diff --git a/.github/actions/setup-tests/action.yml b/.github/actions/setup-tests/action.yml
index 1b9295f0037..4190fbe04bf 100644
--- a/.github/actions/setup-tests/action.yml
+++ b/.github/actions/setup-tests/action.yml
@@ -16,7 +16,7 @@ runs:
       with:
         fail-mode: true
     - name: Use Maven dependency cache
-      uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+      uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
       with:
         path: ~/.m2/repository
         # We use a unique key and restore from the base one, to ensure that
diff --git a/.github/workflows/jreleaser.yml b/.github/workflows/jreleaser.yml
index 21b52e7aa89..a7d1e1475b7 100644
--- a/.github/workflows/jreleaser.yml
+++ b/.github/workflows/jreleaser.yml
@@ -7,12 +7,16 @@ on:
         required: true
         type: string
 
+permissions:
+  id-token: write # for verifying identity in attestation process
+  attestations: write # to push attestation
+
 jobs:
   jreleaser:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           fetch-depth: 0
           token: ${{ secrets.JRELEASER_GITHUB_TOKEN }}
@@ -29,6 +33,11 @@ jobs:
           JRELEASER_NEXUS2_MAVEN_CENTRAL_USERNAME: ${{ secrets.JRELEASER_NEXUS2_MAVEN_CENTRAL_USERNAME }}
           JRELEASER_NEXUS2_MAVEN_CENTRAL_PASSWORD: ${{ secrets.JRELEASER_NEXUS2_MAVEN_CENTRAL_PASSWORD }}
 
+      - name: Sign artifacts with sigstore/cosign
+        uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3
+        with:
+          subject-path: './target/staging-deploy/**/*.jar'
+
         # Log failures
       - name: JReleaser release output
         if: always()
diff --git a/.github/workflows/qodana.yml b/.github/workflows/qodana.yml
index b1f5c1a3bb5..221313dc38a 100644
--- a/.github/workflows/qodana.yml
+++ b/.github/workflows/qodana.yml
@@ -14,44 +14,44 @@ jobs:
       runs-on: ubuntu-latest
       name: code-quality qodana
       steps:
-        - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
           with:
             fetch-depth: 0
         - name: 'Qodana Scan'
-          uses: JetBrains/qodana-action@a040a784cc28cb9cabdf884c4e8c32d0aa3fcdb3 # v2023.3.2
+          uses: JetBrains/qodana-action@31d6f3309b31c566758e1314a3d9ef0dff75ecbd # v2024.2.6
           with:
             args: --source-directory,./src/main/java , --fail-threshold, 0
             post-pr-comment: "false"
-        - uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3
+        - uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3
           with:
             sarif_file: ${{ runner.temp }}/qodana/results/qodana.sarif.json
     code-quality-spoon-javadoc:
       runs-on: ubuntu-latest
       name: code-quality spoon-javadoc qodana
       steps:
-        - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
           with:
             fetch-depth: 0
         - name: 'Qodana Scan (spoon-javadoc)'
-          uses: JetBrains/qodana-action@a040a784cc28cb9cabdf884c4e8c32d0aa3fcdb3 # v2023.3.2
+          uses: JetBrains/qodana-action@31d6f3309b31c566758e1314a3d9ef0dff75ecbd # v2024.2.6
           with:
             args: --source-directory,./spoon-javadoc/src/main/java , --fail-threshold, 0
             post-pr-comment: "false"
-        - uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3
+        - uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3
           with:
             sarif_file: ${{ runner.temp }}/qodana/results/qodana.sarif.json
     code-quality-spoon-control-flow:
       runs-on: ubuntu-latest
       name: code-quality spoon-controlflow qodana
       steps:
-        - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
           with:
             fetch-depth: 0
         - name: 'Qodana Scan (spoon-control-flow)'
-          uses: JetBrains/qodana-action@a040a784cc28cb9cabdf884c4e8c32d0aa3fcdb3 # v2023.3.2
+          uses: JetBrains/qodana-action@31d6f3309b31c566758e1314a3d9ef0dff75ecbd # v2024.2.6
           with:
             args: --source-directory,./spoon-control-flow/src/main/java , --fail-threshold, 0
             post-pr-comment: "false"
-        - uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3
+        - uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3
           with:
             sarif_file: ${{ runner.temp }}/qodana/results/qodana.sarif.json
diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml
index 5e89bfb5583..a041ff08f8c 100644
--- a/.github/workflows/sbom.yml
+++ b/.github/workflows/sbom.yml
@@ -22,10 +22,10 @@ jobs:
       SSH_AUTH_SOCK: /tmp/ssh_agent.sock
     name: Generate and store SBOM
     steps:
-      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
-      - uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0
+      - uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
         with:
           java-version: 17
           distribution: ${{ env.JAVA_DISTRIBUTION }}
@@ -34,7 +34,7 @@ jobs:
         run: echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT
         shell: bash
       - name: Use Maven dependency cache
-        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
         with:
           path: ~/.m2/repository
           key: ${{ runner.os }}-${{ steps.get-date.outputs.date }}-${{ hashFiles('**/pom.xml') }}
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index aee178c8d31..f5107f36fc6 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -36,7 +36,7 @@ jobs:
           egress-policy: audit
 
       - name: "Checkout code"
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
 
@@ -71,6 +71,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13
+        uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 10631939477..a0746640dfc 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -35,7 +35,7 @@ jobs:
         os: [ubuntu-latest]
     steps:
       - name: Checkout
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           fetch-depth: 0
       - name: Setup env
@@ -53,10 +53,10 @@ jobs:
       - name: Disable Git's autocrlf
         run: git config --global core.autocrlf false
       - name: git checkout
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
-      - uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4
+      - uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4
         with:
           distribution: 'temurin'
           java-version: '17'
@@ -73,7 +73,7 @@ jobs:
     name: Test with coverage
     steps:
       - name: Checkout
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           fetch-depth: 0
       - name: Setup env
@@ -92,7 +92,7 @@ jobs:
     name: Extra checks
     steps:
       - name: Checkout
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           fetch-depth: 0
       - name: Setup env
@@ -111,7 +111,7 @@ jobs:
     name: Javadoc quality
     steps:
       - name: Checkout
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           fetch-depth: 0
       - name: Setup env
@@ -129,7 +129,7 @@ jobs:
     name: reproducible-builds
     steps:
       - name: Checkout
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           fetch-depth: 0
       - name: Setup env
@@ -144,7 +144,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           fetch-depth: 0
       - name: Setup env
@@ -160,7 +160,7 @@ jobs:
     name: Codegeneration
     steps:
       - name: Checkout
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           fetch-depth: 0
       - name: Setup env
diff --git a/flake.lock b/flake.lock
index d052ebff2c3..b03cf135bd9 100644
--- a/flake.lock
+++ b/flake.lock
@@ -2,11 +2,11 @@
   "nodes": {
     "nixpkgs": {
       "locked": {
-        "lastModified": 1729256560,
-        "narHash": "sha256-/uilDXvCIEs3C9l73JTACm4quuHUsIHcns1c+cHUJwA=",
+        "lastModified": 1729880355,
+        "narHash": "sha256-RP+OQ6koQQLX5nw0NmcDrzvGL8HDLnyXt/jHhL1jwjM=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "4c2fcb090b1f3e5b47eaa7bd33913b574a11e0a0",
+        "rev": "18536bf04cd71abd345f9579158841376fdd0c5a",
         "type": "github"
       },
       "original": {
diff --git a/pom.xml b/pom.xml
index ebd90f67b2e..a7e79a98dc8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -34,7 +34,7 @@
     <dependency>
       <groupId>org.eclipse.jdt</groupId>
       <artifactId>org.eclipse.jdt.core</artifactId>
-      <version>3.38.0</version>
+      <version>3.39.0</version>
       <exclusions>
         <exclusion>
           <groupId>org.eclipse.platform</groupId>
@@ -91,7 +91,7 @@
     <dependency>
       <groupId>com.fasterxml.jackson.core</groupId>
       <artifactId>jackson-databind</artifactId>
-      <version>2.18.0</version>
+      <version>2.18.1</version>
     </dependency>
     <dependency>
       <!-- support for compressed serialized ASTs -->
@@ -120,7 +120,7 @@
     <dependency>
         <groupId>ch.qos.logback</groupId>
         <artifactId>logback-classic</artifactId>
-        <version>1.5.11</version>
+        <version>1.5.12</version>
         <scope>test</scope>
     </dependency>
     <dependency>
@@ -198,7 +198,7 @@
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-checkstyle-plugin</artifactId>
-        <version>3.5.0</version>
+        <version>3.6.0</version>
         <configuration>
           <failsOnError>true</failsOnError>
           <consoleOutput>true</consoleOutput>
diff --git a/qodana.yaml b/qodana.yaml
index 33065fc35d2..e436b6fd7d0 100644
--- a/qodana.yaml
+++ b/qodana.yaml
@@ -37,3 +37,7 @@ exclude:
       - src/main/java/spoon/support/visitor/clone/CloneBuilder.java
       - src/main/java/spoon/support/visitor/clone/CloneVisitor.java
       - src/main/java/spoon/reflect/meta/impl/ModelRoleHandlers.java
+
+
+#Specify Qodana linter for analysis (Applied in CI/CD pipeline)
+linter: jetbrains/qodana-jvm-community:latest
\ No newline at end of file
diff --git a/spoon-control-flow/pom.xml b/spoon-control-flow/pom.xml
index 1a4754b75cc..f981ef5865e 100644
--- a/spoon-control-flow/pom.xml
+++ b/spoon-control-flow/pom.xml
@@ -27,7 +27,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-checkstyle-plugin</artifactId>
-                <version>3.5.0</version>
+                <version>3.6.0</version>
                 <configuration>
                     <failsOnError>true</failsOnError>
                     <configLocation>../checkstyle.xml</configLocation>
diff --git a/spoon-control-flow/src/test/java/fr/inria/controlflow/AllBranchesReturnTest.java b/spoon-control-flow/src/test/java/fr/inria/controlflow/AllBranchesReturnTest.java
index ef1ea725f6b..04daa5eb769 100644
--- a/spoon-control-flow/src/test/java/fr/inria/controlflow/AllBranchesReturnTest.java
+++ b/spoon-control-flow/src/test/java/fr/inria/controlflow/AllBranchesReturnTest.java
@@ -121,7 +121,7 @@ public void testSegment(AbstractProcessor processor) throws Exception {
 		//        "nestedIfSomeNotReturning", false);
 
 		Factory factory = new SpoonMetaFactory().buildNewFactory(
-				this.getClass().getResource("/control-flow").toURI().getPath(), 7);
+				this.getClass().getResource("/control-flow").toURI().getPath(), 11);
 		ProcessingManager pm = new QueueProcessingManager(factory);
 		pm.addProcessor(processor);
 		pm.process(factory.getModel().getRootPackage());
diff --git a/spoon-control-flow/src/test/java/fr/inria/controlflow/ForwardFlowBuilderVisitorTest.java b/spoon-control-flow/src/test/java/fr/inria/controlflow/ForwardFlowBuilderVisitorTest.java
index 9c94d18b7ce..57d1ee19a0e 100644
--- a/spoon-control-flow/src/test/java/fr/inria/controlflow/ForwardFlowBuilderVisitorTest.java
+++ b/spoon-control-flow/src/test/java/fr/inria/controlflow/ForwardFlowBuilderVisitorTest.java
@@ -46,7 +46,7 @@ public static ControlFlowGraph buildGraph(String folder, final String methodName
 			throws Exception {
 		final ControlFlowBuilder visitor = new ControlFlowBuilder();
 
-		Factory factory = new SpoonMetaFactory().buildNewFactory(folder, 5);
+		Factory factory = new SpoonMetaFactory().buildNewFactory(folder, 11);
 		ProcessingManager pm = new QueueProcessingManager(factory);
 		pm.addProcessor(new AbstractProcessor<CtMethod>() {
 			@Override
diff --git a/spoon-dataflow/build.gradle b/spoon-dataflow/build.gradle
index 037724dac25..56395cb6fe7 100644
--- a/spoon-dataflow/build.gradle
+++ b/spoon-dataflow/build.gradle
@@ -24,7 +24,7 @@ dependencies {
     implementation group: 'fr.inria.gforge.spoon', name: 'spoon-core', version: '+'
     implementation group: 'commons-cli', name: 'commons-cli', version: '1.9.0'
     implementation group: 'tools.aqua', name: 'z3-turnkey', version: '4.13.0.1'
-    testImplementation("org.junit.jupiter:junit-jupiter:5.11.2")
+    testImplementation("org.junit.jupiter:junit-jupiter:5.11.3")
 }
 
 application {
diff --git a/spoon-decompiler/pom.xml b/spoon-decompiler/pom.xml
index 86665131f91..186b4440f77 100644
--- a/spoon-decompiler/pom.xml
+++ b/spoon-decompiler/pom.xml
@@ -82,7 +82,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-checkstyle-plugin</artifactId>
-		        <version>3.5.0</version>
+		        <version>3.6.0</version>
                 <configuration>
                     <failsOnError>true</failsOnError>
                     <configLocation>../checkstyle.xml</configLocation>
diff --git a/spoon-pom/pom.xml b/spoon-pom/pom.xml
index f195fad6fd3..0716da976ab 100644
--- a/spoon-pom/pom.xml
+++ b/spoon-pom/pom.xml
@@ -43,19 +43,19 @@
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter-engine</artifactId>
-            <version>5.11.2</version>
+            <version>5.11.3</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter-params</artifactId>
-            <version>5.11.2</version>
+            <version>5.11.3</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.junit.platform</groupId>
             <artifactId>junit-platform-launcher</artifactId>
-            <version>1.11.2</version>
+            <version>1.11.3</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -235,7 +235,7 @@
                 </plugin>
                 <plugin>
                     <artifactId>maven-dependency-plugin</artifactId>
-                    <version>3.8.0</version>
+                    <version>3.8.1</version>
                 </plugin>
                 <plugin>
                     <artifactId>maven-deploy-plugin</artifactId>
@@ -251,7 +251,7 @@
                 </plugin>
                 <plugin>
                     <artifactId>maven-project-info-reports-plugin</artifactId>
-                    <version>3.7.0</version>
+                    <version>3.8.0</version>
                 </plugin>
                 <plugin>
                     <artifactId>maven-release-plugin</artifactId>
@@ -263,7 +263,7 @@
                 </plugin>
                 <plugin>
                     <artifactId>maven-site-plugin</artifactId>
-                    <version>3.20.0</version>
+                    <version>3.21.0</version>
                 </plugin>
                 <plugin>
                     <artifactId>maven-surefire-plugin</artifactId>
diff --git a/spoon-smpl/pom.xml b/spoon-smpl/pom.xml
index 725f9542e05..89cfa1b71fc 100644
--- a/spoon-smpl/pom.xml
+++ b/spoon-smpl/pom.xml
@@ -36,7 +36,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-checkstyle-plugin</artifactId>
-                <version>3.5.0</version>
+                <version>3.6.0</version>
                 <configuration>
                     <failsOnError>true</failsOnError>
                     <configLocation>../checkstyle.xml</configLocation>
diff --git a/spoon-visualisation/pom.xml b/spoon-visualisation/pom.xml
index e65b0912e4e..55e7dd89b88 100644
--- a/spoon-visualisation/pom.xml
+++ b/spoon-visualisation/pom.xml
@@ -149,7 +149,7 @@
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter-engine</artifactId>
-            <version>5.11.2</version>
+            <version>5.11.3</version>
             <scope>test</scope>
         </dependency>
         <dependency>
diff --git a/src/test/java/spoon/test/api/NoClasspathTest.java b/src/test/java/spoon/test/api/NoClasspathTest.java
index daf0d98eef4..06974d0cc18 100644
--- a/src/test/java/spoon/test/api/NoClasspathTest.java
+++ b/src/test/java/spoon/test/api/NoClasspathTest.java
@@ -42,6 +42,7 @@
 import spoon.support.visitor.SignaturePrinter;
 import spoon.test.api.testclasses.Bar;
 import spoon.testing.assertions.SpoonAssertions;
+import spoon.testing.utils.GitHubIssue;
 import spoon.testing.utils.ModelTest;
 
 import static java.util.function.Predicate.not;
@@ -209,6 +210,7 @@ public void testInheritanceInNoClassPathWithClasses() {
 		assertTrue(field.getType().isSubtypeOf(myInterfaceReference));
 	}
 
+	@GitHubIssue(issueNumber = 5977, fixed = false)
 	@ModelTest("src/test/resources/noclasspath/issue5591/DiamondConstructorCallTypeInference.java")
 	void testJdtFactoryMethodsForDiamond(CtModel model) {
 		// contract: Leftover <factory> methods from JDT's diamond constructor type inference are handled in
diff --git a/src/test/java/spoon/test/reference/ElasticsearchStackoverflowTest.java b/src/test/java/spoon/test/reference/ElasticsearchStackoverflowTest.java
index b57617c9f56..ad07a7120ab 100644
--- a/src/test/java/spoon/test/reference/ElasticsearchStackoverflowTest.java
+++ b/src/test/java/spoon/test/reference/ElasticsearchStackoverflowTest.java
@@ -28,6 +28,7 @@
 import spoon.reflect.reference.CtTypeReference;
 import spoon.reflect.visitor.CtScanner;
 import spoon.reflect.visitor.filter.TypeFilter;
+import spoon.testing.utils.GitHubIssue;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertFalse;
@@ -45,6 +46,7 @@ public <T> void visitCtExecutableReference(
 		}
 	}
 
+	@GitHubIssue(issueNumber = 5977, fixed = false)
 	@Test
 	public void testStackOverflow() {
 		Launcher launcher = new Launcher();