diff --git a/.github/workflows/cve-check.yml b/.github/workflows/cve-check.yml
index 2c9064c7..1beda08a 100644
--- a/.github/workflows/cve-check.yml
+++ b/.github/workflows/cve-check.yml
@@ -41,7 +41,7 @@ jobs:
         run: ./gradlew resolveAndLockAll --write-locks
 
       - name: Check for vulnerabilities
-        uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5 # v0.30.0
+        uses: aquasecurity/trivy-action@76071ef0d7ec797419534a183b498b4d6366cf37 # v0.31.0
         id: cve_check
         with:
           scan-type: 'fs'
diff --git a/build.gradle b/build.gradle
index 8b96d055..86e9437b 100644
--- a/build.gradle
+++ b/build.gradle
@@ -56,7 +56,7 @@ project.ext {
   mockitoVersion = "5.2.0"
   jacksonVersion = "2.19.0"
   logbackContribVersion = "0.1.5"
-  nettyVersion = "4.2.1.Final"
+  nettyVersion = "4.2.2.Final"
 }
 
 dependencies {
@@ -85,7 +85,7 @@ dependencies {
 
   implementation 'org.hibernate.validator:hibernate-validator:9.0.0.Final'
   implementation 'jakarta.el:jakarta.el-api:6.0.1'
-  implementation 'org.bouncycastle:bcpkix-jdk18on:1.80'
+  implementation 'org.bouncycastle:bcpkix-jdk18on:1.81'
   implementation "io.javalin:javalin:6.6.0"
 
   // logging
@@ -99,10 +99,10 @@ dependencies {
     exclude group: "ch.qos.logback", module: "logback-core"
   }
 
-  implementation 'io.micrometer:micrometer-registry-prometheus:1.15.0'
+  implementation 'io.micrometer:micrometer-registry-prometheus:1.15.1'
 
   // test
-  testImplementation enforcedPlatform("org.junit:junit-bom:5.13.0")
+  testImplementation enforcedPlatform("org.junit:junit-bom:5.13.1")
   testImplementation 'org.junit.jupiter:junit-jupiter'
   testImplementation 'org.junit-pioneer:junit-pioneer:2.3.0'
   testImplementation 'org.assertj:assertj-core:3.27.3', {
@@ -111,7 +111,7 @@ dependencies {
     exclude group: "net.bytebuddy", module: "byte-buddy-agent"
   }
   // try to replace local commons-compress management on update!
-  testImplementation 'de.flapdoodle.embed:de.flapdoodle.embed.mongo:4.20.0', {
+  testImplementation 'de.flapdoodle.embed:de.flapdoodle.embed.mongo:4.20.1', {
     // newer version from operator-framework
     exclude group: "org.apache.commons", module: "commons-lang3"
   }
@@ -131,6 +131,8 @@ dependencies {
   testImplementation "io.fabric8:kubernetes-server-mock:${kubernetesServerMockVersion}", {
     exclude group: 'com.squareup.okio', module: 'okio'
     exclude group: 'junit', module: 'junit'
+    // comes in newer version directly for implementation scope
+    exclude group: 'org.bouncycastle', module: 'bcpkix-jdk18on'
   }
   // CVE-2020-15250 in 4.12
   // -> pulled transitively from OkHttp3 mockwebserver used by kubernetes-server-mock