diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 6ef0b69..cd4fb2f 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -24,7 +24,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout code
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Setup Terraform
       uses: hashicorp/setup-terraform@v1
       with:
@@ -45,7 +45,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Configure AWS credentials
-      uses: aws-actions/configure-aws-credentials@v1
+      uses: aws-actions/configure-aws-credentials@v2
       with:
         aws-region: ${{ secrets.AWS_REGION }}
         role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/github
diff --git a/.github/workflows/cron.yaml b/.github/workflows/cron.yaml
index c377860..f74391f 100644
--- a/.github/workflows/cron.yaml
+++ b/.github/workflows/cron.yaml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Configure AWS credentials
-      uses: aws-actions/configure-aws-credentials@v1
+      uses: aws-actions/configure-aws-credentials@v2
       with:
         aws-region: ${{ secrets.AWS_REGION }}
         role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/github
diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
index 667a4f4..3808a72 100644
--- a/.github/workflows/security.yaml
+++ b/.github/workflows/security.yaml
@@ -36,7 +36,7 @@ jobs:
     - name: Checkout code
       uses: actions/checkout@v3
     - name: Run tfsec
-      uses: tfsec/tfsec-sarif-action@v0.1.0
+      uses: tfsec/tfsec-sarif-action@v0.1.4
       with:
         sarif_file: tfsec.sarif
     - name: Upload SARIF artifact
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8adce1a..ebe0c8a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,10 @@
 Notable changes to this project are documented in this changelog.  
 This project adheres to the [semantic versioning] specification.
 
+## [1.4.0] – 2023-06-01
+
+- Update the AWS provider version constraint to allow v5 ([4f6b152](https://github.com/unfunco/terraform-aws-oidc-github/commit/4f6b152447a4caff21204d3e00417ca96b8de154))
+
 ## [1.3.1] – 2023-03-27
 
 - Ensure the additional_thumbprints variable allows null values ([750f0f6](https://github.com/unfunco/terraform-aws-oidc-github/commit/750f0f6b0296057ff9910cebd2ac2f577b0cdb90))
@@ -106,4 +110,5 @@ This project adheres to the [semantic versioning] specification.
 [1.2.1]: https://github.com/unfunco/terraform-aws-oidc-github/compare/v1.2.0...v1.2.1
 [1.3.0]: https://github.com/unfunco/terraform-aws-oidc-github/compare/v1.2.1...v1.3.0
 [1.3.1]: https://github.com/unfunco/terraform-aws-oidc-github/compare/v1.3.0...v1.3.1
+[1.4.0]: https://github.com/unfunco/terraform-aws-oidc-github/compare/v1.3.1...v1.4.0
 [semantic versioning]: https://semver.org
diff --git a/README.md b/README.md
index 393f50e..b761d8a 100644
--- a/README.md
+++ b/README.md
@@ -28,7 +28,7 @@ provider "aws" {
 
 module "oidc_github" {
   source  = "unfunco/oidc-github/aws"
-  version = "1.3.1"
+  version = "1.4.0"
 
   github_repositories = [
     "org/repo",
@@ -53,7 +53,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v3
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v1
+        uses: aws-actions/configure-aws-credentials@v2
         with:
           aws-region: ${{ secrets.AWS_REGION }}
           role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/github
diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf
index b5d7c82..bf63023 100644
--- a/examples/complete/variables.tf
+++ b/examples/complete/variables.tf
@@ -4,7 +4,7 @@ variable "additional_thumbprints" {
   type        = list(string)
 
   validation {
-    condition     = length(var.additional_thumbprints) <= 4
+    condition     = var.additional_thumbprints == null ? true : length(var.additional_thumbprints) <= 4
     error_message = "Only 4 additional thumbprints can be set, for a maximum of 5 in the OIDC provider."
   }
 }
diff --git a/main.tf b/main.tf
index 71638bc..ee5652f 100644
--- a/main.tf
+++ b/main.tf
@@ -73,6 +73,6 @@ resource "aws_iam_openid_connect_provider" "github" {
   url  = "https://token.actions.githubusercontent.com"
   thumbprint_list = var.additional_thumbprints != null ? concat(
     [data.tls_certificate.github.certificates[0].sha1_fingerprint],
-    [for thumbprint in var.additional_thumbprints : "${thumbprint}"]
+    [for thumbprint in var.additional_thumbprints : thumbprint]
   ) : [data.tls_certificate.github.certificates[0].sha1_fingerprint]
 }
diff --git a/versions.tf b/versions.tf
index d1d0b48..0ff6bef 100644
--- a/versions.tf
+++ b/versions.tf
@@ -16,7 +16,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 4.0"
+      version = ">= 4.0"
     }
 
     tls = {