diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index e5656aec0f..6eb958c783 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -16,7 +16,6 @@ on:
 permissions:
   id-token: write
   contents: read
-  attestations: write
 
 jobs:
   release:
@@ -27,6 +26,7 @@ jobs:
     permissions:
       contents: write
       id-token: write
+      attestations: write
 
     steps:
       - name: Checkout 🛎️
@@ -64,7 +64,7 @@ jobs:
         run: bunx @vscode/vsce package
 
       - name: Attest artifacts ✅
-        uses: actions/attest@2da0b136720d14f01f4dbeeafd1d5a4d76cbe21d # v1.4.0
+        uses: actions/attest-build-provenance@310b0a4a3b0b78ef57ecda988ee04b132db73ef8 # v1.4.1
         # Read: https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds
         with:
           subject-path: '${{ env.NAME }}-${{ env.VERSION }}.vsix'