diff --git a/.github/workflows/image-publish.yml b/.github/workflows/image-publish.yml
index 0055aa5d..bc6743d6 100644
--- a/.github/workflows/image-publish.yml
+++ b/.github/workflows/image-publish.yml
@@ -96,7 +96,7 @@ jobs:
           echo "digest=$(docker inspect --format='{{index .RepoDigests 0}}' ghcr.io/${{ env.IMAGE_NAME }}:${{ steps.version-string.outputs.tag }})" >> "$GITHUB_OUTPUT"
       - name: Install cosign
         if: github.event_name != 'pull_request'
-        uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1
+        uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2
       - name: Sign the images with GitHub OIDC Token
         env:
           DIGEST: ${{ steps.image-build.outputs.digest }}