chore: bump @npmcli/template-oss from 4.24.4 to 4.25.0 (#302)

dependabot[bot] · owlstronaut · web-flow · commit a0e07cd0b8cf · 2025-07-09T10:03:45.000-07:00
Bumps [@npmcli/template-oss](https://github.com/npm/template-oss) from 4.24.4 to 4.25.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/npm/template-oss/releases"><code>@​npmcli/template-oss</code>'s releases</a>.</em></p> <blockquote> <h2>v4.25.0</h2> <h2><a href="https://github.com/npm/template-oss/compare/v4.24.4...v4.25.0">4.25.0</a> (2025-07-08)</h2> <h3>Features</h3> <ul> <li><a href="https://github.com/npm/template-oss/commit/e7b430e6ceeb84768ab1192e3fdf0be5edbc3fdf"><code>e7b430e</code></a> <a href="https://redirect.github.com/npm/template-oss/pull/518">#518</a> Add <code>dependabotInterval</code> configuration (<a href="https://redirect.github.com/npm/template-oss/issues/518">#518</a>) (<a href="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/owlstronaut"><code>@​owlstronaut</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/npm/template-oss/blob/main/CHANGELOG.md"><code>@​npmcli/template-oss</code>'s changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/npm/template-oss/compare/v4.24.4...v4.25.0">4.25.0</a> (2025-07-08)</h2> <h3>Features</h3> <ul> <li><a href="https://github.com/npm/template-oss/commit/e7b430e6ceeb84768ab1192e3fdf0be5edbc3fdf"><code>e7b430e</code></a> <a href="https://redirect.github.com/npm/template-oss/pull/518">#518</a> Add <code>dependabotInterval</code> configuration (<a href="https://redirect.github.com/npm/template-oss/issues/518">#518</a>) (<a href="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/owlstronaut"><code>@​owlstronaut</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/npm/template-oss/commit/793f79d7a287ae3fe7c212f84ef87c9025a52bc4"><code>793f79d</code></a> chore: release 4.25.0 (<a href="https://redirect.github.com/npm/template-oss/issues/519">#519</a>)</li> <li><a href="https://github.com/npm/template-oss/commit/e7b430e6ceeb84768ab1192e3fdf0be5edbc3fdf"><code>e7b430e</code></a> feat: Add <code>dependabotInterval</code> configuration (<a href="https://redirect.github.com/npm/template-oss/issues/518">#518</a>)</li> <li>See full diff in <a href="https://github.com/npm/template-oss/compare/v4.24.4...v4.25.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@npmcli/template-oss&package-manager=npm_and_yarn&previous-version=4.24.4&new-version=4.25.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Michael Smith <owlstronaut@github.com>
diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
@@ -8,6 +8,9 @@ on:
     # "At 08:00 UTC (01:00 PT) on Monday" https://crontab.guru/#0_8_*_*_1
     - cron: "0 8 * * 1"
 
+permissions:
+  contents: read
+
 jobs:
   audit:
     name: Audit Dependencies
diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml
@@ -18,6 +18,10 @@ on:
         required: true
         type: string
 
+permissions:
+  contents: read
+  checks: write
+
 jobs:
   lint-all:
     name: Lint All
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -13,6 +13,9 @@ on:
     # "At 09:00 UTC (02:00 PT) on Monday" https://crontab.guru/#0_9_*_*_1
     - cron: "0 9 * * 1"
 
+permissions:
+  contents: read
+
 jobs:
   lint:
     name: Lint
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -15,6 +15,9 @@ on:
     # "At 10:00 UTC (03:00 PT) on Monday" https://crontab.guru/#0_10_*_*_1
     - cron: "0 10 * * 1"
 
+permissions:
+  contents: read
+
 jobs:
   analyze:
     name: Analyze
diff --git a/.github/workflows/post-dependabot.yml b/.github/workflows/post-dependabot.yml
@@ -54,7 +54,7 @@ jobs:
           else
             # strip leading slash from directory so it works as a
             # a path to the workspace flag
-            echo "workspace=-w ${dependabot_dir#/}" >> $GITHUB_OUTPUT
+            echo "workspace=--workspace ${dependabot_dir#/}" >> $GITHUB_OUTPUT
           fi
 
       - name: Apply Changes
diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
@@ -10,6 +10,9 @@ on:
       - edited
       - synchronize
 
+permissions:
+  contents: read
+
 jobs:
   commitlint:
     name: Lint Commits
diff --git a/.github/workflows/release-integration.yml b/.github/workflows/release-integration.yml
@@ -19,6 +19,10 @@ on:
       PUBLISH_TOKEN:
         required: true
 
+permissions:
+  contents: read
+  id-token: write
+
 jobs:
   publish:
     name: Publish
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -245,6 +245,7 @@ jobs:
     if: needs.release.outputs.releases
     uses: ./.github/workflows/release-integration.yml
     permissions:
+      contents: read
       id-token: write
     secrets:
       PUBLISH_TOKEN: ${{ secrets.PUBLISH_TOKEN }}
diff --git a/package.json b/package.json
@@ -35,7 +35,7 @@
   },
   "devDependencies": {
     "@npmcli/eslint-config": "^5.0.0",
-    "@npmcli/template-oss": "4.24.4",
+    "@npmcli/template-oss": "4.25.0",
     "tap": "^16.0.1"
   },
   "files": [
@@ -55,7 +55,7 @@
   },
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "4.24.4",
+    "version": "4.25.0",
     "publish": "true"
   }
 }
