diff --git a/debian/control b/debian/control
index 32f3084093..2c5fa97f06 100644
--- a/debian/control
+++ b/debian/control
@@ -106,11 +106,11 @@ Depends: ${shlibs:Depends}, ${misc:Depends},
  ruby-view-component (>= 2.71~),
  ruby-default-value-for (>= 3.4~),
 #ruby-mysql2 | ruby-pg,
- ruby-pg (>= 1.3~),
+ ruby-pg (>= 1.4.3~),
  ruby-rugged (>= 1.2~),
  ruby-grape-path-helpers (>= 1.7.1~),
  ruby-faraday (>= 1.0~),
- ruby-marginalia (>= 1.10~),
+ ruby-marginalia (>= 1.11.1~),
 # Authorization
  ruby-declarative-policy (>= 1.1),
 # Authentication libraries
@@ -122,15 +122,15 @@ Depends: ${shlibs:Depends}, ${misc:Depends},
  ruby-saml (>= 1.13~),
  ruby-omniauth (>= 2.1~),
  ruby-omniauth-auth0 (>= 2.0~),
- ruby-omniauth-azure-activedirectory-v2,
+ ruby-omniauth-azure-activedirectory-v2 (>= 2.0~),
  ruby-omniauth-azure-oauth2 (>= 0.0.10~),
  ruby-omniauth-cas3 (>= 1.1.4~),
- ruby-omniauth-dingtalk-oauth2,
- ruby-omniauth-alicloud,
+ ruby-omniauth-dingtalk-oauth2 (>= 1.0.1~),
+ ruby-omniauth-alicloud (>= 2.0~),
  ruby-omniauth-facebook (>= 4.0~),
- ruby-omniauth-github (>= 2.0~),
+ ruby-omniauth-github (>= 2.0.1~),
  ruby-omniauth-gitlab (>= 1.0.2~),
- ruby-omniauth-google-oauth2 (>= 0.6~),
+ ruby-omniauth-google-oauth2 (>= 1.1~),
  ruby-omniauth-kerberos (>= 0.3.0-3~),
  ruby-omniauth-oauth2-generic (>= 0.2.2~),
  ruby-omniauth-saml (>= 2.0~),
@@ -142,7 +142,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends},
  ruby-omniauth-openid-connect (>= 0.10~),
  ruby-omniauth-salesforce (>= 1.0.5~),
  ruby-omniauth-atlassian-oauth2 (>= 0.2.0~),
- ruby-rack-oauth2 (>= 1.21.2~),
+ ruby-rack-oauth2 (>= 1.21.3~),
  ruby-jwt (>= 2.1~),
 # Spam and anti-bot protection
  ruby-recaptcha (>= 4.11~),
@@ -212,7 +212,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends},
  ruby-elasticsearch (>= 5.0.3~),
  ruby-elasticsearch-rails (>= 7.2~),
  ruby-elasticsearch-api (>= 7.13.3~),
- ruby-aws-sdk-core (>= 3.131~),
+ ruby-aws-sdk-core (>= 3.159~),
  ruby-aws-sdk-cloudformation (>= 1.0~),
  ruby-aws-sdk-s3 (>= 1.114~),
  ruby-faraday-middleware-aws-sigv4,
@@ -222,7 +222,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends},
  ruby-task-list (>= 2.3.1~),
  ruby-gitlab-markup,
  ruby-github-markup (>= 1.7~),
- ruby-commonmarker (>= 0.23.4~),
+ ruby-commonmarker (>= 0.23.6~),
  ruby-kramdown (>= 2.3.1~),
  ruby-redcloth (>= 4.3.2-3~),
 # rdoc is built-in with ruby
@@ -256,7 +256,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends},
  ruby-acts-as-taggable-on (>= 9.0~),
 # Background jobs
  ruby-sidekiq (>= 6.4~),
- ruby-sidekiq-cron (>= 1.4~),
+ ruby-sidekiq-cron (>= 1.8~),
  ruby-redis-namespace (>= 1.8.1~),
  ruby-gitlab-sidekiq-fetcher (>= 0.8~),
 # Cron Parser
@@ -270,7 +270,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends},
 # GitLab settings
  ruby-settingslogic (>= 2.0.9~),
 # Linear-time regex library for untrusted regular expressions
- ruby-re2 (>= 1.4~),
+ ruby-re2 (>= 1.5~),
 # Misc
  ruby-version-sorter (>= 2.2.4~),
 # Export Ruby Regex to Javascript
@@ -305,11 +305,11 @@ Depends: ${shlibs:Depends}, ${misc:Depends},
  ruby-sanitize (>= 6.0~),
  ruby-babosa (>= 1.0.3~),
 # Sanitizes SVG input
- ruby-loofah (>= 2.18~),
+ ruby-loofah (>= 2.19~),
 # Working with license
  ruby-licensee (>= 9.14.1~),
 # Protect against bruteforcing
- ruby-rack-attack (>= 6.3~),
+ ruby-rack-attack (>= 6.6.1~),
 # Ace editor
  ruby-ace-rails-ap (>= 4.1~),
 # Detect and convert string character encoding
@@ -326,7 +326,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends},
 # Many node modules are still in NEW, some are yet to be packaged
 # so we use yarn to downlod those and hence gitlab is in contrib
  yarnpkg (>= 1.22.4~),
- ruby-rack-proxy (>= 0.7.2~),
+ ruby-rack-proxy (>= 0.7.4~),
 #
  ruby-sassc-rails (>= 2.1~),
    ruby-sassc (>= 2.0~),
@@ -345,7 +345,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends},
  ruby-sentry-rails (>= 5.1.1~),
  ruby-sentry-sidekiq (>= 5.1.1~),
 # PostgreSQL query parsing
- ruby-pg-query (>= 2.1~),
+ ruby-pg-query (>= 2.1.4~),
 #
  ruby-premailer-rails (>= 1.10.3-2~),
 # LabKit: Tracing and Correlation
@@ -412,11 +412,11 @@ Depends: ${shlibs:Depends}, ${misc:Depends},
 #
  ruby-google-protobuf (>= 3.19.4~),
 #
- ruby-toml-rb (>= 2.0~),
+ ruby-toml-rb (>= 2.2~),
 # Feature toggles
- ruby-flipper (>= 0.21~),
- ruby-flipper-active-record (>= 0.21~),
- ruby-flipper-active-support-cache-store (>= 0.21~),
+ ruby-flipper (>= 0.25~),
+ ruby-flipper-active-record (>= 0.25~),
+ ruby-flipper-active-support-cache-store (>= 0.25~),
  ruby-unleash (>= 3.2.2~),
  ruby-gitlab-experiment (>= 0.7.1~),
 # Structured logging
@@ -446,6 +446,10 @@ Depends: ${shlibs:Depends}, ${misc:Depends},
  ruby-parslet,
  ruby-ipynbdiff (>= 0.4.7~),
  ruby-ed25519 (>= 1.3~),
+# Vulnerability advisories
+ ruby-cvss-suite,
+# Apple plist parsing
+ ruby-cfpropertylist,
 # packaged node modules - all node packages are not packaged yet
  node-rails-actioncable,
  node-autosize (>= 4.0.2~dfsg1-5~),
diff --git a/debian/gitlab.postinst b/debian/gitlab.postinst
index c5c36a6fb0..2c992a268e 100755
--- a/debian/gitlab.postinst
+++ b/debian/gitlab.postinst
@@ -70,12 +70,10 @@ runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v '~> 8.4' "^danger$" >/de
 runuser -u ${gitlab_user} -- sh -c "if ! gem list -i "^gitlab-dangerfiles$" >/dev/null; then gem install gitlab-dangerfiles; fi"
 
 # TODO: Update packages for these gems
-runuser -u ${gitlab_user} -- sh -c "if ! gem list -i "^omniauth-rails_csrf_protection$" >/dev/null; then gem install omniauth-rails_csrf_protection; fi"
-runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v 6.6 "^rack-attack$" >/dev/null; then gem install -v 6.6 rack-attack; fi"
+runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v 1.1 "^omniauth-google-oauth2$" >/dev/null; then gem install -v 1.1 omniauth-google-oauth2; fi"
 runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v '~> 2.0' "^oauth2$" >/dev/null; then gem install -v '~> 2.0' oauth2; fi"
-runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v '~> 0.25' "^flipper$" >/dev/null; then gem install -v '~> 0.25' flipper; fi"
-runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v '~> 0.25' "^flipper-active_record$" >/dev/null; then gem install -v '~> 0.25' flipper-active_record; fi"
-runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v '~> 0.25' "^flipper-active_support_cache_store$" >/dev/null; then gem install -v '~> 0.25' flipper-active_support_cache_store; fi"
+runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v '~> 0.0.12' "^arr-pm$" >/dev/null; then gem install -v '~> 0.0.12' arr-pm; fi"
+runuser -u ${gitlab_user} -- sh -c "if ! gem list -i -v 1.9 "^redis-namespace$" >/dev/null; then gem install -v 1.9 redis-namespace; fi"
 
 #######################################################################
 # update Gemfile.lock and yarn.lock, always