diff --git a/zarf.yaml b/zarf.yaml
index e01d1525a45..158fbd48204 100644
--- a/zarf.yaml
+++ b/zarf.yaml
@@ -1,7 +1,7 @@
 package:
   name: zarf
   version: "0.67.0"
-  epoch: 0 # GHSA-j5w8-q4qc-rx2x
+  epoch: 1 # GHSA-4qg8-fj49-pxjh
   description: DevSecOps for Air Gap & Limited-Connection Systems.
   copyright:
     - license: Apache-2.0
@@ -22,6 +22,11 @@ pipeline:
       repository: https://github.com/zarf-dev/zarf
       tag: v${{package.version}}
 
+  - uses: go/bump
+    with:
+      deps: |-
+        github.com/sigstore/timestamp-authority@v2.0.3
+
   # We don't use go/bump here because go.mod now also contains an indirect
   # dependency on a newer version of anchore/archiver: go/bump raises an error
   # if we don't use that newer version for the replacement, but doing so causes