diff --git a/.github/actions/prepare-build/action.yml b/.github/actions/prepare-build/action.yml
index 3813065..ee8c73c 100644
--- a/.github/actions/prepare-build/action.yml
+++ b/.github/actions/prepare-build/action.yml
@@ -45,7 +45,7 @@ runs:
 
     - name: Install Cosign
       if: ${{ inputs.upstream-public-key != '' }}
-      uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
+      uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1
 
     - name: Extract upstream
       if: ${{ inputs.upstream-public-key != '' }}
diff --git a/.github/actions/sign/action.yml b/.github/actions/sign/action.yml
index e05be5e..0ab16c5 100644
--- a/.github/actions/sign/action.yml
+++ b/.github/actions/sign/action.yml
@@ -25,7 +25,7 @@ runs:
   using: "composite"
   steps:
     - name: Install Cosign
-      uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
+      uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1
       with:
         cosign-release: 'v2.6.2'