diff --git a/bom/pom.xml b/bom/pom.xml
index 75a25f8be6..81426468ba 100644
--- a/bom/pom.xml
+++ b/bom/pom.xml
@@ -29,27 +29,27 @@
 
   <properties>
     <artemis.image.name>quay.io/artemiscloud/activemq-artemis-broker:1.0.6</artemis.image.name>
-    <assertj.version>3.24.2</assertj.version>
+    <assertj.version>3.26.3</assertj.version>
     <californium.version>3.11.0</californium.version>
     <cryptvault.version>1.0.2</cryptvault.version>
     <dispatch-router.image.name>quay.io/interconnectedcloud/qdrouterd:1.17.1</dispatch-router.image.name>
-    <guava.version>32.1.2-jre</guava.version>
+    <guava.version>33.3.1-jre</guava.version>
     <infinispan.version>14.0.27.Final</infinispan.version>
     <infinispan-image.name>quay.io/infinispan/server-native:13.0.12.Final</infinispan-image.name>
     <jaeger.image.name>docker.io/jaegertracing/all-in-one:1.51</jaeger.image.name>
     <java-base-image.name>docker.io/library/eclipse-temurin:17-jre-jammy</java-base-image.name>
-    <jjwt.version>0.12.5</jjwt.version>
+    <jjwt.version>0.12.6</jjwt.version>
     <kafka.image.name>docker.io/confluentinc/cp-kafka:7.5.0</kafka.image.name>
-    <logback.version>1.5.6</logback.version>
+    <logback.version>1.5.12</logback.version>
     <mongodb-image.name>docker.io/library/mongo:6.0</mongodb-image.name>
     <native.image.name>quay.io/quarkus/quarkus-micro-image:2.0</native.image.name>
     <native.builder-image.name>mandrel</native.builder-image.name>
     <postgresql-image.name>docker.io/library/postgres:14-alpine</postgresql-image.name>
-    <qpid-jms.version>1.10.0</qpid-jms.version>
+    <qpid-jms.version>1.12.1</qpid-jms.version>
     <quarkus.platform.version>3.8.6</quarkus.platform.version>
-    <slf4j.version>2.0.6</slf4j.version>
-    <spring-security-crypto.version>6.1.4</spring-security-crypto.version>
-    <truth.version>1.1.3</truth.version>
+    <slf4j.version>2.0.16</slf4j.version>
+    <spring-security-crypto.version>6.1.9</spring-security-crypto.version>
+    <truth.version>1.1.5</truth.version>
 
     <!-- The port at which the health check server should expose its resources -->
     <health.check.port>8088</health.check.port>
diff --git a/legal/src/main/resources/legal/DEPENDENCIES b/legal/src/main/resources/legal/DEPENDENCIES
index 53d9df79e5..b5db829f62 100644
--- a/legal/src/main/resources/legal/DEPENDENCIES
+++ b/legal/src/main/resources/legal/DEPENDENCIES
@@ -1,6 +1,6 @@
 maven/mavencentral/biz.paluch.logging/logstash-gelf/1.15.1, MIT, approved, clearlydefined
-maven/mavencentral/ch.qos.logback/logback-classic/1.5.6, EPL-1.0 AND LGPL-2.1-only, approved, #15279
-maven/mavencentral/ch.qos.logback/logback-core/1.5.6, EPL-1.0 AND LGPL-2.1-only, approved, #15210
+maven/mavencentral/ch.qos.logback/logback-classic/1.5.12, EPL-1.0 AND LGPL-2.1-only, approved, #15279
+maven/mavencentral/ch.qos.logback/logback-core/1.5.12, EPL-1.0 AND LGPL-2.1-only, approved, #15210
 maven/mavencentral/com.aayushatharva.brotli4j/brotli4j/1.16.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.aayushatharva.brotli4j/native-linux-x86_64/1.16.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.aayushatharva.brotli4j/service/1.16.0, Apache-2.0, approved, clearlydefined
@@ -32,7 +32,7 @@ maven/mavencentral/com.google.code.gson/gson/2.10.1, Apache-2.0, approved, #6159
 maven/mavencentral/com.googlecode.juniversalchardet/juniversalchardet/1.0.3, MPL-1.1, approved, CQ10305
 maven/mavencentral/com.google.errorprone/error_prone_annotations/2.24.0, Apache-2.0, approved, #12448
 maven/mavencentral/com.google.guava/failureaccess/1.0.1, Apache-2.0, approved, CQ22654
-maven/mavencentral/com.google.guava/guava/32.1.2-jre, Apache-2.0 AND CC0-1.0 AND LicenseRef-Public-Domain, approved, #9229
+maven/mavencentral/com.google.guava/guava/33.3.1-jre, Apache-2.0 AND CC0-1.0 AND (Apache-2.0 AND CC-PDDC) AND (Apache-2.0 AND CC0-1.0), approved, #15952
 maven/mavencentral/com.google.guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava, Apache-2.0, approved, CQ22657
 maven/mavencentral/com.google.http-client/google-http-client/1.43.3, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.google.http-client/google-http-client-gson/1.43.3, Apache-2.0, approved, clearlydefined
@@ -96,9 +96,9 @@ maven/mavencentral/io.grpc/grpc-services/1.59.1, Apache-2.0, approved, clearlyde
 maven/mavencentral/io.grpc/grpc-stub/1.59.1, Apache-2.0, approved, clearlydefined
 maven/mavencentral/io.grpc/grpc-util/1.59.1, Apache-2.0, approved, #12036
 maven/mavencentral/io.grpc/grpc-xds/1.59.1, Apache-2.0, approved, clearlydefined
-maven/mavencentral/io.jsonwebtoken/jjwt-api/0.12.5, Apache-2.0, approved, clearlydefined
-maven/mavencentral/io.jsonwebtoken/jjwt-impl/0.12.5, Apache-2.0, approved, #14485
-maven/mavencentral/io.jsonwebtoken/jjwt-jackson/0.12.5, Apache-2.0, approved, clearlydefined
+maven/mavencentral/io.jsonwebtoken/jjwt-api/0.12.6, Apache-2.0, approved, clearlydefined
+maven/mavencentral/io.jsonwebtoken/jjwt-impl/0.12.6, Apache-2.0, approved, #14485
+maven/mavencentral/io.jsonwebtoken/jjwt-jackson/0.12.6, Apache-2.0, approved, clearlydefined
 maven/mavencentral/io.micrometer/micrometer-commons/1.12.2, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #11679
 maven/mavencentral/io.micrometer/micrometer-core/1.12.2, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #11678
 maven/mavencentral/io.micrometer/micrometer-observation/1.12.2, Apache-2.0, approved, #11680
@@ -353,7 +353,7 @@ maven/mavencentral/org.postgresql/postgresql/42.7.2, BSD-2-Clause AND Apache-2.0
 maven/mavencentral/org.reactivestreams/reactive-streams/1.0.4, CC0-1.0, approved, CQ16332
 maven/mavencentral/org.slf4j/slf4j-api/2.0.6, MIT, approved, #5915
 maven/mavencentral/org.snakeyaml/snakeyaml-engine/2.7, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.springframework.security/spring-security-crypto/6.1.4, Apache-2.0 AND ISC, approved, #9735
+maven/mavencentral/org.springframework.security/spring-security-crypto/6.1.9, Apache-2.0 AND ISC, approved, #9735
 maven/mavencentral/org.threeten/threetenbp/1.6.8, BSD-3-Clause, approved, #6750
 maven/mavencentral/org.wildfly.common/wildfly-common/1.7.0.Final, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.wildfly.security/wildfly-elytron-asn1/2.2.3.Final, Apache-2.0, approved, #9485
diff --git a/legal/src/main/resources/legal/hono-maven.deps b/legal/src/main/resources/legal/hono-maven.deps
index 1857e8904f..91cbcd7998 100644
--- a/legal/src/main/resources/legal/hono-maven.deps
+++ b/legal/src/main/resources/legal/hono-maven.deps
@@ -1,6 +1,6 @@
 biz.paluch.logging:logstash-gelf:jar:1.15.1
-ch.qos.logback:logback-classic:jar:1.5.6
-ch.qos.logback:logback-core:jar:1.5.6
+ch.qos.logback:logback-classic:jar:1.5.12
+ch.qos.logback:logback-core:jar:1.5.12
 com.aayushatharva.brotli4j:brotli4j:jar:1.16.0
 com.aayushatharva.brotli4j:native-linux-x86_64:jar:1.16.0
 com.aayushatharva.brotli4j:service:jar:1.16.0
@@ -32,7 +32,7 @@ com.google.code.gson:gson:jar:2.10.1
 com.googlecode.juniversalchardet:juniversalchardet:jar:1.0.3
 com.google.errorprone:error_prone_annotations:jar:2.24.0
 com.google.guava:failureaccess:jar:1.0.1
-com.google.guava:guava:jar:32.1.2-jre
+com.google.guava:guava:jar:33.3.1-jre
 com.google.guava:listenablefuture:jar:9999.0-empty-to-avoid-conflict-with-guava
 com.google.http-client:google-http-client-gson:jar:1.43.3
 com.google.http-client:google-http-client:jar:1.43.3
@@ -96,9 +96,9 @@ io.grpc:grpc-services:jar:1.59.1
 io.grpc:grpc-stub:jar:1.59.1
 io.grpc:grpc-util:jar:1.59.1
 io.grpc:grpc-xds:jar:1.59.1
-io.jsonwebtoken:jjwt-api:jar:0.12.5
-io.jsonwebtoken:jjwt-impl:jar:0.12.5
-io.jsonwebtoken:jjwt-jackson:jar:0.12.5
+io.jsonwebtoken:jjwt-api:jar:0.12.6
+io.jsonwebtoken:jjwt-impl:jar:0.12.6
+io.jsonwebtoken:jjwt-jackson:jar:0.12.6
 io.micrometer:micrometer-commons:jar:1.12.2
 io.micrometer:micrometer-core:jar:1.12.2
 io.micrometer:micrometer-observation:jar:1.12.2
@@ -358,7 +358,7 @@ org.postgresql:postgresql:jar:42.7.2
 org.reactivestreams:reactive-streams:jar:1.0.4
 org.slf4j:slf4j-api:jar:2.0.6
 org.snakeyaml:snakeyaml-engine:jar:2.7
-org.springframework.security:spring-security-crypto:jar:6.1.4
+org.springframework.security:spring-security-crypto:jar:6.1.9
 org.threeten:threetenbp:jar:1.6.8
 org.wildfly.common:wildfly-common:jar:1.7.0.Final
 org.wildfly.security:wildfly-elytron-asn1:jar:2.2.3.Final