From d48cc082c46413cb9f89e5c59d810721f2e07a34 Mon Sep 17 00:00:00 2001
From: James Kebinger <james.kebinger@prefab.cloud>
Date: Thu, 20 Nov 2025 17:04:42 -0600
Subject: [PATCH] chore: upgrade to Yarn 4.11.0 for npm trusted publisher
 support
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Update packageManager to yarn@4.11.0 in package.json
- Replace npmAuthToken with npmPublishProvenance in .yarnrc.yml
- Update GitHub workflows to use Yarn 4.11.0
- Remove --provenance flags from publish commands (now handled by config)

This enables OIDC authentication for npm publishing with automatic
provenance attestation generation.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 .github/workflows/release.yaml | 6 +++---
 .github/workflows/test.yml     | 2 +-
 .yarnrc.yml                    | 2 +-
 package.json                   | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index b5b31e6..4427e58 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -63,7 +63,7 @@ jobs:
       - name: enable corepack
         run: |
           corepack enable
-          corepack prepare yarn@4.9.2 --activate
+          corepack prepare yarn@4.11.0 --activate
       - name: cache yarn dependencies
         uses: actions/cache@v4
         with:
@@ -77,9 +77,9 @@ jobs:
       - name: Publish to npm
         run: |
           if [ "${{ needs.check-version.outputs.is-prerelease }}" == "true" ]; then
-            yarn npm publish --provenance --access public --tag ${{ needs.check-version.outputs.npm-tag }}
+            yarn npm publish --access public --tag ${{ needs.check-version.outputs.npm-tag }}
           else
-            yarn npm publish --provenance --access public
+            yarn npm publish --access public
           fi
 
   create-release:
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 2c248f3..23e0af5 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -19,7 +19,7 @@ jobs:
       - name: enable corepack
         run: |
           corepack enable
-          corepack prepare yarn@4.9.2 --activate
+          corepack prepare yarn@4.11.0 --activate
       - name: cache yarn dependencies
         uses: actions/cache@v4
         with:
diff --git a/.yarnrc.yml b/.yarnrc.yml
index c93a20d..cc0f02d 100644
--- a/.yarnrc.yml
+++ b/.yarnrc.yml
@@ -1,3 +1,3 @@
 nodeLinker: node-modules
 npmRegistryServer: 'https://registry.npmjs.org'
-npmAuthToken: '${NPM_AUTH_TOKEN-}'
+npmPublishProvenance: true
diff --git a/package.json b/package.json
index 614d257..5235b8b 100644
--- a/package.json
+++ b/package.json
@@ -1,5 +1,5 @@
 {
-  "packageManager": "yarn@4.9.2",
+  "packageManager": "yarn@4.11.0",
   "name": "@reforge-com/javascript",
   "version": "0.0.4",
   "description": "Feature Flags & Dynamic Configuration as a Service",