chore: bump @npmcli/template-oss from 4.24.3 to 4.24.4 (#155)

Bumps [@npmcli/template-oss](https://github.com/npm/template-oss) from
4.24.3 to 4.24.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/npm/template-oss/releases"><code>@​npmcli/template-oss</code>'s
releases</a>.</em></p>
<blockquote>
<h2>v4.24.4</h2>
<h2><a
href="https://github.com/npm/template-oss/compare/v4.24.3...v4.24.4">4.24.4</a>
(2025-06-25)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="https://github.com/npm/template-oss/commit/4177f5bda25684b742dce408153a46d95f427c09"><code>4177f5b</code></a>
<a href="https://redirect.github.com/npm/template-oss/pull/515">#515</a>
do not request id-token if no publish (<a
href="https://redirect.github.com/npm/template-oss/issues/515">#515</a>)
(<a
href="https://github.com/wraithgar"><code>@​wraithgar</code></a>)</li>
<li><a
href="https://github.com/npm/template-oss/commit/21fa419c1d53e60f3e28ce566d5942da9a06d88a"><code>21fa419</code></a>
<a href="https://redirect.github.com/npm/template-oss/pull/511">#511</a>
remove single-dash options from workflows (<a
href="https://redirect.github.com/npm/template-oss/issues/511">#511</a>)
(<a
href="https://github.com/owlstronaut"><code>@​owlstronaut</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/npm/template-oss/blob/main/CHANGELOG.md"><code>@​npmcli/template-oss</code>'s
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/npm/template-oss/compare/v4.24.3...v4.24.4">4.24.4</a>
(2025-06-25)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="https://github.com/npm/template-oss/commit/4177f5bda25684b742dce408153a46d95f427c09"><code>4177f5b</code></a>
<a href="https://redirect.github.com/npm/template-oss/pull/515">#515</a>
do not request id-token if no publish (<a
href="https://redirect.github.com/npm/template-oss/issues/515">#515</a>)
(<a
href="https://github.com/wraithgar"><code>@​wraithgar</code></a>)</li>
<li><a
href="https://github.com/npm/template-oss/commit/21fa419c1d53e60f3e28ce566d5942da9a06d88a"><code>21fa419</code></a>
<a href="https://redirect.github.com/npm/template-oss/pull/511">#511</a>
remove single-dash options from workflows (<a
href="https://redirect.github.com/npm/template-oss/issues/511">#511</a>)
(<a
href="https://github.com/owlstronaut"><code>@​owlstronaut</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/npm/template-oss/commit/9c6a2ffe0b222672f0dee70087c1308f92f19057"><code>9c6a2ff</code></a>
chore: release 4.24.4 (<a
href="https://redirect.github.com/npm/template-oss/issues/512">#512</a>)</li>
<li><a
href="https://github.com/npm/template-oss/commit/4177f5bda25684b742dce408153a46d95f427c09"><code>4177f5b</code></a>
fix: do not request id-token if no publish (<a
href="https://redirect.github.com/npm/template-oss/issues/515">#515</a>)</li>
<li><a
href="https://github.com/npm/template-oss/commit/21fa419c1d53e60f3e28ce566d5942da9a06d88a"><code>21fa419</code></a>
fix: remove single-dash options from workflows (<a
href="https://redirect.github.com/npm/template-oss/issues/511">#511</a>)</li>
<li>See full diff in <a
href="https://github.com/npm/template-oss/compare/v4.24.3...v4.24.4">compare
view</a></li>
</ul>
</details>
<br />

<details>
<summary>Most Recent Ignore Conditions Applied to This Pull
Request</summary>

| Dependency Name | Ignore Conditions |
| --- | --- |
| @npmcli/template-oss | [< 4.24, > 4.23.3] |
</details>


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@npmcli/template-oss&package-manager=npm_and_yarn&previous-version=4.24.3&new-version=4.24.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Michael Smith <owlstronaut@github.com>

Author: dependabot[bot]

.github/workflows/audit.yml

@@ -8,6 +8,9 @@ on:
     # "At 08:00 UTC (01:00 PT) on Monday" https://crontab.guru/#0_8_*_*_1
     - cron: "0 8 * * 1"
 
+permissions:
+  contents: read
+
 jobs:
   audit:
     name: Audit Dependencies

.github/workflows/ci-release.yml

@@ -18,6 +18,10 @@ on:
         required: true
         type: string
 
+permissions:
+  contents: read
+  checks: write
+
 jobs:
   lint-all:
     name: Lint All

.github/workflows/ci.yml

@@ -12,6 +12,9 @@ on:
     # "At 09:00 UTC (02:00 PT) on Monday" https://crontab.guru/#0_9_*_*_1
     - cron: "0 9 * * 1"
 
+permissions:
+  contents: read
+
 jobs:
   lint:
     name: Lint

.github/workflows/codeql-analysis.yml

@@ -13,6 +13,9 @@ on:
     # "At 10:00 UTC (03:00 PT) on Monday" https://crontab.guru/#0_10_*_*_1
     - cron: "0 10 * * 1"
 
+permissions:
+  contents: read
+
 jobs:
   analyze:
     name: Analyze

.github/workflows/post-dependabot.yml

@@ -54,7 +54,7 @@ jobs:
           else
             # strip leading slash from directory so it works as a
             # a path to the workspace flag
-            echo "workspace=-w ${dependabot_dir#/}" >> $GITHUB_OUTPUT
+            echo "workspace=--workspace ${dependabot_dir#/}" >> $GITHUB_OUTPUT
           fi
 
       - name: Apply Changes

.github/workflows/pull-request.yml

@@ -10,6 +10,9 @@ on:
       - edited
       - synchronize
 
+permissions:
+  contents: read
+
 jobs:
   commitlint:
     name: Lint Commits

.github/workflows/release-integration.yml

@@ -19,6 +19,10 @@ on:
       PUBLISH_TOKEN:
         required: true
 
+permissions:
+  contents: read
+  id-token: write
+
 jobs:
   publish:
     name: Publish

.github/workflows/release.yml

@@ -244,6 +244,7 @@ jobs:
     if: needs.release.outputs.releases
     uses: ./.github/workflows/release-integration.yml
     permissions:
+      contents: read
       id-token: write
     secrets:
       PUBLISH_TOKEN: ${{ secrets.PUBLISH_TOKEN }}

package.json

@@ -17,7 +17,7 @@
   },
   "devDependencies": {
     "@npmcli/eslint-config": "^5.0.0",
-    "@npmcli/template-oss": "4.24.3",
+    "@npmcli/template-oss": "4.24.4",
     "tap": "^16.3.0"
   },
   "scripts": {
@@ -46,7 +46,7 @@
   },
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "4.24.3",
+    "version": "4.24.4",
     "publish": "true"
   }
 }