chore: pin GitHub Actions to commit SHAs

.github/SECURITY.md

@@ -1,13 +0,0 @@
-# Security Policy
-
-**PLEASE DON'T DISCLOSE SECURITY-RELATED ISSUES PUBLICLY, [SEE BELOW](#reporting-a-vulnerability).**
-
-## Reporting a Vulnerability
-
-If you discover a security vulnerability in Pest, please report it privately using one of the following channels:
-
-1. **GitHub Private Vulnerability Reporting** (preferred) — go to the repository's **Security** tab and click **"Report a vulnerability"**. This creates a private advisory visible only to maintainers and provides a structured workflow for triage, fix coordination, and CVE assignment.
-
-2. **Email** — send the details to Nuno Maduro at **enunomaduro@gmail.com**.
-
-All security vulnerabilities will be promptly addressed.

.github/dependabot.yml

@@ -1,19 +0,0 @@
-version: 2
-updates:
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-    groups:
-      github-actions:
-        patterns:
-          - "*"
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-    target-branch: "5.x"
-    groups:
-      github-actions:
-        patterns:
-          - "*"

composer.json

@@ -59,7 +59,7 @@
         ]
     },
     "require-dev": {
-        "mrpunyapal/peststan": "^0.2.10",
+        "mrpunyapal/peststan": "^0.2.9",
         "pestphp/pest-dev-tools": "^4.1.0",
         "pestphp/pest-plugin-browser": "^4.3.1",
         "pestphp/pest-plugin-type-coverage": "^4.0.4",

src/Mixins/Expectation.php

@@ -954,7 +954,6 @@ final class Expectation
         } catch (Throwable $e) {
 
             if ($exception instanceof Throwable) {
-                // @phpstan-ignore-next-line
                 expect($e)
                     ->toBeInstanceOf($exception::class, $message)
                     ->and($e->getMessage())->toBe($exceptionMessage ?? $exception->getMessage(), $message);