Bump vimeo/psalm from 3.6.4 to 4.6.3

[dependabot-preview[bot]]

Bumps vimeo/psalm from 3.6.4 to 4.6.3.

Release notes

Sourced from vimeo/psalm's releases.

Mostly bugfixes

Features

• @weirdan added support for PHP Version-dependent method stubs (#5337)

Bugfixes

• Improving handling of nested template types in class strings (#5290)
• Language Server Allow static methods to be autocompleted on instances (#5210, #5295)
• Language Server Fix inferred type caching bug when editing neighbouring methods (#5297)
• Fix JSON reports containing UTF-8 strings – thanks @danog (#5300)
• Improve callmap for gd functions in PHP 8 – thanks @iluuu1994 (#5271)
• improvements to mysql_init and PDOStatement::fetchAll return type – thanks @morozov (#5306, #5317)
• WeakMap is now generic – thanks @weirdan (#5313)
• Allow iterable coercion from a generic object (#5310)
• Fix an issue with method memoisation (#5317)
• Allow ReflectionParameter::getType() to return non-null if a ReflectionParameter::hasType() call returns true (#5258)
• Undefined variables can now be tracked in arrow functions – thanks @weirdan (#5343)
• ImplicitToStringCast is now emitted in more places – thanks @weirdan (#5344)
• variable usage in bool to int casts are now tracked – thanks @weirdan (#5349)
• explode return type is improved – thanks @weirdan (#5350)
• ceil just returns a float, thanks @simPod (#5355)
• improved return type for min and max – thanks @orklah
• Psalm startup variables are now shielded from plugins that change global variables – thanks @weirdan! (#5366)
• fixed integer overflow that could cause a Psalm crash – thanks @orklah (#5369)
• @orklah fixed a bug where Psalm would not accurately type the output of array_map when given a callable (#5373)
• prevented an edge-case where calling the constructor of a genericised class could poison Psalm's internal cache (b549989)

More bugfixes

• @weirdan fixed a notice (#5255)
• @spyric fixed line references in the CodeClimate output (#5262)
• @elnoro limited incidence of the UnresolvableInclude after an is_file check
• @orklah improved the error message when new PHP syntax cannot be understood when analysing older PHP code (#5268)
• @orklah improved the signature map for session_id (#5272)
• $unknown_object::someMethod() calls are no longer prohibited (#5257)
• more static returns are interpreted as self in the case of final classes/methods (#5244)
• fixed interpretation of parent::foo() inside traits (#5264)
• fix reconciliation of classes with interfaces (#5236)
• @boesing fixed an unnecessary ConfigException (#5280)
• fix an issue when properties aren't being memoised after calls (#5231)
• improve handling of get_class($templated_var) (#5279)
• expand out templated params that cannot be inferred in new calls (#5229)

Internals

• @joehoyle, @Nyholm and @elnoro improved the documentation
• @weirdan and added a general error handler in (#5260) that converts notices/warnings to exceptions

Fix autocompletion in PHP 7.3

This used some extra arguments in preg_replace_callback that were only added in PHP 7.4. Also @orklah improved bit-shift operation return types (#5233)

... (truncated)

Commits

• f1a8407 Improve min/max return type cc @orklah
• b549989 Prevent overwriting storage type during analysis
• 90fd1c5 fix usage of callable with array_map (#5373)
• 57234ab fix int overflow (#5369)
• cddef00 fix int overflow (#5369)
• 3817193 Fix anchor to class-string type in documentation (#5362)
• 205fdd1 Wrap entrypoints into IIFE to protect their variables (#5366)
• 0a4ad57 add stubs for min/max (#5353)
• 9793f92 Mark ceil() return type as float (#5355)
• 5066377 Remove duplicate entry for 'amphp/amp' from composer.json file (#5352)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)

[dependabot-preview[bot]]

Superseded by #293.