From 832c5a8c2bacfdeec742c1de3644210321ac47e6 Mon Sep 17 00:00:00 2001
From: Christian Georgi <chgeo@users.noreply.github.com>
Date: Wed, 12 Nov 2025 17:26:11 +0100
Subject: [PATCH 1/2] chore: prepare for trusted publishing

Allows token-less publishing.
See https://docs.npmjs.com/trusted-publishers
---
 .github/workflows/release.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index b0ab318..3123fee 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -2,6 +2,7 @@ name: Release
 
 permissions:
   contents: write
+  id-token: write
 
 on:
   workflow_dispatch:
@@ -14,7 +15,7 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
         with:
-          node-version: 20
+          node-version: 24
           registry-url: https://registry.npmjs.org/
       - name: run tests
         run: |

From 5bc5bdbb82030099524fa886cf7ca9aaf6c2b1f1 Mon Sep 17 00:00:00 2001
From: Christian Georgi <chgeo@users.noreply.github.com>
Date: Thu, 13 Nov 2025 13:18:14 +0100
Subject: [PATCH 2/2] Enable provenance, remove obsolete NPM token

---
 .github/workflows/release.yml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 3123fee..5c0fd61 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -40,6 +40,4 @@ jobs:
         with:
           tag: 'v${{ steps.package-version.outputs.current-version }}'
           body: '${{ steps.parse-changelog.outputs.body }}'
-      - run: npm publish --access public
-        env:
-          NODE_AUTH_TOKEN: ${{secrets.npm_token}}
+      - run: npm publish --access public --provenance