Skip to content

chore: update to yarn 4.11.0 and configure for trusted publisher #34

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jkebinger merged 1 commit into from
Nov 20, 2025
Merged

chore: update to yarn 4.11.0 and configure for trusted publisher #34

jkebinger merged 1 commit into from
Nov 20, 2025

Conversation

@jkebinger
Copy link
Contributor

@jkebinger jkebinger commented Nov 20, 2025

Summary

  • Updates yarn from 4.9.2 to 4.11.0 in release workflow
  • Removes --provenance flag from publish commands (now handled by .yarnrc.yml)
  • Removes npmAuthToken from .yarnrc.yml (using OIDC instead)
  • Keeps npmPublishProvenance: true in .yarnrc.yml for automatic provenance generation

Context

Yarn 4.11.0 is required for proper npm trusted publisher support with OIDC authentication. With npmPublishProvenance: true set in .yarnrc.yml, provenance is automatically enabled and the --provenance CLI flag is redundant.

The workflow will now authenticate using GitHub's OIDC token (via id-token: write permission) and automatically generate provenance attestations through the yarn configuration.

🤖 Generated with Claude Code

@jkebinger @claude
chore: update to yarn 4.11.0 and configure for trusted publisher
e009f6a 
- Update yarn from 4.9.2 to 4.11.0 (required for npm trusted publisher)
- Remove --provenance flag from publish commands (handled by .yarnrc.yml)
- Remove npmAuthToken from .yarnrc.yml (using OIDC instead)
- Keep npmPublishProvenance: true in .yarnrc.yml for automatic provenance

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
jdwyah
jdwyah approved these changes Nov 20, 2025
View reviewed changes
Copy link
Contributor

@jdwyah jdwyah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks!

@jkebinger jkebinger enabled auto-merge (squash) November 20, 2025 22:59
@jkebinger jkebinger merged commit a62c037 into main Nov 20, 2025
2 checks passed
@jkebinger jkebinger deleted the yarn-4.11.0 branch November 20, 2025 22:59
@jkebinger jkebinger mentioned this pull request Nov 20, 2025
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jdwyah jdwyah jdwyah approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jkebinger @jdwyah