diff --git a/.config/pmd/java/ruleset.xml b/.config/pmd/java/ruleset.xml
index 4d095dbd..d8daabf4 100644
--- a/.config/pmd/java/ruleset.xml
+++ b/.config/pmd/java/ruleset.xml
@@ -196,9 +196,9 @@
 	<rule ref="category/java/security.xml"/>
 
 	<rule name="AvoidSystemSetterCall"
-		  language="java"
-		  message="Setters of java.lang.System should not be called unless really needed"
-		  class="net.sourceforge.pmd.lang.rule.xpath.XPathRule">
+		language="java"
+		message="Setters of java.lang.System should not be called unless really needed"
+		class="net.sourceforge.pmd.lang.rule.xpath.XPathRule">
 		<description>
 			Calling setters of java.lang.System usually indicates bad design and likely causes unexpected behavior.
 			For example, it may break when multiple Threads are setting the value.
@@ -219,9 +219,9 @@
 	</rule>
 
 	<rule name="JavaObjectSerializationIsUnsafe"
-		  language="java"
-		  message="Using Java Object (De-)Serialization is unsafe and has led to too many security vulnerabilities"
-		  class="net.sourceforge.pmd.lang.rule.xpath.XPathRule">
+		language="java"
+		message="Using Java Object (De-)Serialization is unsafe and has led to too many security vulnerabilities"
+		class="net.sourceforge.pmd.lang.rule.xpath.XPathRule">
 		<description>
 			Nearly every known usage of (Java) Object Deserialization has resulted in [a security vulnerability](https://cloud.google.com/blog/topics/threat-intelligence/hunting-deserialization-exploits?hl=en).
 			Vulnerabilities are so common that there are [dedicated projects for exploit payload generation](https://github.com/frohoff/ysoserial).
diff --git a/.github/workflows/broken-links.yml b/.github/workflows/broken-links.yml
index a37abe70..7d8ae66e 100644
--- a/.github/workflows/broken-links.yml
+++ b/.github/workflows/broken-links.yml
@@ -19,7 +19,7 @@ jobs:
 
       - name: Link Checker
         id: lychee
-        uses: lycheeverse/lychee-action@5c4ee84814c983aa7164eaee476f014e53ff3963 # v2
+        uses: lycheeverse/lychee-action@885c65f3dc543b57c898c8099f4e08c8afd178a2 # v2
         with:
           fail: false # Don't fail on broken links, create an issue instead
 
diff --git a/.github/workflows/check-build.yml b/.github/workflows/check-build.yml
index 548a614c..eea3e342 100644
--- a/.github/workflows/check-build.yml
+++ b/.github/workflows/check-build.yml
@@ -36,7 +36,7 @@ jobs:
     - uses: actions/checkout@v5
       
     - name: Set up JDK
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@v5
       with:
         distribution: ${{ matrix.distribution }}
         java-version: ${{ matrix.java }}
@@ -93,7 +93,7 @@ jobs:
     - uses: actions/checkout@v5
       
     - name: Set up JDK
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@v5
       with:
         distribution: ${{ matrix.distribution }}
         java-version: ${{ matrix.java }}
@@ -116,7 +116,7 @@ jobs:
     - uses: actions/checkout@v5
 
     - name: Set up JDK
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@v5
       with:
         distribution: ${{ matrix.distribution }}
         java-version: ${{ matrix.java }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 544186f9..e98c098c 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -16,7 +16,7 @@ jobs:
     - uses: actions/checkout@v5
       
     - name: Set up JDK
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@v5
       with:
         java-version: '17'
         distribution: 'temurin'
@@ -126,7 +126,7 @@ jobs:
         git pull
 
     - name: Set up JDK
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@v5
       with: # running setup-java overwrites the settings.xml
         distribution: 'temurin'
         java-version: '17'
@@ -147,7 +147,7 @@ jobs:
         MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
   
     - name: Set up JDK
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@v5
       with: # running setup-java again overwrites the settings.xml
         distribution: 'temurin'
         java-version: '17'
@@ -182,7 +182,7 @@ jobs:
         git pull
 
     - name: Setup - Java
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@v5
       with:
         java-version: '17'
         distribution: 'temurin'
diff --git a/.github/workflows/test-deploy.yml b/.github/workflows/test-deploy.yml
index 2d943e11..2567688a 100644
--- a/.github/workflows/test-deploy.yml
+++ b/.github/workflows/test-deploy.yml
@@ -14,7 +14,7 @@ jobs:
     - uses: actions/checkout@v5
 
     - name: Set up JDK
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@v5
       with: # running setup-java overwrites the settings.xml
         distribution: 'temurin'
         java-version: '17'
@@ -35,7 +35,7 @@ jobs:
         MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
   
     - name: Set up JDK
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@v5
       with: # running setup-java again overwrites the settings.xml
         distribution: 'temurin'
         java-version: '17'
diff --git a/.idea/checkstyle-idea.xml b/.idea/checkstyle-idea.xml
index d43641c1..ec555b58 100644
--- a/.idea/checkstyle-idea.xml
+++ b/.idea/checkstyle-idea.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project version="4">
   <component name="CheckStyle-IDEA" serialisationVersion="2">
-    <checkstyleVersion>10.26.1</checkstyleVersion>
+    <checkstyleVersion>11.0.0</checkstyleVersion>
     <scanScope>JavaOnlyWithTests</scanScope>
     <suppressErrors>true</suppressErrors>
     <copyLibs>true</copyLibs>
diff --git a/flow-demo/pom.xml b/flow-demo/pom.xml
index ab7912d5..509bf037 100644
--- a/flow-demo/pom.xml
+++ b/flow-demo/pom.xml
@@ -29,9 +29,9 @@
 		<mainClass>software.xdev.vaadin.Application</mainClass>
 
 		<!-- Dependency-Versions -->
-		<vaadin.version>24.8.6</vaadin.version>
+		<vaadin.version>24.8.7</vaadin.version>
 
-		<org.springframework.boot.version>3.5.4</org.springframework.boot.version>
+		<org.springframework.boot.version>3.5.5</org.springframework.boot.version>
 	</properties>
 
 	<dependencyManagement>
diff --git a/flow/pom.xml b/flow/pom.xml
index eaa32541..1f53217d 100644
--- a/flow/pom.xml
+++ b/flow/pom.xml
@@ -49,7 +49,7 @@
 		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
 
 		<!-- Dependency-Versions -->
-		<vaadin.version>24.8.6</vaadin.version>
+		<vaadin.version>24.8.7</vaadin.version>
 	</properties>
 
 	<dependencyManagement>
@@ -142,7 +142,7 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-javadoc-plugin</artifactId>
-				<version>3.11.2</version>
+				<version>3.11.3</version>
 				<executions>
 					<execution>
 						<id>attach-javadocs</id>