diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 2abcb0e..383254a 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -20,8 +20,8 @@ jobs:
       hashes: ${{ steps.hash.outputs.hashes }}
 
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-python@v1
+      - uses: actions/checkout@v4.1.7
+      - uses: actions/setup-python@v5.1.0
         with:
           python-version: 3.x
       - name: Install dependencies
@@ -30,7 +30,7 @@ jobs:
           pip install -r requirements.txt
           pip install flake8 pytest pytest-flask build
       - name: Lint, test, build
-        run : |
+        run: |
           flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
           flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
           export PYTHONPATH=${PYTHONPATH}:.
@@ -39,9 +39,9 @@ jobs:
       - name: Generate hashes
         id: hash
         run: |
-          cd dist && echo "::set-output name=hashes::$(sha256sum * | base64 -w0)"
+          cd dist && echo "::set-output name=hashes::$(sha256sum * | base64 -w0)" >> "$GITHUB_OUTPUT"
       - name: Upload dist
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4.3.3
         with:
           name: "dist"
           path: "dist/"
@@ -54,14 +54,14 @@ jobs:
       actions: read
       contents: write
       id-token: write
-    uses: "slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.5.0"
+    uses: "slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0"
     with:
       base64-subjects: "${{ needs.build.outputs.hashes }}"
       upload-assets: true
       compile-generator: true # Workaround for https://github.com/slsa-framework/slsa-github-generator/issues/1163
 
   publish:
-    needs: ['build', 'provenance']
+    needs: ["build", "provenance"]
     permissions:
       contents: write
 
@@ -69,7 +69,7 @@ jobs:
 
     steps:
       - name: Download artifacts
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4.1.7
         with:
           name: "dist"
           path: "dist/"
@@ -81,8 +81,7 @@ jobs:
           gh release upload ${{ github.ref_name }} dist/* --repo ${{ github.repository }}
 
       - name: Publish to PyPi
-        uses: pypa/gh-action-pypi-publish@release/v1
+        uses: pypa/gh-action-pypi-publish@release/v1.9.0
         with:
           user: __token__
           password: ${{ secrets.PYPI_PASSWORD }}
-