diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index 51b47e6d8..bc9442d9d 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -299,7 +299,7 @@ jobs:
           rpmsign --addsign dist/*.rpm
       - name: Attest release artifacts
         if: inputs.environment == 'production'
-        uses: actions/attest-build-provenance@310b0a4a3b0b78ef57ecda988ee04b132db73ef8 # v1.4.1
+        uses: actions/attest-build-provenance@6149ea5740be74af77f260b9db67e633f6b0a9a1 # v1.4.2
         with:
           subject-path: "dist/gh_*"
       - name: Run createrepo
diff --git a/pkg/cmd/attestation/verification/attestation.go b/pkg/cmd/attestation/verification/attestation.go
index 5feca47ea..c780e247c 100644
--- a/pkg/cmd/attestation/verification/attestation.go
+++ b/pkg/cmd/attestation/verification/attestation.go
@@ -2,6 +2,7 @@ package verification
 
 import (
 	"bufio"
+	"bytes"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -88,6 +89,10 @@ func loadBundlesFromJSONLinesFile(path string) ([]*api.Attestation, error) {
 	var line []byte
 	line, err = reader.ReadBytes('\n')
 	for err == nil {
+		if len(bytes.TrimSpace(line)) == 0 {
+			line, err = reader.ReadBytes('\n')
+			continue
+		}
 		var bundle bundle.ProtobufBundle
 		bundle.Bundle = new(protobundle.Bundle)
 		err = bundle.UnmarshalJSON(line)