diff --git a/.github/workflows/release-tag.yml b/.github/workflows/release-tag.yml
index 35ac862d..0f841be9 100644
--- a/.github/workflows/release-tag.yml
+++ b/.github/workflows/release-tag.yml
@@ -18,13 +18,13 @@ jobs:
           token: ${{ secrets.PUSH_RELEASE_TRAINS_PAT }}
           fetch-depth: 0
       - name: Import public GPG keys to verify the tag
-        uses: actions/github-script@v3
+        uses: actions/github-script@v7
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           script: |
             const { execSync } = require('child_process')
 
-            for (const { key_id, raw_key } of (await github.users.listGpgKeysForUser({
+            for (const { key_id, raw_key } of (await github.rest.users.listGpgKeysForUser({
                 username: 'dscho'
             })).data) {
               execSync(`gpg ${raw_key ? '--import' : `--recv-keys ${key_id}`}`,
@@ -66,14 +66,14 @@ jobs:
           git cat-file tag "$GITHUB_REF" | sed -e '1,/^$/d' -e '/-----BEGIN PGP SIGNATURE-----/,$d' >body
       - name: Create Release
         if: github.repository_owner == 'git-for-windows'
-        uses: actions/github-script@v3
+        uses: actions/github-script@v7
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           script: |
             const { readFileSync } = require('fs')
 
             const tag_name = readFileSync('tag_name').toString()
-            await github.repos.createRelease({
+            await github.rest.repos.createRelease({
               owner: context.repo.owner,
               repo: context.repo.repo,
               tag_name: tag_name,