diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 268a24a..bbfa907 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -205,7 +205,7 @@ jobs:
         echo "$SBOM_DIGEST sbom.json" | sha256sum --strict --check --status || exit -2
 
     - name: Install Cosign
-      uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
+      uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0
       with:
         cosign-release: v2.2.4