From 20ebb97e53147618bf682a8d16b21a9d9e574ab1 Mon Sep 17 00:00:00 2001
From: Tejas Kashinath <tkashina@amazon.com>
Date: Thu, 26 Feb 2026 10:49:59 -0500
Subject: [PATCH] chore: disable npm caching in release workflow

Remove `cache: 'npm'` from all three jobs in the release workflow
(prepare-release, test-and-build, publish-npm) to ensure fresh
dependency installs during releases per security review.
---
 .github/workflows/release.yml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index a97438dd..effd52fe 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -53,7 +53,6 @@ jobs:
         uses: actions/setup-node@v6
         with:
           node-version: 20.x
-          cache: 'npm'
 
       - name: Configure git
         run: |
@@ -218,7 +217,6 @@ jobs:
         uses: actions/setup-node@v6
         with:
           node-version: 20.x
-          cache: 'npm'
 
       - name: Install dependencies
         run: npm ci
@@ -307,7 +305,6 @@ jobs:
         uses: actions/setup-node@v6
         with:
           node-version: 22.x
-          cache: 'npm'
           registry-url: 'https://registry.npmjs.org'
 
       - name: Ensure npm 11.5.1+ for trusted publishing