diff --git a/.github/mergify.yml b/.github/mergify.yml
index b0dbe1033b8..a7bc364c473 100644
--- a/.github/mergify.yml
+++ b/.github/mergify.yml
@@ -19,10 +19,6 @@ pull_request_rules:
   - actions:
       queue:
         name: default
-        # Merge into master with a merge commit
-        method: merge
-        # Update the pr branch with rebase, so the history is clean
-        update_method: rebase
     name: Put pull requests in the rebase+merge queue
     conditions:
       - base=master
@@ -33,11 +29,7 @@ pull_request_rules:
   # merge+squash strategy
   - actions:
       queue:
-        name: default
-        method: squash
-        # both update methods get absorbed by the squash, so we use the most
-        # reliable
-        update_method: merge
+        name: squash-merge
     name: Put pull requests in the squash+merge queue
     conditions:
       - base=master
@@ -61,9 +53,6 @@ pull_request_rules:
       queue:
         name: default
         # Merge with a merge commit
-        method: merge
-        # Update the pr branch with rebase, so the history is clean
-        update_method: rebase
     name: Put backports in the rebase+merge queue
     conditions:
       - label=merge me
@@ -71,6 +60,17 @@ pull_request_rules:
       - body~=backport
       - '#approved-reviews-by>=1'
 
+  # merge+squash strategy for backports: require 1 approver instead of 2
+  - actions:
+      queue:
+        name: squash-merge
+    name: Put backports in the squash+merge queue
+    conditions:
+      - label=squash+merge me
+      - base!=master
+      - body~=backport
+      - '#approved-reviews-by>=1'
+
   # backports should be labeled as such
   - actions:
       label:
@@ -81,5 +81,12 @@ pull_request_rules:
       - body~=automatic backport
 
 queue_rules:
+  # Mergify now requires different queues for different strategies
   - name: default
     update_bot_account: Mikolaj
+    merge_method: merge
+    update_method: rebase
+  - name: squash-merge
+    update_bot_account: Mikolaj
+    merge_method: squash
+    update_method: merge
diff --git a/.github/workflows/bootstrap.yml b/.github/workflows/bootstrap.yml
index ecfb015c699..e74d355360f 100644
--- a/.github/workflows/bootstrap.yml
+++ b/.github/workflows/bootstrap.yml
@@ -69,7 +69,7 @@ jobs:
         run: |
           _build/bin/cabal --version
 
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         with:
           name: cabal-${{ matrix.os }}-${{ matrix.ghc }}-bootstrapped
           path: _build/artifacts/*
diff --git a/.github/workflows/users-guide.yml b/.github/workflows/users-guide.yml
index 8442b39c2f4..64969e427c4 100644
--- a/.github/workflows/users-guide.yml
+++ b/.github/workflows/users-guide.yml
@@ -73,7 +73,7 @@ jobs:
       run: |
         make SPHINX_HTML_OUTDIR=html users-guide
 
-    - uses: actions/upload-artifact@v3
+    - uses: actions/upload-artifact@v4
       with:
         name: users-guide-html
         path: html/
diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
index dd3f350db3a..bb5b215aee2 100644
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@@ -185,7 +185,7 @@ jobs:
       # - Make it available in the workflow to make easier testing it locally
       - name: Upload cabal-install executable to workflow artifacts
         if: matrix.ghc == env.GHC_FOR_RELEASE
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: cabal-${{ runner.os }}-x86_64
           path: ${{ env.CABAL_EXEC_TAR }}
@@ -332,7 +332,7 @@ jobs:
           echo "CABAL_EXEC_TAR=$CABAL_EXEC_TAR" >> "$GITHUB_ENV"
 
       - name: Upload cabal-install executable to workflow artifacts
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: cabal-${{ runner.os }}-static-x86_64
           path: ${{ env.CABAL_EXEC_TAR }}
@@ -369,7 +369,7 @@ jobs:
           cabal-version: latest # default, we are not using it in this job
 
       - name: Download cabal executable from workflow artifacts
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: cabal-${{ runner.os }}-x86_64
           path: cabal-head
@@ -394,19 +394,19 @@ jobs:
     needs: [validate, validate-old-ghcs, build-alpine, dogfooding]
 
     steps:
-    - uses: actions/download-artifact@v3
+    - uses: actions/download-artifact@v4
       with:
         name: cabal-Windows-x86_64
 
-    - uses: actions/download-artifact@v3
+    - uses: actions/download-artifact@v4
       with:
         name: cabal-Linux-x86_64
 
-    - uses: actions/download-artifact@v3
+    - uses: actions/download-artifact@v4
       with:
         name: cabal-Linux-static-x86_64
 
-    - uses: actions/download-artifact@v3
+    - uses: actions/download-artifact@v4
       with:
         name: cabal-macOS-x86_64
 
@@ -424,7 +424,7 @@ jobs:
           cabal-head-macOS-x86_64.tar.gz
 
   # We use this job as a summary of the workflow
-  # It will fail if any of the previous jobs does it
+  # It will fail if any of the previous jobs does
   # This way we can use it exclusively in branch protection rules
   # and abstract away the concrete jobs of the workflow, including their names
   validate-post-job: