Skip to content

v13.1.0-beta.1

Pre-release
Pre-release

Choose a tag to compare

View all tags
@github-actions github-actions released this 16 Oct 03:12
v13.1.0-beta.1
a160d8d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

13.1.0-beta.1 (2025-10-16)

Bug Fixes

  • auth: throw appropriate error when auth context fails to enable publishing (f5c8d85)
  • auth: throw error if dry-run publish determines lack of auth (8f88e9d)
  • deps: depend on the oidc branch for npm (733fe89)
  • deps: depend on the released version of the cli branch now that the oidc features are merged (fc30c21)
  • dry-run: look for the warning in stderr output rather than stdout (86f65a6)
  • dry-run: stop searching for "warn" to avoid ANSI color complications (bee5db6)
  • errors: bring back the invalid token error (c9f0da5), closes #958
  • errors: resolve syntax problem (d825403)
  • error: throw an aggregate error rather than a simple error (1967d72)
  • stdout: fix the reference of stdout from execa (4ab3e74)
  • token: temporarily disable configuring token into .npmrc (73185a3), closes #958
  • trusted-publishing: properly await the check for trusted publishing context (23c8610), closes #958
  • trusted-publishing: uri encode the package name for the token exchange request (3dd95d0), closes #958
  • verify-auth: stream output of the dry-run for custom registries (67ee603), closes #958
  • whoami: temporarily disable verifying token validity (0fc050d), closes #958

Features

  • auth-error: updated messaging for auth failure to be less token specific (e24967d)
  • auth: attempt a dry-run publish to determine auth status (841dc67)
  • trusted-publishing: handle failure to retrieve id-token in the context of github actions (b673257), closes #958
  • trusted-publishing: highlight in the error that a token is only required when not using OIDC (a2aa38f), closes #958
  • trusted-publishing: log progression of token-exchange steps (a4a5add), closes #958
  • trusted-publishing: make request to verify if OIDC token exchange can succeed (c80ecb0), closes #958
  • trusted-publishing: pass id-token as bearer header for github actions (d83b727), closes #958
  • trusted-publishing: pass id-token as bearer header for gitlab pipelines (6d1c3cf), closes #958
  • trusted-publishing: verify auth, considering OIDC vs tokens from various registriess (e3319f1), closes #958
  • verify-auth: configure npmrc details again (bd7acfb)
Assets 2
Loading