diff --git a/package.json b/package.json
index ac1badc..c66fe1b 100644
--- a/package.json
+++ b/package.json
@@ -56,7 +56,7 @@
     "@azure/storage-blob": "^12.15.0",
     "@octokit/core": "^5.2.2",
     "@octokit/plugin-rest-endpoint-methods": "^10.4.1",
-    "@sigstore/bundle": "^3.1.0",
+    "@sigstore/bundle": "^4.0.0",
     "@sigstore/sign": "^3.1.0",
     "async-retry": "^1.3.3",
     "csv-parse": "^6.1.0",
diff --git a/yarn.lock b/yarn.lock
index cde8745..4c70d01 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1132,7 +1132,7 @@ __metadata:
     "@azure/storage-blob": "npm:^12.15.0"
     "@octokit/core": "npm:^5.2.2"
     "@octokit/plugin-rest-endpoint-methods": "npm:^10.4.1"
-    "@sigstore/bundle": "npm:^3.1.0"
+    "@sigstore/bundle": "npm:^4.0.0"
     "@sigstore/rekor-types": "npm:^3.0.0"
     "@sigstore/sign": "npm:^3.1.0"
     "@types/gunzip-maybe": "npm:^1.4.2"
@@ -2064,6 +2064,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@sigstore/bundle@npm:^4.0.0":
+  version: 4.0.0
+  resolution: "@sigstore/bundle@npm:4.0.0"
+  dependencies:
+    "@sigstore/protobuf-specs": "npm:^0.5.0"
+  checksum: 10/09ef32284783cdcdcc7ecd16711f1d1be6b6fc6abe22bf7434071a6d3aa3512d15f68a4cc481513569a55a001c5bd112edfccbea7b3c16b5aa1557f73773f504
+  languageName: node
+  linkType: hard
+
 "@sigstore/core@npm:^2.0.0":
   version: 2.0.0
   resolution: "@sigstore/core@npm:2.0.0"
@@ -2078,6 +2087,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@sigstore/protobuf-specs@npm:^0.5.0":
+  version: 0.5.0
+  resolution: "@sigstore/protobuf-specs@npm:0.5.0"
+  checksum: 10/98e84c5df1b5828e96a4c3cd39aca1ab069de53f0eaf4d0844ee50a19a15bff5707663e78eead7c27745fea3c55a37edfe5569242a1c695a146459159c104450
+  languageName: node
+  linkType: hard
+
 "@sigstore/rekor-types@npm:^3.0.0":
   version: 3.0.0
   resolution: "@sigstore/rekor-types@npm:3.0.0"