diff --git a/spire-server.yaml b/spire-server.yaml
index ac53ef497ca..cec08793a02 100644
--- a/spire-server.yaml
+++ b/spire-server.yaml
@@ -1,7 +1,7 @@
 package:
   name: spire-server
   version: "1.14.0"
-  epoch: 0 # CVE-2025-61729
+  epoch: 1 # GHSA-4qg8-fj49-pxjh
   description: The SPIFFE Runtime Environment (SPIRE) server
   copyright:
     - license: Apache-2.0
@@ -29,6 +29,11 @@ pipeline:
       repository: https://github.com/spiffe/spire
       tag: v${{package.version}}
 
+  - uses: go/bump
+    with:
+      deps: |-
+        github.com/sigstore/timestamp-authority@v2.0.3
+
   - runs: |
       # Spire's build assumes a specific Go version, defined in the repo's
       # .go-version file; if the expected version isn't installed, it's