chore: bump @npmcli/template-oss from 4.24.3 to 4.24.4 (#822)

dependabot[bot] · owlstronaut · web-flow · commit 133377a86d15 · 2025-06-26T11:38:22.000-07:00
Bumps [@npmcli/template-oss](https://github.com/npm/template-oss) from 4.24.3 to 4.24.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/npm/template-oss/releases"><code>@​npmcli/template-oss</code>'s releases</a>.</em></p> <blockquote> <h2>v4.24.4</h2> <h2><a href="https://github.com/npm/template-oss/compare/v4.24.3...v4.24.4">4.24.4</a> (2025-06-25)</h2> <h3>Bug Fixes</h3> <ul> <li><a href="https://github.com/npm/template-oss/commit/4177f5bda25684b742dce408153a46d95f427c09"><code>4177f5b</code></a> <a href="https://redirect.github.com/npm/template-oss/pull/515">#515</a> do not request id-token if no publish (<a href="https://redirect.github.com/npm/template-oss/issues/515">#515</a>) (<a href="https://github.com/wraithgar"><code>@​wraithgar</code></a>)</li> <li><a href="https://github.com/npm/template-oss/commit/21fa419c1d53e60f3e28ce566d5942da9a06d88a"><code>21fa419</code></a> <a href="https://redirect.github.com/npm/template-oss/pull/511">#511</a> remove single-dash options from workflows (<a href="https://redirect.github.com/npm/template-oss/issues/511">#511</a>) (<a href="https://github.com/owlstronaut"><code>@​owlstronaut</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/npm/template-oss/blob/main/CHANGELOG.md"><code>@​npmcli/template-oss</code>'s changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/npm/template-oss/compare/v4.24.3...v4.24.4">4.24.4</a> (2025-06-25)</h2> <h3>Bug Fixes</h3> <ul> <li><a href="https://github.com/npm/template-oss/commit/4177f5bda25684b742dce408153a46d95f427c09"><code>4177f5b</code></a> <a href="https://redirect.github.com/npm/template-oss/pull/515">#515</a> do not request id-token if no publish (<a href="https://redirect.github.com/npm/template-oss/issues/515">#515</a>) (<a href="https://github.com/wraithgar"><code>@​wraithgar</code></a>)</li> <li><a href="https://github.com/npm/template-oss/commit/21fa419c1d53e60f3e28ce566d5942da9a06d88a"><code>21fa419</code></a> <a href="https://redirect.github.com/npm/template-oss/pull/511">#511</a> remove single-dash options from workflows (<a href="https://redirect.github.com/npm/template-oss/issues/511">#511</a>) (<a href="https://github.com/owlstronaut"><code>@​owlstronaut</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/npm/template-oss/commit/9c6a2ffe0b222672f0dee70087c1308f92f19057"><code>9c6a2ff</code></a> chore: release 4.24.4 (<a href="https://redirect.github.com/npm/template-oss/issues/512">#512</a>)</li> <li><a href="https://github.com/npm/template-oss/commit/4177f5bda25684b742dce408153a46d95f427c09"><code>4177f5b</code></a> fix: do not request id-token if no publish (<a href="https://redirect.github.com/npm/template-oss/issues/515">#515</a>)</li> <li><a href="https://github.com/npm/template-oss/commit/21fa419c1d53e60f3e28ce566d5942da9a06d88a"><code>21fa419</code></a> fix: remove single-dash options from workflows (<a href="https://redirect.github.com/npm/template-oss/issues/511">#511</a>)</li> <li>See full diff in <a href="https://github.com/npm/template-oss/compare/v4.24.3...v4.24.4">compare view</a></li> </ul> </details> <br /> <details> <summary>Most Recent Ignore Conditions Applied to This Pull Request</summary> | Dependency Name | Ignore Conditions | | --- | --- | | @npmcli/template-oss | [< 4.24, > 4.23.3] | </details> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@npmcli/template-oss&package-manager=npm_and_yarn&previous-version=4.24.3&new-version=4.24.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Michael Smith <owlstronaut@github.com>
diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
@@ -8,6 +8,9 @@ on:
     # "At 08:00 UTC (01:00 PT) on Monday" https://crontab.guru/#0_8_*_*_1
     - cron: "0 8 * * 1"
 
+permissions:
+  contents: read
+
 jobs:
   audit:
     name: Audit Dependencies
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -12,6 +12,9 @@ on:
     # "At 09:00 UTC (02:00 PT) on Monday" https://crontab.guru/#0_9_*_*_1
     - cron: "0 9 * * 1"
 
+permissions:
+  contents: read
+
 jobs:
   lint:
     name: Lint
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -13,6 +13,9 @@ on:
     # "At 10:00 UTC (03:00 PT) on Monday" https://crontab.guru/#0_10_*_*_1
     - cron: "0 10 * * 1"
 
+permissions:
+  contents: read
+
 jobs:
   analyze:
     name: Analyze
diff --git a/.github/workflows/post-dependabot.yml b/.github/workflows/post-dependabot.yml
@@ -54,7 +54,7 @@ jobs:
           else
             # strip leading slash from directory so it works as a
             # a path to the workspace flag
-            echo "workspace=-w ${dependabot_dir#/}" >> $GITHUB_OUTPUT
+            echo "workspace=--workspace ${dependabot_dir#/}" >> $GITHUB_OUTPUT
           fi
 
       - name: Apply Changes
diff --git a/package.json b/package.json
@@ -34,7 +34,7 @@
   },
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "4.24.3",
+    "version": "4.24.4",
     "windowsCI": false,
     "macCI": false,
     "allowPaths": [
@@ -58,7 +58,7 @@
   },
   "devDependencies": {
     "@npmcli/eslint-config": "^5.0.0",
-    "@npmcli/template-oss": "4.24.3",
+    "@npmcli/template-oss": "4.24.4",
     "tap": "^16.3.2"
   }
 }
