diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 742ec57..93a4a96 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -4,6 +4,9 @@ updates:
     directory: /
     schedule:
       interval: weekly
+      day: monday
+    cooldown:
+      default-days: 14 # 2 weeks
     groups:
       actions-minor:
         update-types:
@@ -14,6 +17,9 @@ updates:
     directory: /
     schedule:
       interval: weekly
+      day: monday
+    cooldown:
+      default-days: 14 # 2 weeks
     groups:
       npm-development:
         dependency-type: development
diff --git a/.github/linters/zizmor.yaml b/.github/linters/zizmor.yaml
new file mode 100644
index 0000000..2fe494c
--- /dev/null
+++ b/.github/linters/zizmor.yaml
@@ -0,0 +1,3 @@
+rules:
+  unpinned-uses:
+    disable: true
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 51f1853..1800c1f 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -31,6 +31,8 @@ jobs:
       - name: Checkout
         id: checkout
         uses: actions/checkout@v4
+        with:
+          persist-credentials: false
 
       - name: Initialize CodeQL
         id: initialize
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
index 4b3fdda..af064d3 100644
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@@ -24,6 +24,7 @@ jobs:
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
+          persist-credentials: false
 
       - name: Setup Node.js
         id: setup-node
@@ -40,7 +41,7 @@ jobs:
         run: npm run lint
       - name: Lint Codebase
         id: super-linter
-        uses: super-linter/super-linter/slim@v7
+        uses: super-linter/super-linter/slim@v8
         env:
           DEFAULT_BRANCH: main
           FILTER_REGEX_EXCLUDE: dist/**/*
@@ -50,3 +51,6 @@ jobs:
           VALIDATE_JAVASCRIPT_STANDARD: false
           VALIDATE_JSCPD: false
           VALIDATE_TYPESCRIPT_STANDARD: false
+          VALIDATE_BIOME_FORMAT: false
+          VALIDATE_BIOME_LINT: false
+          VALIDATE_TRIVY: false
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 1aefaf9..889d058 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -24,6 +24,8 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
+        with:
+          persist-credentials: false
 
       - name: Set up Node.js
         uses: actions/setup-node@v4
@@ -31,9 +33,12 @@ jobs:
           node-version: '18'
 
       - name: Print inputs for debugging (Sharding)
+        env:
+          RECORD_KEY: ${{ env.CURRENTS_RECORD_KEY }}
+          SHARD: ${{ matrix.shard }}
         run: |
-          echo "Key: ${{ env.CURRENTS_RECORD_KEY }}"
-          echo "Matrix Index: ${{ matrix.shard }}"
+          echo "Key: $RECORD_KEY"
+          echo "Matrix Index: $SHARD"
       - name: Run My Action (Sharding)
         id: sharding_action
         uses: ./
@@ -44,8 +49,10 @@ jobs:
           matrix-total: 2
 
       - name: Verify Action Output (Sharding)
+        env:
+          EXTRA_FLAGS: ${{ steps.sharding_action.outputs.extra-pw-flags }}
         run: |
-          echo "Extra Playwright Flags: ${{ steps.sharding_action.outputs.extra-pw-flags }}"
+          echo "Extra Playwright Flags: $EXTRA_FLAGS"
 
   test-action-or8n:
     strategy:
@@ -61,6 +68,8 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
+        with:
+          persist-credentials: false
 
       - name: Set up Node.js
         uses: actions/setup-node@v4
@@ -68,9 +77,12 @@ jobs:
           node-version: '18'
 
       - name: Print inputs for debugging (Or8n)
+        env:
+          API_KEY: ${{ env.CURRENTS_API_KEY }}
+          PROJECT_ID: ${{ env.CURRENTS_PROJECT_ID }}
         run: |
-          echo "API Key: ${{ env.CURRENTS_API_KEY }}"
-          echo "Project ID: ${{ env.CURRENTS_PROJECT_ID }}"
+          echo "API Key: $API_KEY"
+          echo "Project ID: $PROJECT_ID"
 
       - name: Run My Action (Or8n)
         id: or8n_action
@@ -82,5 +94,7 @@ jobs:
           pw-output-dir: basic/test-results
 
       - name: Verify Action Output (Or8n)
+        env:
+          EXTRA_FLAGS: ${{ steps.or8n_action.outputs.extra-pw-flags }}
         run: |
-          echo "Extra Playwright Flags: ${{ steps.or8n_action.outputs.extra-pw-flags }}"
+          echo "Extra Playwright Flags: $EXTRA_FLAGS"
diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml
index af8f75a..fa00b87 100644
--- a/.github/workflows/unit-tests.yml
+++ b/.github/workflows/unit-tests.yml
@@ -18,6 +18,8 @@ jobs:
       cancel-in-progress: true
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - uses: actions/setup-node@v4
         with:
           node-version: 18
diff --git a/script/release b/script/release
index 9e23fd2..91d7e01 100755
--- a/script/release
+++ b/script/release
@@ -93,11 +93,11 @@ fi
 
 # 8. Point separate major release tag (e.g. v1, v2) to the new release
 if [ $is_major_release = 'yes' ]; then
-	# Create a new major verison tag and point it to this release
+	# Create a new major version tag and point it to this release
 	git tag "$new_major_release_tag" --annotate --message "$new_major_release_tag Release"
 	echo -e "New major version tag: ${BOLD_GREEN}$new_major_release_tag${OFF}"
 else
-	# Update the major verison tag to point it to this release
+	# Update the major version tag to point it to this release
 	git tag "$latest_major_release_tag" --force --annotate --message "Sync $latest_major_release_tag tag with $new_tag"
 	echo -e "Synced ${BOLD_GREEN}$latest_major_release_tag${OFF} with ${BOLD_GREEN}$new_tag${OFF}"
 fi