diff --git a/Cargo.lock b/Cargo.lock
index 80636481..47f4ae8c 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1155,6 +1155,15 @@ dependencies = [
  "digest 0.9.0",
 ]
 
+[[package]]
+name = "hmac"
+version = "0.12.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ddca131f3e7f2ce2df364b57949a9d47915cfbd35e46cfee355ccebbf794d6a2"
+dependencies = [
+ "digest 0.10.1",
+]
+
 [[package]]
 name = "http"
 version = "0.2.6"
@@ -1562,10 +1571,10 @@ dependencies = [
  "async-trait",
  "base64ct",
  "crypto-mac",
- "digest 0.9.0",
+ "digest 0.10.1",
  "ecdsa",
  "elliptic-curve",
- "hmac",
+ "hmac 0.12.0",
  "p256",
  "pkcs1",
  "pkcs8",
@@ -1575,7 +1584,7 @@ dependencies = [
  "serde",
  "serde_json",
  "serde_with",
- "sha2 0.9.8",
+ "sha2 0.10.0",
  "signature",
  "thiserror",
  "tokio",
@@ -2582,7 +2591,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "96ef608575f6392792f9ecf7890c00086591d29a83910939d430753f7c050525"
 dependencies = [
  "crypto-bigint",
- "hmac",
+ "hmac 0.11.0",
  "zeroize",
 ]
 
@@ -3118,7 +3127,7 @@ dependencies = [
  "futures-util",
  "hashlink",
  "hex",
- "hmac",
+ "hmac 0.11.0",
  "indexmap",
  "itoa 1.0.1",
  "libc",
diff --git a/crates/jose/Cargo.toml b/crates/jose/Cargo.toml
index 738b59e6..333a2e6a 100644
--- a/crates/jose/Cargo.toml
+++ b/crates/jose/Cargo.toml
@@ -10,10 +10,10 @@ anyhow = "1.0.52"
 async-trait = "0.1.52"
 base64ct = { version = "1.0.1", features = ["std"] }
 crypto-mac = { version = "0.11.1", features = ["std"] }
-digest = "0.9.0"
+digest = "0.10.1"
 ecdsa = { version = "0.13.3", features = ["sign", "verify", "pem", "pkcs8"] }
 elliptic-curve = { version = "0.11.6", features = ["ecdh", "pem"] }
-hmac = "0.11.0"
+hmac = "0.12.0"
 p256 = { version = "0.10.0", features = ["ecdsa", "pem", "pkcs8"] }
 pkcs1 = { version = "0.3.1", features = ["pem", "pkcs8"] }
 pkcs8 = { version = "0.8.0", features = ["pem"] }
@@ -23,7 +23,7 @@ sec1 = "0.2.1"
 serde = { version = "1.0.133", features = ["derive"] }
 serde_json = "1.0.74"
 serde_with = { version = "1.11.0", features = ["base64"] }
-sha2 = "0.9.8"
+sha2 = "0.10.0"
 signature = "1.4.0"
 thiserror = "1.0.30"
 tokio = { version = "1.15.0", features = ["macros", "rt"] }
diff --git a/crates/jose/src/keystore.rs b/crates/jose/src/keystore.rs
index 740bea0c..98dbf4f6 100644
--- a/crates/jose/src/keystore.rs
+++ b/crates/jose/src/keystore.rs
@@ -19,7 +19,7 @@ use async_trait::async_trait;
 use base64ct::{Base64UrlUnpadded, Encoding};
 use digest::Digest;
 use ecdsa::VerifyingKey;
-use hmac::{Hmac, Mac, NewMac};
+use hmac::{Hmac, Mac};
 use p256::{NistP256, PublicKey};
 use pkcs1::EncodeRsaPublicKey;
 use pkcs8::EncodePublicKey;
@@ -117,19 +117,19 @@ impl<'a> VerifyingKeystore for &SharedSecret<'a> {
             JsonWebSignatureAlgorithm::Hs256 => {
                 let mut mac = Hmac::<Sha256>::new_from_slice(self.inner)?;
                 mac.update(payload);
-                mac.verify(signature)?;
+                mac.verify(signature.try_into()?)?;
             }
 
             JsonWebSignatureAlgorithm::Hs384 => {
                 let mut mac = Hmac::<Sha384>::new_from_slice(self.inner)?;
                 mac.update(payload);
-                mac.verify(signature)?;
+                mac.verify(signature.try_into()?)?;
             }
 
             JsonWebSignatureAlgorithm::Hs512 => {
                 let mut mac = Hmac::<Sha512>::new_from_slice(self.inner)?;
                 mac.update(payload);
-                mac.verify(signature)?;
+                mac.verify(signature.try_into()?)?;
             }
 
             _ => bail!("unsupported algorithm"),