composer(deps-dev): bump vimeo/psalm from 3.15 to 3.16

[dependabot]

Bumps vimeo/psalm from 3.15 to 3.16.

Release notes

Sourced from vimeo/psalm's releases.

A smattering of things

Features

New PHPStorm-optimised output format

Added a phpstorm report format that displays errors in a manner that PHPStorm can parse more easily (#4085) – thanks @the-toster (with additional help from @Rarst)

Detection of strpos issues

Psalm will now raise two separate issues for the following code:

function foo(string $s) : void {
  if (strpos(".", $s) !== -1) {}
}

The first, InvalidLiteralArgument, complains a string was passed where a variable was expected. The second complains that the output of strpos can never be negative.

Allow intersection of object-like arrays and regular arrays

Psalm now allows the docblock array{foo: string}&array<string, string>, understanding it to mean an array of strings with one explicit known key.

@psalm-stub-override

Added support for @psalm-stub-override which only renders the stub valid if the given class already exists – thanks @weirdan (#4177)

@psalm-suppress Issue1, Issue2

Added support for multiple suppressed issues on a given line – thanks @weirdan (#4179)

Bugfixes

Allow multiple issues of the same type at a single position

Psalm will now report multiple issues that map to the same code position (but whose message body is different). If you use the baseline, you might need to update it accordingly (#4167)

Other bugfixes

• allow slashes in docblock tags (#4112)
• ensure calling Closure::__invoke doesn't break when running Psalm in PHP 7.2.11 and below (#4111)
• refine closure types more accurately according to a callable
• prevent crash when suppressing UndefinedTrait (#4130)
• improve inference of preg_match_all $matches array value (#4128)
• fix a crash when using a short closure without specifying the Closure type anywhere in the affected methods (#4148)
• allow null checks on the output of Iterator::current (#4146)
• Language Server @matthijskooijman made a couple of improvements (#4143)
• treat literal numeric strings as numeric always (#4154)
• Taint analysis @craigfrancis added additional mysql sinks (#4155)

Commits

• d03e5ef Only refine for matching closure union members
• f83c96e Improve accuracy of array_filter
• 1b3fbeb Improve array_merge return type
• d1ac38b Support more array intersections in type parsing
• 6afd3d1 Add back suppression
• a6622c4 Make sure all written entries are correctly sorted
• 7e53865 Fix regression – detect unused params with defaults again
• ae4feae Fix template check
• 51924c9 Do no writing when saving parser cache in tests
• e472600 Fix a few more things
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

[codecov]

Codecov Report

Merging #272 into main will not change coverage.
The diff coverage is n/a.

@@            Coverage Diff            @@
##               main     #272   +/-   ##
=========================================
  Coverage     90.20%   90.20%           
  Complexity      150      150           
=========================================
  Files            23       23           
  Lines           429      429           
=========================================
  Hits            387      387           
  Misses           42       42           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 78a1ac5...4276767. Read the comment docs.

[dependabot]

Superseded by #283.