diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 11ab390604..4ca4f146ac 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -67,7 +67,7 @@ jobs:
           ref: live
 
       - name: Add yq (for reading recipe.yml)
-        uses: mikefarah/yq@v4.35.1
+        uses: mikefarah/yq@v4.40.2
 
       - name: Gather image data from recipe
         run: |
@@ -193,8 +193,8 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       # Sign container
-      - uses: sigstore/cosign-installer@v3.1.2
-        if: github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch'  && github.ref == 'refs/heads/live')
+      - uses: sigstore/cosign-installer@v3.2.0
+        if: (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && github.ref == 'refs/heads/live'
 
       - name: Sign container image
         if: github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch'  && github.ref == 'refs/heads/live')
diff --git a/.github/workflows/release-iso.yml b/.github/workflows/release-iso.yml
index 76682bec54..a913affc40 100644
--- a/.github/workflows/release-iso.yml
+++ b/.github/workflows/release-iso.yml
@@ -35,6 +35,7 @@ jobs:
           GITHUB_TOKEN: ${{ github.token }}
         run: |
           if gh release list -R ${{ github.repository_owner }}/${{ github.event.repository.name }} | grep "auto-iso"; then
+            gh release view auto-iso --json assets -q .assets[].name | xargs -L 1 gh release delete-asset auto-iso 
             gh release upload auto-iso ${{ steps.isogenerator.outputs.iso-path }} -R ${{ github.repository_owner }}/${{ github.event.repository.name }} --clobber
           else
             gh release create auto-iso ${{ steps.isogenerator.outputs.iso-path }} -t ISO -n "This is an automatically generated ISO release." -R ${{ github.repository_owner }}/${{ github.event.repository.name }}