): point 2.x/3.x Tests badges at the renamed workflows
• 55bdfab docs(readme): restore badge links, add packagist version + workflow badges
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)