diff --git a/melange.yaml b/melange.yaml
index e1b87b079f3..bcf2ff744a0 100644
--- a/melange.yaml
+++ b/melange.yaml
@@ -1,8 +1,8 @@
 package:
   name: melange
   # When bumping the version check if the CVE/GHSA mitigations below can be removed.
-  version: 0.3.2
-  epoch: 3
+  version: 0.4.0
+  epoch: 0
   description: build APKs from source code
   copyright:
     - license: Apache-2.0
@@ -24,17 +24,11 @@ pipeline:
     with:
       repository: https://github.com/chainguard-dev/melange
       tag: v${{package.version}}
-      expected-commit: 4ed1d07ef6955379e936cf237f8dfec382454f47
+      expected-commit: 784821d3ac46eef8d7b3a329f1e8c25488e62635
       destination: melange
 
   - runs: |
       cd melange
-
-      # Mitigate GHSA-232p-vwff-86mp
-      # Mitigate GHSA-33pg-m6jh-5237
-      # Mitigate GHSA-6wrf-mxfj-pf5p
-      go get github.com/docker/docker@v23.0.3+incompatible
-
       make melange
       install -m755 -D ./melange "${{targets.destdir}}"/usr/bin/melange