diff --git a/.config/checkstyle/checkstyle.xml b/.config/checkstyle/checkstyle.xml
index 43b5290..ffbc2a9 100644
--- a/.config/checkstyle/checkstyle.xml
+++ b/.config/checkstyle/checkstyle.xml
@@ -122,9 +122,7 @@
 		<module name="StaticVariableName"/>
 		<module name="StringLiteralEquality"/>
 		<module name="SuppressWarningsHolder"/>
-		<module name="TodoComment">
-			<property name="severity" value="info"/>
-		</module>
+		<module name="TodoComment"/>
 		<module name="TypecastParenPad"/>
 		<module name="TypeName"/>
 		<module name="UnnecessaryParentheses"/>
diff --git a/.config/pmd/java/ruleset.xml b/.config/pmd/java/ruleset.xml
index 341cb3a..c057d1a 100644
--- a/.config/pmd/java/ruleset.xml
+++ b/.config/pmd/java/ruleset.xml
@@ -17,6 +17,7 @@
 	<rule ref="category/java/bestpractices.xml/AvoidUsingHardCodedIP"/>
 	<rule ref="category/java/bestpractices.xml/ConstantsInInterface"/>
 	<rule ref="category/java/bestpractices.xml/ExhaustiveSwitchHasDefault"/>
+	<rule ref="category/java/bestpractices.xml/LabeledStatement"/>
 	<rule ref="category/java/bestpractices.xml/LiteralsFirstInComparisons"/>
 	<!-- CheckStyle can't handle this switch behavior -> delegated to PMD -->
 	<rule ref="category/java/bestpractices.xml/NonExhaustiveSwitch"/>
@@ -149,6 +150,7 @@
 	<rule ref="category/java/errorprone.xml/DontUseFloatTypeForLoopIndices"/>
 	<rule ref="category/java/errorprone.xml/EqualsNull"/>
 	<rule ref="category/java/errorprone.xml/IdempotentOperations"/>
+	<rule ref="category/java/errorprone.xml/IdenticalConditionalBranches"/>
 	<rule ref="category/java/errorprone.xml/ImplicitSwitchFallThrough"/>
 	<rule ref="category/java/errorprone.xml/InstantiationToGetClass"/>
 	<rule ref="category/java/errorprone.xml/InvalidLogMessageFormat"/>
@@ -211,11 +213,11 @@
 		message="StringBuilder/StringBuffer should not be used"
 		class="net.sourceforge.pmd.lang.rule.xpath.XPathRule">
 		<description>
-Usually all cases where `StringBuilder` (or the outdated `StringBuffer`) is used are either due to confusing (legacy) logic or may be replaced by a simpler string concatenation.
+Usually all cases where `StringBuilder` (or the outdated `StringBuffer`) is used are either due to confusing (legacy) logic or in situations where it may be easily replaced by a simpler string concatenation.
 
 Solution:
 * Do not use `StringBuffer` because it's thread-safe and usually this is not needed
-* If `StringBuilder` is only used in a simple method (like `toString`) and is effectively inlined: Use a simpler string concatenation (`"a" + x + "b"`). This will be optimized by the Java compiler internally.
+* If `StringBuilder` is only used in a simple method (like `toString`) and is effectively inlined: Use a simpler string concatenation (`"a" + x + "b"`). This will be [optimized by the Java compiler internally](https://docs.oracle.com/javase/specs/jls/se25/html/jls-15.html#jls-15.18.1).
 * In all other cases: 
 	* Check what is happening and if it makes ANY sense! If for example a CSV file is built here consider using a proper library instead!
 	* Abstract the Strings into a DTO, join them together using a collection (or `StringJoiner`) or use Java's Streaming API instead
@@ -237,8 +239,8 @@ Solution:
 		message="Setters of java.lang.System should not be called unless really needed"
 		class="net.sourceforge.pmd.lang.rule.xpath.XPathRule">
 		<description>
-Calling setters of java.lang.System usually indicates bad design and likely causes unexpected behavior.
-For example, it may break when multiple Threads are setting the value.
+Calling setters of `java.lang.System` usually indicates bad design and likely causes unexpected behavior.
+For example, it may break when multiple Threads are working with the same value.
 It may also overwrite user defined options or properties.
 
 Try to pass the value only to the place where it's really needed and use it there accordingly.
@@ -350,7 +352,8 @@ You can suppress this warning when you properly sanitized the name.
 Nearly every known usage of (Java) Object Deserialization has resulted in [a security vulnerability](https://cloud.google.com/blog/topics/threat-intelligence/hunting-deserialization-exploits?hl=en).
 Vulnerabilities are so common that there are [dedicated projects for exploit payload generation](https://github.com/frohoff/ysoserial).
 
-Java Object Serialization may also fail to deserialize when the underlying classes are changed.
+Java Object Serialization may also fail to deserialize properly when the underlying classes are changed.
+This can result in unexpected crashes when outdated data is deserialized.
 
 Use proven data interchange formats like JSON instead.
 		</description>
@@ -372,7 +375,8 @@ Use proven data interchange formats like JSON instead.
 	<rule name="VaadinNativeHTMLIsUnsafe"
 		language="java"
 		message="Unescaped native HTML is unsafe and will result in XSS vulnerabilities"
-		class="net.sourceforge.pmd.lang.rule.xpath.XPathRule" >
+		class="net.sourceforge.pmd.lang.rule.xpath.XPathRule"
+		externalInfoUrl="https://developer.mozilla.org/en-US/docs/Web/API/Element/innerHTML">
 		<description>
 Do not use native HTML! Use Vaadin layouts and components to create required structure.
 If you are 100% sure that you escaped the value properly and you have no better options you can suppress this.
diff --git a/.github/workflows/broken-links.yml b/.github/workflows/broken-links.yml
index 3a1009c..7f35a97 100644
--- a/.github/workflows/broken-links.yml
+++ b/.github/workflows/broken-links.yml
@@ -19,7 +19,7 @@ jobs:
 
       - name: Link Checker
         id: lychee
-        uses: lycheeverse/lychee-action@885c65f3dc543b57c898c8099f4e08c8afd178a2 # v2
+        uses: lycheeverse/lychee-action@a8c4c7cb88f0c7386610c35eb25108e448569cb0 # v2
         with:
           fail: false # Don't fail on broken links, create an issue instead
 
diff --git a/pom.xml b/pom.xml
index b017f7d..7975bfa 100644
--- a/pom.xml
+++ b/pom.xml
@@ -83,12 +83,12 @@
 							<dependency>
 								<groupId>net.sourceforge.pmd</groupId>
 								<artifactId>pmd-core</artifactId>
-								<version>7.17.0</version>
+								<version>7.18.0</version>
 							</dependency>
 							<dependency>
 								<groupId>net.sourceforge.pmd</groupId>
 								<artifactId>pmd-java</artifactId>
-								<version>7.17.0</version>
+								<version>7.18.0</version>
 							</dependency>
 						</dependencies>
 					</plugin>
diff --git a/sessionize-java-client/pom.xml b/sessionize-java-client/pom.xml
index daf4033..9e8a282 100644
--- a/sessionize-java-client/pom.xml
+++ b/sessionize-java-client/pom.xml
@@ -491,12 +491,12 @@
 							<dependency>
 								<groupId>net.sourceforge.pmd</groupId>
 								<artifactId>pmd-core</artifactId>
-								<version>7.17.0</version>
+								<version>7.18.0</version>
 							</dependency>
 							<dependency>
 								<groupId>net.sourceforge.pmd</groupId>
 								<artifactId>pmd-java</artifactId>
-								<version>7.17.0</version>
+								<version>7.18.0</version>
 							</dependency>
 						</dependencies>
 					</plugin>