diff --git a/.github/workflows/sonar-pr-analysis-publish.yml b/.github/workflows/sonar-pr-analysis-publish.yml
index c71d01f17..989f3169d 100644
--- a/.github/workflows/sonar-pr-analysis-publish.yml
+++ b/.github/workflows/sonar-pr-analysis-publish.yml
@@ -28,11 +28,6 @@ jobs:
       GITHUB_REPO: ${{ github.repository }}
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
     steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          # Shallow clones should be disabled for a better relevancy of analysis
-          fetch-depth: 0
       - name: Setup Java 17 # Move Sonar analysis to Java 17
         uses: actions/setup-java@v4
         with:
@@ -45,6 +40,12 @@ jobs:
           PR_QUERY_RESULT=$(curl -s -H "Authorization: token $GITHUB_TOKEN" \
             "https://api.github.com/repos/$GITHUB_REPO/pulls?head=$GITHUB_PR_AUTHOR:$GITHUB_BASE_REF&state=open" | jq '.[0].number')
           echo "PR_NUMBER=$PR_QUERY_RESULT" >> $GITHUB_ENV
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: refs/pull/${{ env.PR_NUMBER }}/head
+          # Shallow clones should be disabled for a better relevancy of analysis
+          fetch-depth: 0
       - name: Publish analysis on PR
         run: |
           ./mvnw ${MAVEN_ARGS} -Pjacoco,sonar clean install \
diff --git a/pom.xml b/pom.xml
index c851f1356..8f0865038 100644
--- a/pom.xml
+++ b/pom.xml
@@ -76,15 +76,15 @@
     <jib-core.version>0.27.3</jib-core.version>
     <jnr-jffi.version>1.3.11</jnr-jffi.version>
     <jnr-unixsocket.version>0.38.23</jnr-unixsocket.version>
-    <junit.jupiter.version>5.8.2</junit.jupiter.version>
+    <junit.jupiter.version>5.10.0</junit.jupiter.version>
     <maven.version>3.8.8</maven.version>
     <minimum.maven.version>3.3.9</minimum.maven.version>
-    <mockito.version>4.5.1</mockito.version>
+    <mockito.version>4.11.0</mockito.version>
     <project.build.outputTimestamp>2025-04-06T16:04:56Z</project.build.outputTimestamp>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <surefire.version>3.5.2</surefire.version>
-    <system-stubs.version>2.0.1</system-stubs.version>
-    <version.assertj-core>3.25.3</version.assertj-core>
+    <surefire.version>3.5.3</surefire.version>
+    <system-stubs.version>2.0.3</system-stubs.version>
+    <version.assertj-core>3.27.3</version.assertj-core>
     <version.sonar-maven-plugin>4.0.0.4121</version.sonar-maven-plugin>
   </properties>