From f2091fe2b9537c753dcb2ee6674b71b556b4655f Mon Sep 17 00:00:00 2001
From: Kazuaki Matsuo <fly.49.89.over@gmail.com>
Date: Sat, 15 Nov 2025 10:45:09 -0800
Subject: [PATCH] chore: publish via trusted publisher

---
 .github/workflows/publish.js.yml | 2 +-
 package.json                     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/publish.js.yml b/.github/workflows/publish.js.yml
index 79c798d..4fcd1b0 100644
--- a/.github/workflows/publish.js.yml
+++ b/.github/workflows/publish.js.yml
@@ -9,6 +9,7 @@ permissions:
   contents: write
   pull-requests: write
   issues: write
+  id-token: write # to enable use of OIDC for trusted publishing and npm provenance
 
 jobs:
   build:
@@ -28,5 +29,4 @@ jobs:
     - run: npx semantic-release
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
       name: Release
diff --git a/package.json b/package.json
index 3cbaba4..67f2d78 100644
--- a/package.json
+++ b/package.json
@@ -70,7 +70,7 @@
     "conventional-changelog-conventionalcommits": "^9.0.0",
     "mocha": "^11.0.1",
     "prettier": "^3.0.0",
-    "semantic-release": "^25.0.0",
+    "semantic-release": "^25.0.2",
     "ts-node": "^10.9.1",
     "typescript": "^5.4.3"
   }