From 485c19a8f86c19aeb9f4fbf4491ed78d77e6eeb0 Mon Sep 17 00:00:00 2001
From: Grace Park <gracepark@github.com>
Date: Fri, 8 May 2026 12:11:20 -0700
Subject: [PATCH 1/2] Update Node.js version and permissions in publish.yml

---
 .github/workflows/publish.yml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index d5a3d25..c69709a 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -7,11 +7,14 @@ on:
 jobs:
   publish-npm:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
     steps:
       - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
         with:
-          node-version: 14
+          node-version: 20
           registry-url: https://registry.npmjs.org/
           cache: npm
       - run: npm ci
@@ -19,20 +22,19 @@ jobs:
       - run: npm version ${TAG_NAME} --git-tag-version=false
         env:
           TAG_NAME: ${{ github.event.release.tag_name }}
-      - run: npm whoami; npm --ignore-scripts publish
-        env:
-          NODE_AUTH_TOKEN: ${{secrets.npm_token}}
+      - run: npm --ignore-scripts publish --provenance
 
   publish-github:
     runs-on: ubuntu-latest
     permissions:
       contents: read
       packages: write
+      id-token: write
     steps:
       - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
         with:
-          node-version: 14
+          node-version: 20
           registry-url: https://npm.pkg.github.com
           cache: npm
       - run: npm ci
@@ -40,6 +42,4 @@ jobs:
       - run: npm version ${TAG_NAME} --git-tag-version=false
         env:
           TAG_NAME: ${{ github.event.release.tag_name }}
-      - run: npm whoami; npm --ignore-scripts publish
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - run: npm --ignore-scripts publish --provenance

From 87aa3f9739a5bd55c3d9fd8743875b5c1aaf2a85 Mon Sep 17 00:00:00 2001
From: Grace Park <gracepark@github.com>
Date: Fri, 8 May 2026 12:14:57 -0700
Subject: [PATCH 2/2] Upgrade GitHub Actions to checkout@v4 and setup-node@v4

---
 .github/workflows/publish.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index c69709a..888d178 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -11,8 +11,8 @@ jobs:
       contents: read
       id-token: write
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
           node-version: 20
           registry-url: https://registry.npmjs.org/