Test NPM auto-publish with Trusted Provider setup (#45525)

Author: tbradsha

.github/files/gh-npmjs-autopublisher/workflows/npmjs-autopublisher.yml

@@ -26,4 +26,4 @@ jobs:
       - name: Publish
         run: |
           npm install -g npm@latest
-          npm publish --access public
+          NPM_CONFIG_PROVENANCE=false npm publish --access public

docs/monorepo.md

@@ -376,7 +376,7 @@ Most projects in the monorepo should have a mirror repository holding a built ve
    3. In the repo's settings, turn off wikis, issues, projects, and so on.
    4. Make sure that [matticbot](https://github.com/matticbot) can push to the repo. Usually no special configuration is needed for repos under the Automattic organization.
    5. Make sure that Actions are enabled. The build process copies workflows from `.github/files/mirror-.github` into the mirror to do useful things like automatically close PRs with a reference back to the monorepo.
-   6. Create any secrets needed (e.g. for Autotagger or Npmjs-Autopublisher). See PCYsg-xsv-p2#mirror-repo-secrets for details.
+   6. Set up any secrets and configuration needed (e.g. for Autotagger or Npmjs-Autopublisher). See PCYsg-xsv-p2#mirror-repo-secrets for details.
 2. For a PHP package (or a plugin listed in Packagist) you also need to go to packagist.org and create the package there. This requires pushing a first commit with a valid `composer.json` to the repository. That can be done by copying the new package's `composer.json` from the PR that introduced it.
    1. Be sure that `automattic` is added as a maintainer.
    2. If creating the package with your own account, make sure to link your GitHub account to Packagist so that you can sync the new package.
@@ -417,8 +417,7 @@ Note the following will also be done by the build process:
 
 If `.extra.npmjs-autopublish` is set to a truthy value in the project's `composer.json`, a GitHub Action will be included in the mirror repo that will run `npm publish` when a version tag is created. This works with Autotagger. Versions must have a "v" prefix and have 3 components.
 
-Note that, for this to work, you'll need to create a secret `NPMJS_AUTOMATION_TOKEN` in the mirror repo. The value of the secret must be an npmjs.com automation token for an account with the ability to publish the package.
-See PCYsg-xsv-p2#mirror-repo-secrets for details.
+You'll also need to [configure the repo as a Trusted Provider](https://docs.npmjs.com/trusted-publishers) at npmjs.com.
 
 Note the following will also be done by the build process:
 

pnpm-lock.yaml

@@ -5,6 +5,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.1.3] - 2025-10-16
+### Changed
+- Update package dependencies. [#45001]
+
 ## [2.1.2] - 2025-08-06
 ### Changed
 - Update package dependencies. [#44217]
@@ -103,6 +107,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 * Created as a tool within the monorepo.
 
+[2.1.3]: https://github.com/Automattic/eslint-changed/compare/2.1.2...2.1.3
 [2.1.2]: https://github.com/Automattic/eslint-changed/compare/2.1.1...2.1.2
 [2.1.1]: https://github.com/Automattic/eslint-changed/compare/2.1.0...2.1.1
 [2.1.0]: https://github.com/Automattic/eslint-changed/compare/2.0.9...2.1.0

projects/js-packages/eslint-changed/CHANGELOG.md

@@ -1,6 +1,6 @@
 {
 	"name": "@automattic/eslint-changed",
-	"version": "2.1.2",
+	"version": "2.1.3",
 	"description": "Run eslint on files, but only report warnings and errors from lines that were changed.",
 	"keywords": [
 		"eslint",

projects/js-packages/eslint-changed/changelog/renovate-chalk-5.x

@@ -7,7 +7,7 @@ import { Command } from 'commander';
 import * as ESLintPkg from 'eslint';
 import parseDiff from 'parse-diff';
 
-const APP_VERSION = '2.1.2';
+const APP_VERSION = '2.1.3';
 
 const { ESLint } = ESLintPkg;
 const loadESLint = ESLintPkg.loadESLint ?? ( () => ESLint );