Remove dependency cache from publish workflow

See: https://bsky.app/profile/sebastienlorber.com/post/3mlnddggv6c2f

Author: wojtekmaj

.github/workflows/publish.yml

@@ -19,15 +19,8 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v6
 
-      - name: Cache Yarn cache
-        uses: actions/cache@v5
-        env:
-          cache-name: yarn-cache
-        with:
-          path: ~/.yarn/berry/cache
-          key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/yarn.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-${{ env.cache-name }}
+      # ⚠️ Do not cache dependencies in publish workflows
+      # Restoring package-manager cache here increases the risk of a compromised release
 
       - name: Use Node.js
         uses: actions/setup-node@v6