From 940766a77275dce1583ff7180f4d0899ff4514fc Mon Sep 17 00:00:00 2001
From: Aidan Daly <aidandal@amazon.com>
Date: Tue, 7 Apr 2026 18:00:03 -0400
Subject: [PATCH] fix(ci): pin npm version to avoid self-upgrade corruption

npm install -g npm@latest fails on GitHub Actions runners when npm
tries to replace its own modules mid-installation, corrupting the
promise-retry dependency. Pin to npm@11.5.1 which is the minimum
version needed for OIDC trusted publishing.
---
 .github/workflows/release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 1f921119..21afc4e1 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -317,7 +317,7 @@ jobs:
       - name: Ensure npm 11.5.1+ for trusted publishing
         run: |
           echo "Current npm version: $(npm --version)"
-          npm install -g npm@latest
+          npm install -g npm@11.5.1
           echo "Updated npm version: $(npm --version)"
 
       - name: Download artifacts