googleworkspace · jpoehnelt · Mar 17, 2026 · Mar 17, 2026
diff --git a/.changeset/fix-security-toctou.md b/.changeset/fix-security-toctou.md
diff --git a/.changeset/issue-461-calendar-meet.md b/.changeset/issue-461-calendar-meet.md
diff --git a/.changeset/security-hardening-rollup.md b/.changeset/security-hardening-rollup.md
diff --git a/.changeset/stderr-output-hygiene.md b/.changeset/stderr-output-hygiene.md
diff --git a/.changeset/sync-skills.md b/.changeset/sync-skills.md
diff --git a/.changeset/validate-unicode-security.md b/.changeset/validate-unicode-security.md
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,33 @@
 # @googleworkspace/cli
 
+## 0.17.0
+
+### Minor Changes
+
+- 1b0a21f: feat: support google meet video conferencing in calendar +insert
+
+### Patch Changes
+
+- 811fe7b: Fix critical security vulnerability (TOCTOU/Symlink race) in atomic file writes.
+
+  The atomic_write and atomic_write_async utilities now use:
+
+  - Randomized temporary filenames to prevent predictability.
+  - O_EXCL creation flags to prevent following pre-existing symlinks.
+  - Strict 0600 permissions from the moment of file creation on Unix systems.
+  - Redundant post-write permission calls have been removed to close race windows.
+
+- b241a5b: fix(security): cap Retry-After sleep, sanitize upload mimeType, and validate --upload/--output paths
+- 6f92e5b: Stderr/output hygiene rollup: route diagnostics to stderr, add colored error labels, propagate auth errors.
+
+  - **triage.rs**: "No messages found" sent to stderr so stdout stays valid JSON for pipes
+  - **modelarmor.rs**: response body printed only on success; error message now includes body for diagnostics
+  - **error.rs**: colored `error[variant]:` labels on stderr (respects `NO_COLOR` env var), `hint:` prefix for accessNotConfigured guidance
+  - **calendar, chat, docs, drive, script, sheets**: auth failures now propagate as `GwsError::Auth` instead of silently proceeding unauthenticated (dry-run still works without auth)
+
+- 398e80c: Sync generated skills with latest Google Discovery API specs
+- 8458104: Extend input validation to reject dangerous Unicode characters (zero-width chars, bidi overrides, Unicode line/paragraph separators) that were not caught by the previous ASCII-range check
+
 ## 0.16.0
 
 ### Minor Changes

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -14,7 +14,7 @@
 
 [package]
 name = "gws"
-version = "0.16.0"
+version = "0.17.0"
 edition = "2021"
 description = "Google Workspace CLI — dynamic command surface from Discovery Service"
 license = "Apache-2.0"

diff --git a/flake.lock b/flake.lock
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@googleworkspace/cli",
-  "version": "0.16.0",
+  "version": "0.17.0",
   "private": true,
   "description": "Google Workspace CLI — dynamic command surface from Discovery Service",
   "license": "Apache-2.0",