From 724edfdfe61243c5bac82e7ebbf0b00c5e7216c4 Mon Sep 17 00:00:00 2001
From: Andrew Gable <andrew@expensify.com>
Date: Fri, 31 Oct 2025 13:47:08 -0600
Subject: [PATCH] Update node and permissions to allow publishing via OIDC

See https://github.com/Expensify/Expensify/issues/558148
---
 .github/workflows/publish.yml | 5 +++++
 .nvmrc                        | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index d31399ecf..39a442043 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -4,6 +4,11 @@ on:
     push:
         branches: [main]
 
+permissions:
+  # Required for OIDC: https://docs.npmjs.com/trusted-publishers
+  id-token: write
+  contents: read
+
 # Ensure that only one instance of this workflow executes at a time.
 # If multiple PRs are merged in quick succession, there will only ever be one publish workflow running and one pending.
 concurrency: ${{ github.workflow }}
diff --git a/.nvmrc b/.nvmrc
index f234c57bc..0a492611a 100644
--- a/.nvmrc
+++ b/.nvmrc
@@ -1 +1 @@
-20.19.3
+24.11.0