diff --git a/aactl.yaml b/aactl.yaml
index ea07432339f..2ab7c04e8d3 100644
--- a/aactl.yaml
+++ b/aactl.yaml
@@ -1,7 +1,7 @@
 package:
   name: aactl
   version: 0.4.12
-  epoch: 39 # GHSA-j5w8-q4qc-rx2x
+  epoch: 40 # GHSA-f83f-xpx7-ffpw
   description: Google Container Analysis data import utility, supports OSS vulnerability scanner reports, SLSA provenance and sigstore attestations.
   copyright:
     - license: Apache-2.0
@@ -39,6 +39,7 @@ pipeline:
         github.com/cloudflare/circl@v1.6.1
         github.com/docker/docker@v28.0.0
         golang.org/x/crypto@v0.45.0
+        github.com/sigstore/fulcio@v1.8.3
       replaces: github.com/go-jose/go-jose/v3=github.com/go-jose/go-jose/v3@v3.0.4 github.com/sigstore/cosign/v2=github.com/sigstore/cosign/v2@v2.2.4
 
   - runs: |