diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 579da9b..6a052c6 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -24,9 +24,9 @@ jobs:
         persist-credentials: false
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ruby
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index d2f22f7..1912348 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -50,7 +50,7 @@ jobs:
 
     - name: Authenticate to Google Cloud
       id: gcloud-auth
-      uses: google-github-actions/auth@v1
+      uses: google-github-actions/auth@v2
       with:
         token_format: access_token
         workload_identity_provider: projects/${{ secrets.GCP_PROJECT_NUM }}/locations/global/workloadIdentityPools/ci-orchestrator-deploy/providers/github-actions
@@ -69,7 +69,7 @@ jobs:
         docker push "$IMAGE"
 
     - name: Get GKE credentials
-      uses: google-github-actions/get-gke-credentials@v1
+      uses: google-github-actions/get-gke-credentials@v2
       with:
         cluster_name: ci-orchestrator
         location: us-central1-c
diff --git a/Gemfile b/Gemfile
index b69eaee..35b7b16 100644
--- a/Gemfile
+++ b/Gemfile
@@ -7,6 +7,7 @@ gem "jwt"
 gem "octokit"
 gem "orka_api_client", git: "https://github.com/Homebrew/orka_api_client"
 gem "puma"
+gem "rackup"
 gem "sinatra"
 
 group :development, optional: true do
diff --git a/Gemfile.lock b/Gemfile.lock
index 9c48d0b..27acb98 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,79 +1,91 @@
 GIT
   remote: https://github.com/Homebrew/orka_api_client
-  revision: 5a54675b3d83c0ba47cfc5431a3b3fca294a7ccd
+  revision: 56d765abde98d2646eab6e1aec79f1bf69f98259
   specs:
-    orka_api_client (0.1.0)
+    orka_api_client (0.2.0)
       faraday (~> 2.0)
       faraday-multipart (~> 1.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    addressable (2.8.5)
+    addressable (2.8.6)
       public_suffix (>= 2.0.2, < 6.0)
     ast (2.4.2)
-    base64 (0.1.1)
-    faraday (2.7.11)
-      base64
-      faraday-net_http (>= 2.0, < 3.1)
-      ruby2_keywords (>= 0.0.4)
+    base64 (0.2.0)
+    faraday (2.9.0)
+      faraday-net_http (>= 2.0, < 3.2)
     faraday-multipart (1.0.4)
       multipart-post (~> 2)
-    faraday-net_http (3.0.2)
+    faraday-net_http (3.1.0)
+      net-http
     faraday-retry (2.2.0)
       faraday (~> 2.0)
-    json (2.6.3)
-    jwt (2.7.1)
+    json (2.7.1)
+    jwt (2.8.0)
+      base64
     language_server-protocol (3.17.0.3)
-    multipart-post (2.3.0)
+    multipart-post (2.4.0)
     mustermann (3.0.0)
       ruby2_keywords (~> 0.0.1)
+    net-http (0.4.1)
+      uri
     nio4r (2.7.0)
-    octokit (8.0.0)
+    octokit (8.1.0)
+      base64
       faraday (>= 1, < 3)
       sawyer (~> 0.9)
-    parallel (1.23.0)
-    parser (3.2.2.4)
+    parallel (1.24.0)
+    parser (3.3.0.5)
       ast (~> 2.4.1)
       racc
-    public_suffix (5.0.3)
+    public_suffix (5.0.4)
     puma (6.4.2)
       nio4r (~> 2.0)
-    racc (1.7.2)
-    rack (2.2.8)
-    rack-protection (3.1.0)
-      rack (~> 2.2, >= 2.2.4)
+    racc (1.7.3)
+    rack (3.0.9.1)
+    rack-protection (4.0.0)
+      base64 (>= 0.1.0)
+      rack (>= 3.0.0, < 4)
+    rack-session (2.0.0)
+      rack (>= 3.0.0)
+    rackup (2.1.0)
+      rack (>= 3)
+      webrick (~> 1.8)
     rainbow (3.1.1)
-    regexp_parser (2.8.2)
+    regexp_parser (2.9.0)
     rexml (3.2.6)
-    rubocop (1.57.2)
+    rubocop (1.60.2)
       json (~> 2.3)
       language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
-      parser (>= 3.2.2.4)
+      parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
       rexml (>= 3.2.5, < 4.0)
-      rubocop-ast (>= 1.28.1, < 2.0)
+      rubocop-ast (>= 1.30.0, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 3.0)
     rubocop-ast (1.30.0)
       parser (>= 3.2.1.0)
-    rubocop-performance (1.19.1)
-      rubocop (>= 1.7.0, < 2.0)
-      rubocop-ast (>= 0.4.0)
+    rubocop-performance (1.20.2)
+      rubocop (>= 1.48.1, < 2.0)
+      rubocop-ast (>= 1.30.0, < 2.0)
     ruby-progressbar (1.13.0)
     ruby2_keywords (0.0.5)
     sawyer (0.9.2)
       addressable (>= 2.3.5)
       faraday (>= 0.17.3, < 3)
-    sinatra (3.1.0)
+    sinatra (4.0.0)
       mustermann (~> 3.0)
-      rack (~> 2.2, >= 2.2.4)
-      rack-protection (= 3.1.0)
+      rack (>= 3.0.0, < 4)
+      rack-protection (= 4.0.0)
+      rack-session (>= 2.0.0, < 3)
       tilt (~> 2.0)
     tilt (2.3.0)
     unicode-display_width (2.5.0)
+    uri (0.13.0)
+    webrick (1.8.1)
 
 PLATFORMS
   ruby
@@ -84,9 +96,10 @@ DEPENDENCIES
   octokit
   orka_api_client!
   puma
+  rackup
   rubocop
   rubocop-performance
   sinatra
 
 BUNDLED WITH
-   2.4.10
+   2.5.5
diff --git a/src/server.rb b/src/server.rb
index 1b48bf1..2233f21 100644
--- a/src/server.rb
+++ b/src/server.rb
@@ -14,7 +14,7 @@ class CIOrchestratorApp < Sinatra::Base
   configure do
     set :sessions, expire_after: 28800, same_site: :lax, skip: true
     set :session_store, Rack::Session::Pool
-    set :protection, reaction: :deny, logger: Logger.new($stderr), except: :session_hijacking
+    set :protection, reaction: :deny, logger: Logger.new($stderr)
   end
 
   helpers ERB::Util
diff --git a/src/views/index.erb b/src/views/index.erb
index fed129d..5b48592 100644
--- a/src/views/index.erb
+++ b/src/views/index.erb
@@ -7,8 +7,8 @@
     <meta http-equiv="X-UA-Compatible" content="ie=edge" />
     <link rel="icon" type="image/svg+xml" href="https://brew.sh/assets/img/brewtestbot.svg">
     <link rel="icon" type="image/x-icon" href="https://brew.sh/assets/img/favicon.ico" sizes="16x16">
-    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-T3c6CoIi6uLrA9TneNEoa7RxnatzjcDSCmG1MXxSR1GAsXEV/Dwwykc2MPK8M2HN" crossorigin="anonymous">
-    <script defer src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.min.js" integrity="sha384-BBtl+eGJRgqQAUMxJ7pMwbEyER4l1g+O15P+16Ep7Q9Q+zqX6gSbd85u4mG4QzX+" crossorigin="anonymous"></script>
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-QWTKZyjpPEjISv5WaRU9OFeRpok6YctnYmDr5pNlyT2bRjXh0JMhjY6hW+ALEwIH" crossorigin="anonymous">
+    <script defer src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-YvpcrYf0tY3lHB60NNkmXc5s9fDVZLESaAA55NDzOxhy9GkcIdslK1eN7N6jIeHz" crossorigin="anonymous"></script>
     <script>
       const darkSchemeMedia = window.matchMedia("(prefers-color-scheme: dark)");
       function updateTheme(mediaQuery) {
@@ -47,7 +47,7 @@
                 <% if runner.paused? %>
                 <button type="submit" style="--bs-btn-padding-y: 0; width: 2.5rem" class="btn btn-success">&#9654;&#xFE0E;</button>
                 <% else %>
-                <button type="submit" style="font-size: 0.5rem; --bs-btn-padding-y: 0; width: 2.5rem" class="btn btn-danger">&#9616;&nbsp;&#9612;</button>
+                <button type="submit" style="font-size: 0.5rem; font-family: Arial; --bs-btn-padding-y: 0; width: 2.5rem" class="btn btn-danger">&#9616;&nbsp;&#9612;</button>
                 <% end %>
               </form>
               <% end %>