Releases: ahochsteger/gmail-processor
Releases · ahochsteger/gmail-processor
v2.17.2
🚀 Gmail Processor v2.17.2 - Strengthening Security and Release Stability
ℹ️ GAS Lib Version: 42 | 📅 2026-04-25 | Docs | Playground | Reference | Examples | Diff
🌟 Major Highlights
- Supply Chain Hardening: The project has transitioned from Snyk to
npm auditand implemented dependency overrides to resolve high-severity vulnerabilities, ensuring a more secure and resilient build environment. - Release Workflow Stability: A new "Draft-First" release workflow and Safe Git Protocol have been implemented. This enforces manual reviews for all releases and utilizes draft Pull Requests to prevent accidental or unverified deployments.
🐞 Bug Fixes & Refinements
- Release Script Fix: Resolved a
ReferenceErrorin the release manager script (scripts/release-manager.mjs) that occurred when checking publication status, which previously hindered the automated announcement of patch releases. - Security Remediation: Addressed critical security vulnerabilities (including CVE-2026-33671 and CVE-2026-33672) by upgrading the
picomatchdependency. - CI Reliability: Updated core GitHub Actions, including
actions/cacheandrelease-please-action, to their latest major versions (v5) to improve pipeline stability and performance.
🔧 Under the Hood
- Major Dependency Updates: Upgraded
picomatchfrom v2.3.2 to v4.0.4 to incorporate essential security fixes. - Minor Version Jumps: Updated
jsonrepairto v3.14.0 (adding support for backslash-escaped newlines) andtype-festto v5.6.0 (including new TypeScript 6.0 fields). - Core Tooling Patches: Updated TypeScript to v6.0.3 and ESLint to v10.2.1.
- General Maintenance: Performed routine lock file maintenance and security updates for
@swc/core,prettier,jest-when, andsonarqube-scanner.
📦 Detailed Changelog
Bug Fixes
- deps: resolve high-severity vulnerabilities via dependency overrides (959411a)
- scripts: remove undefined variable from patch check in release-manager (#666) (27bc24b)
Maintenance
- ci: automate draft release enrichment and roadmap integration (a6c667c)
- ci: harden supply chain security and replace Snyk with npm audit (335f19a)
- ci: implement Safe Git Protocol and Draft-First release workflow (0d20db0)
- deps: lock file maintenance (#673) (080148f)
- deps: update actions/cache action to v5 (#670) (97f6762)
- deps: update dependency picomatch to v4 (#671) (7a04ae5)
- deps: update deps:docs-non-major (#669) (216e90e)
- deps: update deps:lib-non-major (#668) (b0c1315)
- deps: update googleapis/release-please-action action to v5 (#672) (1d65b95)
- release: expand changelog visibility and update docs patch (96a13ce)
- include lint-fix in all:update script (5581b15)
CI/CD Pipeline
- release: enforce manual review for all releases and use draft PRs (7dc970a)
- add enable_snyk toggle and disable by default (b730548)
- add maintenance toggle and formalize /commit-message skill (72ccbf9)
Detailed Dependency Changes
~ @swc/core: 1.15.24 -> 1.15.26 [PATCH]
~ eslint: 10.2.0 -> 10.2.1 [PATCH]
~ jest-when: 4.0.1 -> 4.0.2 [PATCH]
~ jsonrepair: 3.13.3 -> 3.14.0 [MINOR]
~ prettier: 3.8.2 -> 3.8.3 [PATCH]
~ sonarqube-scanner: 4.3.5 -> 4.3.6 [PATCH]
~ type-fest: 5.5.0 -> 5.6.0 [MINOR]
~ typescript: 6.0.2 -> 6.0.3 [PATCH]
AI-Assisted: true
v2.17.1
🚀 Gmail Processor v2.17.1 - Strengthening Infrastructure and Pipeline Stability
ℹ️ GAS Lib Version: 41 | 📅 2026-04-17 | Docs | Playground | Reference | Examples | Diff
🐞 Bug Fixes & Refinements
This maintenance release focuses on enhancing the stability and security of the project's infrastructure and deployment pipelines.
- CI/CD Security & Stability: Mitigated script injection risks and resolved detached HEAD errors within the maintenance auto-fixer. The release pipeline was further hardened by optimizing Snyk quota usage and refining trigger logic.
- Deployment Reliability: Finalized environment modernization to restore deployment stability. This includes fixes for Google Apps Script (GAS) versioning logic and the transition of the
release-pleaseconfiguration to the manifest format. - Pipeline Modernization: Unified release workflows and centralized maintenance logic to improve repository hygiene. The pipeline now utilizes a draft-first workflow with automated patch publishing for more accurate versioning.
- General Refinements: Fixed a build failure caused by an extra newline in
devbox.jsonand standardized dependency management triggers.
🔧 Under the Hood
Significant technical progress has been made in the project's core technology stack and dependency management:
- Core Tool Jumps:
- Major: Updated
actions/upload-artifactfrom v4 to v7. - Minor: Integrated Devbox v0.15.0 with caching into CI workflows.
- Minor: Updated
actionlintto 1.7.12 and the GitHub CLI (gh) to 2.89.0.
- Major: Updated
- Library Updates: Published Google Apps Script Library v41.
- Maintenance: General dependency maintenance and security updates, including lock file refreshes, Renovate configuration migration, and the pinning of GitHub Action digests for improved integrity.
📦 Detailed Changelog
Bug Fixes
- ci: convert release-please config to manifest format (e8cf505)
- ci: fix detached HEAD error and harden maintenance auto-fixer (7f112b1)
- ci: mitigate script injection risk in maintenance auto-fixer (5217c8a)
- lib: finalize environment modernization and restore deployment stability (fcfdd3f)
Maintenance
- ci: modernize pipeline and improve repository hygiene (c739f25)
- ci: unify release workflows and centralize maintenance logic (939b719)
- config: migrate config renovate.json (#654) (769a92b)
- deps: lock file maintenance (#664) (b4143f6)
- deps: pin dependencies (#655) (90e38db)
- deps: update actions/upload-artifact action to v7 (#661) (6e177bf)
- deps: update infrastructure-non-major (#656) (da3c27f)
- maintenance: harden CI pipeline and renovate configuration (bfe6fae)
- maintenance: harden configuration and standardize ordering (4712711)
- release: enrich release notes with modular roadmap and statistics (5b093f4)
- standardize dependency management and release triggers (8001f32)
Detailed Dependency Changes
No dependency changes.
AI-Assisted: true
v2.17.0
🚀 Gmail Processor 2.17.0: New File Increment Strategy and Enhanced Security
ℹ️ GAS Lib Version: 39 | 📅 2026-04-14 | Docs | Playground | Reference | Examples | Diff
🌟 Major Highlights
- Sequential File Versioning: This release introduces the
incrementconflict strategy for Google Drive files, addressing issue #633. When a filename conflict occurs, the system can now automatically append a counter (e.g.,file (1).txt) until an available name is found. Users can customize this behavior using parameters includingincrementStart,incrementPrefix, andincrementSuffix. For more details, see the Conflict Strategy documentation. - Secure Secret Management: To improve security, hardcoded passwords have been removed from examples like the PDF decryption script (#642). The
GlobalConfignow supports atype: "property"variable declaration, allowing the processor to automatically fetch sensitive data from the Google Apps ScriptPropertiesServiceat runtime. See the updated PDF Decryption example for implementation details. - Performance Optimizations: Several internal improvements have been made to increase efficiency, including the elimination of duplicate Gmail searches (d5d601b) and optimized retrieval of thread message counts (5e3acd9).
🔧 Under the Hood
- Core Tooling Upgrades: The project has moved to TypeScript v6.0.2 and ESLint v10.2.0, representing major version jumps in the development stack.
- Dependency Modernization: Significant major version updates were applied to core libraries, including
@types/google-apps-script(v2.0.8),@types/node(v25.6.0),jest(v30.3.0), and@google/clasp(v3.3.0). - Security Fixes: The
ajvdependency was updated to v8.18.0 (#624) to resolve a Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2025-69873). - Expression Support: The
anyValueToStringfunction now supports boolean, number, bigint, symbol, and function types (4b5a1c6). - Documentation: The documentation site has been updated to Docusaurus v3.10.0.
🤝 The Community
We are happy to welcome our community contributors!
- Special thanks to Chris Mazanec for suggesting and implementing the
incrementconflict strategy in Issue #633.
⚠️ Impact & Actions
- Update PDF Decryption Config: If you are using the PDF decryption example, you must now store your password in the Google Apps Script
PropertiesService(e.g., asPDF_PASSWORD) rather than hardcoding it in your configuration. - Library Update: Users of the Google Apps Script library should update to the 39 version to utilize the new
incrementconflict strategy and security features.
📦 Detailed Changelog
Features
- adapter: add
incrementconflict strategy for Google Drive files (1363073) - expr: add support for boolean, number, bigint, symbol, and function types in anyValueToString (4b5a1c6)
- modernization: implement regex escape and secure docs dependencies (418d7a0)
- add
incrementconflict strategy (66278c5), closes #633 - add envOverrides for cache and property service (92215cb)
- add file conflict strategy
increment(#652) (1363073)
Bug Fixes
- deps: update dependency ajv to v8.18.0 [security] (#624) (ef5fa2e)
- deps: update libs-non-major (#571) (d953e21), (#574) (ac9828f), (#576) (684828b), (#582) (5badebe), (#631) (f98897e)
- docs: resolve package-lock.json conflict for react-json-view-lite (c192c24)
- security: remove hardcoded PDF decryption password in example (#642) (c833be0)
- adjust driveApi typing for new @types/google-apps-script (9276cda)
- ERESOLVE in docs build and optimize thread message count retrieval (dd48c60)
- typedoc warnings (c5cbcef)
- upgrade @iconify/react from 6.0.0 to 6.0.1 (7c8be2d)
- upgrade docusaurus-json-schema-plugin from 1.14.0 to 1.15.0 (d52a366)
Performance Improvements
- eliminate duplicate gmail search (d5d601b)
- hort-circuit evaluation in orderRules comparators to minimize API calls (bfe149c)
- optimize thread message count retrieval (5e3acd9)
Detailed Dependency Changes
+ @eslint/js: ^10.0.1
+ @rollup/plugin-swc: 0.4.0
+ @types/google-apps-script: ^2.0.8
+ @types/jest: 30.0.0
+ @types/node: 25.6.0
+ @types/react-dom: 19.2.3
+ @types/react: 19.2.14
+ eslint-plugin-import-x: 4.16.2
+ eslint-plugin-jest: 29.15.2
+ globals: ^17.5.0
+ knip: 6.4.1
+ patch-package: ^8.0.1
+ rollup-plugin-filesize: 10.0.0
+ typescript-eslint: 8.58.2
- @babel/plugin-transform-class-properties: 7.27.1
- @babel/plugin-transform-class-static-block: 7.27.1
- @babel/plugin-transform-logical-assignment-operators: 7.27.1
- @babel/plugin-transform-private-methods: 7.27.1
- @rollup/plugin-babel: 6.0.4
- @rollup/plugin-terser: 0.4.4
- eslint-plugin-import: 2.31.0
- rollup-plugin-analyzer: 4.0.0
- ts-prune: 0.10.3
~ @babel/plugin-proposal-decorators: 7.27.1 -> 7.29.0 [MINOR]
~ @babel/plugin-transform-class-properties: 7.27.1 -> 7.28.6 [MINOR]
~ @cantoo/pdf-lib: 2.4.2 -> 2.6.5 [MINOR]
~ @casualbot/jest-sonar-reporter: 2.4.0 -> 2.6.0 [MINOR]
~ @docsearch/react: 3.9.0 -> 4.6.2 [MAJOR]
~ @docusaurus/core: 3.8.0 -> 3.10.0 [MINOR]
~ @docusaurus/eslint-plugin: 3.8.0 -> 3.10.0 [MINOR]
~ @docusaurus/module-type-aliases: 3.8.0 -> 3.10.0 [MINOR]
~ @docusaurus/preset-classic: 3.8.0 -> 3.10.0 [MINOR]
~ @docusaurus/tsconfig: 3.8.0 -> 3.10.0 [MINOR]
~ @docusaurus/types: 3.8.0 -> 3.10.0 [MINOR]
~ @eslint/js: 9.31.0 -> 10.0.1 [MAJOR]
~ @google/clasp: 2.5.0 -> 3.3.0 [MAJOR]
~ @iconify/react: 6.0.0 -> 6.0.2 [PATCH]
~ @mdx-js/loader: 3.1.0 -> 3.1.1 [PATCH]
~ @mdx-js/react: 3.1.0 -> 3.1.1 [PATCH]
~ @rollup/plugin-commonjs: 28.0.6 -> 29.0.2 [MAJOR]
~ @rollup/plugin-node-resolve: 16.0.1 -> 16.0.3 [PATCH]
~ @rollup/plugin-replace: 6.0.2 -> 6.0.3 [PATCH]
~ @roll...