diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index edea434..430a2cd 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -5,7 +5,7 @@ jobs:
     name: Check formatting
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - name: Check formatting
         run: cargo fmt --all -- --check
 
@@ -17,11 +17,11 @@ jobs:
       run:
         working-directory: ./clevis-pin-tpm2
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
           path: clevis-pin-tpm2
       - name: Check out the policy signtool
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           path: clevis-pin-tpm2-signtool
           repository: puiterwijk/clevis-pin-tpm2-signtool
@@ -31,10 +31,11 @@ jobs:
                 tpm2-tss-devel clevis \
                 swtpm swtpm-tools \
                 rust cargo clippy \
-                golang clang-devel
+                golang clang-devel \
+                git-core
       - name: Remove clevis-pin-tpm2
         run: |
-            dnf erase -y clevis-pin-tpm2
+            rm -f /usr/bin/clevis-pin-tpm2 /usr/bin/clevis-*-tpm2plus
       - name: Build
         run: cargo build
       - name: Start swtpm
diff --git a/Cargo.toml b/Cargo.toml
index 3d3f760..3efc459 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -15,6 +15,6 @@ tss-esapi = { version = "7.2", features = ["generate-bindings"] }
 serde = "1.0"
 josekit = "0.7.4"
 serde_json = "1.0"
-base64 = "0.12.1"
+base64 = "0.22.0"
 atty = "0.2.14"
 tpm2-policy = "0.6.0"
diff --git a/src/utils.rs b/src/utils.rs
index a411140..23c8813 100644
--- a/src/utils.rs
+++ b/src/utils.rs
@@ -3,6 +3,7 @@ use std::fs;
 use std::str::FromStr;
 
 use anyhow::{Context as anyhow_context, Result};
+use base64::Engine;
 use serde::Deserialize;
 use tpm2_policy::{PublicKey, SignedPolicyList, TPMPolicyStep};
 use tss_esapi::{
@@ -68,7 +69,7 @@ pub(crate) fn serialize_as_base64_url_no_pad<S>(
 where
     S: serde::Serializer,
 {
-    serializer.serialize_str(&base64::encode_config(bytes, base64::URL_SAFE_NO_PAD))
+    serializer.serialize_str(&base64::engine::general_purpose::URL_SAFE_NO_PAD.encode(bytes))
 }
 
 pub(crate) fn deserialize_as_base64_url_no_pad<'de, D>(deserializer: D) -> Result<Vec<u8>, D::Error>
@@ -76,7 +77,9 @@ where
     D: serde::Deserializer<'de>,
 {
     String::deserialize(deserializer).and_then(|string| {
-        base64::decode_config(&string, base64::URL_SAFE_NO_PAD).map_err(serde::de::Error::custom)
+        base64::engine::general_purpose::URL_SAFE_NO_PAD
+            .decode(string)
+            .map_err(serde::de::Error::custom)
     })
 }