diff --git a/.github/renovate.json b/.github/renovate.json
index ed525891b..09c2a5983 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -12,7 +12,15 @@
   "packageRules": [
     {
       "matchPackagePatterns": ["actions.*"],
-      "dependencyDashboardApproval": true
+      "dependencyDashboardApproval": true,
+      "matchUpdateTypes": ["patch"],
+      "matchCurrentVersion": "!/^0/",
+      "automerge": true
+    },
+    {
+      "matchUpdateTypes": ["patch"],
+      "matchCurrentVersion": "!/^0/",
+      "automerge": true
     }
   ]
 }
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 065ee5620..5afb151f4 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -134,7 +134,7 @@ jobs:
       actions: read # To read the workflow path.
       id-token: write # To sign the provenance.
       contents: write # To add assets to a release.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
     with:
       base64-subjects: "${{ needs.provenance-subject.outputs.artifacts-sha256 }}"
       upload-assets: true # Upload to a new release.