composer(deps-dev): bump vimeo/psalm from 3.12.1 to 3.12.2

[dependabot]

Bumps vimeo/psalm from 3.12.1 to 3.12.2.

Release notes

Sourced from vimeo/psalm's releases.

3.12.2

Taint analysis bugfixes & features

• allow taints to flow when no return type is given (#3652)
• taint encapsulated strings based on their contents (#3655)
• @TysonAndre added print, unserialize, create_function and more as sinks
• allow taints to flow through unpacked arguments and mixed foreach (#3670)
• taint property types for magic getters/setters even in the absence of a @property annotation (#3668)
• add taints to filter_var (#3675)
• preserve taints after is_string checks (#3680)
• taint the contents of exit just as echo is (#3681)
• @TysonAndre improved handling of preg_replace_callback
• allow taints to flow through implied __toString methods (#3697)
• specialize constructor taints as nececssary
• allow any part of a taint path to be suppressed with @psalm-suppress TaintedInput

Other features

@olleharstedt added support for @psalm-self-out, which allows some typestate-oriented programming in Psalm (#3650)

Bugfixes

• allow comparison of get_class($foo) === static::class
• fix false-negative around missing property declarations (#3642)
• improve treatment of comparisons after assignment in conditional (#3631)
• @villfa improved reflection info for Redis (#3673)
• PDO::query now allows two arguments (#3694)
• @simPod improved reflection for RdKafka\ProducerTopic::producev (#3700)
• @bdsl added a change that propagates @internal annotations on classes to their methods (#3698)
• prevent crash with a Foo|? return type (#3716)
• prevent crash on empty @method (#3721)
• @jarstelfox fixed up the example TemplateChecker plugin
• prevent crash when clone-ing undefined class (#3719)
• infer template params from a class-string where appropriate (#3726)
• improve handling of if conditionals inside do {...} while(); (#3685)
• @lhchavez fixed a bug in docblock parsing where data was lost if a comment referred to a tag (#3776)
• allow false to be removed from template params (#3737)
• allow storing references to impure classes via the class names inside immutable classes (#3738)

Commits

• 7c7ebd0 Make invalidation more robust
• 5da2995 Use better replacement when analysing potentially-inherited templated type
• 44d7f51 Generalise init vars inside for loops
• 3d0a8c4 Fix #3738 - allow storing references to class-strings inside immutable
• 6419788 Remove false from template param as necessary
• ba63ccb Improve \Psalm\Internal\Scanner\DocblockParser::parse() (#3736)
• 1745f5c Fix too-long line
• cb94764 Prevent false-positive for Exception::__toString overriding
• 0c582e9 Fix #3685 - improve handling of if conditionals inside do
• cf1a8ac Suppress taints in instance properties
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

Merging #140 into main will not change coverage.
The diff coverage is n/a.

@@            Coverage Diff            @@
##               main     #140   +/-   ##
=========================================
  Coverage     98.92%   98.92%           
  Complexity       58       58           
=========================================
  Files            14       14           
  Lines           186      186           
=========================================
  Hits            184      184           
  Misses            2        2           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ad03e98...a0fb2ac. Read the comment docs.