Added
- Dispatch the
InvalidCallbackReceivedevent when a callback fails validation (wrong API key/channel, unknown payment method, malformed data). The event carries the validationerrorsand a redactedcallbackData(the API key and channel are excluded). The HTTP response remains a generic422, so no field-level detail is leaked to the caller.
Builds on the callback security hardening introduced in v3.1.0.
Full changelog: https://github.com/digitaldev-lx/laravel-eupago/blob/master/CHANGELOG.md