Description
If you run vendor/bin/phpunit --filter CookieTest you get:

❯ vendor/bin/phpunit --filter CookieTest
PHPUnit 11.5.20 by Sebastian Bergmann and contributors.

Runtime:       PHP 8.3.21 with Xdebug 3.4.3
Configuration: /Users/paul/Workspace/CodeIgniter4/phpunit.xml.dist

..F.............................................                                                                                        48 / 48 (100%)

Time: 00:02.209, Memory: 80.00 MB

There was 1 failure:

1) CodeIgniter\Cookie\CookieTest::testCookieInitializationWithDefaults
Failed asserting that two strings are identical.
--- Expected
+++ Actual
@@ @@
-'lax'
+'Lax'

/Users/paul/Workspace/CodeIgniter4/tests/system/Cookie/CookieTest.php:58

FAILURES!
Tests: 48, Assertions: 133, Failures: 1.

Generating code coverage report in Clover XML format ... done [00:00.432]

Generating code coverage report in HTML format ... done [00:02.914]

This is because when you pass an empty defaults array (or did not pass anything) to Cookie::setDefaults(), the samesite value set is self::SAMESITE_LAX equal to lax. Now, we transform the samesite value to ucfirst in the constructor so that it would be consistent everywhere. Even the cookie config's allowed value for samesite is in ucfirst. I thought we have done that pretty much everywhere but found out this case wasn't. This failure was not caught since the test case is run along with the other tests. Running it by itself shows the issue.

I have targeted 4.7 since I'm changing the values of the constants so I think this is a behavior change. Let me know if this is ok in develop.

Checklist:

• Securely signed commits
• Component(s) with PHPDoc blocks, only if necessary or adds value
• Unit testing, with >80% coverage
• User guide updated
• Conforms to style guide