semantic-release 25.0.1-alpha.2 → 25.0.1-alpha.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/docs/recipes/ci-configurations/github-actions.md +1 -0
  2. package/package.json +2 -2
package/docs/recipes/ci-configurations/github-actions.md CHANGED
@@ -10,6 +10,7 @@ In this example a publish type [`NPM_TOKEN`](https://docs.npmjs.com/creating-and
10
10
 
11
11
  For improved security and automation, it is recommended to leverage [trusted publishing](https://docs.npmjs.com/trusted-publishers) through [OpenID Connect (OIDC)](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect) when publishing to npm from GitHub Actions.
12
12
  GitHub Actions is a [trusted identity provider](https://docs.npmjs.com/trusted-publishers#identity-providers) for npm, enabling configuration of a trust relationship between your GitHub repository and npm so that no long-lived secret (like an `NPM_TOKEN`) is required to publish packages to npm from GitHub Actions.
13
+ The npm registry [recently increased restrictions for use of long-lived access tokens](https://github.blog/changelog/2025-09-29-strengthening-npm-security-important-changes-to-authentication-and-token-management/), further encouraging trusted publishing as the preferred approach for publishing to npm from GitHub Actions.
13
14
  Enabling trusted publishing requires granting the `id-token: write` permission to the job performing the publish step and [configuring a trust relationship](https://docs.npmjs.com/trusted-publishers#step-1-add-a-trusted-publisher-on-npmjscom) between your GitHub repository and npm.
14
15
 
15
16
  [npm provenance](https://docs.npmjs.com/generating-provenance-statements) is valuable for increasing supply-chain security for your npm packages.
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "semantic-release",
3
3
  "description": "Automated semver compliant package publishing",
4
- "version": "25.0.1-alpha.2",
4
+ "version": "25.0.1-alpha.4",
5
5
  "type": "module",
6
6
  "author": "Stephan Bönnemann <stephan@boennemann.me> (http://boennemann.me)",
7
7
  "ava": {
@@ -30,7 +30,7 @@
30
30
  "@semantic-release/commit-analyzer": "^13.0.1",
31
31
  "@semantic-release/error": "^4.0.0",
32
32
  "@semantic-release/github": "^12.0.0",
33
- "@semantic-release/npm": "^13.1.0-alpha.8",
33
+ "@semantic-release/npm": "^13.1.0-beta.1",
34
34
  "@semantic-release/release-notes-generator": "^14.1.0",
35
35
  "aggregate-error": "^5.0.0",
36
36
  "cosmiconfig": "^9.0.0",