diff --git a/.github/workflows/plan-release.yml b/.github/workflows/plan-release.yml
index 770f8fe7..909c12f4 100644
--- a/.github/workflows/plan-release.yml
+++ b/.github/workflows/plan-release.yml
@@ -34,6 +34,9 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 5
     needs: check-plan
+    permissions:
+      contents: write
+      pull-requests: write   
     outputs:
       explanation: ${{ steps.explanation.outputs.text }}
     # only run on push event if plan wasn't updated (don't create a release plan when we're releasing)
@@ -46,14 +49,7 @@ jobs:
         # lerna-changelog can discover what's changed since the last release
         with:
           fetch-depth: 0
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 18
-      
-      - uses: pnpm/action-setup@v2
-        with:
-          version: 8
-      - run: pnpm install --frozen-lockfile
+      - uses: wyvox/action-setup-pnpm@v3
       
       - name: "Generate Explanation and Prep Changelogs"
         id: explanation
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 985465ff..77a53e2a 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -38,19 +38,17 @@ jobs:
     runs-on: ubuntu-latest
     needs: check-plan
     if: needs.check-plan.outputs.command == 'release'
+    permissions:
+      contents: write
+      pull-requests: write   
 
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: wyvox/action-setup-pnpm@v3
         with:
-          node-version: 18
           # This creates an .npmrc that reads the NODE_AUTH_TOKEN environment variable
-          registry-url: 'https://registry.npmjs.org'
+          node-registry-url: 'https://registry.npmjs.org'
       
-      - uses: pnpm/action-setup@v2
-        with:
-          version: 8
-      - run: pnpm install --frozen-lockfile
       - name: npm publish
         run: pnpm release-plan publish