chore: release versions

[googleworkspace-bot]

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

@googleworkspace/cli@0.17.0

Minor Changes

• 1b0a21f: feat: support google meet video conferencing in calendar +insert

Patch Changes

• 811fe7b: Fix critical security vulnerability (TOCTOU/Symlink race) in atomic file writes.

  The atomic_write and atomic_write_async utilities now use:

  • Randomized temporary filenames to prevent predictability.
  • O_EXCL creation flags to prevent following pre-existing symlinks.
  • Strict 0600 permissions from the moment of file creation on Unix systems.
  • Redundant post-write permission calls have been removed to close race windows.

• b241a5b: fix(security): cap Retry-After sleep, sanitize upload mimeType, and validate --upload/--output paths

• 6f92e5b: Stderr/output hygiene rollup: route diagnostics to stderr, add colored error labels, propagate auth errors.

  • triage.rs: "No messages found" sent to stderr so stdout stays valid JSON for pipes
  • modelarmor.rs: response body printed only on success; error message now includes body for diagnostics
  • error.rs: colored error[variant]: labels on stderr (respects NO_COLOR env var), hint: prefix for accessNotConfigured guidance
  • calendar, chat, docs, drive, script, sheets: auth failures now propagate as GwsError::Auth instead of silently proceeding unauthenticated (dry-run still works without auth)

• 398e80c: Sync generated skills with latest Google Discovery API specs

• 8458104: Extend input validation to reject dangerous Unicode characters (zero-width chars, bidi overrides, Unicode line/paragraph separators) that were not caught by the previous ASCII-range check

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request facilitates the release of @googleworkspace/cli version 0.16.1. The primary motivation for this release is to address and patch a critical security vulnerability related to atomic file write operations, ensuring enhanced security and stability for the package. This release also includes updates to various dependencies to reflect the new version.

Highlights

• Security Fix: A critical security vulnerability (TOCTOU/Symlink race) in atomic file writes has been fixed. This includes using randomized temporary filenames, O_EXCL creation flags, strict 0600 permissions, and removing redundant post-write permission calls to close race windows.
• Version Release: The @googleworkspace/cli package has been updated to version 0.16.1 to incorporate the security fix and other dependency updates.

Changelog

• .changeset/fix-security-toctou.md
  • Removed the changeset file after its content was incorporated into the changelog.
• CHANGELOG.md
  • Added new entries for version 0.16.1, detailing a critical security fix for atomic file writes.
• Cargo.lock
  • Updated cc package version from 1.2.56 to 1.2.57.
  • Updated gws package version from 0.16.0 to 0.16.1.
  • Updated instability package version from 0.3.11 to 0.3.12.
  • Updated tinyvec package version from 1.10.0 to 1.11.0.
• Cargo.toml
  • Bumped the gws package version from 0.16.0 to 0.16.1.
• flake.lock
  • Updated the nixpkgs locked revision and hash.
• package.json
  • Bumped the @googleworkspace/cli package version from 0.16.0 to 0.16.1.

Activity

• The pull request was automatically opened by the Changesets release GitHub action.
• The bot created this PR to propose a new release of @googleworkspace/cli to version 0.16.1.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Generative AI Prohibited Use Policy, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
⚠️ Please upload report for BASE (main@6f92e5b). Learn more about missing BASE report.
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #522   +/-   ##
=======================================
  Coverage        ?   68.10%           
=======================================
  Files           ?       40           
  Lines           ?    17954           
  Branches        ?        0           
=======================================
  Hits            ?    12227           
  Misses          ?     5727           
  Partials        ?        0           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[gemini-code-assist]

Code Review

This pull request is an automated release generated by the Changesets action. It updates the version to 0.16.1 across various package management files (package.json, Cargo.toml, Cargo.lock) and updates the CHANGELOG.md. These changes are consistent with a standard release process. The actual code change for the security fix mentioned in the release notes is not part of this pull request's diff, so it cannot be reviewed here. The versioning changes themselves are correct.

[googleworkspace-bot]

/gemini review

[gemini-code-assist]

Code Review

This pull request is an automated action from Changesets to release version 0.16.1. The modifications consist of version updates in package.json and Cargo.toml, an updated CHANGELOG.md, and refreshed lock files. These changes are all standard for a release process. My review of these automated changes did not find any issues.

[googleworkspace-bot]

/gemini review

[gemini-code-assist]

Code Review

This pull request handles the version bump to 0.17.0 and updates the changelog, which is typical for an automated release process. The changes correctly update version numbers in package.json, Cargo.toml, and lock files. The documentation in skills/gws-calendar-insert/SKILL.md has also been updated to reflect the new --meet feature. The changes appear correct and I found no issues of high or critical severity.

[googleworkspace-bot]

/gemini review

[gemini-code-assist]

Code Review

This pull request is an automated release generated by the Changesets action to publish version 0.17.0 of @googleworkspace/cli. The changes involve updating the version number in package.json, Cargo.toml, and corresponding lock files. It also consolidates individual change descriptions into the main CHANGELOG.md. These changes are consistent with a standard release workflow and appear to be correct. No issues were identified in the diff.