Update all non-major dependencies

[benjaminjonard]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@babel/core (source)	7.28.6 → 7.29.0			devDependencies	minor
@babel/preset-env (source)	7.28.6 → 7.29.2			devDependencies	minor
api-platform/core (source)	4.2.13 → 4.3.1			require	minor
brianium/paratest	7.16.1 → 7.19.2			require-dev	minor
core-js (source)	3.47.0 → 3.49.0			devDependencies	minor
crowdin/github-action	v2.14.0 → v2.15.2			action	minor
dama/doctrine-test-bundle	8.5.0 → 8.6.0			require-dev	minor
doctrine/dbal (source)	4.4.1 → 4.4.3			require	patch
doctrine/orm (source)	3.6.1 → 3.6.2			require	patch
friendsofphp/php-cs-fixer	3.92.5 → 3.94.2			require-dev	minor
hotkeys-js (source)	4.0.0 → 4.0.2			dependencies	patch
intl-messageformat	11.1.1 → 11.2.0			dependencies	minor
justinrainbow/json-schema	6.6.4 → 6.7.2			require-dev	minor
phpunit/php-code-coverage	12.5.2 → 12.5.3			require-dev	patch
phpunit/phpunit (source)	12.5.8 → 12.5.14			require-dev	patch
rector/rector (source)	2.3.2 → 2.3.9			require-dev	patch
sortablejs	1.15.6 → 1.15.7			devDependencies	patch
symfony/asset (source)	8.0.0 → 8.0.6			require	patch
symfony/browser-kit (source)	8.0.3 → 8.0.4			require	patch
symfony/cache (source)	8.0.3 → 8.0.7			require	patch
symfony/console (source)	8.0.3 → 8.0.7			require	patch
symfony/css-selector (source)	8.0.0 → 8.0.6			require	patch
symfony/dependency-injection (source)	8.0.3 → 8.0.7			require	patch
symfony/dotenv (source)	8.0.0 → 8.0.7			require	patch
symfony/error-handler (source)	8.0.0 → 8.0.4			require	patch
symfony/event-dispatcher (source)	8.0.0 → 8.0.4			require	patch
symfony/expression-language (source)	8.0.0 → 8.0.4			require	patch
symfony/finder (source)	8.0.3 → 8.0.6			require	patch
symfony/form (source)	8.0.3 → 8.0.7			require	patch
symfony/framework-bundle (source)	8.0.3 → 8.0.7			require	patch
symfony/http-client (source)	8.0.3 → 8.0.7			require	patch
symfony/http-foundation (source)	8.0.3 → 8.0.7			require	patch
symfony/http-kernel (source)	8.0.3 → 8.0.7			require	patch
symfony/intl (source)	8.0.1 → 8.0.6			require	patch
symfony/maker-bundle (source)	1.65.1 → 1.67.0			require-dev	minor
symfony/mime (source)	8.0.0 → 8.0.7			require	patch
symfony/property-access (source)	8.0.3 → 8.0.4			require	patch
symfony/property-info (source)	8.0.3 → 8.0.7			require	patch
symfony/routing (source)	8.0.3 → 8.0.6			require	patch
symfony/security-bundle (source)	8.0.0 → 8.0.6			require	patch
symfony/security-core (source)	8.0.3 → 8.0.4			require	patch
symfony/security-http (source)	8.0.3 → 8.0.6			require	patch
symfony/serializer (source)	8.0.3 → 8.0.7			require	patch
symfony/string (source)	8.0.1 → 8.0.6			require	patch
symfony/translation (source)	8.0.3 → 8.0.6			require	patch
symfony/twig-bridge (source)	8.0.3 → 8.0.7			require	patch
symfony/twig-bundle (source)	8.0.3 → 8.0.4			require	patch
symfony/uid (source)	8.0.0 → 8.0.4			require	patch
symfony/validator (source)	8.0.3 → 8.0.7			require	patch
symfony/var-dumper (source)	8.0.3 → 8.0.6			require-dev	patch
symfony/web-link (source)	8.0.0 → 8.0.4			require	patch
symfony/web-profiler-bundle (source)	8.0.3 → 8.0.7			require-dev	patch
symfony/yaml (source)	8.0.1 → 8.0.6			require	patch
twig/extra-bundle (source)	3.22.2 → 3.24.0			require	minor
twig/intl-extra (source)	3.22.1 → 3.24.0			require	minor
twig/string-extra (source)	3.22.1 → 3.24.0			require	minor
twig/twig (source)	3.22.2 → 3.24.0			require	minor
webpack	5.104.1 → 5.105.4			devDependencies	minor
yarn (source)	4.12.0 → 4.13.0			packageManager	minor
zenstruck/foundry	2.8.5 → 2.9.2			require-dev	minor

---

Release Notes

babel/babel (@​babel/core)

v7.29.0

Compare Source

v7.29.0 (2026-01-31)

Thanks @​simbahax for your first PR!

🚀 New Feature

• babel-types
  • #​17750 [7.x backport] Add attributes import declaration builder (@​JLHwung)
• babel-standalone
  • #​17663 [7.x backport] feat(standalone): export async transform (@​JLHwung)
  • #​17725 [7.x backport] feat: read standalone targets from data-targets (@​JLHwung)

🐛 Bug Fix

• babel-parser
  • #​17765 fix(parser): correctly parse type assertions in extends clause (@​nicolo-ribaudo)
  • #​17723 [7.x backport] fix(parser): improve super type argument parsing (@​JLHwung)
• babel-traverse
  • #​17708 fix(traverse): provide a hub when traversing a File or Program and no parentPath is given (@​simbahax)
• babel-plugin-transform-block-scoping, babel-traverse
  • #​17737 [7.x backport] fix: Rename switch discriminant references when body creates shadowing variable (@​magic-akari)

🏃‍♀️ Performance

• babel-generator, babel-runtime-corejs3
  • #​17642 [Babel 7] Improve generator performance (@​liuxingbaoyu)

Committers: 6

• David (@​simbahax)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu
• @​magic-akari

api-platform/core (api-platform/core)

v4.3.1

Compare Source

What's Changed

• chore(github): fix dispatch-demo-update on release by @​vincentchalamon in #​7842
• fix(validator): fallback to message when detail is uninitialized by @​soyuka in #​7844
• fix(symfony): do not exclude resources from DI by @​VincentLanglet in #​7847
• fix(validator): skip ValidateProcessor when ObjectMapper is not used by @​Renrhaf in #​7848
• fix(serializer): evaluate ApiProperty security on input DTOs by @​soyuka in #​7852
• fix(hydra): use compact IRI for owl:onProperty and Collection @​id in DocumentationNormalizer by @​soyuka in #​7849
• fix(doctrine): reset nested_properties_info for non-nested properties in FreeTextQueryFilter by @​soyuka in #​7850
• cs: typo in deprecation message for 'xkey' config by @​melany-mai in #​7851

New Contributors

• @​melany-mai made their first contribution in #​7851

Full Changelog: api-platform/core@v4.3.0...v4.3.1

v4.3.0

Compare Source

Features

• fa3b69635 feat(mcp): introduce api-platform/mcp component (#​7703)
• d13c24759 feat: mcp bundle tool integration (#​7595)
• ed0ae92ce feat: add support of collection to MCP (#​7724)
• 6e9e88dc2 feat(laravel): mcp support (#​7709)
• 6addc554d feat(openapi): Scalar API Reference documentation support (#​7817)
• 05a5d4d93 feat(laravel): object mapper (#​7704)
• 359a128cd feat(symfony): isGranted before provider (#​7500)
• 32e94848c feat: support relations on filters (#​7711)
• 2682fc5fc feat: defaults parameters (#​7758)
• d640d106b feat(doctrine): uuid filter (#​7628)
• c56a35469 feat(doctrine): add nested relation support to IriFilter and UuidFilter (#​7759)
• 5a876cc92 feat(doctrine): ComparisonFilter decorator for range filtering (#​7760)
• 19809c617 feat(doctrine): ne (not equal) operator for ComparisonFilter (#​7814)
• 6ba9c8b4d feat(doctrine): Add caseSensitive option to PartialSearchFilter (#​7675)
• 9f98aff46 feat(doctrine): add ODM SortFilter and nested property support for parameter-based filters (#​7780)
• 6f5d41458 feat(doctrine): remove PUT & PATCH for readonly entity (#​7453)
• 64b46b2d0 feat(jsonschema): support for normalization/denormalization with attributes (#​7629)
• c70cd449f feat(json-schema): handle union object types in iterable properties (#​7726)
• 625438cf2 feat(jsonapi): support entity identifiers instead of IRIs as resource id
• 833f3fec6 feat(serializer): option to preserve key in CollectionNormalizer (#​7721)
• 383a5fa67 feat(serializer): global defaults.normalization_context.gen_id configuration option (#​7775)
• 516ee3a28 feat(elasticsearch): OpenSearch support (#​7811)
• 21aa2572d feat(elasticsearch): add SSL options for Elasticsearch configuration (#​4059)
• fe63ddec8 feat(validator): uuid/ulid parameter validation (#​7649)
• 1427dfa91 feat(metadata): expose default attribute on parameters (#​7551)
• 63fba2a4e feat(metadata): cache operation metadata factory (#​7516)
• 350390ba3 feat(state): add headers to comply with LDP specification (#​6917)
• 8bdb2bc91 feat(symfony): allow symfony makers namespace configuration (#​7497)
• 45831a93c feat: enable to skip autoconfiguration with new SkipAutoconfigure attribute (#​7467)
• 26d1ac4d6 feat: allow both uppercase and lowercase order direction in OrderFilter schema (#​7741)
• 6626549b6 feat: correctly map problem-detail fields when using ProblemExceptionInterface (#​7776)
• db147a52f feat(laravel): split render logic from error handler (#​7790)

Bug fixes

• 263dbd8b2 fix: call object mapper with the expected class on 4.3 (#​7796)
• af7c22749 fix(jsonld): use operation shortName for @​context URI with multiple ApiResources
• 86b97d5ea fix(mcp): propagate session via processor context
• 3b9ed3bd4 fix(laravel): make api-platform/mcp optional (#​7824) (#​7828)
• 27cc4dbb3 fix(laravel): improve UI selection for documentation (#​7826)
• e16f7ec4f fix(laravel): add init-scalar-ui.js to Laravel's assets (#​7825)
• 5ca646111 fix(mcp): fallback to sdk handler when not found (#​7818)
• 95ec407bf fix(jsonapi): wrong variable name during merge (#​7816)
• 04c30b7ee fix(jsonapi): prevent double unwrapping of data.attributes with input DTOs
• 191a46122 fix(serializer): apply API Platform name converter to input/output DTOs (#​7779)
• 2e0b8ffb6 fix(serializer): prevent api_platform_output context from leaking to nested non-resource objects (#​7787)
• c6236f313 fix(serializer): report all missing constructor arguments in instantiateObject
• 31289b838 fix(symfony): make enable_docs a master switch for disabling documentation (#​7806)
• 64247b050 fix(metadata): sort parameters by priority after pattern expansion (#​7788)
• 813e4f793 fix(validator): missing required properties when using GroupSequence (#​7784)
• 90dfc3554 fix(validator): handle nested groups and group sequences (#​7791)
• 28834e6d6 fix(validator): validate entities after ObjectMapper transformation (#​7731)
• 98b8efb68 fix(laravel): exclude .blade.php files from recursive class scan (#​7813)
• cfdc22c1c fix(laravel): do not exclude custom primary keys matching HasMany foreign keys (#​7810)
• 9f1109365 fix(hydra): example type - use @​type prefix per JSON-LD spec (#​7768)
• 75ffdc43f fix(hydra): hide search key when there is parameter without filter (#​7773)
• e0ba0068d fix(hydra): unique class @​id with subClassOf for semantic types (#​7771)
• 9fdc6c27d fix(openapi): allow Operations to override global config in getPaginationParameters (#​7807)
• 0f025e849 fix(state): handle partial pagination with object mapper (#​7769)
• a2efb39e1 fix(elasticsearch): mono-repo v9 support (#​7766)
• 332272c6f fix(jsonld): restore item_uri_template @​type resolution after 4.2 merge (#​7764)
• 390056fbb fix(jsonld): item uri template type (#​7518)
• f0b355984 fix(symfony): use AsCommand description parameter for console commands (#​7763)
• 23840f9df fix(symfony): publish mercure updates for all resources of an entity (#​7774)
• c624daf68 fix(symfony): allow toggling GraphQL Playground to ensure BC
• c741bd62e fix: add missing RPC messenger handler for Symfony 8.1 compatibility
• a4715f063 fix(doctrine): enforce api-platform/serializer dependency (#​7781)
• 149fe24a1 fix(doctrine): throw exception if property is null for the doctrine filters (#​7681)
• 17b6ff221 fix(jsonschema): name collision when an operation name is already used by another class (#​7778)
• 4f6c4e1b4 fix(laravel): object-mapper / mcp-bundle versions

Breaking changes

• JSON-LD @type with output and itemUriTemplate: When using output with itemUriTemplate on a collection operation, the JSON-LD @type now uses the resource class name instead of the output DTO class name for semantic consistency with itemUriTemplate behavior. Update any client code that relies on the DTO class name in @type.
• Doctrine filters require explicit property (#​7681): Doctrine parameter-based filters (ExactFilter, IriFilter, PartialSearchFilter, UuidFilter) now throw InvalidArgumentException if the property attribute is missing. If you have filter parameters without an explicit property, you must either add one or use the :property placeholder in your parameter name.
• Readonly Doctrine entities lose PUT & PATCH (#​7453): Entities marked as readonly via Doctrine metadata ($classMetadata->markReadOnly()) will no longer expose PUT and PATCH operations. Clients sending PUT/PATCH to these resources will receive a 404. If you need write operations on readonly entities, explicitly define them in your ApiResource attribute.

Behavioral changes

• Hydra class @id now always uses #ShortName (#​7771): Hydra documentation classes now consistently use #ShortName as their @id instead of schema.org type URIs (e.g. schema:Product). This resolves class identifier collisions when multiple resources shared the same semantic type, which previously caused api-doc-parser conflation. Semantic types configured via types are now exposed through rdfs:subClassOf. Clients should expect class @id and property range changes in the Hydra documentation if resources had custom types configured.
• isGranted evaluated before provider (#​7500): Security expressions are now evaluated before the state provider runs. Expressions that do not reference the object variable will be checked earlier (at the pre_read stage), improving security by preventing unnecessary database queries on unauthorized requests. Expressions that reference object still wait for the provider to resolve the entity. Review any security expressions that relied on provider side-effects running before authorization.
• LDP-compliant response headers (#​6917): API responses now include Allow and Accept-Post headers per the Linked Data Platform specification. These are informational headers that help clients discover API capabilities and should not break existing integrations.
• Scalar API Reference UI (#​7817): Scalar is now available as an alternative documentation UI alongside Swagger UI. It is enabled by default when TwigBundle is available. Access it via ?ui=scalar. To disable it, set enable_scalar: false in your API Platform configuration.

v4.2.22

Compare Source

What's Changed

• chore(github): fix dispatch-demo-update on release by @​vincentchalamon in #​7842
• fix(serializer): evaluate ApiProperty security on input DTOs by @​soyuka in #​7852
• fix(hydra): use compact IRI for owl:onProperty and Collection @​id in DocumentationNormalizer by @​soyuka in #​7849
• cs: typo in deprecation message for 'xkey' config by @​melany-mai in #​7851

New Contributors

• @​melany-mai made their first contribution in #​7851

Full Changelog: api-platform/core@v4.2.21...v4.2.22

v4.2.21

Compare Source

Bug fixes

• 20ced5fca fix(laravel): clear SkolemIriConverter state between requests (#​7838)
• 2b2b7bca2 fix(filter): use correct type for int-backed enums in BackedEnumFilter
• 42a2d7fc6 fix(symfony): register DateTimeValueObjectTransformer for JsonStreamer (#​7839)
• 63e6b57f8 fix(openapi): correct redocly openapi errors (#​7834)
• 6a472a2db fix(jsonapi): swap arguments in DefinitionNameFactory::create() call
• bbfd4cafa fix(filter): do not nest array while generating default schema (#​7832)
• c20a41c20 fix(symfony): clear SkolemIriConverter state between requests via ResetInterface (#​7829)
• d6ecbe122 fix(serializer): Use serializer when denormalizing relation inside Input (#​7830)
• da6232468 fix(metadata): allow GraphQL-only resources without identifiers (#​3975) (#​7836)
• f4002902a fix(state): on creation, give expected class to object mapper (#​7795)

v4.2.20

Compare Source

Bug fixes

• 31289b838 fix(symfony): make enable_docs a master switch for disabling documentation (#​7806)
• 64115e152 fix(odm): partial pagination limit the documents entering $facet (#​7822)
• 98b8efb68 fix(laravel): exclude .blade.php files from recursive class scan (#​7813)
• 9fdc6c27d fix(openapi): allow Operations to override global config in getPaginationParameters (#​7807)
• cfdc22c1c fix(laravel): do not exclude custom primary keys matching HasMany foreign keys (#​7810)

v4.2.19

Compare Source

Bug fixes

• 04c30b7ee fix(jsonapi): prevent double unwrapping of data.attributes with input DTOs
• c6236f313 fix(serializer): report all missing constructor arguments in instantiateObject

v4.2.18

Compare Source

Bug fixes

• 2e0b8ffb6 fix(serializer): prevent api_platform_output context from leaking to nested non-resource objects (#​7787)
• 64247b050 fix(metadata): sort parameters by priority after pattern expansion (#​7788)
• 90dfc3554 fix(validator): handle nested groups and group sequences (#​7784, #​7791)
• 9f1109365 fix(hydra): example type - use @​type prefix per JSON-LD spec (#​7768)
• c624daf68 fix(symfony): allow toggling GraphQL Playground to ensure BC

v4.2.17

Compare Source

Bug fixes

• 0f025e849 fix(state): handle partial pagination with object mapper (#​7769)
• 17b6ff221 fix(jsonschema): name collision when an operation name is already used by another class (#​7778)
• 191a46122 fix(serializer): apply API Platform name converter to input/output DTOs (#​7779)
• 75ffdc43f fix(hydra): hide search key when there is parameter without filter (#​7773)
• f0b355984 fix(symfony): use AsCommand description parameter for console commands (#​7763)

v4.2.16

Compare Source

Bug fixes

• 07100d501 fix(hydra): use standard xsd prefix and remove duplicate context namespaces (#​7740)
• 3d8e4fb05 fix(laravel): support numeric float types in eloquent metadata factory (#​7730)
• 4f307d3ce fix(doctrine): skip uninitialized properties in handleLazyObjectRelations (#​7738)
• 6f85f2aa3 fix(metadata): use entity class from stateOptions for filter property resolution (#​7739)
• 70b17ce56 fix(doctrine): allow both uppercase and lowercase order direction in OrderFilter schema (#​7741) (#​7742)
• d70eec574 fix(serializer): prevent context leakage with service-based entity resolution (#​7756)

[v4.2.15](https://redirect.github.com/api-platfo