diff --git a/.changes/bump-dependency-version-to-fix-vulnerability.md b/.changes/bump-dependency-version-to-fix-vulnerability.md
new file mode 100644
index 00000000..9d280173
--- /dev/null
+++ b/.changes/bump-dependency-version-to-fix-vulnerability.md
@@ -0,0 +1,5 @@
+---
+"iota-crypto": patch
+---
+
+Bump dependencies to fix vulnerability from `cargo audit` (`curve25519-dalek`: 3.2 -> 4.1.3, `x25519-dalek`: 1.1 -> 2.0.1, `age`: 0.9 -> 0.10).
diff --git a/.github/workflows/scripts/coverage.sh b/.github/workflows/scripts/coverage.sh
index 29f94afb..5fd9b4ea 100755
--- a/.github/workflows/scripts/coverage.sh
+++ b/.github/workflows/scripts/coverage.sh
@@ -7,7 +7,7 @@ mkdir coverage
 
 # Run tests with profiling instrumentation
 echo "Running instrumented unit tests..."
-RUSTFLAGS="-Zinstrument-coverage" LLVM_PROFILE_FILE="crypto-rs-%m.profraw" cargo +nightly test --tests --all --all-features
+RUSTFLAGS="-Cinstrument-coverage" LLVM_PROFILE_FILE="crypto-rs-%m.profraw" cargo +nightly test --tests --all --all-features
 
 # Merge all .profraw files into "crypto-rs.profdata"
 echo "Merging coverage data..."
@@ -19,7 +19,7 @@ BINARIES=""
 
 for file in \
   $( \
-    RUSTFLAGS="-Zinstrument-coverage" \
+    RUSTFLAGS="-Cinstrument-coverage" \
       cargo +nightly test --tests --all --all-features --no-run --message-format=json \
         | jq -r "select(.profile.test == true) | .filenames[]" \
         | grep -v dSYM - \