diff --git a/.github/SECURITY.md b/.github/SECURITY.md
new file mode 100644
index 00000000..f3e7ea9e
--- /dev/null
+++ b/.github/SECURITY.md
@@ -0,0 +1,13 @@
+# Security Policy
+
+**PLEASE DON'T DISCLOSE SECURITY-RELATED ISSUES PUBLICLY, [SEE BELOW](#reporting-a-vulnerability).**
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in Pest, please report it privately using one of the following channels:
+
+1. **GitHub Private Vulnerability Reporting** (preferred) — go to the repository's **Security** tab and click **"Report a vulnerability"**. This creates a private advisory visible only to maintainers and provides a structured workflow for triage, fix coordination, and CVE assignment.
+
+2. **Email** — send the details to Nuno Maduro at **enunomaduro@gmail.com**.
+
+All security vulnerabilities will be promptly addressed.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 00000000..4ec17cfa
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,19 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    groups:
+      github-actions:
+        patterns:
+          - "*"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    target-branch: "5.x"
+    groups:
+      github-actions:
+        patterns:
+          - "*"
diff --git a/composer.json b/composer.json
index 03246b52..8b70cd72 100644
--- a/composer.json
+++ b/composer.json
@@ -58,7 +58,7 @@
         ]
     },
     "require-dev": {
-        "mrpunyapal/peststan": "^0.2.9",
+        "mrpunyapal/peststan": "^0.2.10",
         "laravel/pao": "^1.0.6",
         "pestphp/pest-dev-tools": "^5.0.0",
         "pestphp/pest-plugin-browser": "^5.0.0",
diff --git a/src/Mixins/Expectation.php b/src/Mixins/Expectation.php
index 0ac44fb1..926200a8 100644
--- a/src/Mixins/Expectation.php
+++ b/src/Mixins/Expectation.php
@@ -954,6 +954,7 @@ final class Expectation
         } catch (Throwable $e) {
 
             if ($exception instanceof Throwable) {
+                // @phpstan-ignore-next-line
                 expect($e)
                     ->toBeInstanceOf($exception::class, $message)
                     ->and($e->getMessage())->toBe($exceptionMessage ?? $exception->getMessage(), $message);