diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 0dfbd1180..c99766f5b 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -16,25 +16,55 @@ updates:
     # In general, our Netty references are temporary overrides, usually applied to address transitive Spring vulnerabilities, and should be configured with caution
     # In general, having conflicting Netty versions in the classpath is not recommended
     - dependency-name: "io.netty:*"
+    # We will handle major upgrades manually
+    - dependency-name: "*"
+      update-types:
+        - "version-update:semver-major"
   groups:
     spring-boot-dependencies:
       patterns:
         - "org.springframework.boot:*"
         - "io.spring.dependency-management"
-      # We will handle major upgrades manually
-      update-types:
-        - "patch"
-        - "minor"
-    other-dependencies:
-      exclude-patterns:
-        - "org.springframework.boot:*"
-        - "io.spring.dependency-management"
+        - "io.modelcontextprotocol.sdk:mcp-spring-webflux"
+        # We defined this dependency explicitly because Spring uses an older version
+        - "com.nimbusds:nimbus-jose-jwt"
+    testing:
+      # TODO: Consider using dependency-type when https://github.com/dependabot/dependabot-core/issues/13122 is supported
+      patterns:
+        - "org.testcontainers:*"
+        - "org.junit.jupiter:*"
+        - "org.assertj:*"
+        - "com.gorylenko.gradle-git-properties"
+        - "com.bmuschko.docker-remote-api"
+        - "org.mockito:*"
+        # Bouncy Castle is only used for testing purposes
+        - "org.bouncycastle:bcpkix-jdk18on"
+    api-build-tools:
+      patterns:
+        - "org.openapitools:*"
+        - "com.github.java-json-tools:*"
+        - "com.github.victools:*"
+    # Update Apache Commons libraries together as these dependencies rarely introduce breaking changes
+    apache-commons:
+      patterns:
+        - "org.apache.commons:*"
+    kafka:
+      patterns:
+        - "org.apache.kafka:*"
+        - "io.confluent:*"
+    schema-tools:
+      patterns:
+        - "com.github.victools:jsonschema-generator"
+        - "com.github.java-json-tools:json-schema-validator"
+        - "org.openapitools.openapistylevalidator"
+        - "org.openapi.generator"
+        - "io.swagger.core.v3:*"
+    lucene:
+      patterns:
+        - "org.apache.lucene:*"
+    others:
       patterns:
         - "*"
-      update-types:
-        - "patch"
-        - "minor"
-
 - package-ecosystem: docker
   directory: "/api"
   schedule:
@@ -43,6 +73,7 @@ updates:
     timezone: Europe/London
   open-pull-requests-limit: 10
   ignore:
+    # We handle Major Java updates manually
   - dependency-name: "azul/zulu-openjdk-alpine"
     update-types: ["version-update:semver-major"]
   labels:
@@ -69,12 +100,16 @@ updates:
         - "minor"
 
 - package-ecosystem: "github-actions"
+  open-pull-requests-limit: 10
   directory: "/"
   schedule:
     interval: weekly
     time: "10:00"
     timezone: Europe/London
-  open-pull-requests-limit: 10
+  groups:
+    github-actions:
+      patterns:
+        - "*"
   labels:
     - "type/dependencies"
     - "scope/infra"
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index df563b834..5e5a336d8 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -14,8 +14,8 @@ apache-commons-compress = '1.26.0'
 assertj = '3.25.3'
 avro = '1.11.4'
 byte-buddy = '1.18.1'
-confluent = '7.9.2'
-confluent-ccs = '7.9.0-ccs'
+confluent = '7.9.5'
+confluent-ccs = '7.9.5-ce'
 
 mapstruct = '1.6.2'
 lombok = '1.18.42'
@@ -32,7 +32,7 @@ swagger-integration-jakarta = '2.2.28'
 jakarta-annotation-api = '2.1.1'
 jackson-databind-nullable = '0.2.6'
 antlr = '4.13.2'
-json-schema-validator = '2.2.14'
+json-schema-validator = '2.2.13'
 checkstyle = '10.24.0'
 
 prometheus = '1.3.6'
@@ -124,7 +124,7 @@ google-managed-kafka-login-handler = {module = 'com.google.cloud.hosted.kafka:ma
 google-oauth-client = { module = 'com.google.oauth-client:google-oauth-client', version = '1.39.0' }
 
 modelcontextprotocol-spring-webflux = {module = 'io.modelcontextprotocol.sdk:mcp-spring-webflux', version = '0.10.0'}
-victools-jsonschema-generator = {module = 'com.github.victools:jsonschema-generator', version = '4.38.0'}
+victools-jsonschema-generator = {module = 'com.github.victools:jsonschema-generator', version = '4.37.0'}
 
 prometheus-metrics-core = {module = 'io.prometheus:prometheus-metrics-core', version.ref = 'prometheus'}
 prometheus-metrics-textformats = { module = 'io.prometheus:prometheus-metrics-exposition-textformats', version.ref = 'prometheus'}