chore(npm): Update release npm action to stop using tokens

[gnbm]

What is the current behavior?

• Some dependencies were outdated
• The publish action required a static npm token and didn’t configure the registry for OIDC.

GitHub Issue Number: N/A

What is the new behavior?

• Updated test tooling:

  • find-up to ^8.0.0
  • @stencil/core to ^4.38.2
  • @types/eslint to ^9.6.1
  • @types/jest to ^30.0.0
  • @types/node to ^24.9.2
  • @typescript-eslint/eslint-plugin to ^8.46.2
    -@typescript-eslint/parser to ^8.46.2
    -cspell to ^9.2.2
    -esbuild to ^0.25.11
    -eslint to ^9.38.0
    -eslint-config-prettier to ^10.1.8
    -eslint-plugin-jsdoc to ^61.1.11
    -eslint-plugin-simple-import-sort to ^12.1.1
    -eslint-plugin-unused-imports to ^4.3.0
    -jest to ^30.2.0
    -prettier to ^3.6.2
    -rimraf to ^6.0.1
    -ts-jest to ^29.4.5
    -typescript to ^5.9.3

• Configured Node via actions/setup-node@v6 with the npm registry to trigger trusted publishing.

• Removed .npmrc token writes and relied on OIDC-issued credentials.

  • Allows npm to authenticate through trusted publishing requirements docs.npmjs.com/trusted-publishers.

• Updated release workflows to call the reusable action without passing secrets.

• Kept existing build artifact handling and version bumping untouched.

Documentation

• N/A

Does this introduce a breaking change?

• Yes
• No

Testing

• Local runs (Windows):

  • npm ci
  • npm run format
  • npm run lint
  • npm run spellcheck
  • npm run build
  • npm run test
  • Verified output shows all suites passing
    • Test Suites: 2 passed, 2 total
    • Tests: 6 passed

• Not run (workflow-only change).

Other information

• N/A

[Copilot]

Pull Request Overview

This PR updates the npm release workflow to use OIDC-based trusted publishing instead of static tokens, bumps the package version to 0.2.2, updates numerous development dependencies, and migrates to ESLint v9 with a flat configuration format.

• Migrates from token-based to OIDC trusted publishing for enhanced security
• Updates all development dependencies to their latest versions
• Introduces ESLint v9 with flat config format (eslint.config.mjs)

Reviewed Changes

Copilot reviewed 14 out of 15 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
package.json	Version bump to 0.2.2, updated all dev dependencies including ESLint v9, Jest v30, TypeScript v5.9, added rimraf package, replaced rm commands
eslint.config.mjs	New ESLint v9 flat configuration file replacing legacy .eslintrc.js format
.github/workflows/actions/publish-npm/action.yml	Replaced token-based authentication with OIDC via setup-node@v6, added provenance support
.github/workflows/release-production.yml	Removed token input, added emojis to step names
.github/workflows/release-dev.yml	Removed token input, added step name for publish action, added emojis
.github/workflows/test-unit.yml	Updated checkout action to v5, added emojis to step names
.github/workflows/main.yml	Added emojis to job names
.github/workflows/lint-and-format.yml	Updated checkout action to v5, added emojis to step names
.github/workflows/create-production-pr.yml	Updated checkout action to v5, added emojis to step names
.github/workflows/build.yml	Updated checkout action to v5, added emojis to step names
.github/workflows/actions/upload-archive/action.yml	Added emoji to step name
.github/workflows/actions/get-core-dependencies/action.yml	Updated setup-node action to v6, added emojis to step names
.github/workflows/actions/download-archive/action.yml	Added emoji to step name
.github/CODEOWNERS	Updated team from @ionic-team/stencil to @stenciljs/technical-steering-committee

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull Request Overview

Copilot reviewed 14 out of 15 changed files in this pull request and generated no new comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull Request Overview

Copilot reviewed 14 out of 15 changed files in this pull request and generated no new comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull Request Overview

Copilot reviewed 14 out of 15 changed files in this pull request and generated 1 comment.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull Request Overview

Copilot reviewed 14 out of 15 changed files in this pull request and generated no new comments.

Comments suppressed due to low confidence (1)

package.json:41

• The find-up dependency was updated to version 8.0.0 which requires Node.js >= 20, but the engines.node field still specifies >=12.0.0. This creates a runtime compatibility conflict. Either downgrade find-up to version 7.x (which supports Node >= 18) or update the minimum Node version to >=20.0.0.

  "engines": {
    "node": ">=12.0.0",
    "npm": ">=6.0.0"
  },

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull Request Overview

Copilot reviewed 14 out of 15 changed files in this pull request and generated no new comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.