diff --git a/.changeset/update-trusted-publishing.md b/.changeset/update-trusted-publishing.md
new file mode 100644
index 0000000..343cce2
--- /dev/null
+++ b/.changeset/update-trusted-publishing.md
@@ -0,0 +1,6 @@
+---
+"@nylas/connect": patch
+---
+
+Update release workflow to use npm trusted publishing with OIDC authentication
+
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index d93b8f6..01af19e 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -37,6 +37,9 @@ jobs:
           node-version: ${{ env.NODE_VERSION }}
           registry-url: "https://registry.npmjs.org"
 
+      - name: Update npm
+        run: npm install -g npm@latest
+
       - name: Setup pnpm
         uses: pnpm/action-setup@v4
         with:
@@ -84,6 +87,4 @@ jobs:
           createGithubReleases: true
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} # do not remove this line (https://github.com/changesets/action/issues/98)
-          PM_CONFIG_PROVENANCE: true
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} # Only needed for installing private dependencies