chore(deps-dev): bump @semantic-release/npm from 12.0.2 to 13.1.5

[dependabot]

Bumps @semantic-release/npm from 12.0.2 to 13.1.5.

Release notes

Sourced from @​semantic-release/npm's releases.

v13.1.5

13.1.5 (2026-03-01)

Bug Fixes

• deps: update dependency normalize-url to v9 (#1095) (daec492)

v13.1.4

13.1.4 (2026-02-06)

Bug Fixes

• deps: update dependency @​actions/core to v3 (#1085) (17abfe1)

v13.1.3

13.1.3 (2025-12-12)

Bug Fixes

• deps: update dependency @​actions/core to v2 (#1055) (fa4a3ab)

v13.1.2

13.1.2 (2025-11-14)

Bug Fixes

• deps: update dependency read-pkg to v10 (#1032) (f3f1a00)

v13.1.1

13.1.1 (2025-10-19)

Bug Fixes

• publish-dry-run: temporarily remove the addition of dry-running the publish step (30bd176)

v13.1.0

13.1.0 (2025-10-19)

Features

• trusted-publishing: verify auth, considering OIDC vs tokens from various registries (e3319f1), closes #958
• trusted-publishing: refine the messages for related errors (316ce21), closes #958
• trusted-publishing: make request to verify if OIDC token exchange can succeed (c80ecb0), closes #958
• trusted-publishing: pass id-token as bearer header for github actions (d83b727), closes #958
• trusted-publishing: pass id-token as bearer header for gitlab pipelines (6d1c3cf), closes #958

... (truncated)

Commits

• daec492 fix(deps): update dependency normalize-url to v9 (#1095)
• af8362f chore(deps): update dependency strip-ansi to v7.2.0 (#1098)
• 7354e11 chore(deps): update node.js to v24 (#1027)
• 2c4d2c9 chore(deps): update npm to v11.11.0 (#1097)
• 95ba689 chore(deps): update dependency c8 to v11 (#1096)
• 5d32912 chore(deps): update npm to v11.10.1 (#1094)
• 54f908c chore(deps): lock file maintenance (#1093)
• 91e1f14 chore(deps): update npm to v11.10.0 (#1092)
• 0d7d37e chore(deps): lock file maintenance (#1089)
• c5411cc chore(deps): update npm to v11.9.0 (#1088)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​semantic-release/npm since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
app	Ready	Preview, Comment	May 8, 2026 10:00am
comp-framework-editor	Ready	Preview, Comment	May 8, 2026 10:00am
portal	Ready	Preview, Comment	May 8, 2026 10:00am

[cubic-dev-ai]

1 issue found across 2 files

Confidence score: 3/5

• There is a concrete regression risk in package.json: the dependency bump pulls in npm v11 behavior that appears to require a newer Node version than the repo’s declared engines.node >=18.
• This can cause user-impacting failures in install/release workflows, especially for environments still on Node 18 or older Node 20.x, so the merge risk is moderate rather than minimal.
• Given the issue’s medium severity (6/10) and reasonably strong confidence (7/10), this is likely fixable but should be validated before or immediately after merge.
• Pay close attention to package.json - Node engine/tooling version mismatch may break installs or release jobs.

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="package.json">

<violation number="1" location="package.json:20">
P2: This dependency bump raises the release-tooling Node requirement (via npm v11) above the repo’s declared `engines.node >=18`, which can break installs or release jobs still running on Node 18/older 20.x.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review, or fix all with cubic.}

[cubic-dev-ai]

P2: This dependency bump raises the release-tooling Node requirement (via npm v11) above the repo’s declared engines.node >=18, which can break installs or release jobs still running on Node 18/older 20.x.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At package.json, line 20:

<comment>This dependency bump raises the release-tooling Node requirement (via npm v11) above the repo’s declared `engines.node >=18`, which can break installs or release jobs still running on Node 18/older 20.x.</comment>

<file context>
@@ -17,7 +17,7 @@
     "@semantic-release/git": "^10.0.1",
     "@semantic-release/github": "^11.0.6",
-    "@semantic-release/npm": "^12.0.2",
+    "@semantic-release/npm": "^13.1.5",
     "@semantic-release/release-notes-generator": "^14.1.0",
     "@types/bun": "^1.3.11",
</file context>

[claudfuen]

🎉 This PR is included in version 3.48.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀