chore(deps): update dependency @semantic-release/npm to v13

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@semantic-release/npm	9.0.2 → 13.1.3

---

Release Notes

semantic-release/npm (@​semantic-release/npm)

v13.1.3

Compare Source

Bug Fixes

• deps: update dependency @​actions/core to v2 (#​1055) (fa4a3ab)

v13.1.2

Compare Source

Bug Fixes

• deps: update dependency read-pkg to v10 (#​1032) (f3f1a00)

v13.1.1

Compare Source

Bug Fixes

• publish-dry-run: temporarily remove the addition of dry-running the publish step (30bd176)

v13.1.0

Compare Source

Features

• trusted-publishing: verify auth, considering OIDC vs tokens from various registries (e3319f1), closes #​958
• trusted-publishing: refine the messages for related errors (316ce21), closes #​958
• trusted-publishing: make request to verify if OIDC token exchange can succeed (c80ecb0), closes #​958
• trusted-publishing: pass id-token as bearer header for github actions (d83b727), closes #​958
• trusted-publishing: pass id-token as bearer header for gitlab pipelines (6d1c3cf), closes #​958
• trusted-publishing: handle failure to retrieve id-token in the context of github actions (b673257), closes #​958
• auth-error: update messaging for auth failure to be less token specific (e24967d)
• auth: attempt a dry-run publish to determine auth status (841dc67)

Bug Fixes

• trusted-publishing: uri encode the package name for the token exchange request (3dd95d0), closes #​958
• auth: throw appropriate error when auth context fails to enable publishing (f5c8d85)
• auth: throw error if dry-run publish determines lack of auth (8f88e9d)
• verify-auth: enable the publish dry-run to work for projects publishing from a sub-directory (e7d684c)

v13.0.0

Compare Source

Features

• node-versions: drop support for node versions v20, v21, and v23
• node-versions: raise the minimum node version requirement for the v24 range (935439e)

Bug Fixes

• deps: update npm to v11 (debc7c5), closes #​966 #​966
• deps: update to the latest version of npm (1b25d6c)

BREAKING CHANGES

• node-versions: the minimum node version for the v24 range is now v24.10.0
• deps: a minimum of node v22.14 is now required

v12.0.2

Compare Source

Bug Fixes

• deps: update npm to ^10.9.3 (#​972) (93e0937)

v12.0.1

Compare Source

Bug Fixes

• deps: update dependency execa to v9 (9ac5ed0)

v12.0.0

Compare Source

Features

• exports: defined exports to point at ./index.js (9e193c2)
• node-versions: dropped support for node v18 and v19 (2df962b)

BREAKING CHANGES

• exports: exports has been defined, which prevents access to private apis (which arent
  intended for consumption anyway)
• node-versions: node v18 and v19 are no longer supported

v11.0.3

Compare Source

Bug Fixes

• deps: raised the minimum accepted range of npm to v10.5.0 (#​759) (a0313f8), closes semantic-release/semantic-release#3202

even though our existing range allowed anyone to update as soon as the new npm version was available, this will encourage being on a version that does not report the ip vulnerability a bit more forcefully

v11.0.2

Compare Source

Bug Fixes

• deps: update dependency npm to v10.2.5 (42b5dec)

v11.0.1

Compare Source

Bug Fixes

• deps: update dependency read-pkg to v9 (#​703) (6e84013)

v11.0.0

Compare Source

Bug Fixes

• deps: update dependency npm to v10 (819f257)

Features

• node-versions: raised the minimum required node version to v18.17 and dropped v19 support (6413130)

BREAKING CHANGES

• node-versions: node v18.17 is now the minimum required version and support for v19 has been dropped

v10.0.6

Compare Source

Bug Fixes

• deps: update dependency aggregate-error to v5 (#​676) (f2bc9e7)

v10.0.5

Compare Source

Bug Fixes

• deps: update dependency execa to v8 (#​659) (502d5ba)

v10.0.4

Compare Source

Bug Fixes

• deps: update dependency @​semantic-release/error to v4 (#​628) (53a1012)

v10.0.3

Compare Source

Bug Fixes

• deps: update dependency read-pkg to v8 (#​602) (aaddc5c)

v10.0.2

Compare Source

Bug Fixes

• deps: update dependency fs-extra to v11.1.1 (#​591) (31e0e27)

v10.0.1

Compare Source

Bug Fixes

• deps: update dependency execa to v7 (#​575) (4c11706)

v10.0.0

Compare Source

Bug Fixes

• aggregate-error: upgraded to the latest version (7285e05)
• deps: upgraded npm to v9 (2a79f80)
• execa: upgraded to the latest version (7c74660)
• normalize-url: upgraded to the latest version (b55bb01)
• remove support for legacy auth (51ab3c8)
• tempy: upgraded to the latest version of tempy (f1992a5)

Code Refactoring

• esm: converted the package to esm (2d8ff15)

Features

• node-versions: dropped support for node versions below v18 (aff3574)
• semantic-release-peer: raised the minimum peer requirement to the first version that supports loading esm plugins (22e70ad)

BREAKING CHANGES

• deps: the direct dependency on npm has been upgraded to v9. details of breaking changes
  can be found at https://github.com/npm/cli/releases/tag/v9.0.0
• semantic-release-peer: the required version of semantic-release has been
  raised to v20.1.0 in order to support loading of ESM plugins
• aggregate-error: due to the aggregate-error upgrade, thrown errors are no longer iterable, but instead list the errors under an errors property
• legacy authentication using NPM_USERNAME and NPM_PASSWORD is no longer supported. Use NPM_TOKEN instead.
• node-versions: node v18 is now the minimum required node version
• esm: @semantic-release/npm is now a native ES Module. It
  has named exports for each plugin hook (verifyConditions, prepare,
  publish, addChannel)

---

Configuration

📅 Schedule: Branch creation - "after 4pm on friday,before 9am on monday,every weekend" in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.