[Security] Bump laravel/framework from 5.6.21 to 5.6.30

[dependabot-preview]

Bumps laravel/framework from 5.6.21 to 5.6.30. This update includes security fixes.

Vulnerabilities fixed

Sourced from The PHP Security Advisories Database.

Cookie serialization vulnerability

Affected versions: >=4.0.0, <=4.0.11; >=4.1.0, <=4.1.31; >=4.2.0, <=4.2.22; >=5.0.0, <=5.0.35; >=5.1.0, <=5.1.46; >=5.2.0, <=5.2.45; >=5.3.0, <=5.3.31; >=5.4.0, <=5.4.36; >=5.5.0, <5.5.42; >=5.6.0, <5.6.30

Release notes

Sourced from laravel/framework's releases.

v5.6.29

Added

• Added restored() and forceDeleted() to observer stub (#40ba2ee)
• Added UploadedFile::getContents() (#24924)
• Added an alias for a single FactoryBuilder state definition (#24937)

Changed

• Allow closure to determine if event should be faked (#24887)
• Update error message for MailFake::assertSent() (#24911)
• Return instance of spy when swapping facade for a Mockery spy (#24918)
• Renamed Mailer::setGlobalTo() to setGlobalToAndRemoveCcAndBcc() to be more clear about what it does (#24917)
• Update the font path used in frontend stub (#24926)

Fixed

• Fixed an issue when passing an array to Request::is() (#24885)
• Fixed message string in NotificationFake::assertSentToTimes() (#24929)

v5.6.24

Added

• Added assertSessionHasNoErrors() test helper (#24308)
• Added support for defining and enforcing a Spatial reference system for a Point column (#24320)
• Added Builder::whereJsonDoesntContain() and Builder::orWhereJsonDoesntContain() (#24367)
• Added Queueable, SerializesModels to all notification events (#24368)
• Allow callable array syntax in route definition (#24385)
• Added JSON SELECT queries to SQL Server (#24397)

Changed

• Optimize query builder's pluck() method (#23482)
• Allow passing object instances regardless of the parameter name to method injection (#24234)
• Extract setting mutated attribute into method (#24307)
• Let apiResource support except option (#24319)
• Skip null/empty values in SeeInOrder (#24395)
• Sync Original modal attributes after soft deletion (#24400)

Fixed

• Fixed typo of missing underscore in not_regexp rule name (#24297)
• Cleanup null relationships in loadMorph (#24322)
• Fix loadMissing() relationship parsing (#24329)
• Fix FormRequest class authorization validation priority (#24369)
• Fix custom blade conditional ignoring 0 as argument (#24394)

v5.6.23

Added

• Added support for renaming indices (#24147)
• Added Event::fakeFor() method (#24230)
• Added @canany Blade directive (#24137)
• Added TestReponse:: assertLocation() method (#24267)

Changed

• Validation bypass for before and after rules when paired with date_format rule (#24191)

... (truncated)

Commits

• 3850621 version
• df5e681 Support raw expressions in whereRowValues() (#25117)
• 240d904 adjust cookie serialization
• d1fc8eb add variable
• 97467e3 disable serialization for all cookies
• 7c90d41 dont serialize session id cookie
• c0eb907 dont serialize csrf cookie / header (#25121)
• 9ed650c Update Hash Facade @​see reference (#25114)
• ddf138a Merge pull request #25094 from ntzm/revert-25092-patch-7
• 26a4465 Merge pull request #25096 from martinbean/patch-1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.