diff --git a/.github/actions/prepare-build/action.yml b/.github/actions/prepare-build/action.yml
index 3813065..745ca0b 100644
--- a/.github/actions/prepare-build/action.yml
+++ b/.github/actions/prepare-build/action.yml
@@ -45,7 +45,7 @@ runs:
 
     - name: Install Cosign
       if: ${{ inputs.upstream-public-key != '' }}
-      uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
+      uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 # v4.1.0
 
     - name: Extract upstream
       if: ${{ inputs.upstream-public-key != '' }}
diff --git a/.github/actions/sign/action.yml b/.github/actions/sign/action.yml
index e05be5e..18f82b1 100644
--- a/.github/actions/sign/action.yml
+++ b/.github/actions/sign/action.yml
@@ -25,7 +25,7 @@ runs:
   using: "composite"
   steps:
     - name: Install Cosign
-      uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
+      uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 # v4.1.0
       with:
         cosign-release: 'v2.6.2'