composer(deps-dev): bump vimeo/psalm from 3.16 to 3.18.2

[dependabot]

Bumps vimeo/psalm from 3.16 to 3.18.2.

Release notes

Sourced from vimeo/psalm's releases.

Improve treatment of finally blocks

Last night's release added a regression in how variables set in try statements are treated, ticketed here: vimeo/psalm#4368

Bugfixes

Language server works again

This fixes an issue that prevented the language server from seeing recent changes to files (caused, almost inexplicably, by removing a @param docblock).

Other bugfixes

• Fix an issue with remapped template params (#4326)
• Improve handling of try statements without catches (#4333, #4366)
• Deal with a few more combinatorial expansion issues gracefully (#4347)
• Improve Psalter replacements (#4350, #4349)
• @pascalheidmann fixed an error when creating a report in a non-existent directory (#4353)
• Improve handling of assignments on the RHS of || if conditionals (#4354)

Fix two regressions

• Fix #4327 - make sure loop always returns
• Fix #4315 - prevent crash when setting unknown property in finally

Fix preg_split

3.17.0 added a potentially-erroneous return type when a non-zero $flags param is passed to preg_split. This fixes things.

A bunch of bugfixes

Features

• @mr-feek added support for configurable universal objects (#3948)
• Improved error messages and reporting for ParadoxicalCondition (example) – thanks to @dkarlovi, @jbafford and @ro0NL for their input

Bugfixes

Fixed XML generation

3.16 broke XML output, this is now fixed (#4252).

Other bugfixes

• @DanielBadura added a stub for random_int, providing better inference (#4199)
• Improved signatures for preg_match_all (#4202) and @orklah helped improve preg_split
• Treat func_num_args as pure (#4215)
• Fix __invoke declaration crash (#4210)
• Allow hinting arrow function return types (#4209)
• Add checks for if ((bool) $foo) (#4206)
• Fix crash with some class-string property assignments (#4198)
• @aheart fixed bugs with JUnit generation (#4234)
• @danog added a bunch of stubs for Spl* classes (#4255)
• allowMissingFiles was fixed by @ddeboer (#4259)
• prevent crash after analysing file that defines a class twice (#4264)
• prevent an infinite loop when analysing a closure unioned with invokable class (#4266)

... (truncated)

Commits

• 19aa905 Only show interesting array intersections
• 53ffb21 Fix #4368 - improve handling of try with finally
• a463c89 Fix test
• 4c17fb1 Fix language server
• bffa064 Fix #4366 - possibly-undefined vars in finally block should not error
• 9e3b069 Don’t overwrite true flag
• db119d6 Prevent dupe records
• f9deaca Fix bad replacement
• ef69d0b Improve error messaging
• 497fb7c Be more explicit about negation
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

The following labels could not be found: dependency.