diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..be006de
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,13 @@
+# Keep GitHub Actions up to date with GitHub's Dependabot...
+# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot
+# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    groups:
+      github-actions:
+        patterns:
+          - "*"  # Group all Actions updates into a single larger pull request
+    schedule:
+      interval: weekly
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 1c72700..a84ed12 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -17,6 +17,8 @@ jobs:
 
   deploy:
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
 
     needs: package
 
@@ -28,10 +30,7 @@ jobs:
         path: dist
 
     - name: Publish package to PyPI
-      uses: pypa/gh-action-pypi-publish@v1.8.11
-      with:
-        user: __token__
-        password: ${{ secrets.pypi_token }}
+      uses: pypa/gh-action-pypi-publish@v1.12.2
 
     - name: Publish GitHub Release
       uses: softprops/action-gh-release@v1
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index da67819..496fbbd 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -1,5 +1,7 @@
-UNRELEASED
-==========
+1.5.3
+=====
+
+*2024-11-29*
 
 * Ignore empty and blank lines in the replay file (`#70`_).
 
diff --git a/pyproject.toml b/pyproject.toml
index e69de29..593ec60 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -0,0 +1,3 @@
+[build-system]
+build-backend = "setuptools.build_meta"
+requires = ["setuptools"]