psalm/plugin-laravel v4.9.0

v4.9.0 - Validation Rules

on PHP Packagist

What’s Changed

This release is focused respecting validation rules when to mark input as safe.

Validation & taint analysis

• Use a more precise taint-escape strategy for validation rules (#819) @alies-dev
• Extend rule-based taint escape to FormRequest input() / string() / str() accessors (#821) @alies-dev
• Honour Validation Rule class-level @psalm-taint-escape on custom Rule classes (#826) @alies-dev

Custom Eloquent Builders

• Preserve fluent return types on custom Eloquent builder subclasses (#845) @alies-dev
• Fix scopes() chaining on builder contracts (#846) @alies-dev
• Register custom builder pseudo-method macros (#847) @alies-dev
• Bind firstOr() callback template across argument positions (#851) @alies-dev

CLI Features

• New vendor/bin/psalm-laravel CLI with init subcommand for first-time plugin setup (#786) @alies-dev
• New psalm-laravel add subcommand to scaffold a GitHub Actions security-analysis workflow (#814) @alies-dev

Other type infer Changes

• Support more Laravel public methods that use variadic parameters: Collection, Session, RedirectResponse, LazyCollection, MessageBag, ServiceProvider(#809, #832) @alies-dev
• Widen Collection::make / LazyCollection::make / collect() for scalar inputs (#783) @alies-dev
• Fix InvalidArgument on arrow-function closures in the Builder::where family (#784) @alies-dev
• Relocate only / except / collect / old to the correct traits (#825) @alies-dev
• Restate implements / extends in 4 stubs that were wiping reflected metadata (#835, #836) @alies-dev

Internal changes

• Add StatsHandler to report plugin-level counts under psalm --stats (#817) @alies-dev
• Include plugin configuration in the bug-report issue body (#781) @alies-dev

Full Changelog: v4.8.4...v4.9.0