diff --git a/.github/workflows/python-package.yml b/.github/workflows/python-package.yml
index d8f449e..c7b789f 100644
--- a/.github/workflows/python-package.yml
+++ b/.github/workflows/python-package.yml
@@ -9,6 +9,9 @@ on:
   pull_request:
     branches: [ "master" ]
 
+permissions:
+  contents: read
+
 jobs:
   validate:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml
index c3e019b..3c069bb 100644
--- a/.github/workflows/python-publish.yml
+++ b/.github/workflows/python-publish.yml
@@ -20,13 +20,16 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3
-    - name: Install and configure Poetry
-      uses: snok/install-poetry@v1
+    - uses: actions/checkout@v4
+    - name: Install Poetry
+      run: |
+        curl -sSL https://install.python-poetry.org | python3 -
+        echo "$HOME/.local/bin" >> $GITHUB_PATH
     - name: Set up Python
-      uses: actions/setup-python@v3
+      uses: actions/setup-python@v5
       with:
         python-version: '3.x'
+        cache: 'poetry'
     - name: Publish package
       env:
         PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}
@@ -36,4 +39,3 @@ jobs:
     - name: cleanup
       if: always()
       run: poetry config pypi-token.pypi "0000000000"
-