Upgrade Guide

    Estimated Upgrade Time: One Hour

    Likelihood Of Impact: Medium

    PHP 7.1 will no longer be actively maintained as of December 2019. Therefore, Laravel 6.0 requires PHP 7.2 or greater.

    Updating Dependencies

    Update your laravel/framework dependency to ^6.0 in your composer.json file.

    Next, examine any 3rd party packages consumed by your application and verify you are using the proper version for Laravel 6 support.

    Authorization

    Authorized Resources & viewAny

    Likelihood Of Impact: High

    Authorization policies attached to controllers using the authorizeResource method should now define a viewAny method, which will be called when a user accesses the controller's index method. Otherwise, calls to the index method of the controller will be rejected as unauthorized.

    Authorization Responses

    Likelihood Of Impact: Low

    The constructor signature of the Illuminate\Auth\Access\Response class has changed. You should update your code accordingly. If you are not constructing authorization responses manually and are only using the allow and deny instance methods within your policies, no change is required:

    Returning "Deny" Responses

    Likelihood Of Impact: Low

    In previous releases of Laravel, you did not need to return the value of the deny method from your policy methods since an exception was thrown immediately. However, in accordance with the Laravel documentation, you must now return the value of the deny method from your policies:

    1. public function update(User $user, Post $post)
    2. {
    3.     if (! $user->role->isEditor()) {
    4.         return $this->deny("You must be an editor to edit this post.")
    5.     }
    7.     return $user->id === $post->user_id;
    8. }

    The Illuminate\Contracts\Auth\Access\Gate Contract

    Likelihood Of Impact: Low

    The Illuminate\Contracts\Auth\Access\Gate contract has received a new inspect method. If you are implementing this interface manually, you should add this method to your implementation.

    Carbon

    Carbon 1.x No Longer Supported

    Likelihood Of Impact: Medium

    Carbon 1.x is no longer supported since it is nearing its maintenance end of life. Please upgrade your application to Carbon 2.0.

    Configuration

    The AWS_REGION Environment Variable

    Likelihood Of Impact: Optional

    If you plan to utilize , you should update all occurrences of AWS_REGION within your config directory to AWS_DEFAULT_REGION. In addition, you should update this environment variable's name in your .env file.

    Redis Default Client

    Likelihood Of Impact: Medium

    The default Redis client has changed from predis to phpredis. In order to keep using predis, ensure the redis.client configuration option is set to predis in your config/database.php configuration file.

    Database

    The Capsule table Method

    Likelihood Of Impact: Medium

    The signature of the Illuminate\Database\Capsule\Manager class' table method has updated to accept a table alias as its second argument. If you are using illuminate/database outside of a Laravel application, you should update any calls to this method accordingly:

    1. /**
    2.  * Get a fluent query builder instance.
    3.  *
    4.  * @param  string|null  $as
    5.  * @param  string|null  $connection
    6.  * @return \Illuminate\Database\Query\Builder
    7.  */
    8. public static function table($table, $as = null, $connection = null)

    The cursor Method

    Likelihood Of Impact: Low

    The cursor method now returns an instance of instead of a Generator The LazyCollection may be iterated just like a generator:

    1. $users = App\User::cursor();
    3. foreach ($users as $user) {
    4.     //
    5. }

    The BelongsTo::update Method

    Likelihood Of Impact: Medium

    For consistency, the update method of the BelongsTo relationship now functions as an ad-hoc update query, meaning it does not provide mass assignment protection or fire Eloquent events. This makes the relationship consistent with the update methods on all other types of relationships.

    If you would like to update a model attached via a BelongsTo relationship and receive mass assignment update protection and events, you should call the update method on the model itself:

    Arrayable & toArray

    Likelihood Of Impact: Medium

    The Eloquent model's toArray method will now cast any attributes that implement Illuminate\Contracts\Support\Arrayable to an array.

    Declaration Of Primary Key Type

    Likelihood Of Impact: Medium

    Laravel 6.0 has received for integer key types. If you are using a string as your model's primary key, you should declare the key type using the $keyType property on your model:

    1. /**
    2.  * The "type" of the primary key ID.
    3.  *
    4.  * @var string
    5.  */
    6. protected $keyType = 'string';

    Email Verification

    Resend Verification Route HTTP Method

    Likelihood Of Impact: Medium

    To prevent possible CSRF attacks, the email/resend route registered by the router when using Laravel's built-in email verification has been updated from a GET route to a POST route. Therefore, you will need to update your frontend to send the proper request type to this route. For example, if you are using the built-in email verification template scaffolding:

    1. {{ __('Before proceeding, please check your email for a verification link.') }}
    2. {{ __('If you did not receive the email') }},
    4. <form class="d-inline" method="POST" action="{{ route('verification.resend') }}">
    5.     @csrf
    7.     <button type="submit" class="btn btn-link p-0 m-0 align-baseline">
    8.         {{ __('click here to request another') }}
    9.     </button>.
    10. </form>

    The MustVerifyEmail Contract

    Likelihood Of Impact: Low

    A new getEmailForVerification method has been added to the Illuminate\Contracts\Auth\MustVerifyEmail contract. If you are manually implementing this contract, you should implement this method. This method should return the object's associated email address. If your App\User model is using the Illuminate\Auth\MustVerifyEmail trait, no changes are required, as this trait implements this method for you.

    Email Verification Route Change

    Likelihood Of Impact: Medium

    The route path for verifying emails has changed from /email/verify/{id} to /email/verify/{id}/{hash}. Any email verification emails that were sent prior to upgrading to Laravel 6.x will not longer be valid and will display a 404 page. If you wish, you may define a route matching the old verification URL path and display an informative message for your users that asks them to re-verify their email address.

    Helpers

    String & Array Helpers Package

    Likelihood Of Impact: High

    All str and array helpers have been moved to the new laravel/helpers Composer package and removed from the framework. If desired, you may update all calls to these helpers to use the Illuminate\Support\Str and Illuminate\Support\Arr classes. Alternatively, you can add the new laravel/helpers package to your application to continue using these helpers:

    1. composer require laravel/helpers

    Localization

    The Lang::trans & Lang::transChoice Methods

    Likelihood Of Impact: Medium

    In addition, if you are manually implementing the Illuminate\Contracts\Translation\Translator contract, you should update your implementation's trans and methods to get and choice.

    The Lang::getFromJson Method

    Likelihood Of Impact: Medium

    The Lang::get and Lang::getFromJson methods have been consolidated. Calls to the Lang::getFromJson method should be updated to call Lang::get.

    Mail

    Mandrill & SparkPost Drivers Removed

    Likelihood Of Impact: Low

    The mandrill and sparkpost mail drivers have been removed. If you would like to continue using either of these drivers, we encourage you to adopt a community maintained package of your choice that provides the driver.

    Notifications

    Nexmo Routing Removed

    Likelihood Of Impact: Low

    A lingering part of the Nexmo notification channel was removed from the core of the framework. If you're relying on routing Nexmo notifications you should manually implement the routeNotificationForNexmo method on your notifiable entity .

    Password Validation

    Likelihood Of Impact: Low

    The PasswordBroker no longer restricts or validates passwords. Password validation was already being handled by the ResetPasswordController class, making the broker's validations redundant and impossible to customize. If you are manually using the PasswordBroker (or Password facade) outside of the built-in ResetPasswordController, you should validate all passwords before passing them to the broker.

    Queues

    Queue Retry Limit

    Likelihood Of Impact: Medium

    In previous releases of Laravel, the php artisan queue:work command would retry jobs indefinitely. Beginning with Laravel 6.0, this command will now try a job one time by default. If you would like to force jobs to be tried indefinitely, you may pass 0 to the —tries option:

    In addition, please ensure your application's database contains a failed_jobs table. You can generate a migration for this table using the queue:failed-table Artisan command:

    1. php artisan queue:failed-table

    Requests

    The Input Facade

    Likelihood Of Impact: Medium

    The Input facade, which was primarily a duplicate of the Request facade, has been removed. If you are using the Input::get method, you should now call the Request::input method. All other calls to the Input facade may simply be updated to use the Request facade.

    Scheduling

    The between Method

    Likelihood Of Impact: Low

    In previous releases of Laravel, the scheduler's between method exhibited confusing behavior across date boundaries. For example:

    1. $schedule->command('list')->between('23:00', '4:00');

    For most users, the expected behavior of this method would be to run the list command every minute for all minutes between 23:00 and 4:00. However, in previous releases of Laravel, the scheduler ran the list command every minute between 4:00 and 23:00, essentially swapping the time thresholds. In Laravel 6.0, this behavior has been corrected.

    Storage

    Rackspace Storage Driver Removed

    Likelihood Of Impact: Low

    The rackspace storage driver has been removed. If you would like to continue using Rackspace as a storage provider, we encourage you to adopt a community maintained package of your choice that provides this driver.

    URL Generation

    Route URL Generation & Extra Parameters

    In previous releases of Laravel, passing associative array parameters to the route helper or URL::route method would occasionally use these parameters as URI values when generating URLs for routes, even if the parameter value had no matching key within the route path. Beginning in Laravel 6.0, these values will be attached to the query string instead. For example, consider the following route:

    1. Route::get('/profile/{location}', function ($location = null) {
    2.     //
    3. })->name('profile');
    5. // Laravel 5.8: http://example.com/profile/active
    6. echo route('profile', ['status' => 'active']);
    8. // Laravel 6.0: http://example.com/profile?status=active
    9. echo route('profile', ['status' => 'active']);

    The action helper and URL::action method are also affected by this change:

    FormRequest validationData Method

    Likelihood Of Impact: Low

    The form request's validationData method was changed from protected to public. If you are overriding this method in your implementation, you should update the visibility to public.

    Miscellaneous

    We also encourage you to view the changes in the laravel/laravel GitHub repository. While many of these changes are not required, you may wish to keep these files in sync with your application. Some of these changes will be covered in this upgrade guide, but others, such as changes to configuration files or comments, will not be. You can easily view the changes with the and choose which updates are important to you.