diff --git a/.github/workflows/prerequisites.yml b/.github/workflows/prerequisites.yml
index 58b33e0aa9..5141097e80 100644
--- a/.github/workflows/prerequisites.yml
+++ b/.github/workflows/prerequisites.yml
@@ -79,7 +79,7 @@ jobs:
     - name: Unit-test provider code
       run: make test_provider
     - name: Upload coverage reports to Codecov
-      uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2
+      uses: codecov/codecov-action@5a605bd92782ce0810fa3b8acc235c921b497052 # v5.2.0
       env:
         CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
     - if: inputs.is_pr
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 978d3f5be0..dd618fe894 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -213,6 +213,8 @@ jobs:
   verify_release:
     name: verify_release
     needs: publish_sdk
+    permissions:
+      id-token: write
     uses: ./.github/workflows/verify-release.yml
     secrets: inherit
     with: