Fix dependency vulnerabilities (#213) #2

	# taken from the semantic-release documentation
	# https://semantic-release.gitbook.io/semantic-release/recipes/ci-configurations/github-actions

	name: Release
	on:
	push:
	branches:
	- master
	workflow_dispatch:

	permissions:
	contents: read # for checkout

	jobs:
	release:
	name: Release
	runs-on: ubuntu-latest
	permissions:
	contents: write # to be able to publish a GitHub release
	issues: write # to be able to comment on released issues
	pull-requests: write # to be able to comment on released pull requests
	id-token: write # to enable use of OIDC for npm provenance
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- name: Setup Node.js
	uses: actions/setup-node@v4
	with:
	node-version: "18.x"
	- name: Install dependencies
	run: npm clean-install
	- name: Verify the integrity of provenance attestations and registry signatures for installed dependencies
	run: npm audit signatures
	- name: Build Package
	run: npm run build
	- name: Release
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
	run: npm run release

Provide feedback