diff --git a/.github/renovate.json b/.github/renovate.json
index ed525891..36f7763b 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -13,6 +13,14 @@
     {
       "matchPackagePatterns": ["actions.*"],
       "dependencyDashboardApproval": true
+      "matchUpdateTypes": ["patch"],
+      "matchCurrentVersion": "!/^0/",
+      "automerge": true
+    },
+    {
+      "matchUpdateTypes": ["patch"],
+      "matchCurrentVersion": "!/^0/",
+      "automerge": true
     }
   ]
 }
diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml
index f8c8ad2d..78142de2 100644
--- a/.github/workflows/gradle.yml
+++ b/.github/workflows/gradle.yml
@@ -52,7 +52,7 @@ jobs:
           github-token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: "🔧 Setup Gradle"
-        uses: gradle/gradle-build-action@v3.3.1
+        uses: gradle/gradle-build-action@v3.3.2
 
       - name: "❓ Optional setup step"
         run: |
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 065ee562..5afb151f 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -134,7 +134,7 @@ jobs:
       actions: read # To read the workflow path.
       id-token: write # To sign the provenance.
       contents: write # To add assets to a release.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
     with:
       base64-subjects: "${{ needs.provenance-subject.outputs.artifacts-sha256 }}"
       upload-assets: true # Upload to a new release.