Bump vimeo/psalm from 3.6.4 to 4.4.1

[dependabot-preview]

Bumps vimeo/psalm from 3.6.4 to 4.4.1.

Release notes

Sourced from vimeo/psalm's releases.

Bugfixes

• prevents unnecessary execution of git commands (bug introduced in 4.4.0) (#5008)
• @orklah removed signature return types in stubs to prevent false positive method signature mismatches (#5014)
• @orklah removed a false-positive for templated array keys when creating arrays (#5019)
• @thomasbley added a proper error message when exec is unavailable (#5010)

4.4.0

Features

Compatibility with new Symfony polyfills

Recently some new Symfony polyfills contained code that didn't broke scanning.

@weirdan made Psalm aware of version checks in #4967, hopefully fixing this for consumers.

SARIF output (for security scanning)

@lukasbestle added help links in SARIF output (#4924) and ensured they can be produced by the Phar (#4925)

Bugfixes

• @hollodotme fixed the signature for PDOStatement::fetchObject (#4915)
• @lukasbestle added better support for $this in @var annotations (#4922)
• @orklah allowed Psalm to understand string concatenation with known ints (#4938)
• allow array_reduce to be called with a single argument (#4917)
• Security scanning @adrienlucas improved handling of specialised calls (#4940, #4948)
• @weirdan fixed signature of gzread (#4960)
• Traversable interface added back to PDOStatement (#4951)
• Psalm now performs more intelligent subtraction of from potential template types (#4943)
• @weirdan added support for the Attribute::IS_REPEATABLE flag (#4971)
• detect destructuring assignments inside loops (#4982)
• strict comparisons to arrays now produce better inferred types (#4976)
• @Ocramius improved the return type of count when the array size is known (#4997)

Internal

• @orklah added a DTO for plugins, rendering the existing plugin system a legacy one (#4881)
• and @adrienlucas fixed a small bug in the new plugin format (#4962)
• @weirdan stripped out some unnecessary files from the composer package (#4968)
• @weirdan moved Phar generation to GitHub Actions (#4974)
• @bendavies split out PHPUnit tests across GitHub actions (#4985)

Even more bugfixes

Features

• @weirdan added the ability to assert on static class properties (#4833)
• Psalm now detects mismatching docblock property types when a property type is provided (#4912)

Bugfixes

... (truncated)

Commits

• 9fd7a7d Only create after analysis event if they exist
• 7a40443 don't throw InvalidArrayOffset when dealing with templates (#5019)
• 26f756d remove signature return types in stubs (#5014)
• 080cf61 fix #5010 function exec() is disabled (#5012)
• ef4afd7 Unset should change array with keyed offsets
• d10a068 Fix #5001 - update variables after context after type change from empty
• a53cc23 #4997 added more precise type inference for count() returning 0 or `posit...
• 1afce4d Improve treatment of strict equality
• 37fb081 Bump up to 8 concurrent builds
• 4e677c9 So long Travis
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

Superseded by #284.