diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 000000000..f472a956f
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,12 @@
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "gradle"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    ignore:
+      - dependency-name: "com.diffplug.spotless:spotless-plugin-gradle"
+      - dependency-name: "pl.allegro.tech.build:axion-release-plugin"
+      - dependency-name: "org.apache.sshd:sshd-common"
diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml
new file mode 100644
index 000000000..c62467402
--- /dev/null
+++ b/.github/workflows/gradle.yml
@@ -0,0 +1,67 @@
+# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time
+
+name: Java CI with Gradle
+
+on:
+  push:
+    branches: [ "main", "SRU2024_v10" ]
+  pull_request:
+    branches: [ "main" ]
+
+jobs:
+
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+      - uses: actions/checkout@v4
+
+      # Set the JDK 11 for the latest code branch (Prowide Core v10)
+      - name: Set up JDK 11
+        if: github.ref == 'refs/heads/SRU2024_v10' || github.head_ref == 'SRU2024_v10'
+        uses: actions/setup-java@v4
+        with:
+          java-version: '11'
+          distribution: 'temurin'
+
+      # Set the JDK 8 for the legacy code branch
+      - name: Set up JDK 8
+        if: github.ref != 'refs/heads/SRU2024_v10' && github.head_ref != 'SRU2024_v10'
+        uses: actions/setup-java@v4
+        with:
+          java-version: '8'
+          distribution: 'temurin'
+
+      # Configure Gradle for optimal use in GitHub Actions, including caching of downloaded dependencies.
+      # See: https://github.com/gradle/actions/blob/main/setup-gradle/README.md
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v4
+
+      - name: Build with Gradle Wrapper
+        run: ./gradlew build
+
+  # This job generates and submits a dependency graph, enabling Dependabot Alerts for all project dependencies.
+  # We only do it for the SRU2024_v10 branch to avoid spamming the Dependabot alerts for the legacy Java 8 code.
+  dependency-submission:
+    if: github.ref == 'refs/heads/SRU2024_v10' || github.head_ref == 'SRU2024_v10'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up JDK 11
+        uses: actions/setup-java@v4
+        with:
+          java-version: '11'
+          distribution: 'temurin'
+
+      # Generates and submits a dependency graph, enabling Dependabot Alerts for all project dependencies.
+      # See: https://github.com/gradle/actions/blob/main/dependency-submission/README.md
+      - name: Generate and submit dependency graph
+        uses: gradle/actions/dependency-submission@v4
+        with:
+          dependency-graph-exclude-projects: ':buildSrc'
diff --git a/build.gradle b/build.gradle
index 66d70321d..ac46d0cc2 100644
--- a/build.gradle
+++ b/build.gradle
@@ -100,8 +100,8 @@ subprojects {
 	version = rootProject.version
 
 	dependencies {
-		implementation 'org.apache.commons:commons-lang3:3.12.0'
-		implementation 'com.google.code.gson:gson:2.9.0'
+		implementation 'org.apache.commons:commons-lang3:3.17.0'
+		implementation 'com.google.code.gson:gson:2.11.0'
 		implementation 'com.sun.xml.bind:jaxb-impl:4.0.5'
 		// bind-api is included transitively by jaxb-impl
 		// implementation 'jakarta.xml.bind:jakarta.xml.bind-api:4.0.2'
@@ -126,8 +126,8 @@ configure(subprojects.findAll {it.name.endsWith('-mx')}) {
 		api project(':iso20022-core')
 		implementation project(specificTypesProject)
 
-		implementation 'org.apache.commons:commons-lang3:3.12.0'
-		implementation 'com.google.code.gson:gson:2.9.0'
+		implementation 'org.apache.commons:commons-lang3:3.17.0'
+		implementation 'com.google.code.gson:gson:2.11.0'
 
 		implementation 'com.sun.xml.bind:jaxb-impl:4.0.5'
 		// bind-api is included transitively by jaxb-impl
@@ -149,7 +149,7 @@ project(':iso20022-core') {
 		// included build
 		api 'com.prowidesoftware:pw-swift-core:SRU2024-10.2.5'
 
-		implementation 'org.apache.commons:commons-lang3:3.14.0'
+		implementation 'org.apache.commons:commons-lang3:3.17.0'
 		implementation 'com.google.code.gson:gson:2.11.0'
 
 		compileOnly 'jakarta.persistence:jakarta.persistence-api:3.1.0'
@@ -158,10 +158,10 @@ project(':iso20022-core') {
 		testImplementation 'jakarta.persistence:jakarta.persistence-api:3.1.0'
 		testImplementation 'org.junit.jupiter:junit-jupiter:5.10.2'
 		testImplementation 'com.google.guava:guava:33.2.0-jre'
-		testImplementation 'org.assertj:assertj-core:3.25.3'
+		testImplementation 'org.assertj:assertj-core:3.27.0'
 		testImplementation 'org.xmlunit:xmlunit-core:2.10.0'
-		testImplementation 'org.xmlunit:xmlunit-matchers:2.9.0'
-		testImplementation 'org.xmlunit:xmlunit-assertj:2.9.0'
+		testImplementation 'org.xmlunit:xmlunit-matchers:2.10.0'
+		testImplementation 'org.xmlunit:xmlunit-assertj:2.10.0'
 		testImplementation project(':model-acmt-mx')
 		testImplementation project(':model-acmt-types')
 		testImplementation project(':model-camt-mx')
@@ -486,9 +486,9 @@ task('testOn17', type: Test) {
 	}
 }
 
-task('testOn19', type: Test) {
+task('testOn21', type: Test) {
 	javaLauncher = javaToolchains.launcherFor {
-		languageVersion = JavaLanguageVersion.of(19)
+		languageVersion = JavaLanguageVersion.of(21)
 	}
 }