diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 6035b27e..466f86bf 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -131,7 +131,7 @@ jobs:
       - run: pip install coverage[toml]
 
       - name: download coverage data
-        uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           path: all-artifacts/
 
diff --git a/.github/workflows/cross-os.yml b/.github/workflows/cross-os.yml
index 31a115b1..aed8e39f 100644
--- a/.github/workflows/cross-os.yml
+++ b/.github/workflows/cross-os.yml
@@ -76,7 +76,7 @@ jobs:
           cache: "pip"
           cache-dependency-path: pyproject.toml
       - run: pip install .
-      - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
+      - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           name: ${{ matrix.signed-with-os }}-bundle
       - name: Verify
diff --git a/.github/workflows/cross-version-verify.yaml b/.github/workflows/cross-version-verify.yaml
index b05a58af..b80e3f09 100644
--- a/.github/workflows/cross-version-verify.yaml
+++ b/.github/workflows/cross-version-verify.yaml
@@ -64,7 +64,7 @@ jobs:
         with:
           python-version: "3.x"
       - run: pip install sigstore==${{ matrix.version }}
-      - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
+      - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           name: bundle
       - run: touch artifact
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 307c811b..9e4b7c92 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -94,7 +94,7 @@ jobs:
       attestations: write # To persist the attestation files.
     steps:
       - name: Download artifacts directories # goes to current working directory
-        uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
       - name: Generate build provenance
         uses: actions/attest-build-provenance@v4
         with:
@@ -108,7 +108,7 @@ jobs:
       id-token: write
     steps:
       - name: Download artifacts directories # goes to current working directory
-        uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
 
       - name: publish
         uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
@@ -123,7 +123,7 @@ jobs:
       contents: write
     steps:
       - name: Download artifacts directories # goes to current working directory
-        uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
 
       - name: Upload artifacts to github
         # Confusingly, this action also supports updating releases, not