Bump vimeo/psalm from 3.6.4 to 4.6.3

[dependabot-preview]

Bumps vimeo/psalm from 3.6.4 to 4.6.3.

Release notes

Sourced from vimeo/psalm's releases.

Mostly bugfixes

Features

• @weirdan added support for PHP Version-dependent method stubs (#5337)

Bugfixes

• Improving handling of nested template types in class strings (#5290)
• Language Server Allow static methods to be autocompleted on instances (#5210, #5295)
• Language Server Fix inferred type caching bug when editing neighbouring methods (#5297)
• Fix JSON reports containing UTF-8 strings – thanks @danog (#5300)
• Improve callmap for gd functions in PHP 8 – thanks @iluuu1994 (#5271)
• improvements to mysql_init and PDOStatement::fetchAll return type – thanks @morozov (#5306, #5317)
• WeakMap is now generic – thanks @weirdan (#5313)
• Allow iterable coercion from a generic object (#5310)
• Fix an issue with method memoisation (#5317)
• Allow ReflectionParameter::getType() to return non-null if a ReflectionParameter::hasType() call returns true (#5258)
• Undefined variables can now be tracked in arrow functions – thanks @weirdan (#5343)
• ImplicitToStringCast is now emitted in more places – thanks @weirdan (#5344)
• variable usage in bool to int casts are now tracked – thanks @weirdan (#5349)
• explode return type is improved – thanks @weirdan (#5350)
• ceil just returns a float, thanks @simPod (#5355)
• improved return type for min and max – thanks @orklah
• Psalm startup variables are now shielded from plugins that change global variables – thanks @weirdan! (#5366)
• fixed integer overflow that could cause a Psalm crash – thanks @orklah (#5369)
• @orklah fixed a bug where Psalm would not accurately type the output of array_map when given a callable (#5373)
• prevented an edge-case where calling the constructor of a genericised class could poison Psalm's internal cache (b549989)

More bugfixes

• @weirdan fixed a notice (#5255)
• @spyric fixed line references in the CodeClimate output (#5262)
• @elnoro limited incidence of the UnresolvableInclude after an is_file check
• @orklah improved the error message when new PHP syntax cannot be understood when analysing older PHP code (#5268)
• @orklah improved the signature map for session_id (#5272)
• $unknown_object::someMethod() calls are no longer prohibited (#5257)
• more static returns are interpreted as self in the case of final classes/methods (#5244)
• fixed interpretation of parent::foo() inside traits (#5264)
• fix reconciliation of classes with interfaces (#5236)
• @boesing fixed an unnecessary ConfigException (#5280)
• fix an issue when properties aren't being memoised after calls (#5231)
• improve handling of get_class($templated_var) (#5279)
• expand out templated params that cannot be inferred in new calls (#5229)

Internals

• @joehoyle, @Nyholm and @elnoro improved the documentation
• @weirdan and added a general error handler in (#5260) that converts notices/warnings to exceptions

Fix autocompletion in PHP 7.3

This used some extra arguments in preg_replace_callback that were only added in PHP 7.4. Also @orklah improved bit-shift operation return types (#5233)

... (truncated)

Commits

• f1a8407 Improve min/max return type cc @orklah
• b549989 Prevent overwriting storage type during analysis
• 90fd1c5 fix usage of callable with array_map (#5373)
• 57234ab fix int overflow (#5369)
• cddef00 fix int overflow (#5369)
• 3817193 Fix anchor to class-string type in documentation (#5362)
• 205fdd1 Wrap entrypoints into IIFE to protect their variables (#5366)
• 0a4ad57 add stubs for min/max (#5353)
• 9793f92 Mark ceil() return type as float (#5355)
• 5066377 Remove duplicate entry for 'amphp/amp' from composer.json file (#5352)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

Superseded by #293.