Bump laravel/sail from 1.46.0 to 1.47.0

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps laravel/sail from 1.46.0 to 1.47.0.

Release notes

Sourced from laravel/sail's releases.

v1.47.0

• [1.x] Uncomment CLI workers on install by @​timacdonald in laravel/sail#821
• Update PostgreSQL version to 18 by @​abdounikarim in laravel/sail#824
• Fix typo in PLAYWRIGHT_BROWSERS_PATH - remove space at the EOL by @​abdounikarim in laravel/sail#823
• Update phpstan to version 2 by @​abdounikarim in laravel/sail#826
• Update actions/checkout to v5 by @​abdounikarim in laravel/sail#825

Changelog

Sourced from laravel/sail's changelog.

v1.47.0 - 2025-10-28

• [1.x] Uncomment CLI workers on install by @​timacdonald in laravel/sail#821
• Update PostgreSQL version to 18 by @​abdounikarim in laravel/sail#824
• Fix typo in PLAYWRIGHT_BROWSERS_PATH - remove space at the EOL by @​abdounikarim in laravel/sail#823
• Update phpstan to version 2 by @​abdounikarim in laravel/sail#826
• Update actions/checkout to v5 by @​abdounikarim in laravel/sail#825

Commits

• 9a11e82 Update actions/checkout to v5 (#825)
• c793f14 Update phpstan to version 2 (#826)
• 36ef4d3 Fix typo in PLAYWRIGHT_BROWSERS_PATH - remove space at the EOL (#823)
• 7201584 Update PostgreSQL version to 18 (#824)
• 55e8834 Uncomment CLI workers on install (#821)
• 5087687 Update CHANGELOG
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will merge this PR once CI passes on it, as requested by @guibranco.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: composer, dependencies, php. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[semanticdiff-com]

Review changes with  

[pr-code-reviewer]

👋 Hi there!

Everything looks good!

_{^{Automatically generated with the help of gpt-3.5-turbo.
Feedback? Please don't hesitate to drop me an email at [email protected].}}

[korbit-ai]

By default, I don't review pull requests opened by bots. If you would like me to review this pull request anyway, you can request a review via the /korbit-review command in a comment.

[korbit-ai]

I was unable to write a description for this pull request. This could be because I only found files I can't scan.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[deepsource-io]

Here's the code health analysis summary for commits 35a19b2..69c7bb3. View details on DeepSource ↗.

Analysis Summary

Analyzer	Status	Summary	Link
SQL	✅ Success		View Check ↗
Test coverage	✅ Success		View Check ↗
Secrets	✅ Success		View Check ↗
PHP	✅ Success		View Check ↗
Docker	✅ Success		View Check ↗

Code Coverage Report

Metric	Aggregate	Php
Branch Coverage	100%	100%
Composite Coverage	33.3%	33.3%
Line Coverage	33.3%	33.3%

---

💡 If you’re a repository administrator, you can configure the quality gates from the settings.

[codara-ai-code-review]

Potential issues, bugs, and flaws that can introduce unwanted behavior.

1. composer.lock - dragonmantank/cron-expression Dependency Version: Upgrading dragonmantank/cron-expression from v3.4.0 to v3.6.0 may introduce breaking changes. Ensure that your application code is compatible with the new version before deployment.

2. composer.lock - Symfony Console and Http Imports: The version change for packages like symfony/console and symfony/http-foundation from v7.3.4 to v7.3.5 should be tested thoroughly, especially regarding any method deprecations or behavior changes that could impact existing features.

3. composer.lock - php Requirement Changes: Changing PHP requirements from ^7.2|^8.0 to ^8.2|^8.3|^8.4|^8.5 for dragonmantank/cron-expression might affect backward compatibility. Confirm that all relevant parts of the application support the new PHP versions.

4. composer.lock - Removed webmozart/assert Package: The removal of the webmozart/assert package from the dependency list may lead to loss of input validation in places where it was previously utilized. Ensure that no critical functionality relies on it being present.

5. composer.lock - Time Attributes: There are multiple entries where "time" values for updates have been set to future dates. This could lead to misinterpretation of version stability or release timelines during dependency resolution or management.

Code suggestions and improvements for better exception handling, logic, standardization, and consistency:

1. composer.lock - Reference Updates: In the release updates, consistently parse and verify the reference and distribution URLs to ensure that they point to valid branches or tags. This can avoid errors in future resolutions.

2. composer.lock - Version Consistency: Ensure that the versions of interdependent packages are updated in a compatible fashion. For instance, if one package requires another's latest version, their updates should happen simultaneously to prevent any conflicts.

3. composer.lock - Testing Dependencies Before Updating: Implement a pre-deployment checklist to validate all updated dependencies through testing environments to catch potential incompatibilities or issues.

4. composer.lock - Automate Updates: Consider using a dependency manager tool like Composer's composer update --with-dependencies to ensure that all dependent packages are checked and updated alongside any new major versions.

5. composer.lock - Maintain Backward Compatibility: If breaking changes are noted, introduce backward-incompatible changes gradually or document the necessary migrations or modifications on your project’s wiki or README, guiding how to adopt the new versions effectively.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

Infisical secrets check: ✅ No secrets leaked!

💻 Scan logs

7:31PM INF scanning for exposed secrets...
7:31PM INF 322 commits scanned.
7:31PM INF scan completed in 739ms
7:31PM INF no leaks found

[guibranco]

Automatically approved by gstraccini[bot]

[guibranco]

@dependabot squash and merge

[dependabot]

Beginning January 27, 2026, Dependabot will no longer support the @dependabot squash and merge command. Please use GitHub's native pull request controls instead. Please see the changelog announcement for additional details.

[korbit-ai]

I was unable to write a description for this pull request. This could be because I only found files I can't scan.