Bump vimeo/psalm from 3.6.4 to 4.3.2

[dependabot-preview[bot]]

Bumps vimeo/psalm from 3.6.4 to 4.3.2.

Release notes

Sourced from vimeo/psalm's releases.

Even more bugfixes

Features

• @weirdan added the ability to assert on static class properties (#4833)
• Psalm now detects mismatching docblock property types when a property type is provided (#4912)

Bugfixes

• @lptn fixed the nullability of a get_headers call (#4772)
• @orklah allowed (int) casts if the type comes from a calculation (#4768)
• improve scanning after stubbed interfaces change docblocks (#4767)
• @orklah improved pg_fetch return types (#4777)
• @VincentLanglet ensured extra files always get scanned (#4785)
• improve inference of template closure params (#4782)
• @orklah allowed passing mixed to is_a (#4780)
• invalidate dependent types when their linked variables change (#4794)
• ensure assigning to lists inside a foreach does not invalidate the list (#4741)
• fix regression analysing coalesce with effects (#4802)
• tighten up rules around method param inheritance (#4803)
• fix many bugs that stood in the way of an option implementation (#4817)
• don't crash when yielding non-existent class (#4829)
• @2e3s improved rules around memoisation of mutation-free methods (#4832)
• @villfa improved the return type for ftp_misd (#4830)
• @christeredvartsen fixed the signature for session_name (#4855)
• @BenMorel improved DateTimeZone signatures (#4870, #4879) and GEOS types (#4902)
• @franmomu allowed by-reference params in @method docblocks (#4873)
• @orklah improved behaviour for detecting illegal offsets in array creation (#4865)
• @TysonAndre made sure that ignoreFiles are not analysed when referenced with require (#4911)

Internal stuff

• @weirdan fixed continuous integration on Windows (#4775) and a workflow to test under PHP 8 (#4790)
• @weirdan fixed file modification time checks when file was changed within same second (#4789)
• @orklah added more lowercase-string types to Psalm's codebase (#4904) and fixed other docs (#4905)
• Travis is now just used for building Phars

Bugfixes

• prevent false-positive on isset in a finally block when checking a catch variable (#4764)
• prevent bug when calling parent constructor during property initialisation checks (#4760)
• fix false-positive bug when an assignment with a ternary re-assigns a ternary variable (#4759)

4.3.0

Features

• UnusedConstructor is now a separate issue from UnusedMethod. This allows people to use the private constructor pattern to prevent instantiation of classes that just have static methods (#4656)
• RedundantCast is now a separate issue from RedundantCondition. It is now emitted for more redundant casts thanks to @orklah adding better detection (#4695)
• @odoucet added support for the CodeClimate output format (#4387)
• @weirdan added a test to ensure all new Psalm annotations are documented (#4723)
• RedundantPropertyInitializationCheck is now emitted for isset checks on class properties that Psalm thinks should be defined. This allows users who prefer to initialize properties outside constructors to silence just that issue (#4732)

Commits

• 57b53ff Just build Phar on Travis
• 2898e55 Fix test
• 7764a4c Fix #4912 - detect mismatching property type
• 00b42bf Check if included files are listed in mustBeIgnored (#4911)
• 80a82c3 Fix lack of autoload_real in latest humbug/box
• a295d13 Fix other check
• 24b44f1 Disable platform check for Phar
• 6ebc9ae Bump circleci image version
• ddd9997 Fix #4901 - simplify mapping of template types within class
• ab5ddb1 [Doc] Add an example to explain how to handle plugin issues (#4908)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)

[dependabot-preview[bot]]

Superseded by #278.