diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index c47806d71..7c5a1e957 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -58,7 +58,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3
+      uses: github/codeql-action/init@c6f931105cb2c34c8f901cc885ba1e2e259cf745 # v4.34.0
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -69,7 +69,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3
+      uses: github/codeql-action/autobuild@c6f931105cb2c34c8f901cc885ba1e2e259cf745 # v4.34.0
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -83,4 +83,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3
+      uses: github/codeql-action/analyze@c6f931105cb2c34c8f901cc885ba1e2e259cf745 # v4.34.0
diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml
index cb3e06bc6..b7c1f9fb3 100644
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml
@@ -57,13 +57,13 @@ jobs:
           publish_results: true
 
       - name: "Upload artifact"
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f    # 6.0.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3
+        uses: github/codeql-action/upload-sarif@c6f931105cb2c34c8f901cc885ba1e2e259cf745 # v4.34.0
         with:
           sarif_file: results.sarif
diff --git a/pom.xml b/pom.xml
index f057343d8..c24b15ff6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -76,13 +76,13 @@
     <project.build.outputTimestamp>2026-02-26T13:04:11Z</project.build.outputTimestamp>
     <commons.main.branch>master</commons.main.branch>
     <commons.release.branch>release</commons.release.branch>
-    <commons.release.version>97</commons.release.version>
-    <commons.release.next>98</commons.release.next>
+    <commons.release.version>98</commons.release.version>
+    <commons.release.next>99</commons.release.next>
     <commons.rc.version>RC1</commons.rc.version>
     <commons.jira.id>COMMONSSITE</commons.jira.id>
     <!-- Commons Release Plugin -->
     <!-- Previous version of the component (used for reporting binary compatibility check)-->
-    <commons.bc.version>96</commons.bc.version>
+    <commons.bc.version>97</commons.bc.version>
     <commons.release.isDistModule>true</commons.release.isDistModule>
     <!--
       Define the following in ~/.m2/settings.xml in an active profile:
@@ -133,7 +133,7 @@
     <commons.javadoc.version>3.12.0</commons.javadoc.version>
     <commons.jxr.version>3.6.0</commons.jxr.version>
     <commons.pmd.version>3.28.0</commons.pmd.version>
-    <commons.pmd-impl.version>7.21.0</commons.pmd-impl.version>
+    <commons.pmd-impl.version>7.22.0</commons.pmd-impl.version>
     <commons.project-info.version>3.9.0</commons.project-info.version>
     <commons.rat.version>0.17</commons.rat.version>
     <commons.release-plugin.version>1.9.2</commons.release-plugin.version>
@@ -1772,7 +1772,7 @@
         <jdk>[17,)</jdk>
 	  </activation>
       <properties>
-        <commons.felix.version>6.0.0</commons.felix.version>
+        <commons.felix.version>6.0.2</commons.felix.version>
         <commons.biz.aQute.bndlib.version>7.2.1</commons.biz.aQute.bndlib.version>
       </properties>
     </profile>
@@ -1789,6 +1789,7 @@
         <jdk>[21,)</jdk>
 	  </activation>
       <properties>
+        <commons.checkstyle.version>13.3.0</commons.checkstyle.version>
         <argLine>-XX:+EnableDynamicAgentLoading</argLine>
       </properties>
     </profile>
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index e83531125..558bd7720 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -57,6 +57,14 @@ The <action> type attribute can be add,update,fix,remove.
     The changes report outputs actions in the order they appear in this file.
      -->
     <body>
+      <release version="98" date="YYYY-MM-DD" description="This is a feature and maintenance release. Java 8 or later is required.">
+	    <!-- FIX -->
+	    <!-- ADD -->
+	    <!-- UPDATE -->
+        <action type="update" dev="ggregory" due-to="Gary Gregory">Bump net.sourceforge.pmd:pmd-* from 7.21.0 to 7.22.0.</action>
+        <action type="update" dev="ggregory" due-to="Gary Gregory">Bump org.apache.felix:maven-bundle-plugin from 6.0.0 on 6.0.2 on Java 17 and up.</action>
+        <action type="update" dev="ggregory" due-to="Gary Gregory">Bump com.puppycrawl.tools:checkstyle from 12.3.1 to 13.3.0 on Java 21 and up.</action>
+	  </release>
       <release version="97" date="2026-02-21" description="This is a feature and maintenance release. Java 8 or later is required.">
         <!-- FIX -->
         <!-- ADD -->