diff --git a/package-lock.json b/package-lock.json
index 9643161..6caa910 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9,11 +9,11 @@
       "version": "0.0.0",
       "license": "MIT",
       "dependencies": {
-        "@actions/attest": "^1.1.0",
+        "@actions/attest": "^1.2.0",
         "@actions/core": "^1.10.1",
         "@actions/github": "^6.0.0",
         "@actions/glob": "^0.4.0",
-        "@sigstore/oci": "^0.2.0"
+        "@sigstore/oci": "^0.3.0"
       },
       "devDependencies": {
         "@sigstore/mock": "^0.7.2",
@@ -50,18 +50,17 @@
       }
     },
     "node_modules/@actions/attest": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/@actions/attest/-/attest-1.1.0.tgz",
-      "integrity": "sha512-SrKYqTjDAEmVwQMeY4kb3LBsF2O02aKjN1ePJPJfSEK8Vr8IGYMw4ts2mFlKRYc6/yp87OQb0owyXfoMj5BzZA==",
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/@actions/attest/-/attest-1.2.0.tgz",
+      "integrity": "sha512-nrPRVa/bQHRiZGmDXHJiAFPxBAYpgve3og16kE7/uEhVR18BJNWd6IHi7FfD+s4JzwSHXPqdR3C0+v7tj0zvsg==",
       "dependencies": {
         "@actions/core": "^1.10.1",
         "@actions/github": "^6.0.0",
         "@actions/http-client": "^2.2.1",
-        "@sigstore/bundle": "^2.2.0",
-        "@sigstore/sign": "^2.2.3",
+        "@sigstore/bundle": "^2.3.0",
+        "@sigstore/sign": "^2.3.0",
         "jsonwebtoken": "^9.0.2",
-        "jwks-rsa": "^3.1.0",
-        "make-fetch-happen": "^13.0.0"
+        "jwks-rsa": "^3.1.0"
       }
     },
     "node_modules/@actions/core": {
@@ -1796,20 +1795,20 @@
       }
     },
     "node_modules/@sigstore/bundle": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmjs.org/@sigstore/bundle/-/bundle-2.2.0.tgz",
-      "integrity": "sha512-5VI58qgNs76RDrwXNhpmyN/jKpq9evV/7f1XrcqcAfvxDl5SeVY/I5Rmfe96ULAV7/FK5dge9RBKGBJPhL1WsQ==",
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/@sigstore/bundle/-/bundle-2.3.1.tgz",
+      "integrity": "sha512-eqV17lO3EIFqCWK3969Rz+J8MYrRZKw9IBHpSo6DEcEX2c+uzDFOgHE9f2MnyDpfs48LFO4hXmk9KhQ74JzU1g==",
       "dependencies": {
-        "@sigstore/protobuf-specs": "^0.3.0"
+        "@sigstore/protobuf-specs": "^0.3.1"
       },
       "engines": {
         "node": "^16.14.0 || >=18.0.0"
       }
     },
     "node_modules/@sigstore/core": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/@sigstore/core/-/core-1.0.0.tgz",
-      "integrity": "sha512-dW2qjbWLRKGu6MIDUTBuJwXCnR8zivcSpf5inUzk7y84zqy/dji0/uahppoIgMoKeR+6pUZucrwHfkQQtiG9Rw==",
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/@sigstore/core/-/core-1.1.0.tgz",
+      "integrity": "sha512-JzBqdVIyqm2FRQCulY6nbQzMpJJpSiJ8XXWMhtOX9eKgaXXpfNOF53lzQEjIydlStnd/eFtuC1dW4VYdD93oRg==",
       "engines": {
         "node": "^16.14.0 || >=18.0.0"
       }
@@ -1836,9 +1835,9 @@
       }
     },
     "node_modules/@sigstore/oci": {
-      "version": "0.2.0",
-      "resolved": "https://registry.npmjs.org/@sigstore/oci/-/oci-0.2.0.tgz",
-      "integrity": "sha512-fPKD4jd/D6VR/AqkJn7YHYguZlVcd2GI6lc2d/cK2xwZNV/bfCVd6jvJht5wdz8tyAvVvLyfMHBh/UtNwDG0fg==",
+      "version": "0.3.0",
+      "resolved": "https://registry.npmjs.org/@sigstore/oci/-/oci-0.3.0.tgz",
+      "integrity": "sha512-RZeirZtdSQvBC04j+rvPwBOnzMsc1NC3Ucx4krSh37Ch/Z1BwwAEV3QDQ18McXX2Guvc2pnWeGd6RXn+vpivww==",
       "dependencies": {
         "make-fetch-happen": "^13.0.0"
       },
@@ -1847,21 +1846,21 @@
       }
     },
     "node_modules/@sigstore/protobuf-specs": {
-      "version": "0.3.0",
-      "resolved": "https://registry.npmjs.org/@sigstore/protobuf-specs/-/protobuf-specs-0.3.0.tgz",
-      "integrity": "sha512-zxiQ66JFOjVvP9hbhGj/F/qNdsZfkGb/dVXSanNRNuAzMlr4MC95voPUBX8//ZNnmv3uSYzdfR/JSkrgvZTGxA==",
+      "version": "0.3.1",
+      "resolved": "https://registry.npmjs.org/@sigstore/protobuf-specs/-/protobuf-specs-0.3.1.tgz",
+      "integrity": "sha512-aIL8Z9NsMr3C64jyQzE0XlkEyBLpgEJJFDHLVVStkFV5Q3Il/r/YtY6NJWKQ4cy4AE7spP1IX5Jq7VCAxHHMfQ==",
       "engines": {
-        "node": "^14.17.0 || ^16.13.0 || >=18.0.0"
+        "node": "^16.14.0 || >=18.0.0"
       }
     },
     "node_modules/@sigstore/sign": {
-      "version": "2.2.3",
-      "resolved": "https://registry.npmjs.org/@sigstore/sign/-/sign-2.2.3.tgz",
-      "integrity": "sha512-LqlA+ffyN02yC7RKszCdMTS6bldZnIodiox+IkT8B2f8oRYXCB3LQ9roXeiEL21m64CVH1wyveYAORfD65WoSw==",
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/@sigstore/sign/-/sign-2.3.0.tgz",
+      "integrity": "sha512-tsAyV6FC3R3pHmKS880IXcDJuiFJiKITO1jxR1qbplcsBkZLBmjrEw5GbC7ikD6f5RU1hr7WnmxB/2kKc1qUWQ==",
       "dependencies": {
-        "@sigstore/bundle": "^2.2.0",
+        "@sigstore/bundle": "^2.3.0",
         "@sigstore/core": "^1.0.0",
-        "@sigstore/protobuf-specs": "^0.3.0",
+        "@sigstore/protobuf-specs": "^0.3.1",
         "make-fetch-happen": "^13.0.0"
       },
       "engines": {
diff --git a/package.json b/package.json
index 0fc080d..0dd384d 100644
--- a/package.json
+++ b/package.json
@@ -76,11 +76,11 @@
     }
   },
   "dependencies": {
-    "@actions/attest": "^1.1.0",
+    "@actions/attest": "^1.2.0",
     "@actions/core": "^1.10.1",
     "@actions/github": "^6.0.0",
     "@actions/glob": "^0.4.0",
-    "@sigstore/oci": "^0.2.0"
+    "@sigstore/oci": "^0.3.0"
   },
   "devDependencies": {
     "@sigstore/mock": "^0.7.2",