diff --git a/.github/actions/run-gradle/action.yml b/.github/actions/run-gradle/action.yml
index 00ed95801d..f0a7fe4877 100644
--- a/.github/actions/run-gradle/action.yml
+++ b/.github/actions/run-gradle/action.yml
@@ -8,7 +8,7 @@ inputs:
     required: true
     description: The JDK version
   early-access:
-    default: '23'
+    default: '24'
     required: false
     description: The early access release
   graal:
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index b189ca958d..a0618b4141 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -4,35 +4,80 @@ updates:
     directory: /
     schedule:
       interval: monthly
+    groups:
+      github-actions:
+        applies-to: version-updates
+        patterns:
+          - "*"
   - package-ecosystem: github-actions
     directory: /.github/actions/run-gradle
     schedule:
       interval: monthly
+    groups:
+      github-actions:
+        applies-to: version-updates
+        patterns:
+          - "*"
   - package-ecosystem: gradle
     directory: /
     schedule:
       interval: monthly
+    groups:
+      gradle-dependencies:
+        applies-to: version-updates
+        patterns:
+          - "*"
   - package-ecosystem: gradle
     directory: gradle/plugins
     schedule:
       interval: monthly
+    groups:
+      gradle-dependencies:
+        applies-to: version-updates
+        patterns:
+          - "*"
   - package-ecosystem: gradle
     directory: examples/coalescing-bulkloader-reactor
     schedule:
       interval: monthly
+    groups:
+      gradle-dependencies:
+        applies-to: version-updates
+        patterns:
+          - "*"
   - package-ecosystem: gradle
     directory: examples/write-behind-rxjava
     schedule:
       interval: monthly
+    groups:
+      gradle-dependencies:
+        applies-to: version-updates
+        patterns:
+          - "*"
   - package-ecosystem: gradle
     directory: examples/hibernate
     schedule:
       interval: monthly
+    groups:
+      gradle-dependencies:
+        applies-to: version-updates
+        patterns:
+          - "*"
   - package-ecosystem: gradle
     directory: examples/resilience-failsafe
     schedule:
       interval: monthly
+    groups:
+      gradle-dependencies:
+        applies-to: version-updates
+        patterns:
+          - "*"
   - package-ecosystem: gradle
     directory: examples/graal-native
     schedule:
       interval: monthly
+    groups:
+      gradle-dependencies:
+        applies-to: version-updates
+        patterns:
+          - "*"
diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml
index edbdc11f64..a9f82489fc 100644
--- a/.github/workflows/actionlint.yml
+++ b/.github/workflows/actionlint.yml
@@ -7,16 +7,16 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-sudo: true
           egress-policy: block
           allowed-endpoints: >
             api.github.com:443
             github.com:443
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       - name: actionlint
-        uses: reviewdog/action-actionlint@89a03f6ba8c0a9fd238e82c075ffb34b86e40291 # v1.46.0
+        uses: reviewdog/action-actionlint@fd627997c9688c2f39e13917aed23873c031b834 # v1.48.0
         env:
           SHELLCHECK_OPTS: -e SC2001 -e SC2035 -e SC2046 -e SC2061 -e SC2086 -e SC2156
         with:
diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml
index 2dbbc248c2..f8de507dc7 100644
--- a/.github/workflows/analysis.yml
+++ b/.github/workflows/analysis.yml
@@ -26,12 +26,12 @@ jobs:
       JAVA_VERSION: 21
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-sudo: true
           egress-policy: block
           allowed-endpoints: ${{ env.ALLOWED_ENDPOINTS }}
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       - name: Forbidden Apis
         uses: ./.github/actions/run-gradle
         with:
@@ -44,12 +44,12 @@ jobs:
       JAVA_VERSION: 22
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-sudo: true
           egress-policy: block
           allowed-endpoints: ${{ env.ALLOWED_ENDPOINTS }}
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       - name: Pmd
         uses: ./.github/actions/run-gradle
         with:
@@ -62,12 +62,12 @@ jobs:
       JAVA_VERSION: 22
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-sudo: true
           egress-policy: block
           allowed-endpoints: ${{ env.ALLOWED_ENDPOINTS }}
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       - name: Spotbugs
         uses: ./.github/actions/run-gradle
         with:
diff --git a/.github/workflows/benchmarks.yml b/.github/workflows/benchmarks.yml
index fade092a22..935c62c393 100644
--- a/.github/workflows/benchmarks.yml
+++ b/.github/workflows/benchmarks.yml
@@ -16,7 +16,7 @@ jobs:
       JAVA_VERSION: ${{ matrix.java }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-sudo: true
           egress-policy: block
@@ -39,7 +39,7 @@ jobs:
             raw.githubusercontent.com:443
             services.gradle.org:443
             www.graalvm.org:443
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       - name: Compute JMH Benchmark
         uses: ./.github/actions/run-gradle
         with:
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 3bd5dc75f5..eea5374a00 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -39,7 +39,7 @@ env:
     schemastore.org:443
     www.graalvm.org:443
   PUBLISH_JDK: 11
-  EA_JDK: 23
+  EA_JDK: 24
 
 jobs:
   compile:
@@ -53,13 +53,13 @@ jobs:
       JAVA_VERSION: ${{ matrix.java }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-sudo: true
           egress-policy: block
           allowed-endpoints: ${{ env.ALLOWED_ENDPOINTS }}
       - name: Checkout
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       - name: Prepare GraalVM
         if: env.JAVA_VERSION == 'GraalVM'
         shell: bash
@@ -170,13 +170,13 @@ jobs:
       JAVA_VERSION: ${{ matrix.java }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-sudo: true
           egress-policy: block
           allowed-endpoints: ${{ env.ALLOWED_ENDPOINTS }}
       - name: Checkout
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       - name: Run tests (${{ env.JAVA_VERSION }})
         uses: ./.github/actions/run-gradle
         with:
@@ -213,7 +213,7 @@ jobs:
     if: (github.event_name == 'push') && (github.event.repository.fork == false)
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-sudo: true
           egress-policy: block
@@ -231,7 +231,7 @@ jobs:
             storage.googleapis.com:443
             uploader.codecov.io:443
       - name: Checkout
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
           fetch-depth: 0
       - name: Download Tests Results
@@ -252,7 +252,7 @@ jobs:
           java: ${{ env.PUBLISH_JDK }}
         continue-on-error: true
       - name: Publish to Codecov
-        uses: codecov/codecov-action@5ecb98a3c6b747ed38dc09f787459979aebb39be # v4.3.1
+        uses: codecov/codecov-action@125fc84a9a348dbcf27191600683ec096ec9021c # v4.4.1
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
       - name: Publish to Codacy
@@ -279,7 +279,7 @@ jobs:
       checks: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-sudo: true
           egress-policy: block
@@ -331,7 +331,7 @@ jobs:
       && endsWith(github.ref, github.event.repository.default_branch)
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-sudo: true
           egress-policy: block
@@ -342,7 +342,7 @@ jobs:
             errorprone.info:443
             lightbend.github.io:443
             guava.dev:443
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       - name: Publish Snapshot
         uses: ./.github/actions/run-gradle
         env:
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index 7b3e4f91a1..ad102ebefa 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -13,7 +13,7 @@ jobs:
     if: github.event.repository.fork == false
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-sudo: true
           egress-policy: block
@@ -29,7 +29,7 @@ jobs:
             registry-1.docker.io:443
             *.blob.core.windows.net:443
       - name: Checkout code
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       - name: Run Codacy Analysis
         uses: codacy/codacy-analysis-cli-action@master
         continue-on-error: true
@@ -47,7 +47,7 @@ jobs:
         if: steps.check_files.outputs.files_exists == 'true'
         run: jq -c '.runs |= unique_by({tool, invocations, results})' < results.sarif > codacy.sarif
       - name: Upload result to GitHub Code Scanning
-        uses: github/codeql-action/upload-sarif@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4
+        uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
         if: steps.check_files.outputs.files_exists == 'true'
         continue-on-error: true
         with:
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 8a8e513e60..03fae5d78d 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -30,7 +30,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-sudo: true
           egress-policy: block
@@ -50,17 +50,17 @@ jobs:
             uploads.github.com:443
             services.gradle.org:443
       - name: Checkout repository
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       - name: Setup Gradle
         uses: ./.github/actions/run-gradle
         with:
           java: ${{ env.JAVA_VERSION }}
           token: ${{ secrets.GITHUB_TOKEN }}
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4
+        uses: github/codeql-action/init@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
         with:
           languages: java
       - name: Autobuild
-        uses: github/codeql-action/autobuild@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4
+        uses: github/codeql-action/autobuild@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4
+        uses: github/codeql-action/analyze@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml
index b5754d73f8..14e010c6e7 100644
--- a/.github/workflows/dependency-check.yml
+++ b/.github/workflows/dependency-check.yml
@@ -19,7 +19,7 @@ jobs:
       security-events: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-sudo: true
           egress-policy: block
@@ -42,7 +42,7 @@ jobs:
             raw.githubusercontent.com:443
             services.gradle.org:443
             www.cisa.gov:443
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       - name: Run dependency-check
         uses: ./.github/actions/run-gradle
         continue-on-error: true
@@ -57,7 +57,7 @@ jobs:
         with:
           files: build/reports/dependency-check-report.sarif
       - name: Upload result to GitHub Code Scanning
-        uses: github/codeql-action/upload-sarif@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4
+        uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
         if: steps.check_files.outputs.files_exists == 'true'
         with:
           sarif_file: build/reports/dependency-check-report.sarif
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index e757dcf785..c1a0a0b67a 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -10,7 +10,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-sudo: true
           egress-policy: block
@@ -19,9 +19,9 @@ jobs:
             api.github.com:443
             github.com:443
       - name: Checkout Repository
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       - name: Dependency Review
-        uses: actions/dependency-review-action@0c155c5e8556a497adf53f2c18edabf945ed8e70 # v4.3.2
+        uses: actions/dependency-review-action@72eb03d02c7872a771aacd928f3123ac62ad6d3a # v4.3.3
         with:
           license-check: false
           comment-summary-in-pr: on-failure
diff --git a/.github/workflows/dependency-submission-pr-retreive.yml b/.github/workflows/dependency-submission-pr-retreive.yml
index fc0e6fbb69..93d35afa19 100644
--- a/.github/workflows/dependency-submission-pr-retreive.yml
+++ b/.github/workflows/dependency-submission-pr-retreive.yml
@@ -16,7 +16,7 @@ jobs:
       contents: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-sudo: true
           egress-policy: block
diff --git a/.github/workflows/dependency-submission-pr-submit.yml b/.github/workflows/dependency-submission-pr-submit.yml
index 8ec41d7873..8e5d98d603 100644
--- a/.github/workflows/dependency-submission-pr-submit.yml
+++ b/.github/workflows/dependency-submission-pr-submit.yml
@@ -13,7 +13,7 @@ jobs:
       contents: read
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-sudo: true
           egress-policy: block
@@ -31,7 +31,7 @@ jobs:
             repo.maven.apache.org:443
             repo1.maven.org:443
             services.gradle.org:443
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       - name: Set up JDK ${{ env.JAVA_VERSION }}
         uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
         with:
diff --git a/.github/workflows/dependency-submission.yml b/.github/workflows/dependency-submission.yml
index 6b4916e40e..a506db91cc 100644
--- a/.github/workflows/dependency-submission.yml
+++ b/.github/workflows/dependency-submission.yml
@@ -13,7 +13,7 @@ jobs:
       contents: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-sudo: true
           egress-policy: block
@@ -31,7 +31,7 @@ jobs:
             repo.maven.apache.org:443
             repo1.maven.org:443
             services.gradle.org:443
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       - name: Set up JDK ${{ env.JAVA_VERSION }}
         uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
         with:
diff --git a/.github/workflows/devskim.yml b/.github/workflows/devskim.yml
index 56ad105b5a..7ae616ff29 100644
--- a/.github/workflows/devskim.yml
+++ b/.github/workflows/devskim.yml
@@ -19,7 +19,7 @@ jobs:
       security-events: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-sudo: true
           egress-policy: block
@@ -27,10 +27,10 @@ jobs:
             api.github.com:443
             github.com:443
       - name: Checkout code
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       - name: Run DevSkim scanner
         uses: microsoft/DevSkim-Action@914fa647b406c387000300b2f09bb28691be2b6d # v1.0.14
       - name: Upload DevSkim scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4
+        uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
         with:
           sarif_file: devskim-results.sarif
diff --git a/.github/workflows/examples.yml b/.github/workflows/examples.yml
index 455f448c4b..f9c630ddc6 100644
--- a/.github/workflows/examples.yml
+++ b/.github/workflows/examples.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-sudo: true
           egress-policy: block
@@ -32,7 +32,7 @@ jobs:
             repo1.maven.org:443
             services.gradle.org:443
             www.graalvm.org:443
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       - name: Set up JDK ${{ env.JAVA_VERSION }}
         uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
         with:
diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml
index ac80d7b39e..d8820c169e 100644
--- a/.github/workflows/gitleaks.yml
+++ b/.github/workflows/gitleaks.yml
@@ -17,16 +17,16 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-sudo: true
           egress-policy: block
           allowed-endpoints: ${{ env.ALLOWED_ENDPOINTS }}
       - name: Checkout
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
           fetch-depth: 0
       - name: Run gitleaks
-        uses: gitleaks/gitleaks-action@e6dab246340401bf53eec993b8f05aebe80ac636 # v2.3.4
+        uses: gitleaks/gitleaks-action@44c470ffc35caa8b1eb3e8012ca53c2f9bea4eb5 # v2.3.6
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/gradle-wrapper-validation.yml b/.github/workflows/gradle-wrapper-validation.yml
index 39dba82894..a642a6a20f 100644
--- a/.github/workflows/gradle-wrapper-validation.yml
+++ b/.github/workflows/gradle-wrapper-validation.yml
@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-sudo: true
           egress-policy: block
@@ -17,5 +17,5 @@ jobs:
             downloads.gradle-dn.com:443
             github.com:443
             services.gradle.org:443
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       - uses: gradle/actions/wrapper-validation@db19848a5fa7950289d3668fb053140cf3028d43 # v3.3.2
diff --git a/.github/workflows/qodana.yml b/.github/workflows/qodana.yml
index 04bccd4727..d52d5620e7 100644
--- a/.github/workflows/qodana.yml
+++ b/.github/workflows/qodana.yml
@@ -19,7 +19,7 @@ jobs:
       && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false)
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-sudo: true
           egress-policy: block
@@ -55,19 +55,19 @@ jobs:
             resources.jetbrains.com:443
             services.gradle.org:443
       - name: Checkout
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       - name: Build
         uses: ./.github/actions/run-gradle
         with:
           java: ${{ env.JAVA_VERSION }}
           arguments: build -x test
       - name: Qodana - Code Inspection
-        uses: JetBrains/qodana-action@0e6bc1dc4748adcfd7dd487675e7ed3a814ce988 # v2024.1.4
+        uses: JetBrains/qodana-action@32840fdb87f8dd110e0a6b09323c7142b667b25d # v2024.1.5
         env:
           QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }}
         with:
           upload-result: true
       - name: Upload SARIF file for GitHub Advanced Security Dashboard
-        uses: github/codeql-action/upload-sarif@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4
+        uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
         with:
           sarif_file: ${{ runner.temp }}/qodana/results/qodana.sarif.json
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index b90fb35bf7..4c75e8ea17 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -14,11 +14,11 @@ jobs:
     if: github.event.repository.fork == false
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-sudo: true
           egress-policy: audit
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       - name: Releasing
         uses: ./.github/actions/run-gradle
         env:
diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml
index 735c96d9d2..e96a709e73 100644
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml
@@ -20,7 +20,7 @@ jobs:
     if: github.event.repository.fork == false
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-sudo: true
           egress-policy: block
@@ -40,7 +40,7 @@ jobs:
             tuf-repo-cdn.sigstore.dev:443
             www.bestpractices.dev:443
       - name: Checkout code
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
           persist-credentials: false
       - name: Run analysis
@@ -57,6 +57,6 @@ jobs:
           path: results.sarif
           retention-days: 5
       - name: Upload to code-scanning
-        uses: github/codeql-action/upload-sarif@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4
+        uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
index 1e02721c8c..2296cc6b4b 100644
--- a/.github/workflows/semgrep.yml
+++ b/.github/workflows/semgrep.yml
@@ -17,7 +17,7 @@ jobs:
       # Incompatible with Harden Runner
       image: returntocorp/semgrep
     steps:
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       - run: semgrep scan --sarif --output=results.sarif
         env:
           SEMGREP_RULES: >-
@@ -34,7 +34,7 @@ jobs:
         if: steps.check_files.outputs.files_exists == 'true'
         run: jq -c '.runs[0].tool.driver.rules |= unique_by(.id)' < results.sarif > semgrep.sarif
       - name: Upload SARIF file for GitHub Advanced Security Dashboard
-        uses: github/codeql-action/upload-sarif@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4
+        uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
         if: steps.check_files.outputs.files_exists == 'true'
         continue-on-error: true
         with:
diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
index e632bf0bac..e6301a5fda 100644
--- a/.github/workflows/snyk.yml
+++ b/.github/workflows/snyk.yml
@@ -17,7 +17,7 @@ jobs:
     if: github.event.repository.fork == false
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-sudo: true
           egress-policy: block
@@ -37,7 +37,7 @@ jobs:
             repo.maven.apache.org:443
             repo1.maven.org:443
             services.gradle.org:443
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       - name: Run Snyk test
         uses: snyk/actions/gradle-jdk17@master
         continue-on-error: true
@@ -52,7 +52,7 @@ jobs:
         with:
           files: snyk.sarif
       - name: Upload result to GitHub Code Scanning
-        uses: github/codeql-action/upload-sarif@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4
+        uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
         if: steps.check_files.outputs.files_exists == 'true'
         with:
           sarif_file: snyk.sarif
diff --git a/.github/workflows/spelling.yml b/.github/workflows/spelling.yml
index a8a06627bf..4722a19b0b 100644
--- a/.github/workflows/spelling.yml
+++ b/.github/workflows/spelling.yml
@@ -7,16 +7,16 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-sudo: true
           egress-policy: block
           allowed-endpoints: >
             api.github.com:443
             github.com:443
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       - name: Misspell
-        uses: reviewdog/action-misspell@5bd7be2fc7ae56a517184f5c4bbcf2fd7afe3927 # v1.17.0
+        uses: reviewdog/action-misspell@8cd4a880dd86b1b175092c18c23cdec31283d654 # v1.19.0
         with:
           reporter: github-check
           github_token: ${{ secrets.GITHUB_TOKEN }}
@@ -25,13 +25,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-sudo: true
           egress-policy: block
           allowed-endpoints: >
             github.com:443
             objects.githubusercontent.com:443
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       - name: Typos
-        uses: crate-ci/typos@d503507db9c5d116c79135435b149cd0f27d726e # v1.21.0
+        uses: crate-ci/typos@8382594ee09667379b652553cf57daebb8176a3f # v1.22.3
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 9df05816c9..4356732209 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -12,7 +12,7 @@ jobs:
       security-events: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-sudo: true
           egress-policy: block
@@ -21,14 +21,14 @@ jobs:
             ghcr.io:443
             github.com:443
             pkg-containers.githubusercontent.com:443
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # v0.20.0
+        uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0
         with:
           scan-type: fs
           format: sarif
           output: trivy-results.sarif
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4
+        uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
         with:
             sarif_file: trivy-results.sarif
diff --git a/caffeine/src/jmh/java/com/github/benmanes/caffeine/SlotLookupBenchmark.java b/caffeine/src/jmh/java/com/github/benmanes/caffeine/SlotLookupBenchmark.java
index efb919cb1e..e746ae666e 100644
--- a/caffeine/src/jmh/java/com/github/benmanes/caffeine/SlotLookupBenchmark.java
+++ b/caffeine/src/jmh/java/com/github/benmanes/caffeine/SlotLookupBenchmark.java
@@ -126,10 +126,12 @@ public long striped64_unsafe(Blackhole blackhole) {
     return array[index];
   }
 
+  @SuppressWarnings("SunApi")
   private int getProbe_unsafe() {
     return UnsafeAccess.UNSAFE.getInt(Thread.currentThread(), probeOffset);
   }
 
+  @SuppressWarnings("SunApi")
   private void advanceProbe_unsafe(int probe) {
     probe ^= probe << 13; // xorshift
     probe ^= probe >>> 17;
diff --git a/caffeine/src/test/java/com/github/benmanes/caffeine/cache/CaffeineTest.java b/caffeine/src/test/java/com/github/benmanes/caffeine/cache/CaffeineTest.java
index 41adc905c5..eaf3f7be47 100644
--- a/caffeine/src/test/java/com/github/benmanes/caffeine/cache/CaffeineTest.java
+++ b/caffeine/src/test/java/com/github/benmanes/caffeine/cache/CaffeineTest.java
@@ -187,6 +187,7 @@ public void string(CacheContext context) {
 
   @Test
   public void calculateHashMapCapacity() {
+    @SuppressWarnings("UnnecessaryMethodReference")
     Iterable<Integer> iterable = List.of(1, 2, 3)::iterator;
     assertThat(Caffeine.calculateHashMapCapacity(iterable)).isEqualTo(16);
     assertThat(Caffeine.calculateHashMapCapacity(List.of(1, 2, 3))).isEqualTo(4);
@@ -232,6 +233,7 @@ public void asyncLoader_nullLoader() {
 
   @Test
   public void asyncLoader() {
+    @SuppressWarnings("UnnecessaryMethodReference")
     AsyncCacheLoader<Object, Object> asyncLoader = loader::asyncLoad;
     var cache = Caffeine.newBuilder().buildAsync(asyncLoader);
     assertThat(cache).isNotNull();
diff --git a/caffeine/src/test/java/com/github/benmanes/caffeine/cache/Reset.java b/caffeine/src/test/java/com/github/benmanes/caffeine/cache/Reset.java
index 7369a7457d..1d0a518b8a 100644
--- a/caffeine/src/test/java/com/github/benmanes/caffeine/cache/Reset.java
+++ b/caffeine/src/test/java/com/github/benmanes/caffeine/cache/Reset.java
@@ -37,6 +37,7 @@ public static void resetThreadLocalRandom() {
     setThreadLocalRandom(RANDOM_PROBE, RANDOM_SEED);
   }
 
+  @SuppressWarnings("SunApi")
   public static void setThreadLocalRandom(int probe, int seed) {
     UnsafeAccess.UNSAFE.putInt(Thread.currentThread(), PROBE, probe);
     UnsafeAccess.UNSAFE.putLong(Thread.currentThread(), SEED, seed);
diff --git a/examples/coalescing-bulkloader-reactor/gradle/wrapper/gradle-wrapper.properties b/examples/coalescing-bulkloader-reactor/gradle/wrapper/gradle-wrapper.properties
index 1de365ecd3..c9e6332d32 100644
--- a/examples/coalescing-bulkloader-reactor/gradle/wrapper/gradle-wrapper.properties
+++ b/examples/coalescing-bulkloader-reactor/gradle/wrapper/gradle-wrapper.properties
@@ -1,4 +1,4 @@
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.8-rc-1-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.8-bin.zip
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME
diff --git a/examples/coalescing-bulkloader-reactor/settings.gradle.kts b/examples/coalescing-bulkloader-reactor/settings.gradle.kts
index 4068e9b011..ee91160124 100644
--- a/examples/coalescing-bulkloader-reactor/settings.gradle.kts
+++ b/examples/coalescing-bulkloader-reactor/settings.gradle.kts
@@ -1,5 +1,5 @@
 plugins {
-  id("com.gradle.develocity") version "3.17.2"
+  id("com.gradle.develocity") version "3.17.4"
   id("com.gradle.common-custom-user-data-gradle-plugin") version "2.0.1"
   id("org.gradle.toolchains.foojay-resolver-convention") version "0.8.0"
 }
diff --git a/examples/graal-native/gradle/wrapper/gradle-wrapper.properties b/examples/graal-native/gradle/wrapper/gradle-wrapper.properties
index 1de365ecd3..c9e6332d32 100644
--- a/examples/graal-native/gradle/wrapper/gradle-wrapper.properties
+++ b/examples/graal-native/gradle/wrapper/gradle-wrapper.properties
@@ -1,4 +1,4 @@
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.8-rc-1-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.8-bin.zip
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME
diff --git a/examples/graal-native/settings.gradle.kts b/examples/graal-native/settings.gradle.kts
index 1cff25b1c0..3211bf6276 100644
--- a/examples/graal-native/settings.gradle.kts
+++ b/examples/graal-native/settings.gradle.kts
@@ -5,7 +5,7 @@ pluginManagement {
   }
 }
 plugins {
-  id("com.gradle.develocity") version "3.17.2"
+  id("com.gradle.develocity") version "3.17.4"
   id("com.gradle.common-custom-user-data-gradle-plugin") version "2.0.1"
   id("org.gradle.toolchains.foojay-resolver-convention") version "0.8.0"
 }
diff --git a/examples/hibernate/gradle/libs.versions.toml b/examples/hibernate/gradle/libs.versions.toml
index 2659fa76d7..d0afdd17d8 100644
--- a/examples/hibernate/gradle/libs.versions.toml
+++ b/examples/hibernate/gradle/libs.versions.toml
@@ -1,7 +1,7 @@
 [versions]
 caffeine = "3.1.8"
 h2 = "2.2.224"
-hibernate = "6.5.0.Final"
+hibernate = "6.5.2.Final"
 junit = "5.11.0-M2"
 log4j2 = "3.0.0-beta2"
 slf4j = "2.0.7"
diff --git a/examples/hibernate/gradle/wrapper/gradle-wrapper.properties b/examples/hibernate/gradle/wrapper/gradle-wrapper.properties
index 1de365ecd3..c9e6332d32 100644
--- a/examples/hibernate/gradle/wrapper/gradle-wrapper.properties
+++ b/examples/hibernate/gradle/wrapper/gradle-wrapper.properties
@@ -1,4 +1,4 @@
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.8-rc-1-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.8-bin.zip
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME
diff --git a/examples/hibernate/settings.gradle.kts b/examples/hibernate/settings.gradle.kts
index b21c56b1b6..c956e3da81 100644
--- a/examples/hibernate/settings.gradle.kts
+++ b/examples/hibernate/settings.gradle.kts
@@ -1,5 +1,5 @@
 plugins {
-  id("com.gradle.develocity") version "3.17.2"
+  id("com.gradle.develocity") version "3.17.4"
   id("com.gradle.common-custom-user-data-gradle-plugin") version "2.0.1"
   id("org.gradle.toolchains.foojay-resolver-convention") version "0.8.0"
 }
diff --git a/examples/resilience-failsafe/gradle/wrapper/gradle-wrapper.properties b/examples/resilience-failsafe/gradle/wrapper/gradle-wrapper.properties
index 1de365ecd3..c9e6332d32 100644
--- a/examples/resilience-failsafe/gradle/wrapper/gradle-wrapper.properties
+++ b/examples/resilience-failsafe/gradle/wrapper/gradle-wrapper.properties
@@ -1,4 +1,4 @@
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.8-rc-1-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.8-bin.zip
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME
diff --git a/examples/resilience-failsafe/settings.gradle.kts b/examples/resilience-failsafe/settings.gradle.kts
index a9014c56c8..5fa0e06224 100644
--- a/examples/resilience-failsafe/settings.gradle.kts
+++ b/examples/resilience-failsafe/settings.gradle.kts
@@ -1,5 +1,5 @@
 plugins {
-  id("com.gradle.develocity") version "3.17.2"
+  id("com.gradle.develocity") version "3.17.4"
   id("com.gradle.common-custom-user-data-gradle-plugin") version "2.0.1"
   id("org.gradle.toolchains.foojay-resolver-convention") version "0.8.0"
 }
diff --git a/examples/write-behind-rxjava/gradle/wrapper/gradle-wrapper.properties b/examples/write-behind-rxjava/gradle/wrapper/gradle-wrapper.properties
index 1de365ecd3..c9e6332d32 100644
--- a/examples/write-behind-rxjava/gradle/wrapper/gradle-wrapper.properties
+++ b/examples/write-behind-rxjava/gradle/wrapper/gradle-wrapper.properties
@@ -1,4 +1,4 @@
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.8-rc-1-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.8-bin.zip
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME
diff --git a/examples/write-behind-rxjava/settings.gradle.kts b/examples/write-behind-rxjava/settings.gradle.kts
index deeb5050c9..60f29a4afa 100644
--- a/examples/write-behind-rxjava/settings.gradle.kts
+++ b/examples/write-behind-rxjava/settings.gradle.kts
@@ -1,5 +1,5 @@
 plugins {
-  id("com.gradle.develocity") version "3.17.2"
+  id("com.gradle.develocity") version "3.17.4"
   id("com.gradle.common-custom-user-data-gradle-plugin") version "2.0.1"
   id("org.gradle.toolchains.foojay-resolver-convention") version "0.8.0"
 }
diff --git a/gradle/config/pmd/rulesSets.xml b/gradle/config/pmd/rulesSets.xml
index 460b056c84..2b871963ee 100644
--- a/gradle/config/pmd/rulesSets.xml
+++ b/gradle/config/pmd/rulesSets.xml
@@ -13,7 +13,6 @@
     <exclude name="MissingOverride"/>
     <exclude name="GuardLogStatement"/>
     <exclude name="OneDeclarationPerLine"/>
-    <exclude name="ReplaceHashtableWithMap"/>
     <exclude name="AvoidReassigningParameters"/>
     <exclude name="LiteralsFirstInComparisons"/>
   </rule>
@@ -44,7 +43,6 @@
     <exclude name="UnnecessaryReturn"/>
     <exclude name="UseDiamondOperator"/>
     <exclude name="UselessParentheses"/>
-    <exclude name="PrematureDeclaration"/>
     <exclude name="TooManyStaticImports"/>
     <exclude name="AtLeastOneConstructor"/>
     <exclude name="CallSuperInConstructor"/>
diff --git a/gradle/config/spotbugs/exclude.xml b/gradle/config/spotbugs/exclude.xml
index d71ede8ee4..9bcda48541 100644
--- a/gradle/config/spotbugs/exclude.xml
+++ b/gradle/config/spotbugs/exclude.xml
@@ -8,7 +8,6 @@
       ACEM_ABSTRACT_CLASS_EMPTY_METHODS,
       AI_ANNOTATION_ISSUES_NEEDS_NULLABLE,
       AOM_ABSTRACT_OVERRIDDEN_METHOD,
-      BAS_BLOATED_ASSIGNMENT_SCOPE,
       BL_BURYING_LOGIC,
       CE_CLASS_ENVY,
       CFS_CONFUSING_FUNCTION_SEMANTICS,
@@ -131,11 +130,6 @@
     </Or>
     <Bug pattern="NP_NULL_ON_SOME_PATH, NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE"/>
   </Match>
-  <Match>
-    <Class name="com.github.benmanes.caffeine.cache.stats.CacheStats"/>
-    <Method name="empty"/>
-    <Bug pattern="SING_SINGLETON_GETTER_NOT_SYNCHRONIZED"/>
-  </Match>
   <Match>
     <Class name="com.github.benmanes.caffeine.cache.stats.CacheStats"/>
     <Or>
@@ -176,6 +170,11 @@
     <Class name="com.github.benmanes.caffeine.cache.LocalAsyncCache$AsMapView$EntryIterator"/>
     <Bug pattern="UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR"/>
   </Match>
+  <Match>
+    <Class name="com.github.benmanes.caffeine.cache.LocalAsyncCache$AsyncBulkCompleter"/>
+    <Method name="apply"/>
+    <Bug pattern="ITC_INHERITANCE_TYPE_CHECKING"/>
+  </Match>
   <Match>
     <Class name="com.github.benmanes.caffeine.cache.LocalAsyncCache$AsyncBulkCompleter$NullMapCompletionException"/>
     <Method name="&lt;init&gt;"/>
@@ -183,7 +182,7 @@
   </Match>
   <Match>
     <Class name="com.github.benmanes.caffeine.cache.LocalAsyncCache$AsyncBulkCompleter"/>
-    <Method name="lambda$fillProxies$0"/>
+    <Method name="fillProxies"/>
     <Bug pattern="RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE"/>
   </Match>
   <Match>
@@ -473,11 +472,6 @@
     <Method name="equals"/>
     <Bug pattern="FE_FLOATING_POINT_EQUALITY"/>
   </Match>
-  <Match>
-    <Class name="com.github.benmanes.caffeine.cache.simulator.policy.sketch.climbing.HillClimber$Adaptation"/>
-    <Method name="hold"/>
-    <Bug pattern="SING_SINGLETON_GETTER_NOT_SYNCHRONIZED"/>
-  </Match>
   <Match>
     <Class name="com.github.benmanes.caffeine.cache.simulator.report.TextReporter"/>
     <Method name="print"/>
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 5d16490a3c..6d19ace364 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -1,17 +1,17 @@
 [versions]
 asm = "9.7"
-auto-value = "1.10.4"
+auto-value = "1.11.0"
 awaitility = "4.2.1"
 bcel = "6.9.0"
 bnd = "7.0.0"
 bouncycastle-jdk18on = "1.78.1"
 cache2k = "2.6.1.Final"
 caffeine = "3.1.8"
-checker-framework = "3.43.0"
-checkstyle = "10.16.0"
+checker-framework = "3.44.0"
+checkstyle = "10.17.0"
 coherence = "22.06.2"
 commons-collections4 = "4.4"
-commons-compress = "1.26.1"
+commons-compress = "1.26.2"
 commons-io = "2.16.1"
 commons-lang3 = "3.14.0"
 commons-math3 = "3.6.1"
@@ -22,8 +22,8 @@ coveralls = "2.12.2"
 dependency-check = "9.2.0"
 eclipse-collections = "12.0.0.M3"
 ehcache3 = "3.10.8"
-errorprone-core = "2.27.1"
-errorprone-plugin = "3.1.0"
+errorprone-core = "2.28.0"
+errorprone-plugin = "4.0.0"
 errorprone-support = "0.16.1"
 expiring-map = "0.5.11"
 fast-filter = "1.0.2"
@@ -34,14 +34,14 @@ findsecbugs = "1.13.0"
 flip-tables = "1.1.1"
 forbidden-apis = "3.7"
 google-java-format = "1.22.0"
-guava = "33.2.0-jre"
+guava = "33.2.1-jre"
 guice = "6.0.0"
 h2 = "2.2.224"
 hamcrest = "2.2"
 hazelcast = "5.3.7"
 httpclient = "4.5.14"
 idea = "1.1.8"
-jackrabbit = "1.62.0"
+jackrabbit = "1.64.0"
 jackson = "2.17.1"
 jacoco = "0.8.12"
 jakarta-inject = "2.0.1"
@@ -51,7 +51,7 @@ javapoet = "1.13.0"
 jazzer = "0.22.1"
 jcache = "1.1.1"
 jcommander = "1.82"
-jctools = "4.0.3"
+jctools = "4.0.5"
 jfreechart = "1.5.4"
 jgit = "6.9.0.202403050737-r"
 jmh-core = "1.37"
@@ -63,12 +63,12 @@ jsoup = "1.17.2"
 junit-testng = "1.0.5"
 junit4 = "4.13.2"
 junit5 = "5.11.0-M2"
-jvm-dependency-conflict-resolution = "2.0"
-kotlin = "1.9.24"
+jvm-dependency-conflict-resolution = "2.1.1"
+kotlin = "2.0.0"
 lincheck = "2.32"
 mockito = "5.12.0"
 nexus-publish = "2.0.0"
-nullaway-core = "0.10.26"
+nullaway-core = "0.11.0"
 nullaway-plugin = "2.0.0"
 okhttp-bom = "4.12.0"
 okio-bom = "3.9.0"
@@ -78,15 +78,15 @@ osgi-promise = "1.3.0"
 pax-exam = "4.13.5"
 pax-url = "2.6.14"
 picocli = "4.7.6"
-pmd = "7.1.0"
-protobuf = "4.26.1"
+pmd = "7.2.0"
+protobuf = "4.27.1"
 slf4j = "2.0.13"
 slf4j-test = "3.0.1"
 snakeyaml = "2.2"
 sonarqube = "5.0.0.4638"
 spotbugs-contrib = "7.6.4"
 spotbugs-core = "4.8.5"
-spotbugs-plugin = "6.0.14"
+spotbugs-plugin = "6.0.15"
 stream = "2.9.8"
 tcache = "2.0.1"
 testng = "7.10.2"
@@ -95,7 +95,7 @@ univocity-parsers = "2.9.1"
 versions = "0.51.0"
 xz = "1.9"
 ycsb = "0.17.0"
-zero-allocation-hashing = "0.16"
+zero-allocation-hashing = "0.26ea0"
 zstd = "1.5.6-3"
 
 [libraries]
diff --git a/gradle/plugins/build.gradle.kts b/gradle/plugins/build.gradle.kts
index 2fd0d220e9..e5cca2cef2 100644
--- a/gradle/plugins/build.gradle.kts
+++ b/gradle/plugins/build.gradle.kts
@@ -56,12 +56,13 @@ tasks.withType<DependencyUpdatesTask> {
   checkConstraints = true
   resolutionStrategy {
     componentSelection {
-      val ignoredGroups = listOf("org.jetbrains.kotlin", "org.gradle.kotlin.kotlin-dsl")
+      val ignoredGroups = listOf("com.beust", "org.apache.logging.log4j",
+        "org.jetbrains.kotlin", "org.gradle.kotlin.kotlin-dsl")
       val stable = setOf("com.fasterxml.jackson", "com.squareup.okhttp3")
       val isNonStable = "^[0-9,.v-]+(-r)?$".toRegex()
       all {
         if ((candidate.group in ignoredGroups) && (candidate.version != currentVersion)) {
-          reject("kotlin dsl")
+          reject("Internal dependency")
         } else if ((candidate.group in stable) && !isNonStable.matches(candidate.version)) {
           reject("Release candidate")
         }
diff --git a/gradle/plugins/settings.gradle.kts b/gradle/plugins/settings.gradle.kts
index 182ab4b6c3..0d5c5fbdc4 100644
--- a/gradle/plugins/settings.gradle.kts
+++ b/gradle/plugins/settings.gradle.kts
@@ -1,5 +1,5 @@
 plugins {
-  id("com.gradle.develocity") version "3.17.2"
+  id("com.gradle.develocity") version "3.17.4"
   id("com.gradle.common-custom-user-data-gradle-plugin") version "2.0.1"
   id("org.gradle.toolchains.foojay-resolver-convention") version "0.8.0"
 }
diff --git a/gradle/plugins/src/main/kotlin/lifecycle/dependency-versions-caffeine-conventions.gradle.kts b/gradle/plugins/src/main/kotlin/lifecycle/dependency-versions-caffeine-conventions.gradle.kts
index 4a2eff55ba..3252b7f6b8 100644
--- a/gradle/plugins/src/main/kotlin/lifecycle/dependency-versions-caffeine-conventions.gradle.kts
+++ b/gradle/plugins/src/main/kotlin/lifecycle/dependency-versions-caffeine-conventions.gradle.kts
@@ -10,12 +10,15 @@ tasks.named<DependencyUpdatesTask>("dependencyUpdates").configure {
   resolutionStrategy {
     componentSelection {
       all {
+        val ignoredGroups = listOf("com.beust", "org.apache.logging.log4j")
         val stable = setOf("com.hazelcast", "javax.json.bind",
           "org.jetbrains.kotlin", "org.osgi", "org.slf4j")
         if ((candidate.group in stable) && isNonStable(candidate.version)) {
           reject("Release candidate")
         } else if ((candidate.module == "commons-io") && candidate.version.startsWith("2003")) {
           reject("Bad release")
+        } else if ((candidate.group in ignoredGroups) && (candidate.version != currentVersion)) {
+          reject("Internal dependency")
         }
       }
     }
diff --git a/gradle/plugins/src/main/kotlin/lifecycle/intellij-caffeine-conventions.gradle.kts b/gradle/plugins/src/main/kotlin/lifecycle/intellij-caffeine-conventions.gradle.kts
index 6ebe27f401..29e300610c 100644
--- a/gradle/plugins/src/main/kotlin/lifecycle/intellij-caffeine-conventions.gradle.kts
+++ b/gradle/plugins/src/main/kotlin/lifecycle/intellij-caffeine-conventions.gradle.kts
@@ -1,6 +1,7 @@
 import org.jetbrains.gradle.ext.ActionDelegationConfig.TestRunner.PLATFORM
 import org.jetbrains.gradle.ext.runConfigurations
 import org.jetbrains.gradle.ext.delegateActions
+import org.jetbrains.gradle.ext.Application
 import org.jetbrains.gradle.ext.settings
 import org.jetbrains.gradle.ext.TestNG
 import org.jetbrains.gradle.ext.JUnit
@@ -23,5 +24,9 @@ idea.project.settings {
     defaults(JUnit::class.java) {
       vmParameters = jvmArgs
     }
+    register("Simulator", Application::class.java) {
+      mainClass = "com.github.benmanes.caffeine.cache.simulator.Simulator"
+      moduleName = "caffeine.simulator.main"
+    }
   }
 }
diff --git a/gradle/plugins/src/main/kotlin/lifecycle/java-library-caffeine-conventions.gradle.kts b/gradle/plugins/src/main/kotlin/lifecycle/java-library-caffeine-conventions.gradle.kts
index 17beaec724..b4e51e8b88 100644
--- a/gradle/plugins/src/main/kotlin/lifecycle/java-library-caffeine-conventions.gradle.kts
+++ b/gradle/plugins/src/main/kotlin/lifecycle/java-library-caffeine-conventions.gradle.kts
@@ -31,8 +31,8 @@ tasks.withType<JavaCompile>().configureEach {
     languageVersion = maxOf(javaVersion, JavaLanguageVersion.of(17))
   }
 
-  options.compilerArgs.add("-Xlint:all,-processing,-exports,-auxiliaryclass,"
-    + "-requires-automatic,-requires-transitive-automatic")
+  options.compilerArgs.add("-Xlint:all,-auxiliaryclass,-exports,-processing,"
+    + "-removal,-requires-automatic,-requires-transitive-automatic")
   options.compilerArgs.addAll(listOf("-Xmaxerrs", "500", "-Xmaxwarns", "500"))
   if (javaVersion.canCompileOrRun(21)) {
     options.compilerArgs.add("-proc:full")
diff --git a/gradle/plugins/src/main/kotlin/quality/errorprone-caffeine-conventions.gradle.kts b/gradle/plugins/src/main/kotlin/quality/errorprone-caffeine-conventions.gradle.kts
index bedadc84bd..2a13d26689 100644
--- a/gradle/plugins/src/main/kotlin/quality/errorprone-caffeine-conventions.gradle.kts
+++ b/gradle/plugins/src/main/kotlin/quality/errorprone-caffeine-conventions.gradle.kts
@@ -83,6 +83,7 @@ fun disabledChecks() = listOf(
   "IsInstanceLambdaUsage",
   "LexicographicalAnnotationListing",
   "MissingSummary",
+  "PatternMatchingInstanceof",
   "StaticImport",
 )
 fun enabledChecks() = listOf(
@@ -125,6 +126,7 @@ fun enabledChecks() = listOf(
   "StringFormatWithLiteral",
   "StronglyTypeByteString",
   "StronglyTypeTime",
+  "SunApi",
   "SwitchDefault",
   "TimeUnitMismatch",
   "TransientMisuse",
diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
index 1de365ecd3..c9e6332d32 100644
--- a/gradle/wrapper/gradle-wrapper.properties
+++ b/gradle/wrapper/gradle-wrapper.properties
@@ -1,4 +1,4 @@
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.8-rc-1-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.8-bin.zip
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME
diff --git a/settings.gradle.kts b/settings.gradle.kts
index bdf0ccfdd1..cbf1fd8747 100644
--- a/settings.gradle.kts
+++ b/settings.gradle.kts
@@ -2,7 +2,7 @@ pluginManagement {
   includeBuild("gradle/plugins")
 }
 plugins {
-  id("com.gradle.develocity") version "3.17.2"
+  id("com.gradle.develocity") version "3.17.4"
   id("com.gradle.common-custom-user-data-gradle-plugin") version "2.0.1"
   id("org.gradle.toolchains.foojay-resolver-convention") version "0.8.0"
 }