diff --git a/build.gradle b/build.gradle
index 1a2a850d66..a53dc296b6 100644
--- a/build.gradle
+++ b/build.gradle
@@ -250,6 +250,8 @@ allprojects {
force "com.google.protobuf:protobuf-java-util:${googleProtocolBufVersion}"
// force version for Cloud, FileTransfer, SequenceAnalysis, etc.
force "com.google.code.findbugs:jsr305:${jsr305Version}"
+ // force version used by JAXB to match api
+ force "org.eclipse.angus:angus-activation:${angusActivationVersion}"
// force Jakarta Activation API version used by our Angus Activation implementation
force "jakarta.activation:jakarta.activation-api:${jakartaActivationApiVersion}"
// force version for accounts, api, query
diff --git a/dependencyCheckSuppression.xml b/dependencyCheckSuppression.xml
index 4c69d33d30..b6207e62cd 100644
--- a/dependencyCheckSuppression.xml
+++ b/dependencyCheckSuppression.xml
@@ -139,4 +139,29 @@
^pkg:maven/com\.google\.code\.gson/gson@.*$
CVE-2025-53864
+
+
+
+
+ ^pkg:maven/org\.labkey\.api/provisioning@.*$
+ cpe:/a:labkey:labkey_server
+
+
+
+ ^pkg:maven/org\.labkey\.api/labkey-client-api@.*$
+ cpe:/a:labkey:labkey_server
+
+
+
+ ^pkg:maven/org\.labkey\.api/labkey-api-jdbc@.*$
+ cpe:/a:labkey:labkey_server
+
diff --git a/gradle.properties b/gradle.properties
index 3ac6548562..4ddbabf0af 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -60,7 +60,7 @@ windowsProteomicsBinariesVersion=1.0
artifactoryPluginVersion=5.2.5
gradleNodePluginVersion=7.1.0
gradlePluginsVersion=7.0.0
-owaspDependencyCheckPluginVersion=12.1.6
+owaspDependencyCheckPluginVersion=12.1.8
versioningPluginVersion=1.1.2
# Versions of node and npm to use during the build. If set, these versions
@@ -86,8 +86,8 @@ npmWorkDirectory=.node
# convention is Version camel-cased, i.e. "jacksonVersion".
# The implementation of Jakarta Activation API that we use. Keep in sync with jakartaActivationApiVersion (below).
-angusActivationVersion=2.0.2
-angusMailVersion=2.0.4
+angusActivationVersion=2.0.3
+angusMailVersion=2.0.5
annotationsVersion=15.0
@@ -104,22 +104,22 @@ apacheTomcatVersion=10.1.46
# (mothership) -> json-path -> json-smart -> accessor-smart
# (core) -> graalvm
# tika
-asmVersion=9.8
+asmVersion=9.9
# Apache Batik -- Batik version needs to be compatible with Apache FOP, but we need to pull in batik-codec separately
batikVersion=1.19
# sync with Tika version (or later)
-bouncycastlePgpVersion=1.81
-bouncycastleVersion=1.81
+bouncycastlePgpVersion=1.82
+bouncycastleVersion=1.82
-byteBuddyVersion=1.17.7
+byteBuddyVersion=1.17.8
cglibNodepVersion=2.2.3
checkerQualVersion=3.31.0
-commonmarkVersion=0.25.1
+commonmarkVersion=0.27.0
# the beanutils version is not the default version brought from commons-validator and/or commons-digester
# in the :server:api module but is required for some of our code to compile
@@ -132,7 +132,7 @@ commonsDbcpVersion=1.4
commonsDigesterVersion=1.8.1
commonsDiscoveryVersion=0.2
commonsIoVersion=2.20.0
-commonsLang3Version=3.18.0
+commonsLang3Version=3.19.0
commonsLangVersion=2.6
commonsLoggingVersion=1.3.5
commonsMath3Version=3.6.1
@@ -141,7 +141,7 @@ commonsTextVersion=1.14.0
commonsValidatorVersion=1.10.0
commonsVfs2Version=2.10.0
-datadogVersion=1.52.1
+datadogVersion=1.54.0
dom4jVersion=2.1.4
@@ -157,8 +157,8 @@ fopVersion=2.11
# Force latest for consistency
googleAutoValueAnnotationsVersion=1.10.4
-googleErrorProneAnnotationsVersion=2.41.0
-googleHttpClientVersion=2.0.0
+googleErrorProneAnnotationsVersion=2.42.0
+googleHttpClientVersion=2.0.2
googleOauthClientVersion=1.39.0
googleProtocolBufVersion=3.25.8
@@ -168,9 +168,9 @@ googleProtocolBufVersion=3.25.8
# "java.lang.NoSuchMethodError: 'void com.google.gson.internal.ConstructorConstructor.(java.util.Map)'" errors
gsonVersion=2.8.9
-grpcVersion=1.75.0
+grpcVersion=1.76.0
-guavaVersion=33.4.8-jre
+guavaVersion=33.5.0-jre
# Note: You won't find usages in the product sources; this property is used by the gradle plugin.
gwtVersion=2.12.2
@@ -184,8 +184,8 @@ hamcrestVersion=2.2
# Note: if changing this, we might need to match with the picard version in the SequenceAnalysis module build.gradle
htsjdkVersion=4.3.0
-httpclient5Version=5.5
-httpcore5Version=5.3.5
+httpclient5Version=5.5.1
+httpcore5Version=5.3.6
# Not used directly, but these are widely used transitive dependencies
httpclientVersion=4.5.14
@@ -201,7 +201,7 @@ jacksonDatabindVersion=2.20.0
jacksonJaxrsBaseVersion=2.20.0
# The Jakarta Activation API version that Angus Activation implements. Keep in sync with angusActivationVersion (above).
-jakartaActivationApiVersion=2.1.3
+jakartaActivationApiVersion=2.1.4
jamaVersion=1.0.3
@@ -241,16 +241,16 @@ jxlVersion=2.6.3
kaptchaVersion=2.3
-log4j2Version=2.24.3
+log4j2Version=2.25.2
-lombokVersion=1.18.38
+lombokVersion=1.18.42
-luceneVersion=9.12.2
+luceneVersion=9.12.3
-mssqlJdbcVersion=13.2.0.jre11
+mssqlJdbcVersion=13.2.1.jre11
# force for docker
-nettyVersion=4.2.5.Final
+nettyVersion=4.2.7.Final
objenesisVersion=1.0
@@ -267,7 +267,7 @@ poiVersion=5.4.0
pollingWatchVersion=0.2.0
# Newer versions of the driver have a perf degradation that's important for us. https://github.com/pgjdbc/pgjdbc/issues/3505
-postgresqlDriverVersion=42.7.4
+postgresqlDriverVersion=42.7.8
quartzVersion=2.5.0
@@ -302,7 +302,7 @@ stax2ApiVersion=4.2.2
thumbnailatorVersion=0.4.20
# used for tika-core in API and tika-parsers in search
-tikaVersion=3.2.2
+tikaVersion=3.2.3
# sync with Tika
tukaaniXZVersion=1.10