chore: Use Trusted Publishing in NPM publish

[lantoli]

Use Trusted Publishing in NPM publish, more info here. Trusted Publishing in NPM can't be tested until a real publish is done.

• Update NodeJs to 24.x (latest LTS - Long Term Support) as Trusted Publishing requires npm CLI version 11.5.1 or later, and it's not supported by current used old nodejs version.
• Remove yarn as we're already using npm
• Update Java to 21 (latest LTS before 25)
• Update Go to 1.25
• Don't create issues when release fails, it is expected that the user running the release GitHub action is pending of any fail as in the other repos.
• Simplify checkout action using always the same format

Jira ticket: CLOUDP-352053

Type of change:

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as
  expected)
• This change requires a documentation update

Required Checklist:

• I have signed the MongoDB CLA
• I have added tests that prove my fix is effective or that my feature works
• I have added any necessary documentation (if appropriate)
• I have run make fmt and formatted my code
• I have tested the CDK constructor in a CFN stack. See TESTING.md
• If changes include removal or addition of 3rd party GitHub actions, I updated our internal document. Reach out to the APIx Integration slack channel to get access to the internal document.

Further comments

[Copilot]

Pull Request Overview

This PR migrates the project from Yarn to NPM and implements Trusted Publishing for the NPM release workflow. Key changes include updating Node.js to 24.x (latest LTS), Java to 21.x, and Go to 1.25.x to meet Trusted Publishing requirements. The changes also simplify GitHub Actions workflows by standardizing checkout action usage and removing automatic issue creation on release failures.

• Removed Yarn in favor of NPM with Trusted Publishing support
• Updated runtime versions: Node.js 24.x, Java 21.x, Go 1.25.x
• Simplified GitHub Actions workflows and removed automatic issue creation on release failures

Reviewed Changes

Copilot reviewed 13 out of 16 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
.tool-versions	Updated Node.js to 24.11.0 and removed Yarn
package.json	Updated projen dependency version
.projenrc.js	Configured NPM as package manager and updated exclude patterns
.projen/tasks.json	Replaced Yarn commands with NPM equivalents
.npmrc	Added legacy-peer-deps configuration
.npmignore	Updated log file patterns from Yarn to NPM
.github/workflows/release.yml	Implemented Trusted Publishing, updated runtime versions, removed automatic issue creation
.github/workflows/package.yml	Updated Node.js version and install commands across all package jobs
.github/workflows/upgrade-main.yml	Updated Node.js version and install commands
.github/workflows/dependency-review.yml	Simplified checkout action usage
.github/workflows/code-health.yml	Updated Node.js version, install commands, and self-mutation detection logic
.gitattributes	Updated lock file tracking from yarn.lock to package-lock.json
API.md	Generated documentation updates marking isConstruct methods as deprecated

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[manupedrozo]

Nice

[lantoli]

yep, why 2 package managers when we can have just 1 :-)

[manupedrozo]

Were hidden files not needed before?

[lantoli]

i think it's a new param, it took all files before. anyway this is a nit, it's to have a git patch when there are differences, in the normal use case where everything is ok, this is not needed.