diff --git a/.github/actions/clean-ecr/Dockerfile b/.github/actions/clean-ecr/Dockerfile
index 170f4bf6..4de3c48e 100644
--- a/.github/actions/clean-ecr/Dockerfile
+++ b/.github/actions/clean-ecr/Dockerfile
@@ -1,7 +1,7 @@
 # generated by https://github.com/ministryofjustice/money-to-prisoners-deploy
 FROM python:3-alpine
 COPY entrypoint.py /usr/local/bin/clean-ecr
-RUN set -ex && \
+RUN set -eux; \
   chmod +x /usr/local/bin/clean-ecr \
   && \
   pip install --upgrade setuptools pip wheel \
diff --git a/.github/workflows/clean-ecr.yml b/.github/workflows/clean-ecr.yml
index 48530b6e..54192f9d 100644
--- a/.github/workflows/clean-ecr.yml
+++ b/.github/workflows/clean-ecr.yml
@@ -14,12 +14,12 @@ jobs:
       contents: read
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: main
 
       - name: Assume IAM role to access ECR
-        uses: aws-actions/configure-aws-credentials@v2
+        uses: aws-actions/configure-aws-credentials@v3
         with:
           aws-region: ${{ vars.ECR_REGION }}
           role-to-assume: ${{ secrets.ECR_ROLE_TO_ASSUME }}