diff --git a/.github/workflows/setup_npm.yml b/.github/workflows/setup_npm.yml
index 4e97bf2..20abd44 100644
--- a/.github/workflows/setup_npm.yml
+++ b/.github/workflows/setup_npm.yml
@@ -5,12 +5,16 @@ on:
     inputs:
       node-version:
         required: false
-        default: '24' # >= 24 required for OIDC token support
+        default: "24.13.1" # >= 24 required for OIDC token support
         type: string
       npm-version:
         required: false
-        default: '11.9.0' # >= v11.5.1 required for OIDC token support
+        default: "11.9.0" # >= v11.5.1 required for OIDC token support
         type: string
+      use-cache: # For security, disable for publishing steps
+        required: false
+        default: true
+        type: boolean
 
 jobs:
   setup:
@@ -18,12 +22,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2
       - name: Setup node
         uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 #v6.2.0
         with:
           node-version: ${{ inputs.node-version }}
           cache: "npm"
+          package-manager-cache: ${{inputs.use-cache}}
       - name: Install npm at specific version
         run: npm install -g npm@${{ inputs.npm-version }}
       - name: Install dependencies
diff --git a/.github/workflows/setup_yarn.yml b/.github/workflows/setup_yarn.yml
index 4a4e7be..4cdbe1b 100644
--- a/.github/workflows/setup_yarn.yml
+++ b/.github/workflows/setup_yarn.yml
@@ -5,12 +5,16 @@ on:
     inputs:
       node-version:
         required: false
-        default: '24'
+        default: "24.13.1"
         type: string
       yarn-version:
         required: false
-        default: '1.22.22'
+        default: "1.22.22"
         type: string
+      use-cache: # For security, disable for publishing steps
+        required: false
+        default: true
+        type: boolean
 
 jobs:
   setup:
@@ -18,12 +22,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2
       - name: Setup node
         uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 #v6.2.0
         with:
           node-version: ${{ inputs.node-version }}
           cache: "yarn"
+          package-manager-cache: ${{inputs.use-cache}}
       - name: Install yarn at specific version
         run: npm install -g yarn@${{ inputs.yarn-version }}
       - name: Install dependencies