composer(deps-dev): bump vimeo/psalm from 4.7.2 to 4.7.3

[dependabot]

Bumps vimeo/psalm from 4.7.2 to 4.7.3.

Release notes

Sourced from vimeo/psalm's releases.

Bugfixes galore

Improved unused property detection

Psalm emits UnusedProperty and PossiblyUnusedProperty issues when properties are declared but never referenced. Previously Psalm would count a property assignment as a reference to a property, but this has now been fixed so a property is treated as unused unless it is explicitly read from (#5810). As before, UnusedProperty is emitted for private properties, while PossiblyUnusedProperty is emitted for public and protected properties.

More ParamNameMismatch strictness

When I originally implemented ParamNameMismatch I ignored methods with only one param, thinking that people would not call methods with a single param using named arguments, but in retrospect this was a little too liberal. @​VincentLanglet has restricted this appropriately (#5732)

Other bugfixes

• Improved negation of complex conditionals containing assignments (#5685)
• combining scalar and empty-scalar should result in scalar (#5696)
• Inherit class-level suppressions when checking methods (#5687, #3357) - thanks @​weirdan
• infer never types in more situations (#5777) — thanks @​weirdan
• prevent notice for some invalid docblocks (#5709) - thanks @​weirdan
• prefer @psalm-template over @phpstan-template (#5713) - thanks @​weirdan
• add JSON schema link for SARIF output (#5718) - thanks @​weirdan
• unpack can return false — thanks @​robchett
• improved array_splice inference (#5738) — thanks @​orklah
• combining never and empty should result in never(#5756)
• prevent OOM when using array_merge inside a loop (#4910)
• prevent crash when templates cannot be resolved (#5073)
• all opcache_* functions are impure (#5761)
• prevent OOM on very large conditionals (#5327)
• improved inference after a nullsafe method call has been made (#5771) - thanks @​orklah
• prevent crash with class-string-map usage (#5434)
• improved inference of array_fill (#5770) — thanks @​olsavmic
• fixed bug extending a mixed param (#5763) — thanks @​orklah
• added link to GitHub Actions report format (#5759) — thanks @​sjparkinson
• call methods with proper params (#5768)
• preserve type after redundant cast to int (#5773) — thanks @​orklah
• improved return type of htmlspecialchars and strlen (#5785, #5793) — thanks @​still-dreaming-1 and @​orklah
• Psalm Refactor prevent trying to move synthetically-produced parts of the AST (#5780) — thanks @​pawel-slowik
• narrow possible types when two variables are compared (#5774) — thanks @​orklah
• Catch nullref inside __invoke arguments (#5809)
• allow ''| at the start of a union type in docblocks (#5814) — thanks @​orklah
• add stubs for mongodb (#5813) — thanks @​franmomu
• improve generated assertions for >= 0 (#5815) — thanks @​orklah
• prevent incorrect templated array types (#5799)
• transform bad array offsets where necessary (#5817) — thanks @​orklah

Commits

• 38c452a Add example given in ticket and ensure that works too
• c258303 Fix test
• 8f33333 Fix #5804 - don’t choke on conditional return types when converting to callables
• 67413c8 fix #5797 (#5822)
• aaab522 update baseline and fix issues (#5821)
• de1bb95 Handle the case where a switch return on each case (#5819)
• 7354ec9 Fix #5298 - improve handling of method that may write properties
• 350df11 Transform bad offsets (#5817)
• d1262b0 Fix #5799 — improve expansion of templated types
• 89f815f Add assertions for >=0 (#5815)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

Merging #745 (ec42a2a) into main (1d5fd0a) will not change coverage.
The diff coverage is n/a.

@@            Coverage Diff            @@
##               main     #745   +/-   ##
=========================================
  Coverage     83.96%   83.96%           
  Complexity       57       57           
=========================================
  Files             4        4           
  Lines           237      237           
=========================================
  Hits            199      199           
  Misses           38       38           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1d5fd0a...ec42a2a. Read the comment docs.