diff --git a/.git-blame-ignore-revs b/.git-blame-ignore-revs
index 292ef66f6..0392b98e4 100644
--- a/.git-blame-ignore-revs
+++ b/.git-blame-ignore-revs
@@ -6,3 +6,6 @@ a538fda77c86a371c80891851432d7fca3aa78cc
 
 # Scala Steward: Reformat with scalafmt 3.8.2
 c3c7edb40313eecefe157f89e4f218d269c16d0a
+
+# Scala Steward: Reformat with scalafmt 3.8.3
+b8f9f401aee24b8fed273408b217e31075c66d74
diff --git a/.scalafmt.conf b/.scalafmt.conf
index 3015bb18f..b88a90f69 100644
--- a/.scalafmt.conf
+++ b/.scalafmt.conf
@@ -1,4 +1,4 @@
-version = 3.8.2
+version = 3.8.3
 
 runner.dialect = scala213
 maxColumn = 80
\ No newline at end of file
diff --git a/build.sbt b/build.sbt
index 37af0e603..02ad9f840 100644
--- a/build.sbt
+++ b/build.sbt
@@ -16,7 +16,7 @@ inThisBuild(
 
 val commonSettings = Seq(
   organization := "com.gu",
-  scalaVersion := "2.13.14",
+  scalaVersion := "2.13.15",
   scalacOptions ++= Seq(
     "-feature",
     "-language:postfixOps,reflectiveCalls,implicitConversions",
diff --git a/magenta-lib/src/main/scala/magenta/package.scala b/magenta-lib/src/main/scala/magenta/package.scala
index b73126158..ff2ae10a7 100644
--- a/magenta-lib/src/main/scala/magenta/package.scala
+++ b/magenta-lib/src/main/scala/magenta/package.scala
@@ -69,5 +69,5 @@ object `package` extends Loggable {
   /** This can be used when you have high confidence it will never be reached.
     * An example might be exhaustive cases in a match statement.
     */
-  def `wtf?` : Nothing = throw new IllegalStateException("WTF?")
+  def `wtf?`: Nothing = throw new IllegalStateException("WTF?")
 }
diff --git a/project/Dependencies.scala b/project/Dependencies.scala
index 43799705e..7f0487b3a 100644
--- a/project/Dependencies.scala
+++ b/project/Dependencies.scala
@@ -5,9 +5,9 @@ object Dependencies {
 
   object Versions {
     val aws = "2.26.31"
-    val jackson = "2.17.2"
+    val jackson = "2.18.0"
     val awsRds = "1.12.777"
-    val enumeratumPlay = "1.8.1"
+    val enumeratumPlay = "1.8.2"
   }
 
   // https://github.com/orgs/playframework/discussions/11222
@@ -49,7 +49,7 @@ object Dependencies {
       "com.fasterxml.jackson.dataformat" % "jackson-dataformat-yaml" % Versions.jackson,
       "com.beachape" %% "enumeratum-play-json" % Versions.enumeratumPlay,
       "com.google.apis" % "google-api-services-deploymentmanager" % "v2-rev20240214-2.0.0",
-      "com.google.cloud" % "google-cloud-storage" % "2.40.1",
+      "com.google.cloud" % "google-cloud-storage" % "2.44.0",
       "org.scala-lang.modules" %% "scala-parallel-collections" % "1.0.4"
     ).map((m: ModuleID) =>
       // don't even ask why I need to do this
@@ -65,33 +65,33 @@ object Dependencies {
     commonDeps ++ jacksonOverrides ++ Seq(
       evolutions,
       jdbc,
-      "com.gu.play-googleauth" %% "play-v30" % "10.0.1",
-      "com.gu.play-secret-rotation" %% "play-v30" % "8.4.5",
-      "com.gu.play-secret-rotation" %% "aws-parameterstore-sdk-v2" % "8.4.5",
+      "com.gu.play-googleauth" %% "play-v30" % "15.1.0",
+      "com.gu.play-secret-rotation" %% "play-v30" % "11.3.6",
+      "com.gu.play-secret-rotation" %% "aws-parameterstore-sdk-v2" % "11.3.6",
       "org.pegdown" % "pegdown" % "1.6.0",
       "com.adrianhurt" %% "play-bootstrap" % "1.6.1-P28-B3", // scala-steward:off,
-      "org.scanamo" %% "scanamo" % "1.1.1",
+      "org.scanamo" %% "scanamo" % "2.0.0",
       "software.amazon.awssdk" % "dynamodb" % Versions.aws,
       "software.amazon.awssdk" % "sns" % Versions.aws,
       "org.quartz-scheduler" % "quartz" % "2.3.2",
-      "com.gu" %% "anghammarad-client" % "2.0.0",
-      "org.webjars" %% "webjars-play" % "3.0.1",
+      "com.gu" %% "anghammarad-client" % "2.1.0",
+      "org.webjars" %% "webjars-play" % "3.0.2",
       "org.webjars" % "jquery" % "3.7.1",
-      "org.webjars" % "jquery-ui" % "1.13.3",
+      "org.webjars" % "jquery-ui" % "1.14.0",
       "org.webjars" % "bootstrap" % "3.4.1", // scala-steward:off
       "org.webjars" % "jasny-bootstrap" % "3.1.3-2", // scala-steward:off
       "org.webjars" % "momentjs" % "2.30.1",
-      "net.logstash.logback" % "logstash-logback-encoder" % "7.4",
+      "net.logstash.logback" % "logstash-logback-encoder" % "8.0",
       "org.scalikejdbc" %% "scalikejdbc" % "3.5.0", // scala-steward:off
-      "org.postgresql" % "postgresql" % "42.7.3",
+      "org.postgresql" % "postgresql" % "42.7.4",
       "com.beachape" %% "enumeratum-play" % Versions.enumeratumPlay,
       filters,
       ws,
-      "org.apache.pekko" %% "pekko-testkit" % "1.0.2" % Test,
+      "org.apache.pekko" %% "pekko-testkit" % "1.0.3" % Test,
       "com.amazonaws" % "aws-java-sdk-rds" % Versions.awsRds,
       "org.scala-stm" %% "scala-stm" % "0.11.1",
       // Play 3.0 currently uses logback-classic 1.4.11 which is vulnerable to CVE-2023-45960
-      "ch.qos.logback" % "logback-classic" % "1.5.6"
+      "ch.qos.logback" % "logback-classic" % "1.5.11"
     ).map((m: ModuleID) =>
       // don't even ask why I need to do this
       m.excludeAll(
diff --git a/project/build.properties b/project/build.properties
index ee4c672cd..bc7390601 100644
--- a/project/build.properties
+++ b/project/build.properties
@@ -1 +1 @@
-sbt.version=1.10.1
+sbt.version=1.10.3
diff --git a/project/plugins.sbt b/project/plugins.sbt
index 1ea3b94ce..c60754308 100644
--- a/project/plugins.sbt
+++ b/project/plugins.sbt
@@ -1,5 +1,5 @@
 // keep in sync with the play version in Dependencies
-addSbtPlugin("org.playframework" % "sbt-plugin" % "3.0.4")
+addSbtPlugin("org.playframework" % "sbt-plugin" % "3.0.5")
 
 addSbtPlugin("com.github.sbt" % "sbt-coffeescript" % "2.0.1")
 
@@ -9,7 +9,7 @@ addSbtPlugin("com.typesafe.sbt" % "sbt-less" % "1.1.2") // scala-steward:off
 addSbtPlugin("com.github.sbt" % "sbt-digest" % "2.0.0")
 
 addSbtPlugin("com.eed3si9n" % "sbt-buildinfo" % "0.12.0")
-addSbtPlugin("ch.epfl.scala" % "sbt-scalafix" % "0.12.1")
+addSbtPlugin("ch.epfl.scala" % "sbt-scalafix" % "0.13.0")
 
 addSbtPlugin("org.scalameta" % "sbt-scalafmt" % "2.5.2")