Skip to content

ci: setup trusted publishing workflow#204

Merged
okuryu merged 2 commits into
mainfrom
oidc
Dec 2, 2025
Merged

ci: setup trusted publishing workflow#204
okuryu merged 2 commits into
mainfrom
oidc

Conversation

@okuryu

@okuryu okuryu commented Dec 2, 2025

Copy link
Copy Markdown
Collaborator

I confirm that this contribution is made under the terms of the license found in the root directory of this repository's source tree and that I have the authority necessary to make this contribution on behalf of its copyright owner.

@okuryu okuryu requested a review from Copilot December 2, 2025 13:42

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR sets up a GitHub Actions workflow for automated publishing to npm using trusted publishing. The workflow triggers on version tags and leverages OIDC token-based authentication for secure package publishing.

Key Changes

  • Creates a new GitHub Actions workflow that automatically publishes the package to npm when version tags are pushed
  • Configures OIDC permissions for trusted publishing authentication
  • Includes build verification steps (install dependencies and run tests) before publishing

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/publish.yml
@okuryu okuryu marked this pull request as ready for review December 2, 2025 13:46
@okuryu okuryu merged commit bba0ddd into main Dec 2, 2025
3 checks passed
@okuryu okuryu deleted the oidc branch December 2, 2025 13:46
meta-codesync Bot pushed a commit to facebook/capi-param-builder that referenced this pull request Apr 5, 2026
Summary:
Bumps serialize-javascript from 6.0.2 to 7.0.5.
Release notes (sourced from serialize-javascript’s releases)
- v7.0.5
Fixes
Improve robustness and validation for array-like object serialization.
Fix an issue where certain object structures could lead to excessive CPU usage.
For more details, please see GHSA-qj8w-gfj5-8c6v.
- v7.0.4
What’s Changed
release: v7.0.4 by okuryu in yahoo/serialize-javascript#211
Full Changelog: yahoo/serialize-javascript@v7.0.3...v7.0.4
- v7.0.3
fix(CVE-2020-7660): fix for RegExp.flags and Date.prototype.toISOString (#207) 2e609d0
build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#206) 42b7cdb
Compare: yahoo/serialize-javascript@v7.0.2...v7.0.3
- v7.0.2
What’s Changed
ci: bump GitHub Actions to latest versions by okuryu in yahoo/serialize-javascript#203
ci: setup trusted publishing workflow by okuryu in yahoo/serialize-javascript#204
release: v7.0.2 by okuryu in yahoo/serialize-javascript#205
Full Changelog: yahoo/serialize-javascript@v7.0.1...v7.0.2
- v7.0.1
What’s Changed
Add warning about using this package to send arbitrary data to worker threads by valadaptive in yahoo/serialize-javascript#200
security: sanitize function bodies by redonkulus in yahoo/serialize-javascript#199
docs: tweak README by okuryu in yahoo/serialize-javascript#201
release: v7.0.1 by okuryu in yahoo/serialize-javascript#202
New Contributors
redonkulus made their first contribution in yahoo/serialize-javascript#199
Full Changelog: yahoo/serialize-javascript@v7.0.0...v7.0.1
- v7.0.0
Breaking Changes
requires Node.js v20+
What’s Changed
Bump mocha from 10.2.0 to 10.4.0 by dependabot[bot] in yahoo/serialize-javascript#178

Commits
df3f1c1 release: v7.0.5
f147e90 Merge commit from fork
eec32e0 release: v7.0.4
d505715 7.0.3
2e609d0 fix(CVE-2020-7660): fix for RegExp.flags and Date.prototype.toISOString (#207)
42b7cdb build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#206)
44f544b release: v7.0.2 (#205)
bba0ddd ci: setup trusted publishing workflow (#204)
235f6ea ci: bump GitHub Actions to latest versions (#203)
f7fff15 release: v7.0.1 (#202)
Additional commits: yahoo/serialize-javascript@v6.0.2...v7.0.5

Differential Revision: D99491918

fbshipit-source-id: 91bc933bd8b3e3ca7e54bbae13fe4126c267f852
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants