Patch league/commonmark security vulnerabilities

[midnite81]

Summary

• update league/commonmark in composer.lock from 2.8.0 to 2.8.2
• refresh transitive packages resolved by Composer: nette/schema v1.3.3 -> v1.3.5, nette/utils v4.1.2 -> v4.1.3, and symfony/polyfill-php80 v1.33.0 -> v1.34.0
• keep the change scoped to the lockfile with no application code changes

Why This Change Was Needed

• the production container scan reported vulnerabilities against the transitive league/commonmark dependency pulled in via laravel/framework
• Laravel already allows league/commonmark under the existing ^2.6 constraint, so the fix can be applied by refreshing the lockfile to a patched release
• updating to 2.8.2 covers the reported 2.8.1 and 2.8.2 fixes without changing the project dependency declarations

What Changed

• refreshed the Composer lockfile on a dedicated bugfix branch
• upgraded the vulnerable package to the latest compatible patch release available during resolution
• accepted the small set of additional transitive lockfile updates Composer resolved alongside the CommonMark patch

Testing

• /opt/homebrew/opt/php@8.2/bin/php ./vendor/bin/pest
• result: 634 passed, 1 skipped, 3 warnings

Risks And Reviewer Notes

• this is a lockfile-only change, so runtime risk is limited to dependency behavior in the updated transitive packages
• no composer.json constraints were changed
• Pest still reports the same pre-existing warnings during the suite run, including the deprecated PHPUnit XML schema warning and existing Carbon test warnings

Follow-up

• if CI or deploy environments still default to an older PHP binary, align them with PHP 8.2+ so future Composer operations do not require local workarounds
• after merge, rebuild the production image so the patched dependency is included in the next container scan