diff --git a/.github/workflows/release-package.yml b/.github/workflows/release-package.yml
index 861cfedb..e7641760 100644
--- a/.github/workflows/release-package.yml
+++ b/.github/workflows/release-package.yml
@@ -4,6 +4,17 @@
 
 name: "Publish NPM package if needed"
 
+permissions:
+  # Required to create/update references (release tags),
+  # includes "read", which is needed to retrieve a PR:
+  # https://docs.github.com/en/rest/git/refs#create-a-reference--fine-grained-access-tokens
+  # https://docs.github.com/en/rest/pulls/pulls#get-a-pull-request--fine-grained-access-tokens
+  contents: write
+
+  # Required for Open ID Connect (OIDC) authentication for npm publication:
+  # https://docs.npmjs.com/trusted-publishers#github-actions-configuration
+  id-token: write
+
 on:
   pull_request:
     branches:
@@ -17,14 +28,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout latest version of release script
-      uses: actions/checkout@v4
+      uses: actions/checkout@v6
       with:
         ref: main
 
     - name: Setup node.js
-      uses: actions/setup-node@v4
+      uses: actions/setup-node@v6
       with:
-        node-version: 20
+        node-version: 24
         cache: 'npm'
 
     - name: Install dependencies