diff --git a/README.md b/README.md
index c0998c5..9246fd9 100644
--- a/README.md
+++ b/README.md
@@ -111,16 +111,17 @@ filter to the job:
 > Generating and uploading digital attestations currently requires
 > authentication with a [trusted publisher].
 
-You can generate signed [digital attestations] for all the distribution files and
-upload them all together by enabling the `attestations` setting:
+Generating signed [digital attestations] for all the distribution files
+and uploading them all together is now on by default for all projects
+using Trusted Publishing. To disable it, set `attestations` as follows:
 
 ```yml
    with:
-     attestations: true
+     attestations: false
 ```
 
-This will use [Sigstore] to create attestation
-objects for each distribution package, signing them with the identity provided
+The attestation objects are created using [Sigstore] for each
+distribution package, signing them with the identity provided
 by the GitHub's OIDC token associated with the current workflow. This means
 both the trusted publishing authentication and the attestations are tied to the
 same identity.
diff --git a/action.yml b/action.yml
index 40fed97..f71598d 100644
--- a/action.yml
+++ b/action.yml
@@ -86,7 +86,7 @@ inputs:
       Enable experimental support for PEP 740 attestations.
       Only works with PyPI and TestPyPI via Trusted Publishing.
     required: false
-    default: 'false'
+    default: 'true'
 branding:
   color: yellow
   icon: upload-cloud
diff --git a/requirements/runtime.in b/requirements/runtime.in
index 3758e3a..0868f81 100644
--- a/requirements/runtime.in
+++ b/requirements/runtime.in
@@ -10,8 +10,8 @@ id ~= 1.0
 requests
 
 # NOTE: Used to generate attestations.
-pypi-attestations ~= 0.0.12
-sigstore ~= 3.2.0
+pypi-attestations ~= 0.0.13
+sigstore ~= 3.5.1
 
 # NOTE: Used to detect the PyPI package name from the distribution files
 packaging
diff --git a/requirements/runtime.txt b/requirements/runtime.txt
index 5ff03bb..13b5f7c 100644
--- a/requirements/runtime.txt
+++ b/requirements/runtime.txt
@@ -72,7 +72,9 @@ pkginfo==1.10.0
 platformdirs==4.2.2
     # via sigstore
 pyasn1==0.6.0
-    # via sigstore
+    # via
+    #   pypi-attestations
+    #   sigstore
 pycparser==2.22
     # via cffi
 pydantic==2.7.1
@@ -91,7 +93,7 @@ pyjwt==2.8.0
     # via sigstore
 pyopenssl==24.1.0
     # via sigstore
-pypi-attestations==0.0.12
+pypi-attestations==0.0.13
     # via -r runtime.in
 python-dateutil==2.9.0.post0
     # via betterproto
@@ -117,7 +119,7 @@ rich==13.7.1
     #   twine
 securesystemslib==1.0.0
     # via tuf
-sigstore==3.2.0
+sigstore==3.5.1
     # via
     #   -r runtime.in
     #   pypi-attestations