diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 2418f76..9c7a99b 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -36,12 +36,25 @@ on: # yamllint disable-line rule:truthy
 
 jobs:
   analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
+    name: Analyze (${{ matrix.language }})
+    # Runner size impacts CodeQL analysis time. To learn more, please see:
+    #   - https://gh.io/recommended-hardware-resources-for-running-codeql
+    #   - https://gh.io/supported-runners-and-hardware-resources
+    #   - https://gh.io/using-larger-runners (GitHub.com only)
+    # Consider using larger runners or machines with greater resources
+    # for possible analysis time improvements.
+    runs-on:
+      ${{ (matrix.language == 'swift' && 'macos-14') || 'ubuntu-24.04' }}
     permissions:
+      # required for all workflows
+      security-events: write
+
+      # required to fetch internal or private CodeQL packs
+      packages: read
+
+      # only required for workflows in private repositories
       actions: read
       contents: read
-      security-events: write
 
     strategy:
       fail-fast: false
diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
index 1eeb9ba..5bc428a 100644
--- a/.github/workflows/docker-image.yml
+++ b/.github/workflows/docker-image.yml
@@ -18,7 +18,7 @@ jobs:
 
   build:
     name: "Build Docker images"
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
 
@@ -73,7 +73,7 @@ jobs:
 
   lint:
     name: "Run in docker: LINT"
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     needs: build
     steps:
       - name: Download artifact
@@ -93,7 +93,7 @@ jobs:
 
   test:
     name: "Run in docker: TEST"
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     needs: build
     steps:
       - name: Download artifact
@@ -113,7 +113,7 @@ jobs:
 
   security:
     name: "Snyk Container"
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     needs: build
     permissions:
       actions: read
@@ -160,7 +160,7 @@ jobs:
           sarif_file: 'snyk.sarif'
   scan:
     name: "Trivy"
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     needs: build
     permissions:
       actions: read
diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml
index 0870c98..914e00c 100644
--- a/.github/workflows/gitleaks.yml
+++ b/.github/workflows/gitleaks.yml
@@ -20,7 +20,7 @@ on: # yamllint disable-line rule:truthy
 jobs:
   scan:
     name: gitleaks
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@v4
         with:
diff --git a/.github/workflows/java-gradle-coverage.yml b/.github/workflows/java-gradle-coverage.yml
index bd81211..d91d903 100644
--- a/.github/workflows/java-gradle-coverage.yml
+++ b/.github/workflows/java-gradle-coverage.yml
@@ -23,7 +23,8 @@ permissions:
 
 jobs:
   coverage:
-    runs-on: ubuntu-latest
+    name: Java CI Coverage with Gradle
+    runs-on: ubuntu-24.04
 
     steps:
       - uses: actions/checkout@v4
diff --git a/.github/workflows/java-gradle.yml b/.github/workflows/java-gradle.yml
index 58c17f3..71b4f31 100644
--- a/.github/workflows/java-gradle.yml
+++ b/.github/workflows/java-gradle.yml
@@ -23,9 +23,11 @@ permissions:
 
 jobs:
   gradle:
+    name: Java Gradle CI Test
+
     strategy:
       matrix:
-        os: [ubuntu-latest, macos-latest, windows-latest]
+        os: ["windows-2022", "ubuntu-24.04", "macos-14"]
         java: ['20', '21', '22']
     runs-on: ${{ matrix.os }}
 
diff --git a/.github/workflows/markdown-lint.yml b/.github/workflows/markdown-lint.yml
index 096527f..1b47c9a 100644
--- a/.github/workflows/markdown-lint.yml
+++ b/.github/workflows/markdown-lint.yml
@@ -12,18 +12,19 @@ on: # yamllint disable-line rule:truthy
 permissions: read-all
 
 jobs:
-  build:
-    runs-on: ubuntu-latest
+  markdownlint:
+    name: Markdown Lint
+    runs-on: ubuntu-24.04
 
     strategy:
       matrix:
-        node-version: [20.x]
+        node-version: [22.x]
         # See supported Node.js release schedule
         # at https://nodejs.org/en/about/releases/
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
 
       - name: Set up Node.js ${{ matrix.node-version }}
         uses: actions/setup-node@v4
diff --git a/.github/workflows/snyk-code.yml b/.github/workflows/snyk-code.yml
index 99f46d4..c5e0113 100644
--- a/.github/workflows/snyk-code.yml
+++ b/.github/workflows/snyk-code.yml
@@ -12,7 +12,7 @@ on: # yamllint disable-line rule:truthy
 
 jobs:
   security:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     permissions:
       actions: read
       contents: read
diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
index 2868906..024c270 100644
--- a/.github/workflows/sonarcloud.yml
+++ b/.github/workflows/sonarcloud.yml
@@ -14,7 +14,7 @@ permissions: read-all
 jobs:
   build:
     name: Build and analyze
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@v4
         with:
diff --git a/.github/workflows/yamllint.yml b/.github/workflows/yamllint.yml
index 293de31..9cb9e0b 100644
--- a/.github/workflows/yamllint.yml
+++ b/.github/workflows/yamllint.yml
@@ -11,7 +11,8 @@ on: # yamllint disable-line rule:truthy
 
 jobs:
   lint:
-    runs-on: ubuntu-latest
+    name: YAML lint
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout repository
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4