diff --git a/scripts/third_party/jq/.github/workflows/ci.yml b/scripts/third_party/jq/.github/workflows/ci.yml
index ac31b386b..0ed18cade 100644
--- a/scripts/third_party/jq/.github/workflows/ci.yml
+++ b/scripts/third_party/jq/.github/workflows/ci.yml
@@ -353,7 +353,7 @@ jobs:
           labels: ${{ steps.metadata.outputs.labels }}
       - name: Generate signed attestations
         if: startsWith(github.ref, 'refs/tags/jq-')
-        uses: actions/attest-build-provenance@v2
+        uses: actions/attest-build-provenance@v4
         with:
           subject-name: ghcr.io/${{ github.repository }}
           subject-digest: ${{ steps.build-push.outputs.digest }}
@@ -389,7 +389,7 @@ jobs:
           gh release create "$TAG_NAME" --draft --title "jq ${TAG_NAME#jq-}" --generate-notes
           gh release upload "$TAG_NAME" --clobber jq-* sha256sum.txt
       - name: Generate signed attestations
-        uses: actions/attest-build-provenance@v2
+        uses: actions/attest-build-provenance@v4
         with:
           subject-path: jq-*
       - name: Import GPG key