diff --git a/.github/workflows/CD.yml b/.github/workflows/CD.yml
index 8742cef..bec59cb 100644
--- a/.github/workflows/CD.yml
+++ b/.github/workflows/CD.yml
@@ -24,10 +24,6 @@ jobs:
       - name: Set environment for version
         run: long="${{ github.ref }}"; version=${long#"refs/tags/v"}; echo "version=${version}" >> $GITHUB_ENV
       - uses: actions/checkout@v4
-      - uses: actions/setup-java@v4
-        with:
-          distribution: 'adopt'
-          java-version: 17
       - uses: gradle/actions/setup-gradle@v3
       - name: Publish
         run: ./gradlew -Pversion=$version -Dorg.gradle.parallel=false --no-configuration-cache publish closeAndReleaseStagingRepository
diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
index fbaa1ad..fd98bd8 100644
--- a/.github/workflows/CI.yml
+++ b/.github/workflows/CI.yml
@@ -13,14 +13,13 @@ jobs:
   build:
     runs-on: macos-14
     permissions:
-      contents: write
+      contents: read
       security-events: write
 
     steps:
       - uses: actions/checkout@v4
       - uses: gradle/actions/setup-gradle@v3
         with:
-          dependency-graph: generate-and-submit
           gradle-home-cache-cleanup: true
       - name: Build with Gradle
         run: ./gradlew build
diff --git a/.github/workflows/Docs.yml b/.github/workflows/Docs.yml
index 6800f7b..403fdb7 100644
--- a/.github/workflows/Docs.yml
+++ b/.github/workflows/Docs.yml
@@ -20,9 +20,8 @@ jobs:
       url: ${{ steps.deployment.outputs.page_url }}
 
     steps:
-      - uses: actions/configure-pages@v4
       - uses: actions/checkout@v4
-      - uses: gradle/wrapper-validation-action@v2
+      - uses: actions/configure-pages@v4
       - uses: gradle/actions/setup-gradle@v3
       - name: Generate Docs
         run: ./gradlew dokkaHtmlMultiModule --no-configuration-cache
diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml
new file mode 100644
index 0000000..1477f00
--- /dev/null
+++ b/.github/workflows/dependencies.yml
@@ -0,0 +1,29 @@
+name: Dependency review for pull requests
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  dependency-submission:
+    runs-on: ubuntu-latest
+    
+    permissions:
+      contents: write
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Generate and submit dependency graph
+        uses: gradle/actions/dependency-submission@v3
+        with:
+          cache-encryption-key: ${{ secrets.GradleEncryptionKey }}
+  
+  dependency-review:
+    runs-on: ubuntu-latest
+    needs: dependency-submission
+    if: github.event_name == 'pull_request'
+    steps:
+      - name: Perform dependency review
+        uses: actions/dependency-review-action@v4
diff --git a/gradle/build-logic/src/main/kotlin/publish.gradle.kts b/gradle/build-logic/src/main/kotlin/publish.gradle.kts
index b575f04..32103e6 100644
--- a/gradle/build-logic/src/main/kotlin/publish.gradle.kts
+++ b/gradle/build-logic/src/main/kotlin/publish.gradle.kts
@@ -38,10 +38,11 @@ publishing {
 }
 
 signing {
-    val signingKey: String? by project
-    val signingPassword: String? by project
-    useInMemoryPgpKeys(signingKey?.let { String(java.util.Base64.getDecoder().decode(it)).trim() }, signingPassword)
-    sign(publishing.publications)
+    val signingKey = providers.gradleProperty("signingKey")
+    if (signingKey.isPresent) {
+        useInMemoryPgpKeys(signingKey.get(), providers.gradleProperty("signingPassword").get())
+        sign(publishing.publications)
+    }
 }
 
 // https://youtrack.jetbrains.com/issue/KT-46466