diff --git a/LICENSE b/LICENSE
--- a/LICENSE
+++ b/LICENSE
@@ -1,4 +1,4 @@
-google-oauth2-jwt - Copyright Michel Boucey (c) 2016-2017
+google-oauth2-jwt - Copyright Michel Boucey (c) 2016-2024
 
 All rights reserved.
 
diff --git a/README.md b/README.md
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-# Google-oauth2-jwt [![Build Status](https://travis-ci.org/MichelBoucey/google-oauth2-jwt.svg?branch=master)](https://travis-ci.org/MichelBoucey/google-oauth2-jwt)
+# Google-oauth2-jwt ![CI](https://github.com/MichelBoucey/google-oauth2-jwt/actions/workflows/haskell-ci.yml/badge.svg)
 
 Google-oauth2-jwt implements the creation of the signed JWT for Google Service Accounts,
 to make authorized calls to Google APIs from server to server. All details here:
diff --git a/google-oauth2-jwt.cabal b/google-oauth2-jwt.cabal
--- a/google-oauth2-jwt.cabal
+++ b/google-oauth2-jwt.cabal
@@ -1,5 +1,5 @@
 name:                google-oauth2-jwt
-version:             0.3.3
+version:             0.3.3.1
 synopsis:            Get a signed JWT for Google Service Accounts
 description:         This library implements the creation of the
                      signed JWT for Google Service Accounts.
@@ -8,29 +8,29 @@
 license-file:        LICENSE
 author:              Michel Boucey
 maintainer:          michel.boucey@gmail.com
-copyright:           (c) 2016-2021 - Michel Boucey
+copyright:           (c) 2016-2024 - Michel Boucey
 category:            Google
 build-type:          Simple
 extra-source-files:  README.md
 cabal-version:       >= 1.10
 
-Tested-With: GHC ==8.4.4 || ==8.6.5 || ==8.8.4 || ==8.10.4 || ==9.0.1
+Tested-With: GHC ==8.8.4 || ==8.10.7 || ==9.0.2 || ==9.2.8 || ==9.4.8 || ==9.6.3 || ==9.8.1
 
+source-repository head
+  type:     git
+  location: git://github.com/MichelBoucey/google-oauth2-jwt.git
+
 library
   hs-source-dirs:   src
   exposed-modules:  Network.Google.OAuth2.JWT
-  build-depends:    base                >= 4.7      && < 5
-                  , base64-bytestring   >= 1.0.0    && < 1.2.0.1
-                  , bytestring          >= 0.10.6   && < 0.11
-                  , HsOpenSSL           >= 0.11.1.1 && < 0.12
-                  , RSA                 >= 2.1.0.3  && < 2.5
-                  , text                >= 1.2.2    && < 1.3
-                  , unix-time           >= 0.3.6    && < 0.5
+  build-depends:    base                >= 4.3    && < 5
+                  , base64-bytestring   >= 1.0.0  && < 1.3
+                  , bytestring          >= 0.10.6 && < 0.13
+                  , HsOpenSSL           >= 0.11.7 && < 0.12
+                  , RSA                 >= 2.4.1  && < 2.5
+                  , text                >= 1.2.2  && < 2.2
+                  , unix-time           >= 0.3.6  && < 0.5
 
   default-language: Haskell2010
   GHC-options:      -Wall
-
-source-repository head
-  type:     git
-  location: git://github.com/MichelBoucey/google-oauth2-jwt.git
 
diff --git a/src/Network/Google/OAuth2/JWT.hs b/src/Network/Google/OAuth2/JWT.hs
--- a/src/Network/Google/OAuth2/JWT.hs
+++ b/src/Network/Google/OAuth2/JWT.hs
@@ -23,10 +23,9 @@
 import           Control.Monad              (unless)
 import qualified Data.ByteString            as B
 import           Data.ByteString.Base64.URL (encode)
-import           Data.ByteString.Lazy       (fromStrict, toStrict)
 import           Data.ByteString.Char8      (unpack)
-import           Data.Maybe                 (fromMaybe, fromJust)
--- import           Data.Monoid                ((<>))
+import           Data.ByteString.Lazy       (fromStrict, toStrict)
+import           Data.Maybe                 (fromJust, fromMaybe)
 import qualified Data.Text                  as T
 import           Data.Text.Encoding         (encodeUtf8)
 import           Data.UnixTime              (getUnixTime, utSeconds)
@@ -59,7 +58,7 @@
 -- >
 fromPEMString :: String -> IO PrivateKey
 fromPEMString s =
-  fromJust . toKeyPair <$> readPrivateKey s PwNone >>=
+  readPrivateKey s PwNone >>= (
     \k -> return
       PrivateKey
         { private_pub =
@@ -74,7 +73,7 @@
         , private_dP   = 0
         , private_dQ   = 0
         , private_qinv = 0
-        }
+        }) . fromJust . toKeyPair
 
 -- | Create the signed JWT ready for transmission
 -- in the access token request as assertion value.
@@ -96,23 +95,23 @@
   -- Google API Console.
   -> IO (Either String SignedJWT)
   -- ^ Either an error message or a signed JWT.
-getSignedJWT iss msub scs mxt pk = do
-  let xt = fromIntegral (fromMaybe 3600 mxt)
-  unless (xt >= 1 && xt <= 3600) (fail "Bad expiration time")
-  t <- getUnixTime
-  let i = header <> "." <> toB64 ("{\"iss\":\"" <> iss <> "\","
-          <> maybe T.empty (\e -> "\"sub\":\"" <> e <> "\",") msub
-          <> "\"scope\":\"" <> T.intercalate " " scs <> "\",\"aud\
-          \\":\"https://www.googleapis.com/oauth2/v4/token\",\"ex\
-          \p\":" <> toT (utSeconds t + CTime xt) <> ",\"iat\":"
-          <> toT (utSeconds t) <> "}")
-  return $
-    either
-      (return $ Left "RSAError")
-      (\s -> return $ SignedJWT $ i <> "." <> encode (toStrict s))
-      (rsassa_pkcs1_v1_5_sign hashSHA256 pk $ fromStrict i)
-  where
-    toT = T.pack . show
-    toB64 = encode . encodeUtf8
-    header = toB64 "{\"alg\":\"RS256\",\"typ\":\"JWT\"}"
+getSignedJWT iss msub scs mxt pk =
+  let toT = T.pack . show
+      toB64 = encode . encodeUtf8
+      header = toB64 "{\"alg\":\"RS256\",\"typ\":\"JWT\"}"
+  in do
+    let xt = fromIntegral (fromMaybe 3600 mxt)
+    unless (xt >= 1 && xt <= 3600) (fail "Bad expiration time")
+    t <- getUnixTime
+    let i = header <> "." <> toB64 ("{\"iss\":\"" <> iss <> "\","
+            <> maybe T.empty (\e -> "\"sub\":\"" <> e <> "\",") msub
+            <> "\"scope\":\"" <> T.intercalate " " scs <> "\",\"aud\
+            \\":\"https://www.googleapis.com/oauth2/v4/token\",\"ex\
+            \p\":" <> toT (utSeconds t + CTime xt) <> ",\"iat\":"
+            <> toT (utSeconds t) <> "}")
+    return $
+      either
+        (return $ Left "RSAError")
+        (\s -> return $ SignedJWT $ i <> "." <> encode (toStrict s))
+        (rsassa_pkcs1_v1_5_sign hashSHA256 pk $ fromStrict i)
 
