Bump phan/phan from 3.2.7 to 5.0.0

[dependabot-preview]

Bumps phan/phan from 3.2.7 to 5.0.0.

Changelog

Sourced from phan/phan's changelog.

Aug 01 2021, Phan 5.0.0

New Features (Analysis):

• Warn about implicitly nullable parameter intersection types (function(A&B $paramName = null)) being a compile error. New issue type: PhanTypeMismatchDefaultIntersection

• Emit PhanTypeMismatchArgumentSuperType instead of PhanTypeMismatchArgument when passing in an object supertype (e.g. ancestor class) of an object instead of a subtype. Emit PhanTypeMismatchReturnSuperType instead of PhanTypeMismatchReturn when returning an object supertype (e.g. ancestor class) of an object instead of a subtype.

  Phan 5 starts warning about ancestor classes being incompatible argument or return types in cases where it previously allowed it. (#4413)

Jul 24 2021, Phan 5.0.0a4

New Features (Analysis):

• Use the enum class declaration type (int, string, or absent) from AST version 85 to check if enum cases are valid. (#4313) New issue types: PhanSyntaxEnumCaseExpectedValue, PhanSyntaxEnumCaseUnexpectedValue, PhanTypeUnexpectedEnumCaseType

Backwards incompatible changes:

• Bump the minimum required AST version from 80 to 85 (Required to analyze php 8.1 enum classes - 'type' was added in AST version 85).
• In php 8.1, require php-ast 1.0.14 to natively parse AST version 85.

Maintenance:

• Upgrade tolerant-php-parser from 0.1.0 to 0.1.1 to prepare to support new php syntax in the polyfill/fallback parser. (#4449)

Bug fixes:

• Fix extraction of reflection attribute target type bitmask from internal attributes such as PHP 8.1's ReturnTypeWillChange

Jul 15 2021, Phan 5.0.0a3

New Features (Analysis):

• Support parsing php 8.1 intersection types in php-ast 1.0.13+ (#4469) (not yet supported in polyfill)
• Support parsing php 8.1 first-class callable syntax in unreleased php-ast version (#4464)
• Support parsing php 8.1 readonly property modifier (#4463)
• Support allowing new expressions in php 8.1 readonly property modifier (#4460)
• Emit PhanTypeInvalidArrayKey and PhanTypeInvalidArrayKeyValue for invalid array key literal types or values.
• Fix false positive PhanTypeMissingReturn/PhanPluginAlwaysReturnMethod for method with phpdoc return type of @return never
• Warn about direct access to static methods or properties on traits (instead of classes using those methods/properties) being deprecated in php 8.1 (#4396)
• Add Stringable to allowed types for sprintf variadic arguments. This currently requires explicitly implementing Stringable. (#4466)

Bug fixes:

• Fix a crash when analyzing array literals with invalid key literal values in php 8.1.
• Fix a crash due to deprecation notices for accessing trait methods/properties directly in php 8.1

Jun 26 2021, Phan 5.0.0a2

New Features (Analysis):

... (truncated)

Commits

• f36b6b9 Merge pull request #4486 from TysonAndre/release-5.0.0
• 7d15dce Release Phan 5.0.0
• d20820c Merge pull request #4485 from TysonAndre/super-type-split-issue
• e62891f Split issues for returning/passing in supertypes
• 90850f5 Update composer.lock
• ba1a2db Merge pull request #4484 from TysonAndre/misc-intersection
• e0697e5 Forbid implicitly nullable parameter intersection types
• 1eb3c31 Merge pull request #4483 from TysonAndre/release-5.0.0a4
• 5f92181 Release Phan 5.0.0a4
• 1466666 Merge pull request #4482 from TysonAndre/support-enum-type
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)