From 1d7ebc7413bfe009ee7f1169dee94cacf7e448c4 Mon Sep 17 00:00:00 2001
From: Zita Szupera <szuperaz@gmail.com>
Date: Fri, 9 Jan 2026 09:52:23 +0100
Subject: [PATCH] chore: enable trusted package publishing

---
 .github/workflows/cleanup.yml |  2 +-
 .github/workflows/release.yml | 15 +++++++++------
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/cleanup.yml b/.github/workflows/cleanup.yml
index 63c5ee5..3e09f6b 100644
--- a/.github/workflows/cleanup.yml
+++ b/.github/workflows/cleanup.yml
@@ -20,7 +20,7 @@ jobs:
       - name: Setup Node
         uses: actions/setup-node@v3
         with:
-          node-version: 22
+          node-version: 24
           cache: "yarn"
 
       - name: Install Dependencies
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index f1cc5c5..1d93790 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -7,25 +7,28 @@ on:
       - main
   workflow_dispatch:
 
+permissions:
+  id-token: write # Required for OIDC
+  contents: write # required for committing the version bump
+
 jobs:
   Release:
     name: 🚀 Release
     if: github.event_name == 'workflow_dispatch' || github.event.pull_request.merged && startsWith(github.head_ref, 'release-please--branches--main')
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Setup Node
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
-          node-version: 18
+          node-version: 24
           cache: "yarn"
+          registry-url: "https://registry.npmjs.org"
 
       - name: Install Dependencies
         run: yarn install --immutable
 
       - name: Publish package
-        run: |
-          npm config set //registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}
-          npm publish
+        run: npm publish