diff --git a/.github/workflows/build-ci.yml b/.github/workflows/build-ci.yml
index 7b0fe9d..d26f2f9 100644
--- a/.github/workflows/build-ci.yml
+++ b/.github/workflows/build-ci.yml
@@ -3,7 +3,7 @@ name: PayPay Java SDK CI
 on: [push,pull_request]
 
 jobs:
-  build:
+  code-climate:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
@@ -25,12 +25,44 @@ jobs:
         run: |
           ./gradlew clean build jacocoTestReport
 
-      - name: Upload to CoPilot
-        run: bash <(curl -s https://copilot.blackducksoftware.com/ci/githubactions/scripts/upload)
-
       - name: Code Climate after-build
         env:
           CC_TEST_REPORTER_ID: 7498cf1d134247ce860e440046a15731b846c8e2b4d6a0111310f012d12e6fda
         run: |
           JACOCO_SOURCE_PATH=src/main/java ./cc-test-reporter format-coverage build/reports/jacoco/test/jacocoTestReport.xml --input-type jacoco
           ./cc-test-reporter upload-coverage
+
+  code-ql:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set up openjdk
+        uses: actions/setup-java@v1
+        with:
+          java-version: 1.8
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: java
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+
+  co-pilot:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set up openjdk
+        uses: actions/setup-java@v1
+        with:
+          java-version: 1.8
+
+      - name: Upload to CoPilot
+        run: bash <(curl -s https://copilot.blackducksoftware.com/ci/githubactions/scripts/upload)
+
diff --git a/build.gradle b/build.gradle
index 4c105ca..3c71c0b 100644
--- a/build.gradle
+++ b/build.gradle
@@ -69,14 +69,14 @@ java {
 
 
 dependencies {
-    compile 'io.swagger:swagger-annotations:1.6.6'
+    compile 'io.swagger:swagger-annotations:1.6.10'
     compile 'com.squareup.okhttp:okhttp:2.7.5'
     compile 'com.squareup.okhttp:logging-interceptor:2.7.5'
-    compile 'com.google.code.gson:gson:2.9.1'
-    compile ('com.auth0:java-jwt:3.19.2'){
+    compile 'com.google.code.gson:gson:2.10.1'
+    compile ('com.auth0:java-jwt:4.0.0'){
         exclude group: 'com.fasterxml.jackson.core', module: 'jackson-databind'
     }
-    compile 'com.fasterxml.jackson.core:jackson-databind:2.13.3'
+    compile 'com.fasterxml.jackson.core:jackson-databind:2.14.2'
     compile 'org.apache.commons:commons-lang3:3.12.0'
     // validation
     compile group: 'org.hibernate.validator', name: 'hibernate-validator', version: '7.0.5.Final'
@@ -84,9 +84,9 @@ dependencies {
     compile group: 'jakarta.el', name: 'jakarta.el-api', version: '4.0.0'
     compile group: 'org.glassfish', name: 'jakarta.el', version: '4.0.2'
 
-    testCompile 'org.mockito:mockito-core:4.4.0'
-    testCompile("org.junit.jupiter:junit-jupiter-engine:5.9.0")
-    testCompile("org.junit.platform:junit-platform-runner:1.9.0")
+    testCompile 'org.mockito:mockito-core:4.6.0'
+    testCompile("org.junit.jupiter:junit-jupiter-engine:5.9.2")
+    testCompile("org.junit.platform:junit-platform-runner:1.9.2")
 }
 pmd{
     consoleOutput = true