diff --git a/.github/workflows/build-docker.yaml b/.github/workflows/build-docker.yaml
index f70cccb113b..99f831cde2e 100644
--- a/.github/workflows/build-docker.yaml
+++ b/.github/workflows/build-docker.yaml
@@ -27,7 +27,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: ${{ inputs.ref }}
           submodules: recursive
diff --git a/.github/workflows/build-docs.yaml b/.github/workflows/build-docs.yaml
index 33d4d024064..24a8a747c50 100644
--- a/.github/workflows/build-docs.yaml
+++ b/.github/workflows/build-docs.yaml
@@ -40,7 +40,7 @@ jobs:
               breathe
 
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: ${{ inputs.ref }}
 
@@ -66,12 +66,12 @@ jobs:
           chmod -R +rX gh-pages/
 
       - name: Upload docs artifacts
-        uses: actions/upload-pages-artifact@v2
+        uses: actions/upload-pages-artifact@v3
         with:
           path: gh-pages
 
       - name: Debug
-        uses: mxschmitt/action-tmate@v3.6
+        uses: mxschmitt/action-tmate@v3.17
         with:
           limit-access-to-actor: true
         if: failure() && inputs.debug
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 13c7b145cc0..6d2b6923414 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -44,7 +44,7 @@ jobs:
       INCLUDE: ${{ steps.configure.outputs.INCLUDE }}
       OS: ${{ steps.configure.outputs.OS }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: ${{ inputs.ref }}
 
@@ -92,7 +92,7 @@ jobs:
         run: git config --global core.autocrlf false
 
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: ${{ inputs.ref }}
           submodules: recursive
@@ -211,7 +211,7 @@ jobs:
         run: ctest -C "${{ matrix.build_type }}" -V --test-dir build/
 
       - name: Publish Test Report
-        uses: mikepenz/action-junit-report@150e2f992e4fad1379da2056d1d1c279f520e058
+        uses: mikepenz/action-junit-report@v4
         if: ${{ always() }}
         with:
           report_paths: 'junit-reports/TEST-*.xml'
@@ -276,7 +276,7 @@ jobs:
           fi
 
       - name: Upload static release build artifacts
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         if: matrix.build_type == 'Release' && matrix.lib_type == 'static'
         with:
           name: artifacts-${{ matrix.os_name }}-${{ matrix.target_arch }}
@@ -285,7 +285,7 @@ jobs:
           retention-days: 5
 
       - name: Debug
-        uses: mxschmitt/action-tmate@v3.6
+        uses: mxschmitt/action-tmate@v3.17
         with:
           limit-access-to-actor: true
         if: failure() && inputs.debug
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
index e8d1fe97122..1d43098ee2d 100644
--- a/.github/workflows/lint.yaml
+++ b/.github/workflows/lint.yaml
@@ -27,7 +27,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: ${{ inputs.ref }}
           # We must use 'fetch-depth: 2', or else the linter won't have another
diff --git a/.github/workflows/publish-docker.yaml b/.github/workflows/publish-docker.yaml
index 8d9c816f398..893a72ca204 100644
--- a/.github/workflows/publish-docker.yaml
+++ b/.github/workflows/publish-docker.yaml
@@ -43,7 +43,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: ${{ inputs.tag }}
           submodules: recursive
diff --git a/.github/workflows/publish-docs.yaml b/.github/workflows/publish-docs.yaml
index 7f1b7d87684..33c63d4b110 100644
--- a/.github/workflows/publish-docs.yaml
+++ b/.github/workflows/publish-docs.yaml
@@ -48,4 +48,4 @@ jobs:
     steps:
       - name: Deploy to GitHub Pages
         id: deployment
-        uses: actions/deploy-pages@v2
+        uses: actions/deploy-pages@v4
diff --git a/.github/workflows/publish-npm.yaml b/.github/workflows/publish-npm.yaml
index 97c7c546779..c06547756df 100644
--- a/.github/workflows/publish-npm.yaml
+++ b/.github/workflows/publish-npm.yaml
@@ -41,7 +41,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: ${{ inputs.tag }}
           submodules: recursive
diff --git a/.github/workflows/release-please.yaml b/.github/workflows/release-please.yaml
index a73a1175111..ac679fccc62 100644
--- a/.github/workflows/release-please.yaml
+++ b/.github/workflows/release-please.yaml
@@ -25,20 +25,16 @@ jobs:
       tag_name: ${{ steps.release.outputs.tag_name }}
     steps:
       # Create/update release PR
-      - uses: google-github-actions/release-please-action@v3
+      - uses: google-github-actions/release-please-action@v4
         id: release
         with:
-          # Required input to specify the release type.  This is not really a
-          # go project, but go projects in release-please only update
-          # CHANGELOG.md and nothing else.  This is what we want.
-          release-type: go
           # Make sure we create the PR against the correct branch.
-          default-branch: ${{ github.ref_name }}
+          target-branch: ${{ github.ref_name }}
           # Use a special shaka-bot access token for releases.
           token: ${{ secrets.RELEASE_PLEASE_TOKEN || secrets.GITHUB_TOKEN }}
-          # Temporary settings to bootstrap v3.0.0.
-          last-release-sha: 634af6591ce8c701587a78042ae7f81761725710
-          bootstrap-sha: 634af6591ce8c701587a78042ae7f81761725710
+          # See also settings in these files:
+          manifest-file: .release-please-manifest.json
+          config-file: .release-please-config.json
 
   # The jobs below are all conditional on a release having been created by
   # someone merging the release PR.
@@ -56,7 +52,7 @@ jobs:
     outputs:
       latest: ${{ steps.compute.outputs.latest }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-tags: true
           persist-credentials: false
@@ -121,22 +117,21 @@ jobs:
     needs: [release, build]
     if: needs.release.outputs.release_created
     steps:
-      - uses: actions/download-artifact@v3
+      - uses: actions/download-artifact@v4
         with:
           path: artifacts
+          merge-multiple: true
 
       - name: Debug
         run: find -ls
 
       - name: Attach packager to release
-        uses: svenstaro/upload-release-action@v2
-        with:
-          repo_token: ${{ secrets.GITHUB_TOKEN }}
-          tag: ${{ needs.release.outputs.tag_name }}
-          make_latest: false  # Already set for the release
-          file_glob: true
-          file: artifacts/artifacts*/*
-          overwrite: true
+        env:
+          GITHUB_TOKEN: ${{ secrets.RELEASE_PLEASE_TOKEN || secrets.GITHUB_TOKEN }}
+        run: |
+          gh -R ${{ github.repository }} release upload \
+              ${{ needs.release.outputs.tag_name }} artifacts/* \
+              --clobber
 
   # Surprisingly, Shaka Packager binaries can be installed via npm.
   # Publish NPM package updates.
diff --git a/.github/workflows/sync-labels.yaml b/.github/workflows/sync-labels.yaml
index 47e73a9a443..0b679eab380 100644
--- a/.github/workflows/sync-labels.yaml
+++ b/.github/workflows/sync-labels.yaml
@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: shaka-project/shaka-github-tools
 
diff --git a/.github/workflows/test-linux-distros.yaml b/.github/workflows/test-linux-distros.yaml
index 8391675e390..992900b174b 100644
--- a/.github/workflows/test-linux-distros.yaml
+++ b/.github/workflows/test-linux-distros.yaml
@@ -29,7 +29,7 @@ jobs:
     outputs:
       MATRIX: ${{ steps.configure.outputs.MATRIX }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: ${{ inputs.ref }}
 
@@ -65,7 +65,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: ${{ inputs.ref }}
           submodules: recursive
diff --git a/.github/workflows/update-issues.yaml b/.github/workflows/update-issues.yaml
index e69eba5e819..6424ce19aec 100644
--- a/.github/workflows/update-issues.yaml
+++ b/.github/workflows/update-issues.yaml
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: shaka-project/shaka-github-tools
 
diff --git a/.release-please-config.json b/.release-please-config.json
new file mode 100644
index 00000000000..3b2ecb248db
--- /dev/null
+++ b/.release-please-config.json
@@ -0,0 +1,11 @@
+{
+  "packages": {
+    ".": {
+      "include-component-in-tag": false,
+      "include-v-in-tag": true,
+      "component": "",
+      "release-type-comment": "This is not really a go project, but go projects in release-please only update CHANGELOG.md and nothing else.  This is what we want.",
+      "release-type": "go"
+    }
+  }
+}
diff --git a/.release-please-manifest.json b/.release-please-manifest.json
new file mode 100644
index 00000000000..d4f6f2994ea
--- /dev/null
+++ b/.release-please-manifest.json
@@ -0,0 +1,3 @@
+{
+  ".": "3.0.0"
+}