diff --git a/.github/workflows/pypi.yml b/.github/workflows/pypi.yml
index ed35af4..6c1984d 100644
--- a/.github/workflows/pypi.yml
+++ b/.github/workflows/pypi.yml
@@ -74,7 +74,6 @@ jobs:
           - name: "Harden Runner"
             uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
             with:
-                disable-sudo-and-containers: true
                 egress-policy: block
                 allowed-endpoints: >
                     fulcio.sigstore.dev:443
@@ -85,7 +84,7 @@ jobs:
                     tuf-repo-cdn.sigstore.dev:443
 
           - name: "Download build artifacts"
-            uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+            uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
             with:
                 name: Packages
                 path: dist
@@ -114,7 +113,6 @@ jobs:
           - name: "Harden Runner"
             uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
             with:
-                disable-sudo-and-containers: true
                 egress-policy: block
                 allowed-endpoints: >
                     fulcio.sigstore.dev:443
@@ -125,7 +123,7 @@ jobs:
                     tuf-repo-cdn.sigstore.dev:443
 
           - name: "Download build artifacts"
-            uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+            uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
             with:
                 name: Packages
                 path: dist