diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 00000000..9c253b31
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,13 @@
+# Set update schedule for GitHub Actions
+
+version: 2
+updates:
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      # Check for updates to GitHub Actions every week
+      interval: "weekly"
+    labels:
+      - "dependencies"
+      - "skip changelog"
\ No newline at end of file
diff --git a/.github/workflows/changelog-enforcer.yml b/.github/workflows/changelog-enforcer.yml
index 4ce32064..b701b2b4 100644
--- a/.github/workflows/changelog-enforcer.yml
+++ b/.github/workflows/changelog-enforcer.yml
@@ -8,8 +8,8 @@ jobs:
   changelog:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: dangoslen/changelog-enforcer@v2
+      - uses: actions/checkout@v4
+      - uses: dangoslen/changelog-enforcer@v3
         with:
           changeLogPath: 'CHANGELOG.md'
           skipLabels: 'skip changelog'
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index e72b952d..9d977073 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -13,7 +13,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
       with:
         # We must fetch at least the immediate parents so that if this is
         # a pull request then we can checkout the head.
@@ -26,11 +26,11 @@ jobs:
       
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
 
     # Build
     - name: Set up JDK 11
-      uses: actions/setup-java@v2
+      uses: actions/setup-java@v3
       with:
         distribution: 'adopt' # See 'Supported distributions' for available options
         java-version: '11'
@@ -39,4 +39,4 @@ jobs:
         NO_NEXUS: true
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2
diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml
index f53a2244..fdd1a242 100644
--- a/.github/workflows/gradle.yml
+++ b/.github/workflows/gradle.yml
@@ -8,8 +8,8 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v1
-    - uses: actions/setup-node@v1
+    - uses: actions/checkout@v4
+    - uses: actions/setup-node@v3
       with:
         node-version: '12.x'
     - name: Install NPM
@@ -17,7 +17,7 @@ jobs:
     - name: Build provisioning-app FE
       run: cd client && npm run build:prod
     - name: Set up JDK 11
-      uses: actions/setup-java@v2
+      uses: actions/setup-java@v3
       with:
         distribution: 'adopt' # See 'Supported distributions' for available options
         java-version: '11'
@@ -25,7 +25,7 @@ jobs:
       run: ./gradlew clean spotlessCheck build
       env:
         NO_NEXUS: true
-    - uses: actions/cache@v1
+    - uses: actions/cache@v3
       with:
         path: ~/.gradle/caches
         key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
diff --git a/.github/workflows/push-image.sh b/.github/workflows/push-image.sh
index 7ba19d6e..3e85e6f8 100755
--- a/.github/workflows/push-image.sh
+++ b/.github/workflows/push-image.sh
@@ -29,6 +29,8 @@ case $GIT_REF in
   	DOCKERTAG="${GIT_REF/refs\/heads\//}" ;;
   refs/tags/v?(+([0-9]).)+([0-9]).*([0-9]) )
     DOCKERTAG="${GIT_REF/refs\/tags\/v/}" ;;
+  refs/tags/v?(+([0-9]).)+([0-9]).*([0-9])-snapshot )
+     DOCKERTAG='snapshot' ;;
   * )
     DOCKERTAG='none' ;;
 esac
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 21d8ec50..25acd664 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,7 +2,12 @@
 
 ## Unreleased
 
-### Changed
+
+## [4.3.0] - 2025-03-25
+
+### Fixed
+
+- Fix CVE 2022 22965 ([#754](https://github.com/opendevstack/ods-provisioning-app/pull/754))
 
 ## [4.2.0] - 2023-11-02
 
diff --git a/build.gradle b/build.gradle
index a1548945..f984119f 100644
--- a/build.gradle
+++ b/build.gradle
@@ -19,7 +19,7 @@ buildscript {
 }
 
 plugins {
-    id 'org.springframework.boot' version '2.4.1'
+    id 'org.springframework.boot' version '2.5.12'
     id 'io.spring.dependency-management' version '1.0.10.RELEASE'
     id 'java'
     id 'maven-publish'
diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
index 4d9ca164..28ff446a 100644
--- a/gradle/wrapper/gradle-wrapper.properties
+++ b/gradle/wrapper/gradle-wrapper.properties
@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-6.7.1-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-6.8.1-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists