diff --git a/.github/workflows/codeql-v4.yml b/.github/workflows/codeql-v4.yml
index 6006ff48f31..4527b832b14 100644
--- a/.github/workflows/codeql-v4.yml
+++ b/.github/workflows/codeql-v4.yml
@@ -29,7 +29,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v3.5.3
       - uses: gradle/wrapper-validation-action@v1
       - name: Setup Java JDK
         uses: actions/setup-java@v3
@@ -38,7 +38,7 @@ jobs:
           java-version: '17'
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v2.20.1
         with:
           languages: java
           queries: security-and-quality
@@ -51,6 +51,6 @@ jobs:
           cache-disabled: true
           arguments: -x javadoc -x test build -PskipOpenTypesFVT
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v2.20.1
         with:
           ram: 4096
diff --git a/.github/workflows/linkcheck.yml b/.github/workflows/linkcheck.yml
index 4fa59b354b1..826b80e2f6c 100644
--- a/.github/workflows/linkcheck.yml
+++ b/.github/workflows/linkcheck.yml
@@ -16,9 +16,9 @@ jobs:
     runs-on: ubuntu-latest
     if: startsWith(github.repository,'odpi/')
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v3.5.3
       - name: Link Checker
-        uses: lycheeverse/lychee-action@v1.7.0
+        uses: lycheeverse/lychee-action@v1.8.0
         with:
           # Can switch to true once we run clean
           fail: false
diff --git a/.github/workflows/merge-v4.yml b/.github/workflows/merge-v4.yml
index 96aa5c15eb2..6aef50b0847 100644
--- a/.github/workflows/merge-v4.yml
+++ b/.github/workflows/merge-v4.yml
@@ -22,7 +22,7 @@ jobs:
     name: "Merge v4"
     if: startsWith(github.repository,'odpi/')
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v3.5.3
         name: Checkout source
       - uses: gradle/wrapper-validation-action@v1
       - name: Set up JDK
@@ -126,19 +126,19 @@ jobs:
           platforms: linux/amd64,linux/arm64
       # --
       - name: Upload Log of any dependency failures
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v3.1.2
         with:
           name: Dependency Analysis Report (on failure)
           path: build/reports/dependency-analysis/build-health-report.txt
           if-no-files-found: ignore
       # Mostly for verification - not published to the release itself for now
       - name: Upload assemblies
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v3.1.2
         with:
           name: Assemblies
           path: open-metadata-distribution/open-metadata-assemblies/build/distributions/*.gz
       - name: Upload Test coverage report
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v3.1.2
         with:
           name: Jacoco Coverage Report
           path: build/reports/jacoco/codeCoverageReport
diff --git a/.github/workflows/pr-v4.yml b/.github/workflows/pr-v4.yml
index 3c7dd269b65..d3bcc7698a4 100644
--- a/.github/workflows/pr-v4.yml
+++ b/.github/workflows/pr-v4.yml
@@ -16,7 +16,7 @@ jobs:
     name: "Verify PR v4"
     if: startsWith(github.repository,'odpi/')
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v3.5.3
       - uses: gradle/wrapper-validation-action@v1
       - name: Set up JDK
         uses: actions/setup-java@v3
@@ -32,12 +32,12 @@ jobs:
             build
             --scan
       - name: Upload Test coverage report
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v3.1.2
         with:
           name: Jacoco Coverage Report
           path: build/reports/jacoco/codeCoverageReport
       - name: Upload Log of any dependency failures
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v3.1.2
         with:
           name: Dependency Analysis Report (on failure)
           path: build/reports/dependency-analysis/build-health-report.txt
diff --git a/.github/workflows/release-v4.yml b/.github/workflows/release-v4.yml
index 3dc6be59187..4817b0d6584 100644
--- a/.github/workflows/release-v4.yml
+++ b/.github/workflows/release-v4.yml
@@ -24,7 +24,7 @@ jobs:
     name: "Release"
     if: startsWith(github.repository,'odpi/')
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v3.5.3
         name: Checkout source
       - uses: gradle/wrapper-validation-action@v1
       # Prep for docker builds
@@ -88,7 +88,7 @@ jobs:
           platforms: linux/amd64,linux/arm64
       # Mostly for verification - not published to the release itself for now
       - name: Upload assemblies
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v3.1.2
         with:
           name: Assemblies
           path: open-metadata-distribution/open-metadata-assemblies/build/distributions/*.gz
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 574bdef53bb..d44b2ff7c42 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -30,12 +30,12 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846  # tag=v3.0.0
+        uses: actions/checkout@v3.5.3  # tag=v3.0.0
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af  # tag=v2.1.3
+        uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031  # tag=v2.2.0
         with:
           results_file: results.sarif
           results_format: sarif
@@ -54,7 +54,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535  # tag=v3.0.0
+        uses: actions/upload-artifact@v3.1.2  # tag=v3.0.0
         with:
           name: SARIF file
           path: results.sarif
@@ -62,6 +62,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5  # tag=v1.0.26
+        uses: github/codeql-action/upload-sarif@v2.20.1  # tag=v1.0.26
         with:
           sarif_file: results.sarif
diff --git a/bom/build.gradle b/bom/build.gradle
index 6032c348d36..33099041433 100644
--- a/bom/build.gradle
+++ b/bom/build.gradle
@@ -19,18 +19,18 @@ javaPlatform {
 
 // Assign variables for any constraints
 ext {
-    lombokVersion = '1.18.26'
+    lombokVersion = '1.18.28'
     // TODO: version 4 under new package name
     antlrVersion = '3.5.3'
     ST4Version = '4.3.4'
     avroVersion = '1.11.1'
-    classgraphVersion = '4.8.158'
+    classgraphVersion = '4.8.160'
     classmateVersion = '1.5.1'
     collections4Version = '4.4'
     commonscodecVersion = '1.15'
     commonsconfiguration2Version = '2.9.0'
     commonsconfigurationVersion = '1.10'
-    commonsioVersion = '2.11.0'
+    commonsioVersion = '2.13.0'
     commonsloggingVersion = '1.2'
     commonstextVersion = '1.10.0'
     commonscliVersion = '1.5.0'
@@ -41,10 +41,10 @@ ext {
     gremlinVersion = '3.5.6'
     // TODO: Version 4 under new package name. 3.0.13 is held to be compat with gradle tests (fvt)
     groovyVersion = '3.0.15'
-    guavaVersion = '31.1-jre'
+    guavaVersion = '32.0.1-jre'
     hamcrestVersion = '2.2'
     hdrhistogramVersion = '2.1.12'
-    hibernatevalidatorVersion = '8.0.0.Final'
+    hibernatevalidatorVersion = '8.0.1.Final'
     // TODO There is now a version 5 codestream of the next 2 http dependencies
     httpclientVersion = '4.5.14'
     httpcoreVersion = '4.4.16'
@@ -73,12 +73,12 @@ ext {
     lettuceVersion = '6.2.4.RELEASE'
     // TODO: Version 9 now available
     luceneVersion = '8.11.2'
-    openlineageVersion = '0.28.0'
+    openlineageVersion = '0.29.2'
     ossVersion = '4.15.0'
     // TODO: Held as data engine breaks
     mockitoVersion = '4.11.0'
-    plexusVersion = '3.5.1'
-    prometheusVersion = '1.11.0'
+    plexusVersion = '4.0.0'
+    prometheusVersion = '1.11.2'
     nettyVersion = '4.1.94.Final'
     quartzVersion = '2.3.2'
     reflectionsVersion = '0.10.2'
@@ -89,25 +89,25 @@ ext {
     sleepycatVersion = '18.3.12'
     snakeyamlVersion = '2.0'
     slf4jVersion = '2.0.6'
-    snappyVersion = '1.1.9.1'
-    springbootVersion = '3.0.6'
+    snappyVersion = '1.1.10.2'
+    springbootVersion = '3.1.1'
     spotbugsVersion = '4.7.3'
     springdataVersion = '3.0.3'
     springldapVersion = '3.0.1'
-    springsecurityVersion = '6.0.3'
+    springsecurityVersion = '6.1.1'
     springsecurityJwtVersion = '1.1.1.RELEASE'
     swaggerVersion = '2.2.14'
-    testngVersion = '7.7.1'
+    testngVersion = '7.8.0'
     thriftVersion = '0.18.1'
     springwebVersion = '6.0.6'
     tinkVersion = '1.9.0'
-    tomcatVersion = '10.1.8'
+    tomcatVersion = '10.1.10'
     validationVersion = '2.0.1.Final'
     gsonVersion = '2.10.1'
     antVersion = '1.10.13'
-    jnrVersion = '3.1.16'
-    cassandraVersion = '4.1.1'
-    protobufVersion = '3.23.0'
+    jnrVersion = '3.1.17'
+    cassandraVersion = '4.1.2'
+    protobufVersion = '3.23.4'
     osgiVersion = '8.0.0'
     log4jVersion = '2.20.0'
     jacksonjdk8Version = '2.15.2'
@@ -119,7 +119,7 @@ ext {
 dependencies {
     // Only use this to bring in platforms, which are *constraints*
     dependencies {
-        api(platform('net.openhft:chronicle-bom:2.24ea55'))
+        api(platform('net.openhft:chronicle-bom:2.24ea71'))
     }
     constraints {
         api("ch.qos.logback:logback-classic:${logbackVersion}")
@@ -288,7 +288,7 @@ dependencies {
         // Explicitly enforced versions of transitive dependencies to mitigate potential CVEs reported by static security scans.
         //TODO: Remove dependency line below in case the new parent library is updated and pulls good version.
         api("com.beust:jcommander:1.82")
-        api("org.antlr:antlr4:4.12.0")
+        api("org.antlr:antlr4:4.13.0")
         api("org.apache.ivy:ivy:2.5.1")
 
         // Add in Egeria's own projects -- not for us, but for our users
diff --git a/open-metadata-resources/open-metadata-deployment/docker/configure/Dockerfile b/open-metadata-resources/open-metadata-deployment/docker/configure/Dockerfile
index ec83c74ebdc..6933de720b3 100644
--- a/open-metadata-resources/open-metadata-deployment/docker/configure/Dockerfile
+++ b/open-metadata-resources/open-metadata-deployment/docker/configure/Dockerfile
@@ -1,7 +1,7 @@
 # SPDX-License-Identifier: Apache-2.0
 # Copyright Contributors to the Egeria project
 
-FROM docker.io/library/alpine:3.18.0
+FROM docker.io/library/alpine:3.18.2
 ARG version=4.3-SNAPSHOT
 ARG VCS_REF=unknown
 ARG VCS_ORIGIN=unknown
diff --git a/settings.gradle b/settings.gradle
index 6fde46c3aed..a47e0c032be 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -16,7 +16,7 @@ pluginManagement {
     }
     plugins {
         id "io.freefair.aggregate-javadoc" version "6.6.3"
-        id "io.freefair.lombok" version "8.0.1"
+        id "io.freefair.lombok" version "8.1.0"
         // Checks for unnecessary dependencies
         id("com.autonomousapps.dependency-analysis") version "1.20.0"
         // helps resolve log implementation clashes
@@ -25,7 +25,7 @@ pluginManagement {
         id 'org.gradlex.java-ecosystem-capabilities' version "1.3"
         // Docs don't recommend specifying a version for checkstyle
         id 'checkstyle'
-        id 'org.springframework.boot' version '2.7.11'
+        id 'org.springframework.boot' version '2.7.13'
         id 'com.github.johnrengelman.shadow' version '8.1.1'
         id 'com.github.psxpaul.execfork' version '0.2.2'
     }