roots · retlehs · Mar 25, 2026 · Mar 22, 2026 · Mar 22, 2026 · Mar 23, 2026
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -16,7 +16,7 @@ jobs:
     if: "!contains(github.event.head_commit.message, '[ci skip]')"
     strategy:
       matrix:
-        php: ['8.2', '8.3', '8.4', '8.5']
+        php: ['8.3', '8.4', '8.5']
 
     steps:
       - name: Checkout the project

diff --git a/.gitignore b/.gitignore
@@ -3,4 +3,5 @@
 phpunit.xml
 /composer.lock
 /coverage
+/scripts/.laravel-version
 /vendor
diff --git a/composer.json b/composer.json
@@ -42,34 +42,34 @@
     }
   },
   "require": {
-    "php": ">=8.2",
+    "php": ">=8.3",
     "ext-json": "*",
     "ext-mbstring": "*",
     "dragonmantank/cron-expression": "^3.4",
     "guzzlehttp/guzzle": "^7.8",
-    "illuminate/auth": "^12.0",
-    "illuminate/cache": "^12.0",
-    "illuminate/config": "^12.0",
-    "illuminate/console": "^12.0",
-    "illuminate/container": "^12.0",
-    "illuminate/contracts": "^12.0",
-    "illuminate/cookie": "^12.0",
-    "illuminate/database": "^12.0",
-    "illuminate/encryption": "^12.0",
-    "illuminate/events": "^12.0",
-    "illuminate/filesystem": "^12.0",
-    "illuminate/hashing": "^12.0",
-    "illuminate/http": "^12.0",
-    "illuminate/log": "^12.0",
-    "illuminate/pagination": "^12.0",
-    "illuminate/queue": "^12.0",
-    "illuminate/routing": "^12.0",
-    "illuminate/support": "^12.0",
-    "illuminate/testing": "^12.0",
-    "illuminate/validation": "^12.0",
-    "illuminate/view": "^12.0",
+    "illuminate/auth": "^13.0",
+    "illuminate/cache": "^13.0",
+    "illuminate/config": "^13.0",
+    "illuminate/console": "^13.0",
+    "illuminate/container": "^13.0",
+    "illuminate/contracts": "^13.0",
+    "illuminate/cookie": "^13.0",
+    "illuminate/database": "^13.0",
+    "illuminate/encryption": "^13.0",
+    "illuminate/events": "^13.0",
+    "illuminate/filesystem": "^13.0",
+    "illuminate/hashing": "^13.0",
+    "illuminate/http": "^13.0",
+    "illuminate/log": "^13.0",
+    "illuminate/pagination": "^13.0",
+    "illuminate/queue": "^13.0",
+    "illuminate/routing": "^13.0",
+    "illuminate/support": "^13.0",
+    "illuminate/testing": "^13.0",
+    "illuminate/validation": "^13.0",
+    "illuminate/view": "^13.0",
     "laravel/prompts": "^0.3.0",
-    "laravel/serializable-closure": "^1.3|^2.0",
+    "laravel/serializable-closure": "^2.0",
     "league/flysystem": "^3.26",
     "ramsey/uuid": "^4.7",
     "roots/support": "^1.0",
@@ -80,10 +80,8 @@
   "require-dev": {
     "laravel/pint": "^1.15",
     "mockery/mockery": "^1.6",
-    "pestphp/pest": "^3.0",
+    "pestphp/pest": "^4.0",
     "phpcompatibility/php-compatibility": "^9.3",
-    "roave/security-advisories": "dev-master",
-    "spatie/laravel-ignition": "^2.5",
     "spatie/pest-plugin-snapshots": "^2.3",
     "spatie/temporary-directory": "^2.2",
     "tmarsteel/mockery-callable-mock": "^2.1",

diff --git a/config/app.php b/config/app.php
@@ -130,7 +130,7 @@
 
     'previous_keys' => [
         ...array_filter(
-            explode(',', env('APP_PREVIOUS_KEYS', ''))
+            explode(',', (string) env('APP_PREVIOUS_KEYS', ''))
         ),
     ],
 

diff --git a/config/cache.php b/config/cache.php
@@ -27,7 +27,8 @@
     | same cache driver to group types of items stored in your caches.
     |
     | Supported drivers: "array", "database", "file", "memcached",
-    |                    "redis", "dynamodb", "octane", "null"
+    |                    "redis", "dynamodb", "octane", "null",
+    |                    "failover"
     |
     */
 
@@ -103,6 +104,19 @@
     |
     */
 
-    'prefix' => env('CACHE_PREFIX', Str::slug(env('APP_NAME', 'laravel'), '_').'_cache_'),
+    'prefix' => env('CACHE_PREFIX', Str::slug((string) env('APP_NAME', 'laravel')).'-cache-'),
+
+    /*
+    |--------------------------------------------------------------------------
+    | Serializable Classes
+    |--------------------------------------------------------------------------
+    |
+    | This value determines the classes that can be unserialized from cache
+    | storage. By default, no PHP classes will be unserialized from your
+    | cache to prevent gadget chain attacks if your APP_KEY is leaked.
+    |
+    */
+
+    'serializable_classes' => false,
 
 ];
diff --git a/config/database.php b/config/database.php
@@ -37,11 +37,11 @@
             'url' => env('DB_URL'),
             'database' => env('DB_DATABASE', database_path('database.sqlite')),
             'prefix' => '',
-            'prefix_indexes' => null,
             'foreign_key_constraints' => env('DB_FOREIGN_KEYS', true),
             'busy_timeout' => null,
             'journal_mode' => null,
             'synchronous' => null,
+            'transaction_mode' => 'DEFERRED',
         ],
 
         'wordpress' => [
@@ -59,7 +59,7 @@
             'strict' => true,
             'engine' => null,
             'options' => extension_loaded('pdo_mysql') ? array_filter([
-                (PHP_VERSION_ID >= 80400 ? Mysql::ATTR_SSL_CA : PDO::MYSQL_ATTR_SSL_CA) => env('MYSQL_ATTR_SSL_CA'),
+                (PHP_VERSION_ID >= 80500 ? Mysql::ATTR_SSL_CA : PDO::MYSQL_ATTR_SSL_CA) => env('MYSQL_ATTR_SSL_CA'),
             ]) : [],
         ],
 
@@ -79,7 +79,7 @@
             'strict' => true,
             'engine' => null,
             'options' => extension_loaded('pdo_mysql') ? array_filter([
-                (PHP_VERSION_ID >= 80400 ? Mysql::ATTR_SSL_CA : PDO::MYSQL_ATTR_SSL_CA) => env('MYSQL_ATTR_SSL_CA'),
+                (PHP_VERSION_ID >= 80500 ? Mysql::ATTR_SSL_CA : PDO::MYSQL_ATTR_SSL_CA) => env('MYSQL_ATTR_SSL_CA'),
             ]) : [],
         ],
 
@@ -99,7 +99,7 @@
             'strict' => true,
             'engine' => null,
             'options' => extension_loaded('pdo_mysql') ? array_filter([
-                (PHP_VERSION_ID >= 80400 ? Mysql::ATTR_SSL_CA : PDO::MYSQL_ATTR_SSL_CA) => env('MYSQL_ATTR_SSL_CA'),
+                (PHP_VERSION_ID >= 80500 ? Mysql::ATTR_SSL_CA : PDO::MYSQL_ATTR_SSL_CA) => env('MYSQL_ATTR_SSL_CA'),
             ]) : [],
         ],
 
@@ -115,7 +115,7 @@
             'prefix' => '',
             'prefix_indexes' => true,
             'search_path' => 'public',
-            'sslmode' => 'prefer',
+            'sslmode' => env('DB_SSLMODE', 'prefer'),
         ],
 
         'sqlsrv' => [
@@ -168,7 +168,7 @@
 
         'options' => [
             'cluster' => env('REDIS_CLUSTER', 'redis'),
-            'prefix' => env('REDIS_PREFIX', Str::slug(env('APP_NAME', 'laravel'), '_').'_database_'),
+            'prefix' => env('REDIS_PREFIX', Str::slug((string) env('APP_NAME', 'laravel')).'-database-'),
             'persistent' => env('REDIS_PERSISTENT', false),
         ],
 
@@ -179,6 +179,10 @@
             'password' => env('REDIS_PASSWORD'),
             'port' => env('REDIS_PORT', '6379'),
             'database' => env('REDIS_DB', '0'),
+            'max_retries' => env('REDIS_MAX_RETRIES', 3),
+            'backoff_algorithm' => env('REDIS_BACKOFF_ALGORITHM', 'decorrelated_jitter'),
+            'backoff_base' => env('REDIS_BACKOFF_BASE', 100),
+            'backoff_cap' => env('REDIS_BACKOFF_CAP', 1000),
         ],
 
         'cache' => [
@@ -188,6 +192,10 @@
             'password' => env('REDIS_PASSWORD'),
             'port' => env('REDIS_PORT', '6379'),
             'database' => env('REDIS_CACHE_DB', '1'),
+            'max_retries' => env('REDIS_MAX_RETRIES', 3),
+            'backoff_algorithm' => env('REDIS_BACKOFF_ALGORITHM', 'decorrelated_jitter'),
+            'backoff_base' => env('REDIS_BACKOFF_BASE', 100),
+            'backoff_cap' => env('REDIS_BACKOFF_CAP', 1000),
         ],
 
     ],

diff --git a/config/filesystems.php b/config/filesystems.php
@@ -40,7 +40,7 @@
         'public' => [
             'driver' => 'local',
             'root' => storage_path('app/public'),
-            'url' => env('APP_URL').'/storage',
+            'url' => rtrim((string) env('APP_URL', 'http://localhost'), '/').'/storage',
             'visibility' => 'public',
             'throw' => false,
             'report' => false,

diff --git a/config/logging.php b/config/logging.php
@@ -54,7 +54,7 @@
 
         'stack' => [
             'driver' => 'stack',
-            'channels' => explode(',', env('LOG_STACK', 'single')),
+            'channels' => explode(',', (string) env('LOG_STACK', 'single')),
             'ignore_exceptions' => false,
         ],
 
@@ -99,7 +99,7 @@
             'level' => env('LOG_LEVEL', 'debug'),
             'handler' => StreamHandler::class,
             'formatter' => env('LOG_STDERR_FORMATTER'),
-            'with' => [
+            'handler_with' => [
                 'stream' => 'php://stderr',
             ],
             'processors' => [PsrLogMessageProcessor::class],

diff --git a/config/mail.php b/config/mail.php
@@ -41,11 +41,11 @@
             'url' => env('MAIL_URL'),
             'host' => env('MAIL_HOST', '127.0.0.1'),
             'port' => env('MAIL_PORT', 2525),
-            'encryption' => env('MAIL_ENCRYPTION', 'tls'),
+            'scheme' => env('MAIL_SCHEME'),
             'username' => env('MAIL_USERNAME'),
             'password' => env('MAIL_PASSWORD'),
             'timeout' => null,
-            'local_domain' => env('MAIL_EHLO_DOMAIN'),
+            'local_domain' => env('MAIL_EHLO_DOMAIN', parse_url((string) env('APP_URL', 'http://localhost'), PHP_URL_HOST)),
         ],
 
         'ses' => [
@@ -54,7 +54,7 @@
 
         'postmark' => [
             'transport' => 'postmark',
-            // 'message_stream_id' => null,
+            // 'message_stream_id' => env('POSTMARK_MESSAGE_STREAM_ID'),
             // 'client' => [
             //     'timeout' => 5,
             // ],
@@ -74,12 +74,26 @@
             'transport' => 'array',
         ],
 
+        'resend' => [
+            'transport' => 'resend',
+        ],
+
         'failover' => [
             'transport' => 'failover',
             'mailers' => [
                 'smtp',
                 'log',
             ],
+            'retry_after' => 60,
+        ],
+
+        'roundrobin' => [
+            'transport' => 'roundrobin',
+            'mailers' => [
+                'ses',
+                'postmark',
+            ],
+            'retry_after' => 60,
         ],
 
     ],
@@ -97,26 +111,7 @@
 
     'from' => [
         'address' => env('MAIL_FROM_ADDRESS', 'hello@example.com'),
-        'name' => env('MAIL_FROM_NAME', 'Example'),
-    ],
-
-    /*
-    |--------------------------------------------------------------------------
-    | Markdown Mail Settings
-    |--------------------------------------------------------------------------
-    |
-    | If you are using Markdown based email rendering, you may configure your
-    | theme and component paths here, allowing you to customize the design
-    | of the emails. Or, you may simply stick with the Laravel defaults!
-    |
-    */
-
-    'markdown' => [
-        'theme' => env('MAIL_MARKDOWN_THEME', 'default'),
-
-        'paths' => [
-            resource_path('views/vendor/mail'),
-        ],
+        'name' => env('MAIL_FROM_NAME', env('APP_NAME', 'Laravel')),
     ],
 
 ];
diff --git a/config/services.php b/config/services.php
@@ -15,7 +15,7 @@
     */
 
     'postmark' => [
-        'token' => env('POSTMARK_TOKEN'),
+        'key' => env('POSTMARK_API_KEY'),
     ],
 
     'ses' => [
@@ -25,7 +25,7 @@
     ],
 
     'resend' => [
-        'key' => env('RESEND_KEY'),
+        'key' => env('RESEND_API_KEY'),
     ],
 
     'slack' => [

diff --git a/config/session.php b/config/session.php
@@ -13,7 +13,7 @@
     | incoming requests. Laravel supports a variety of storage options to
     | persist session data. Database storage is a great default choice.
     |
-    | Supported: "file", "cookie", "database", "apc",
+    | Supported: "file", "cookie", "database",
     |            "memcached", "redis", "dynamodb", "array"
     |
     */
@@ -97,7 +97,7 @@
     | define the cache store which should be used to store the session data
     | between requests. This must match one of your defined cache stores.
     |
-    | Affects: "apc", "dynamodb", "memcached", "redis"
+    | Affects: "dynamodb", "memcached", "redis"
     |
     */
 
@@ -129,7 +129,7 @@
 
     'cookie' => env(
         'SESSION_COOKIE',
-        Str::slug(env('APP_NAME', 'laravel'), '_').'_session'
+        Str::slug((string) env('APP_NAME', 'laravel')).'-session'
     ),
 
     /*
@@ -214,4 +214,20 @@
 
     'partitioned' => env('SESSION_PARTITIONED_COOKIE', false),
 
+    /*
+    |--------------------------------------------------------------------------
+    | Session Serialization
+    |--------------------------------------------------------------------------
+    |
+    | This value controls the serialization strategy for session data, which
+    | is JSON by default. Setting this to "php" allows the storage of PHP
+    | objects in the session but can make an application vulnerable to
+    | "gadget chain" serialization attacks if the APP_KEY is leaked.
+    |
+    | Supported: "json", "php"
+    |
+    */
+
+    'serialization' => 'json',
+
 ];
diff --git a/src/Illuminate/Foundation/Application.php b/src/Illuminate/Foundation/Application.php
@@ -45,7 +45,7 @@ class Application extends Container implements ApplicationContract, CachesConfig
      *
      * @var string
      */
-    const VERSION = '12.54.1';
+    const VERSION = '13.1.1';
 
     /**
      * The base path for the Laravel installation.