diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index ba7f05f..2e0173f 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -20,7 +20,7 @@ google-java-format = "1.25.2"
 jspecify = "1.0.0"
 
 # Runtime — pk-auth-core
-webauthn4j = "0.31.5.RELEASE"
+webauthn4j = "0.31.6.RELEASE"
 nimbus-jose-jwt = "10.9.1"
 jackson = "3.1.4"
 jackson-annotations = "2.22"
@@ -36,7 +36,7 @@ jdbi = "3.53.0"
 flyway = "12.7.0"
 postgresql = "42.7.11"
 hikaricp = "7.0.2"
-aws-sdk = "2.45.1"
+aws-sdk = "2.46.2"
 testcontainers = "1.21.4"
 
 # Spring Boot adapter (Phase 8). Spring Boot 4 / Spring Security 7. Spring Boot 4 standardized
@@ -56,7 +56,7 @@ h2 = "2.4.240"
 # `@Filter` validating the JWT against pk-auth-jwt's PkAuthJwtValidator is sufficient.
 # Micronaut 5.x requires JVM 25; we target Java 21 (brief §3), so 5.x is pinned out via
 # .github/dependabot.yml until the project moves to a newer JDK baseline.
-micronaut = "4.10.23"
+micronaut = "4.10.24"
 
 # Dropwizard adapter (Phase 9). Brief §6.11 tracks the latest Dropwizard release. 5.x adds
 # Jetty 12 / Jersey 4 (EE 10); the adapter rides the parent's `dropwizard-jackson` which is still