diff --git a/kork-aws/kork-aws.gradle b/kork-aws/kork-aws.gradle
index 429be4fc3..8065bc364 100644
--- a/kork-aws/kork-aws.gradle
+++ b/kork-aws/kork-aws.gradle
@@ -24,7 +24,7 @@ dependencies {
   api "com.amazonaws:aws-java-sdk-core"
   api "com.amazonaws:aws-java-sdk-sns"
   api "com.amazonaws:aws-java-sdk-sqs"
-  api "org.codehaus.groovy:groovy"
+  api "org.apache.groovy:groovy"
   api "com.hubspot.jinjava:jinjava"
   api "com.jcraft:jsch.agentproxy.jsch"
   api "com.jcraft:jsch.agentproxy.connector-factory"
diff --git a/kork-core-tck/kork-core-tck.gradle b/kork-core-tck/kork-core-tck.gradle
index 00ab1c363..e92bf8c13 100644
--- a/kork-core-tck/kork-core-tck.gradle
+++ b/kork-core-tck/kork-core-tck.gradle
@@ -7,6 +7,6 @@ dependencies {
   implementation(project(":kork-core"))
   implementation(project(":kork-exceptions"))
 
-  implementation("org.codehaus.groovy:groovy")
+  implementation("org.apache.groovy:groovy")
   implementation("org.spockframework:spock-core")
 }
diff --git a/kork-web/kork-web.gradle b/kork-web/kork-web.gradle
index 55d4c224b..2ddb202fa 100644
--- a/kork-web/kork-web.gradle
+++ b/kork-web/kork-web.gradle
@@ -16,7 +16,7 @@ dependencies {
   api project(":kork-crypto")
   api project(":kork-security")
   api project(":kork-exceptions")
-  api "org.codehaus.groovy:groovy"
+  api "org.apache.groovy:groovy"
   api "org.springframework.boot:spring-boot-starter-web"
   api "org.springframework.boot:spring-boot-starter-webflux"
   api "org.springframework.boot:spring-boot-starter-security"
diff --git a/spinnaker-dependencies/spinnaker-dependencies.gradle b/spinnaker-dependencies/spinnaker-dependencies.gradle
index 1745364fc..03c4634e8 100644
--- a/spinnaker-dependencies/spinnaker-dependencies.gradle
+++ b/spinnaker-dependencies/spinnaker-dependencies.gradle
@@ -12,6 +12,7 @@ ext {
     bouncycastle     : "1.77",
     brave            : "5.12.3",
     gcp              : "25.3.0",
+    groovy           : "4.0.15",
     jsch             : "0.1.54",
     jschAgentProxy   : "0.0.9",
     // spring boot 2.7.18 specifies logback 1.2.12.  Pin to 1.2.13 to resolve
@@ -22,6 +23,7 @@ ext {
     okhttp           : "2.7.5", // CVE-2016-2402
     okhttp3          : "4.9.3",
     openapi          : "1.3.9", // this needs to be kept in sync with spring boot as it pulls in the spring-boot-dependencies BOM
+    restassured      : "5.2.1", // spring boot 2.7.18 brings rest-assured 4.5.1. It uses groovy 3. Keep until spring boot >=3.0.13
     retrofit         : "1.9.0",
     retrofit2        : "2.8.1",
     spectator        : "1.0.6",
@@ -57,14 +59,17 @@ dependencies {
   api(platform("org.jetbrains.kotlin:kotlin-bom:$kotlinVersion"))
   api(platform("org.junit:junit-bom:5.9.0")) // untill spring boot >= 3.0.0
   api(platform("io.zipkin.brave:brave-bom:${versions.brave}"))
-  api(platform("org.springframework.boot:spring-boot-dependencies:${versions.springBoot}"))
+  api(platform("org.apache.groovy:groovy-bom:${versions.groovy}")) // until upgrade of spring boot >= 3.0.13
+  api(platform("org.springframework.boot:spring-boot-dependencies:${versions.springBoot}")) {
+    exclude group: "org.codehaus.groovy", module: "*" // until upgrade of spring boot >= 3.0.13
+  }
   api(platform("com.amazonaws:aws-java-sdk-bom:${versions.aws}"))
   api(platform("com.google.protobuf:protobuf-bom:${versions.protobuf}"))
   api(platform("com.google.cloud:libraries-bom:${versions.gcp}"))
   api(platform("software.amazon.awssdk:bom:${versions.awsv2}"))
   api(platform("org.springframework.cloud:spring-cloud-dependencies:${versions.springCloud}"))
   api(platform("io.strikt:strikt-bom:0.31.0"))
-  api(platform("org.spockframework:spock-bom:2.2-groovy-3.0"))
+  api(platform("org.spockframework:spock-bom:2.2-groovy-4.0"))
   api(platform("com.oracle.oci.sdk:oci-java-sdk-bom:3.21.0"))
   api(platform("org.testcontainers:testcontainers-bom:1.19.8"))
   api(platform("io.arrow-kt:arrow-stack:${versions.arrow}"))
@@ -80,6 +85,15 @@ dependencies {
     api("ch.qos.logback:logback-access:${versions.logback}") {
        force = true
     }
+    api("io.rest-assured:xml-path:${versions.restassured}") {
+      force = true
+    }
+    api("io.rest-assured:json-path:${versions.restassured}") {
+      force = true
+    }
+    api("io.rest-assured:rest-assured:${versions.restassured}") {
+      force = true
+    }
     api("com.amazonaws:aws-java-sdk:${versions.aws}")
     api("com.google.api-client:google-api-client:1.30.10") // TODO: Track update for CVE-2020-7692, reanalysis pending.
     api("com.google.apis:google-api-services-admin-directory:directory_v1-rev105-1.25.0")