Laravel 8.18, weekly updates, and 🔥 tip

Laravel 8.18

Had two patch releases last week to bump to Laravel 8.17.2. This week we get a minor version bump to 8.18.0 with the following highlights:

  • Add orderPivotBy for BelongsToMany relation in #35455
  • Fix issue with polymorphic morphMaps with literal 0 in #35364
  • Add assertSentInOrder to test order of HTTP requests in #35525
  • Fix mime validation for jpeg files in #35518
  • Add handlerStats for Http Client in #35520
  • Add assertDispatchedWithChain and assertDispatchedWithoutChain to Bus fake in #35523
  • Allow testing of HTML and text bodies for Mailables in afb858a

You may review the full branch diff on GitHub for a complete list of changes.

This minor version bump and update is automated for subscribers to a Shifty Plan. If you don't have one of those, be sure to bump your constraint and run composer update to get the latest features.

Weekly Journal

Last week I worked on the design facelift. Mostly giving Jess and Len's work a final review. We soft launched some of the inner pages. So I hope to launch the home page early next week.

I spent some time tweaking Shift after all those Human Shifts in November. This was also based on some recent user feedback.

One of note was the automatic splitting of factories. This was a free task within the Shift Workbench. However, despite guidance in the PR comments, several users reported just doing this manually after running Shift. Looking at the stats, 10% of applications still used some kind of single factory. This was higher than I expected given it's been an outdated practice from Laravel 5.4. So to achieve the most automation, this is now automated as part of the Laravel 8.x Shift.

Another thing I fixed was the auto-closing of the "Laravel Upgrade" PRs automated by the Shifty Plans. Bitbucket only returns the commit SHA prefix, instead of the entire hash. This, of course, caused a mismatch preventing previous, "untouched" PRs from being automatically closed.

🔥 Tip

There have been a few additions to the core Laravel application since the release of Laravel 8. An important one has been the uncommenting of the TrustHosts middleware.

DCol discovered a potential vulnerability in regards to the HTTP headers. You can read the full thread on GitHub. But unless you're running a multi-tenant application, might be best to uncomment this middleware.

You may also review other the recent additions to the default Laravel application by browsing Shift's consolidated history.