chore: use trusted publishers (#223)

gastonfournier · web-flow · commit 909d1c82d0be · 2026-02-19T14:11:26.000Z
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -4,6 +4,10 @@ on:
     tags:
       - 'v*'
 
+permissions:
+  contents: read
+  id-token: write
+
 jobs:
   build:
 
@@ -30,9 +34,7 @@ jobs:
     - run: |
         LATEST=$(npm show @unleash/proxy version)
         TAG=$(node scripts/npm-tag.js $LATEST)
-        npm publish --tag ${TAG:-latest}
-      env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        npm publish --provenance --tag ${TAG:-latest}
     - name: Mark package as deprecated on npm
       run: |
         VERSION="${GITHUB_REF_NAME#v}"
diff --git a/Dockerfile b/Dockerfile
@@ -1,20 +1,20 @@
-FROM node:20-alpine as builder
+FROM node:22.22-alpine3.23 AS builder
 
 WORKDIR /unleash-proxy
 
 COPY . .
 
 RUN corepack enable
 
-ENV YARN_ENABLE_SCRIPTS=false
+ENV YARN_ENABLE_SCRIPTS false
 
 RUN yarn install --immutable
 
 RUN yarn build
 
 RUN yarn workspaces focus -A --production
 
-FROM node:20-alpine
+FROM node:22.22-alpine3.23
 
 # Upgrade (addresses OpenSSL CVE-2023-6237 && CVE-2024-2511)
 RUN apk update && \
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@unleash/proxy",
-  "version": "1.4.16",
+  "version": "1.4.17",
   "description": "The Unleash Proxy (Open-Source)",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@unleash/proxy",`
`3`		`- "version": "1.4.16",`
	`3`	`+ "version": "1.4.17",`
`4`	`4`	`"description": "The Unleash Proxy (Open-Source)",`
`5`	`5`	`"main": "dist/index.js",`
`6`	`6`	`"types": "dist/index.d.ts",`