psalm/plugin-laravel v3.4.0 on PHP Packagist

Backports type inference and taint analysis improvements from Plugin 4.x to Psalm 6 users.

What's Changed

Cookies — CookieJar make/queue/forever/forget methods flagged as taint-sink header
Filesystem — Storage::put(), Storage::prepend(), Storage::append() as path/file sinks
HTTP Client — Http::get(), Http::post(), Http::send() as SSRF sinks
Sessions — session() helper and Store methods as taint sources (XSS, SQL injection)
Views — View::make(), view() helper, View::share() as HTML sinks
Mail — Mailable subject/to/from as header sinks, body/line/action as HTML sinks
Redis — eval, evalSha, executeRaw as eval sinks
Uploaded files — filename, path, contents, MIME type as taint sources
Encryption — encrypt()/decrypt() correctly modeled as taint escape/unescape
Routing — route parameters as taint sources, redirector as SSRF sink
Response — header(), withHeaders(), cookie() as header sinks

Stubs backported from v4.0–v4.6 to reduce false positives:

Query Builder — narrowed return types (count → int<0,max>, get → Collection<int, stdClass>, cursor → LazyCollection), added 20+ method stubs (whereNot, having, from, orderBy, etc.)
Eloquent Builder — narrowed cursor, pluck, paginators, firstOrCreate; added whereNot, createOrFirst, findSole, chunkMap; @psalm-variadic on with()/without()
Model — added Stringable/HasBroadcastChannel implements, public increment/decrement
Schema — new stubs for Blueprint, ColumnDefinition, ForeignIdColumnDefinition, ForeignKeyDefinition (fluent migration chains)
Auth — new stubs for Authenticatable, SessionGuard, TokenGuard
Collection handlers — filter() without callback now removes null/false from TValue; flatten(1)/collapse() preserve TValue

Full Changelog: v3.3.0...v3.4.0