Upgrade to Laravel 13#26
Open
thinkstylestudio wants to merge 3 commits into
Open
Conversation
[Release 1]
- Update laravel/framework to ^13.0, tinker to ^3.0, boost to ^2.0 - Upgrade Pest to v4 and laravel-debugbar to v4 for L13 compatibility - Replace VerifyCsrfToken with PreventRequestForgery middleware - Add cache serializable_classes config and update default prefixes - Sync phpunit.xml with Laravel 13 testing defaults and APP_KEY Co-authored-by: Theron Smith <theron+github@thinkstylestudio.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Upgrades the application from Laravel 12 to Laravel 13 (locked to v13.11.1) and updates related dev/test tooling and Filament frontend assets to remain compatible with the new framework/runtime behavior.
Changes:
- Bump core and dev dependencies for Laravel 13 / Pest 4 / Debugbar 4 compatibility.
- Align application configs with Laravel 13 defaults (cache/session/redis prefixes, cache serialization hardening, phpunit env defaults).
- Refresh Filament published JS assets to the versions compatible with the upgraded stack.
Reviewed changes
Copilot reviewed 14 out of 41 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| composer.json | Updates Laravel/framework and related package constraints for the Laravel 13 upgrade. |
| composer.lock | Locks dependencies to updated versions (notably laravel/framework v13.11.1). |
| app/Providers/Filament/DashboardPanelProvider.php | Updates Filament panel middleware stack for Laravel 13 request forgery protection changes. |
| config/cache.php | Updates cache prefix format and adds serializable_classes hardening setting. |
| config/database.php | Updates Redis key prefix format to match Laravel 13 defaults. |
| config/session.php | Updates session cookie naming defaults to match Laravel 13 conventions. |
| phpunit.xml | Syncs test environment defaults with Laravel 13 (APP_KEY, sqlite memory DB, env flags). |
| public/js/filament/actions/actions.js | Updated Filament actions modal behavior in published asset bundle. |
| public/js/filament/filament/app.js | Updated Filament app boot/navigation behavior in published asset bundle. |
| public/js/filament/forms/components/select.js | Updated Filament select component bundle (includes reorderable behavior / Sortable integration). |
| public/js/filament/notifications/notifications.js | Updated notifications bundle (UUID generation + JSON serialization). |
| public/js/filament/schemas/schemas.js | Updated schema bundle (sticky actions + Livewire commit handling). |
| public/js/filament/support/async-alpine.js | Updated Async Alpine loader bundle used by Filament assets. |
| public/js/filament/support/support.js | Updated Filament support bundle (tooltips, floats, sortable, modal helpers, etc.). |
| public/js/filament/tables/tables.js | Updated Filament tables bundle (selection, column manager, filters dropdown positioning). |
Files not reviewed (10)
- public/fonts/filament/filament/inter/index.css: Language not supported
- public/js/filament/actions/actions.js: Language not supported
- public/js/filament/filament/app.js: Language not supported
- public/js/filament/forms/components/checkbox-list.js: Language not supported
- public/js/filament/forms/components/color-picker.js: Language not supported
- public/js/filament/forms/components/key-value.js: Language not supported
- public/js/filament/forms/components/slider.js: Language not supported
- public/js/filament/forms/components/textarea.js: Language not supported
- public/js/filament/notifications/notifications.js: Language not supported
- public/js/filament/schemas/components/actions.js: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
MlKilderkin
approved these changes
May 20, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Upgrades the application from Laravel 12 to Laravel 13 (v13.11.1).
Dependency updates
laravel/frameworklaravel/tinkerlaravel/boostpestphp/pestpestphp/pest-plugin-laravelbarryvdh/laravel-debugbarFilament remains on v4 and is compatible with Laravel 13 after
composer update.Breaking changes addressed
VerifyCsrfTokenwithPreventRequestForgeryin the Filament dashboard panel provider (Laravel 13 rename + stricter request-origin checks).serializable_classes => falseand updated the default cache key prefix format.CACHE_PREFIX,REDIS_PREFIX, andSESSION_COOKIEin.envare unaffected.phpunit.xmlwith Laravel 13 defaults (in-memory SQLite,APP_KEYfor CI, removed deprecated env vars).Verification
php artisan test— all tests passingvendor/bin/pint --dirty— formatting appliedNotes for deployers
If you rely on framework-generated cache/session prefixes (no explicit env vars), set
CACHE_PREFIX,REDIS_PREFIX, andSESSION_COOKIEin production before deploying to avoid invalidating existing sessions/cache keys.