From 16e9dfd667cc3bd672c69f8d816a3df40653c895 Mon Sep 17 00:00:00 2001 From: googleworkspace-bot Date: Tue, 17 Mar 2026 20:15:50 +0000 Subject: [PATCH] chore: release versions --- .changeset/fix-security-toctou.md | 11 ---------- .changeset/issue-461-calendar-meet.md | 5 ----- .changeset/security-hardening-rollup.md | 5 ----- .changeset/stderr-output-hygiene.md | 10 --------- .changeset/sync-skills.md | 5 ----- .changeset/validate-unicode-security.md | 5 ----- CHANGELOG.md | 28 +++++++++++++++++++++++++ Cargo.lock | 14 ++++++------- Cargo.toml | 2 +- flake.lock | 6 +++--- package.json | 2 +- 11 files changed, 40 insertions(+), 53 deletions(-) delete mode 100644 .changeset/fix-security-toctou.md delete mode 100644 .changeset/issue-461-calendar-meet.md delete mode 100644 .changeset/security-hardening-rollup.md delete mode 100644 .changeset/stderr-output-hygiene.md delete mode 100644 .changeset/sync-skills.md delete mode 100644 .changeset/validate-unicode-security.md diff --git a/.changeset/fix-security-toctou.md b/.changeset/fix-security-toctou.md deleted file mode 100644 index 3cf7d3cc..00000000 --- a/.changeset/fix-security-toctou.md +++ /dev/null @@ -1,11 +0,0 @@ ---- -"@googleworkspace/cli": patch ---- - -Fix critical security vulnerability (TOCTOU/Symlink race) in atomic file writes. - -The atomic_write and atomic_write_async utilities now use: -- Randomized temporary filenames to prevent predictability. -- O_EXCL creation flags to prevent following pre-existing symlinks. -- Strict 0600 permissions from the moment of file creation on Unix systems. -- Redundant post-write permission calls have been removed to close race windows. diff --git a/.changeset/issue-461-calendar-meet.md b/.changeset/issue-461-calendar-meet.md deleted file mode 100644 index 5e566462..00000000 --- a/.changeset/issue-461-calendar-meet.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@googleworkspace/cli": minor ---- - -feat: support google meet video conferencing in calendar +insert diff --git a/.changeset/security-hardening-rollup.md b/.changeset/security-hardening-rollup.md deleted file mode 100644 index 65a92fec..00000000 --- a/.changeset/security-hardening-rollup.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@googleworkspace/cli": patch ---- - -fix(security): cap Retry-After sleep, sanitize upload mimeType, and validate --upload/--output paths diff --git a/.changeset/stderr-output-hygiene.md b/.changeset/stderr-output-hygiene.md deleted file mode 100644 index 9aacb7af..00000000 --- a/.changeset/stderr-output-hygiene.md +++ /dev/null @@ -1,10 +0,0 @@ ---- -"@googleworkspace/cli": patch ---- - -Stderr/output hygiene rollup: route diagnostics to stderr, add colored error labels, propagate auth errors. - -- **triage.rs**: "No messages found" sent to stderr so stdout stays valid JSON for pipes -- **modelarmor.rs**: response body printed only on success; error message now includes body for diagnostics -- **error.rs**: colored `error[variant]:` labels on stderr (respects `NO_COLOR` env var), `hint:` prefix for accessNotConfigured guidance -- **calendar, chat, docs, drive, script, sheets**: auth failures now propagate as `GwsError::Auth` instead of silently proceeding unauthenticated (dry-run still works without auth) diff --git a/.changeset/sync-skills.md b/.changeset/sync-skills.md deleted file mode 100644 index 1915c38d..00000000 --- a/.changeset/sync-skills.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@googleworkspace/cli": patch ---- - -Sync generated skills with latest Google Discovery API specs diff --git a/.changeset/validate-unicode-security.md b/.changeset/validate-unicode-security.md deleted file mode 100644 index a598c650..00000000 --- a/.changeset/validate-unicode-security.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@googleworkspace/cli": patch ---- - -Extend input validation to reject dangerous Unicode characters (zero-width chars, bidi overrides, Unicode line/paragraph separators) that were not caught by the previous ASCII-range check diff --git a/CHANGELOG.md b/CHANGELOG.md index 65e9c132..f70e0df8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,33 @@ # @googleworkspace/cli +## 0.17.0 + +### Minor Changes + +- 1b0a21f: feat: support google meet video conferencing in calendar +insert + +### Patch Changes + +- 811fe7b: Fix critical security vulnerability (TOCTOU/Symlink race) in atomic file writes. + + The atomic_write and atomic_write_async utilities now use: + + - Randomized temporary filenames to prevent predictability. + - O_EXCL creation flags to prevent following pre-existing symlinks. + - Strict 0600 permissions from the moment of file creation on Unix systems. + - Redundant post-write permission calls have been removed to close race windows. + +- b241a5b: fix(security): cap Retry-After sleep, sanitize upload mimeType, and validate --upload/--output paths +- 6f92e5b: Stderr/output hygiene rollup: route diagnostics to stderr, add colored error labels, propagate auth errors. + + - **triage.rs**: "No messages found" sent to stderr so stdout stays valid JSON for pipes + - **modelarmor.rs**: response body printed only on success; error message now includes body for diagnostics + - **error.rs**: colored `error[variant]:` labels on stderr (respects `NO_COLOR` env var), `hint:` prefix for accessNotConfigured guidance + - **calendar, chat, docs, drive, script, sheets**: auth failures now propagate as `GwsError::Auth` instead of silently proceeding unauthenticated (dry-run still works without auth) + +- 398e80c: Sync generated skills with latest Google Discovery API specs +- 8458104: Extend input validation to reject dangerous Unicode characters (zero-width chars, bidi overrides, Unicode line/paragraph separators) that were not caught by the previous ASCII-range check + ## 0.16.0 ### Minor Changes diff --git a/Cargo.lock b/Cargo.lock index 4de26750..9baf1f9b 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -226,9 +226,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.2.56" +version = "1.2.57" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aebf35691d1bfb0ac386a69bac2fde4dd276fb618cf8bf4f5318fe285e821bb2" +checksum = "7a0dd1ca384932ff3641c8718a02769f1698e7563dc6974ffd03346116310423" dependencies = [ "find-msvc-tools", "shlex", @@ -886,7 +886,7 @@ dependencies = [ [[package]] name = "gws" -version = "0.16.0" +version = "0.17.0" dependencies = [ "aes-gcm", "anyhow", @@ -1265,9 +1265,9 @@ dependencies = [ [[package]] name = "instability" -version = "0.3.11" +version = "0.3.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "357b7205c6cd18dd2c86ed312d1e70add149aea98e7ef72b9fdf0270e555c11d" +checksum = "5eb2d60ef19920a3a9193c3e371f726ec1dafc045dac788d0fb3704272458971" dependencies = [ "darling 0.23.0", "indoc", @@ -2748,9 +2748,9 @@ dependencies = [ [[package]] name = "tinyvec" -version = "1.10.0" +version = "1.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bfa5fdc3bce6191a1dbc8c02d5c8bffcf557bafa17c124c5264a458f1b0613fa" +checksum = "3e61e67053d25a4e82c844e8424039d9745781b3fc4f32b8d55ed50f5f667ef3" dependencies = [ "tinyvec_macros", ] diff --git a/Cargo.toml b/Cargo.toml index 13b63b50..f0f9271c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -14,7 +14,7 @@ [package] name = "gws" -version = "0.16.0" +version = "0.17.0" edition = "2021" description = "Google Workspace CLI — dynamic command surface from Discovery Service" license = "Apache-2.0" diff --git a/flake.lock b/flake.lock index 1bb63f24..1f675e1e 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1773282481, - "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "lastModified": 1773646010, + "narHash": "sha256-iYrs97hS7p5u4lQzuNWzuALGIOdkPXvjz7bviiBjUu8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "rev": "5b2c2d84341b2afb5647081c1386a80d7a8d8605", "type": "github" }, "original": { diff --git a/package.json b/package.json index f62a3e6c..d27568c0 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@googleworkspace/cli", - "version": "0.16.0", + "version": "0.17.0", "private": true, "description": "Google Workspace CLI — dynamic command surface from Discovery Service", "license": "Apache-2.0",