Add npm upgrade step in CI workflow

[NodeByteLTD]

Added step to upgrade npm to the latest version before installing dependencies.

Summary

Describe what changed and why.

Type of Change

• Bug fix
• New feature
• Breaking change
• Documentation update
• Chore / maintenance

Testing

List what you ran:

• pnpm lint
• pnpm build
• Relevant tests for changed area

Commands/results:

Paste test output or brief notes here.

Screenshots / Evidence (if applicable)

Add screenshots, recordings, or logs.

Checklist

• I linked related issue(s)
• I updated docs where needed
• I updated changelog for user-facing changes
• I removed secrets from code, logs, and screenshots

Summary by CodeRabbit

• Chores
  • Enhanced CI/CD release workflow with improved pnpm tooling setup and Node.js caching configuration.
  • Streamlined npm package publishing process with automatic npm version upgrade.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 82a7ebd3-95f0-48b5-a32d-4de1c10ec215

📥 Commits

Reviewing files that changed from the base of the PR and between fff3b5a and 4d5fce3.

📒 Files selected for processing (1)

• .github/workflows/npm-release.yml

---

Walkthrough

The npm-release workflow now explicitly configures pnpm v9.0.0 and Node.js 20.x with npm registry credentials, upgrades the global npm installation to the latest version, installs frozen dependencies for the SDK package, and publishes the SDK to npm with provenance verification.

Changes

npm-release Workflow Configuration

Layer / File(s)	Summary
Environment Setup: pnpm, Node.js, and npm .github/workflows/npm-release.yml	Adds explicit pnpm v9.0.0 setup action, configures Node.js 20.x with npm registry credentials and pnpm cache keyed by pnpm-lock.yaml, and introduces a new step to upgrade global npm to latest.
Dependency Installation .github/workflows/npm-release.yml	Installs filtered dependencies for packages/sdk using frozen lockfile.
SDK Build and Publish .github/workflows/npm-release.yml	Builds SDK package and publishes to npm registry from packages/sdk with provenance enabled and git tag checks disabled.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• NodeByteLTD/ByteSend#20: Also modifies the npm-release workflow to adjust pnpm and Node.js setup ordering.
• NodeByteLTD/ByteSend#19: Directly conflicts with this PR; removes the global npm upgrade step and modifies the npm publish logic.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch develop

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}