diff --git a/content/packages-and-modules/securing-your-code/generating-provenance-statements.mdx b/content/packages-and-modules/securing-your-code/generating-provenance-statements.mdx
index a4dbc2f2041..6c065d3de5c 100644
--- a/content/packages-and-modules/securing-your-code/generating-provenance-statements.mdx
+++ b/content/packages-and-modules/securing-your-code/generating-provenance-statements.mdx
@@ -91,11 +91,12 @@ jobs:
       contents: read
       id-token: write
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@v6
+      - uses: actions/setup-node@v6
         with:
-          node-version: '20.x'
+          node-version: '24.x'
           registry-url: 'https://registry.npmjs.org'
+          package-manager-cache: false  # never use caching in release builds
       - run: npm ci
       - run: npm publish --provenance --access public
         env:
diff --git a/content/packages-and-modules/securing-your-code/trusted-publishers.mdx b/content/packages-and-modules/securing-your-code/trusted-publishers.mdx
index 557c9bdbc0c..4c52609b4d5 100644
--- a/content/packages-and-modules/securing-your-code/trusted-publishers.mdx
+++ b/content/packages-and-modules/securing-your-code/trusted-publishers.mdx
@@ -106,6 +106,7 @@ jobs:
         with:
           node-version: '24'
           registry-url: 'https://registry.npmjs.org'
+          package-manager-cache: false  # never use caching in release builds
       - run: npm ci
       - run: npm run build --if-present
       - run: npm test
@@ -298,10 +299,11 @@ While trusted publishing handles the publish operation, you may still need authe
 
 ```yaml
 # GitHub Actions example
-- uses: actions/setup-node@v4
+- uses: actions/setup-node@v6
   with:
     node-version: '24'
     registry-url: 'https://registry.npmjs.org'
+    package-manager-cache: false  # never use caching in release builds
 # Use a read-only token for installing dependencies
 - run: npm ci
   env: