From 4036f3548ba781fa0c561976c14d908dffb0f2c8 Mon Sep 17 00:00:00 2001
From: Sam Hession <sam.hession@guardian.co.uk>
Date: Wed, 25 Mar 2026 08:03:38 +0000
Subject: [PATCH 1/8] Bumps the Node version to 24

---
 .nvmrc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.nvmrc b/.nvmrc
index dc5620ac..5f7d35fc 100644
--- a/.nvmrc
+++ b/.nvmrc
@@ -1 +1,2 @@
-22.15.0
\ No newline at end of file
+24.14.1
+

From c09ef42faf6b6a78858d68030dff47d413c2e560 Mon Sep 17 00:00:00 2001
From: Sam Hession <sam.hession@guardian.co.uk>
Date: Wed, 25 Mar 2026 08:04:01 +0000
Subject: [PATCH 2/8] Update CI to use trusted publishing

---
 .github/workflows/build-and-release.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml
index cd1f924c..f1defac4 100644
--- a/.github/workflows/build-and-release.yml
+++ b/.github/workflows/build-and-release.yml
@@ -64,6 +64,11 @@ jobs:
           node-version-file: .nvmrc
           cache: "yarn"
 
+      # See https://docs.npmjs.com/trusted-publishers
+      # Find the latest version with `npm info npm@latest version`
+      - name: Install suitable NPM version for trusted publishing
+        run: npm install -g npm@11.12.0
+
       - name: Install dependencies
         run: yarn install --frozen-lockfile
 
@@ -79,4 +84,3 @@ jobs:
           commit: "Bump package versions"
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

From 49a904b6dec875d74f2603c0840cf7548d49b9e8 Mon Sep 17 00:00:00 2001
From: Sam Hession <sam.hession@guardian.co.uk>
Date: Wed, 25 Mar 2026 08:05:57 +0000
Subject: [PATCH 3/8] Addes no-op changeset to test release

---
 .changeset/five-buses-pay.md | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 .changeset/five-buses-pay.md

diff --git a/.changeset/five-buses-pay.md b/.changeset/five-buses-pay.md
new file mode 100644
index 00000000..58c694d6
--- /dev/null
+++ b/.changeset/five-buses-pay.md
@@ -0,0 +1,5 @@
+---
+"@guardian/prosemirror-elements": patch
+---
+
+no-op release to test migration to NPM trusted publishing

From 023b52300b26a395f8ba13b47cc639591460d691 Mon Sep 17 00:00:00 2001
From: Sam Hession <sam.hession@guardian.co.uk>
Date: Thu, 26 Mar 2026 08:02:03 +0000
Subject: [PATCH 4/8] Add id-token write access to the release workflow

---
 .github/workflows/build-and-release.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml
index f1defac4..5b114783 100644
--- a/.github/workflows/build-and-release.yml
+++ b/.github/workflows/build-and-release.yml
@@ -11,6 +11,7 @@ on:
 permissions:
   contents: write
   pull-requests: write
+  id-token: write
 
 jobs:
   build:

From 673fd2edddbf052b3ca59b04b42bd72bbf79184d Mon Sep 17 00:00:00 2001
From: Sam Hession <sam.hession@guardian.co.uk>
Date: Thu, 26 Mar 2026 08:26:39 +0000
Subject: [PATCH 5/8] Set changeset step param setupGitUser to false

---
 .github/workflows/build-and-release.yml | 1 +
 package.json                            | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml
index 5b114783..38316d6d 100644
--- a/.github/workflows/build-and-release.yml
+++ b/.github/workflows/build-and-release.yml
@@ -83,5 +83,6 @@ jobs:
           publish: yarn changeset publish
           title: "🦋 Release package updates"
           commit: "Bump package versions"
+          setupGitUser: false
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/package.json b/package.json
index 41a610c0..0ffa72a1 100644
--- a/package.json
+++ b/package.json
@@ -3,7 +3,9 @@
   "version": "9.10.0",
   "type": "module",
   "main": "dist/cjs/index.js",
-  "repository": "github:guardian/prosemirror-elements",
+  "repository": {
+    "url": "git+https://github.com/guardian/prosemirror-elements.git"
+  },
   "module": "dist/esm/index.js",
   "types": "dist/declaration/index.d.ts",
   "publishConfig": {

From 00110d85656cd2aac77a6aa384d53f3b95178c30 Mon Sep 17 00:00:00 2001
From: Sam Hession <sam.hession@guardian.co.uk>
Date: Thu, 26 Mar 2026 09:00:44 +0000
Subject: [PATCH 6/8] Set up GitHub App token for changesets based on
 pan-domain-node example

---
 .github/workflows/build-and-release.yml | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml
index 38316d6d..87764b87 100644
--- a/.github/workflows/build-and-release.yml
+++ b/.github/workflows/build-and-release.yml
@@ -76,6 +76,18 @@ jobs:
       - name: Build
         run: yarn build
 
+      - name: Use GitHub App Token
+        uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ secrets.GU_CHANGESETS_APP_ID }}
+          private-key: ${{ secrets.GU_CHANGESETS_PRIVATE_KEY }}
+
+      - name: Set git user to Gu Changesets app
+        run: |
+          git config user.name "gu-changesets-release-pr[bot]"
+          git config user.email "gu-changesets-release-pr[bot]@users.noreply.github.com"
+
       - name: Create Release Pull Request or Publish to npm
         id: changesets
         uses: changesets/action@v1
@@ -85,4 +97,4 @@ jobs:
           commit: "Bump package versions"
           setupGitUser: false
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}

From 70e355691908ae7e0c044c9dcf89e2e3eada2712 Mon Sep 17 00:00:00 2001
From: Sam Hession <sam.hession@guardian.co.uk>
Date: Thu, 26 Mar 2026 11:24:13 +0000
Subject: [PATCH 7/8] Provide release job with necessary permissions

---
 .github/workflows/build-and-release.yml | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml
index 87764b87..f8b304e4 100644
--- a/.github/workflows/build-and-release.yml
+++ b/.github/workflows/build-and-release.yml
@@ -10,6 +10,7 @@ on:
 
 permissions:
   contents: write
+  issues: write
   pull-requests: write
   id-token: write
 
@@ -51,10 +52,6 @@ jobs:
   release:
     runs-on: ubuntu-latest
     needs: [build, integration-tests]
-    permissions:
-      contents: write
-      issues: write
-      pull-requests: write
     if: github.ref == 'refs/heads/main' ||  github.ref == 'refs/heads/beta'
     steps:
       - uses: actions/checkout@v3

From 91f82fc50ada3c79dc05eb9c13fcb4edb8aadcbd Mon Sep 17 00:00:00 2001
From: Sam Hession <sam.hession@guardian.co.uk>
Date: Thu, 26 Mar 2026 13:48:19 +0000
Subject: [PATCH 8/8] Attempt simpler changeset setup with provided
 GITHUB_TOKEN

---
 .github/workflows/build-and-release.yml | 15 +--------------
 1 file changed, 1 insertion(+), 14 deletions(-)

diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml
index f8b304e4..65cef74a 100644
--- a/.github/workflows/build-and-release.yml
+++ b/.github/workflows/build-and-release.yml
@@ -73,18 +73,6 @@ jobs:
       - name: Build
         run: yarn build
 
-      - name: Use GitHub App Token
-        uses: actions/create-github-app-token@v1
-        id: app-token
-        with:
-          app-id: ${{ secrets.GU_CHANGESETS_APP_ID }}
-          private-key: ${{ secrets.GU_CHANGESETS_PRIVATE_KEY }}
-
-      - name: Set git user to Gu Changesets app
-        run: |
-          git config user.name "gu-changesets-release-pr[bot]"
-          git config user.email "gu-changesets-release-pr[bot]@users.noreply.github.com"
-
       - name: Create Release Pull Request or Publish to npm
         id: changesets
         uses: changesets/action@v1
@@ -92,6 +80,5 @@ jobs:
           publish: yarn changeset publish
           title: "🦋 Release package updates"
           commit: "Bump package versions"
-          setupGitUser: false
         env:
-          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}