Skip to content

security: update cross-spawn to fix a high-severity CVE-2024-21538 #599

security: update cross-spawn to fix a high-severity CVE-2024-21538

security: update cross-spawn to fix a high-severity CVE-2024-21538 #599

Workflow file for this run

---
name: Publish to npm (if applicable)
on:
pull_request:
types: [closed]
jobs:
publish:
name: Publish to npm
runs-on: ubuntu-latest
if: contains( github.event.pull_request.labels.*.name, '[ Type ] NPM version update' ) && startsWith( github.head_ref, 'release/') && github.event.pull_request.merged == true
permissions:
contents: write
id-token: write
pull-requests: write
steps:
- uses: Automattic/vip-actions/npm-publish@v0.6.0
with:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
PROVENANCE: 'true'
CONVENTIONAL_COMMITS: 'true'