diff --git a/README.md b/README.md
index 9b69a1f..c702c05 100644
--- a/README.md
+++ b/README.md
@@ -20,6 +20,15 @@ Read more about action versioning notation in [action-versioning.md](https://git
 
 To roll back a release in case of customer impact, start the workflow manually and specify the previous stable tag.
 
+## Recommended permissions
+
+When using the `publish-action` in your GitHub Actions workflow, it is recommended to set the following permissions to ensure proper functionality:
+
+```yaml
+permissions:
+  contents: write # access to publish release
+```
+
 ## Conributions
 
 We don't accept contributions until the action is ready for production.
diff --git a/package-lock.json b/package-lock.json
index 618beb6..9acf619 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -2533,10 +2533,11 @@
       }
     },
     "node_modules/cross-spawn": {
-      "version": "7.0.3",
-      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
-      "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
+      "version": "7.0.6",
+      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
+      "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
         "path-key": "^3.1.0",
         "shebang-command": "^2.0.0",