Bump phpunit/phpunit to fix CVE-2026-24765 (#55)

* Bump phpunit/phpunit to fix CVE-2026-24765

Unsafe deserialization vulnerability in PHPT code coverage handling.
GHSA-vvj3-c3rp-c85p

* Update shipmonk/phpstan-rules to work with latest PHPStan

Author: janedbal

composer.json

@@ -22,12 +22,12 @@
         "ergebnis/composer-normalize": "^2.45",
         "phpstan/phpstan-phpunit": "2.0.6",
         "phpstan/phpstan-strict-rules": "2.0.4",
-        "phpunit/phpunit": "9.6.23",
+        "phpunit/phpunit": "^9.6.33",
         "shipmonk/coding-standard": "^0.2.0",
         "shipmonk/composer-dependency-analyser": "1.8.3",
         "shipmonk/dead-code-detector": "^0.11.0",
         "shipmonk/name-collision-detector": "2.1.1",
-        "shipmonk/phpstan-rules": "4.1.2"
+        "shipmonk/phpstan-rules": "4.3.5"
     },
     "autoload": {
         "psr-4": {