Releases: ahochsteger/gmail-processor
Releases · ahochsteger/gmail-processor
v2.17.4
🚀 Gmail Processor v2.17.4 - Enhanced Stability and Configuration Validation
ℹ️ GAS Lib Version: 44 | 📅 2026-05-17 | Docs | Playground | Reference | Examples | Diff
🌟 Major Highlights
This maintenance release introduces a significant overhaul of the configuration engine and testing infrastructure to ensure long-term project stability.
- Robust Configuration Validation: The project has migrated its validation and serialization logic to Zod v4. This replaces the previous stack (class-transformer/ajv), providing more reliable and predictable handling of user configurations.
- Testing Infrastructure Refactor: The E2E testing framework has been decoupled, eliminating circular dependencies and optimizing metadata caching. This results in a more stable and maintainable test suite for future development.
🐞 Bug Fixes & Refinements
This release focuses heavily on hardening the CI/CD pipeline and resolving internal architectural issues:
- CI/CD Stability: Fixed build clean race conditions and resolved workspace dependency hoisting issues.
- Security Hardening: Simplified workspace security audits, added explicit permissions to workflows, and implemented an override for a known
serialize-javascriptvulnerability. - Maintenance: Aligned cool-down periods with precise timestamps and enhanced version linting to prevent violation errors.
⚠️ Impact & Actions
- GAS Library Update: Users of the Google Apps Script library should update to version 44 to benefit from the latest stability improvements.
🔧 Under the Hood
- Core Technology Jump: Migrated to Zod v4.4.3, allowing for the removal of
ajv,class-transformer,reflect-metadata, andtypescript-json-schemafrom the dependency tree. - Documentation Build: Integrated
@docusaurus/fasterto optimize documentation generation. - Dependency Maintenance: General maintenance and security updates for core tools including jest, tar, and Node.js type definitions.
📦 Detailed Changelog
Maintenance
- ci: fix workspace dependency hoisting and patch-package resolution in CI (2238fe4)
- ci: simplify workspace security audits and override serialize-javascript vulnerability (765c392)
- deps: update deps:lib-non-major (#686) (3bba6a7)
- e2e: optimize test data reuse and fix build clean race conditions (304244e)
- maintenance: align cool-down period with precise timestamps (34a7337)
- maintenance: bypass cool-down for security overrides (dcb267d)
- enhance version linting and resolve cool-down violation (0a938b7)
Refactorings
- config: migrate validation and serialization from class-transformer/ajv to Zod v4 (bec27c6)
- docs: decouple Docusaurus docs from library source using npm workspaces (d31f044)
- e2e: decouple mock framework, eliminate circular dependencies, and optimize E2E metadata caching (4398fc0)
CI/CD Pipeline
- workflow: add explicit permissions to workflows for security (b80f395)
Detailed Dependency Changes
+ @docusaurus/faster: 3.10.1
+ gmail-processor: file:..
+ patch-package: 8.0.1
+ zod: 4.4.3
- ajv: 8.20.0
- class-transformer: 0.5.1
- patch-package: 8.0.1
- reflect-metadata: 0.2.2
- typescript-json-schema: 0.67.2
~ @types/node: 24.12.4 -> 24.12.3 [PATCH]
~ jest: 30.4.0 -> 30.4.2 [PATCH]
AI-Assisted: true
v2.17.3
🚀 Gmail Processor v2.17.3 - Industrialized Maintenance and Pipeline Hardening
ℹ️ GAS Lib Version: 43 | 📅 2026-05-14 | Docs | Playground | Reference | Examples | Diff
🌟 Major Highlights
- Pipeline Hardening: Improved the reliability of the release process by resolving GraphQL mutation formatting issues and optimizing tag resolution to eliminate preview timeouts.
- Workflow Industrialization: Standardized dependency maintenance workflows and implemented strict consistency checks for Node.js engines to ensure environment stability.
🐞 Bug Fixes & Refinements
- Release Stability: Resolved issues with the automated announcement system's GraphQL mutation format and hardened the release notes generation against hallucinations.
- Environment Consistency: Aligned Node.js engines across the project and enforced strict pinning for dependency overrides to prevent version drift.
- Parser Optimization: Simplified the parser generation process and refined linter bypass logic for better maintainability.
🔧 Under the Hood
- Google Apps Script: Updated the GAS Library to version 43.
- Major CI/CD Updates: Upgraded core GitHub Actions including
actions/download-artifact(v4 to v8),actions/upload-artifact(v4 to v7), andsonarsource/sonarqube-scan-action(v7 to v8). - Core Tooling Jumps:
eslint: Updated to v10.3.0 (Minor).typescript-eslint: Updated to v8.59.2 (Minor).ajv: Updated to v8.20.0 (Minor).jest: Updated to v30.4.0 (Minor).knip: Updated to v6.12.1 (Minor).@types/node: Adjusted to v24.12.4 (Major).
- Dependency Maintenance: General dependency maintenance and security updates for SWC, Docusaurus, and React.
📦 Detailed Changelog
Bug Fixes
- docs: format latest release link and label with version prefix (2c09c4d)
- release: optimize tag resolution and eliminate preview timeouts (3858170)
- release: resolve graphql mutation format for announcements (121b215)
Maintenance
- ci: optimize pipeline with artifact reuse and job renaming (b53e9d9)
- deps: enforce strict pinning for dependency overrides (47d8b4d)
- deps: industrialize dependency maintenance workflow (26278ce)
- deps: update dependency gh to v2.92.0 (#676) (f5df42e)
- deps: update dependency knip to v6.6.3 (#681) (8b9a3a9)
- deps: update deps:docs-non-major (#678) (28d0fd0), (#682) (aba4eab)
- deps: update deps:lib-non-major (#677) (5a251f1), (#683) (e733cf6)
- deps: update github artifact actions (#679) (d346a7f)
- deps: update sonarsource/sonarqube-scan-action action to v8 (#684) (efe3054)
- maintenance: industrialize dependency management and update docs (3ebff21)
- maintenance: upgrade yq to yq-go v4.53.2 in devbox (dbb8d46)
- parser: simplify parser generation and linter bypass (8127a70)
- release: harden release notes prompt against hallucinations (cb1789c)
- align Node.js engines and implement strict consistency checks (96a9dc7)
CI/CD Pipeline
- release: remove redundant enrich-release job and enforce error handling (7055535)
- enable documentation deployment for manual release publication (c06b205)
- modernize release pipeline and maintenance workflows (a7e0a5a)
Detailed Dependency Changes
~ @casualbot/jest-sonar-reporter: 2.6.0 -> 2.7.0 [MINOR]
~ @docsearch/react: 4.6.2 -> 4.6.3 [PATCH]
~ @docusaurus/core: 3.10.0 -> 3.10.1 [PATCH]
~ @docusaurus/eslint-plugin: 3.10.0 -> 3.10.1 [PATCH]
~ @docusaurus/module-type-aliases: 3.10.0 -> 3.10.1 [PATCH]
~ @docusaurus/preset-classic: 3.10.0 -> 3.10.1 [PATCH]
~ @docusaurus/tsconfig: 3.10.0 -> 3.10.1 [PATCH]
~ @docusaurus/types: 3.10.0 -> 3.10.1 [PATCH]
~ @eslint/js: ^10.0.1 -> 10.0.1
~ @swc/core: 1.15.26 -> 1.15.33 [PATCH]
~ @types/google-apps-script: ^2.0.8 -> 2.0.8
~ @types/node: 25.6.0 -> 24.12.4 [MAJOR]
~ @typescript-eslint/eslint-plugin: 8.58.2 -> 8.59.2 [MINOR]
~ @typescript-eslint/parser: 8.58.2 -> 8.59.2 [MINOR]
~ ajv: 8.18.0 -> 8.20.0 [MINOR]
~ docusaurus-json-schema-plugin: 1.15.0 -> 1.15.1 [PATCH]
~ eslint: 10.2.1 -> 10.3.0 [MINOR]
~ eta: 4.5.1 -> 4.6.0 [MINOR]
~ globals: ^17.5.0 -> 17.6.0 [MINOR]
~ jest-mock-extended: 4.0.0 -> 4.0.1 [PATCH]
~ jest-when: 4.0.2 -> 4.0.3 [PATCH]
~ jest: 30.3.0 -> 30.4.0 [MINOR]
~ knip: 6.4.1 -> 6.12.1 [MINOR]
~ patch-package: ^8.0.1 -> 8.0.1
~ react-dom: 19.2.5 -> 19.2.6 [PATCH]
~ react-toastify: 11.0.5 -> 11.1.0 [MINOR]
~ react: 19.2.5 -> 19.2.6 [PATCH]
~ rollup: 4.60.1 -> 4.60.3 [PATCH]
~ typescript-eslint: 8.58.2 -> 8.59.2 [MINOR]
~ typescript-json-schema: 0.67.1 -> 0.67.2 [PATCH]
AI-Assisted: true
v2.17.2
🚀 Gmail Processor v2.17.2 - Strengthening Security and Release Stability
ℹ️ GAS Lib Version: 42 | 📅 2026-04-25 | Docs | Playground | Reference | Examples | Diff
🌟 Major Highlights
- Supply Chain Hardening: The project has transitioned from Snyk to
npm auditand implemented dependency overrides to resolve high-severity vulnerabilities, ensuring a more secure and resilient build environment. - Release Workflow Stability: A new "Draft-First" release workflow and Safe Git Protocol have been implemented. This enforces manual reviews for all releases and utilizes draft Pull Requests to prevent accidental or unverified deployments.
🐞 Bug Fixes & Refinements
- Release Script Fix: Resolved a
ReferenceErrorin the release manager script (scripts/release-manager.mjs) that occurred when checking publication status, which previously hindered the automated announcement of patch releases. - Security Remediation: Addressed critical security vulnerabilities (including CVE-2026-33671 and CVE-2026-33672) by upgrading the
picomatchdependency. - CI Reliability: Updated core GitHub Actions, including
actions/cacheandrelease-please-action, to their latest major versions (v5) to improve pipeline stability and performance.
🔧 Under the Hood
- Major Dependency Updates: Upgraded
picomatchfrom v2.3.2 to v4.0.4 to incorporate essential security fixes. - Minor Version Jumps: Updated
jsonrepairto v3.14.0 (adding support for backslash-escaped newlines) andtype-festto v5.6.0 (including new TypeScript 6.0 fields). - Core Tooling Patches: Updated TypeScript to v6.0.3 and ESLint to v10.2.1.
- General Maintenance: Performed routine lock file maintenance and security updates for
@swc/core,prettier,jest-when, andsonarqube-scanner.
📦 Detailed Changelog
Bug Fixes
- deps: resolve high-severity vulnerabilities via dependency overrides (959411a)
- scripts: remove undefined variable from patch check in release-manager (#666) (27bc24b)
Maintenance
- ci: automate draft release enrichment and roadmap integration (a6c667c)
- ci: harden supply chain security and replace Snyk with npm audit (335f19a)
- ci: implement Safe Git Protocol and Draft-First release workflow (0d20db0)
- deps: lock file maintenance (#673) (080148f)
- deps: update actions/cache action to v5 (#670) (97f6762)
- deps: update dependency picomatch to v4 (#671) (7a04ae5)
- deps: update deps:docs-non-major (#669) (216e90e)
- deps: update deps:lib-non-major (#668) (b0c1315)
- deps: update googleapis/release-please-action action to v5 (#672) (1d65b95)
- release: expand changelog visibility and update docs patch (96a13ce)
- include lint-fix in all:update script (5581b15)
CI/CD Pipeline
- release: enforce manual review for all releases and use draft PRs (7dc970a)
- add enable_snyk toggle and disable by default (b730548)
- add maintenance toggle and formalize /commit-message skill (72ccbf9)
Detailed Dependency Changes
~ @swc/core: 1.15.24 -> 1.15.26 [PATCH]
~ eslint: 10.2.0 -> 10.2.1 [PATCH]
~ jest-when: 4.0.1 -> 4.0.2 [PATCH]
~ jsonrepair: 3.13.3 -> 3.14.0 [MINOR]
~ prettier: 3.8.2 -> 3.8.3 [PATCH]
~ sonarqube-scanner: 4.3.5 -> 4.3.6 [PATCH]
~ type-fest: 5.5.0 -> 5.6.0 [MINOR]
~ typescript: 6.0.2 -> 6.0.3 [PATCH]
AI-Assisted: true
v2.17.1
🚀 Gmail Processor v2.17.1 - Strengthening Infrastructure and Pipeline Stability
ℹ️ GAS Lib Version: 41 | 📅 2026-04-17 | Docs | Playground | Reference | Examples | Diff
🐞 Bug Fixes & Refinements
This maintenance release focuses on enhancing the stability and security of the project's infrastructure and deployment pipelines.
- CI/CD Security & Stability: Mitigated script injection risks and resolved detached HEAD errors within the maintenance auto-fixer. The release pipeline was further hardened by optimizing Snyk quota usage and refining trigger logic.
- Deployment Reliability: Finalized environment modernization to restore deployment stability. This includes fixes for Google Apps Script (GAS) versioning logic and the transition of the
release-pleaseconfiguration to the manifest format. - Pipeline Modernization: Unified release workflows and centralized maintenance logic to improve repository hygiene. The pipeline now utilizes a draft-first workflow with automated patch publishing for more accurate versioning.
- General Refinements: Fixed a build failure caused by an extra newline in
devbox.jsonand standardized dependency management triggers.
🔧 Under the Hood
Significant technical progress has been made in the project's core technology stack and dependency management:
- Core Tool Jumps:
- Major: Updated
actions/upload-artifactfrom v4 to v7. - Minor: Integrated Devbox v0.15.0 with caching into CI workflows.
- Minor: Updated
actionlintto 1.7.12 and the GitHub CLI (gh) to 2.89.0.
- Major: Updated
- Library Updates: Published Google Apps Script Library v41.
- Maintenance: General dependency maintenance and security updates, including lock file refreshes, Renovate configuration migration, and the pinning of GitHub Action digests for improved integrity.
📦 Detailed Changelog
Bug Fixes
- ci: convert release-please config to manifest format (e8cf505)
- ci: fix detached HEAD error and harden maintenance auto-fixer (7f112b1)
- ci: mitigate script injection risk in maintenance auto-fixer (5217c8a)
- lib: finalize environment modernization and restore deployment stability (fcfdd3f)
Maintenance
- ci: modernize pipeline and improve repository hygiene (c739f25)
- ci: unify release workflows and centralize maintenance logic (939b719)
- config: migrate config renovate.json (#654) (769a92b)
- deps: lock file maintenance (#664) (b4143f6)
- deps: pin dependencies (#655) (90e38db)
- deps: update actions/upload-artifact action to v7 (#661) (6e177bf)
- deps: update infrastructure-non-major (#656) (da3c27f)
- maintenance: harden CI pipeline and renovate configuration (bfe6fae)
- maintenance: harden configuration and standardize ordering (4712711)
- release: enrich release notes with modular roadmap and statistics (5b093f4)
- standardize dependency management and release triggers (8001f32)
Detailed Dependency Changes
No dependency changes.
AI-Assisted: true
v2.17.0
🚀 Gmail Processor 2.17.0: New File Increment Strategy and Enhanced Security
ℹ️ GAS Lib Version: 39 | 📅 2026-04-14 | Docs | Playground | Reference | Examples | Diff
🌟 Major Highlights
- Sequential File Versioning: This release introduces the
incrementconflict strategy for Google Drive files, addressing issue #633. When a filename conflict occurs, the system can now automatically append a counter (e.g.,file (1).txt) until an available name is found. Users can customize this behavior using parameters includingincrementStart,incrementPrefix, andincrementSuffix. For more details, see the Conflict Strategy documentation. - Secure Secret Management: To improve security, hardcoded passwords have been removed from examples like the PDF decryption script (#642). The
GlobalConfignow supports atype: "property"variable declaration, allowing the processor to automatically fetch sensitive data from the Google Apps ScriptPropertiesServiceat runtime. See the updated PDF Decryption example for implementation details. - Performance Optimizations: Several internal improvements have been made to increase efficiency, including the elimination of duplicate Gmail searches (d5d601b) and optimized retrieval of thread message counts (5e3acd9).
🔧 Under the Hood
- Core Tooling Upgrades: The project has moved to TypeScript v6.0.2 and ESLint v10.2.0, representing major version jumps in the development stack.
- Dependency Modernization: Significant major version updates were applied to core libraries, including
@types/google-apps-script(v2.0.8),@types/node(v25.6.0),jest(v30.3.0), and@google/clasp(v3.3.0). - Security Fixes: The
ajvdependency was updated to v8.18.0 (#624) to resolve a Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2025-69873). - Expression Support: The
anyValueToStringfunction now supports boolean, number, bigint, symbol, and function types (4b5a1c6). - Documentation: The documentation site has been updated to Docusaurus v3.10.0.
🤝 The Community
We are happy to welcome our community contributors!
- Special thanks to Chris Mazanec for suggesting and implementing the
incrementconflict strategy in Issue #633.
⚠️ Impact & Actions
- Update PDF Decryption Config: If you are using the PDF decryption example, you must now store your password in the Google Apps Script
PropertiesService(e.g., asPDF_PASSWORD) rather than hardcoding it in your configuration. - Library Update: Users of the Google Apps Script library should update to the 39 version to utilize the new
incrementconflict strategy and security features.
📦 Detailed Changelog
Features
- adapter: add
incrementconflict strategy for Google Drive files (1363073) - expr: add support for boolean, number, bigint, symbol, and function types in anyValueToString (4b5a1c6)
- modernization: implement regex escape and secure docs dependencies (418d7a0)
- add
incrementconflict strategy (66278c5), closes #633 - add envOverrides for cache and property service (92215cb)
- add file conflict strategy
increment(#652) (1363073)
Bug Fixes
- deps: update dependency ajv to v8.18.0 [security] (#624) (ef5fa2e)
- deps: update libs-non-major (#571) (d953e21), (#574) (ac9828f), (#576) (684828b), (#582) (5badebe), (#631) (f98897e)
- docs: resolve package-lock.json conflict for react-json-view-lite (c192c24)
- security: remove hardcoded PDF decryption password in example (#642) (c833be0)
- adjust driveApi typing for new @types/google-apps-script (9276cda)
- ERESOLVE in docs build and optimize thread message count retrieval (dd48c60)
- typedoc warnings (c5cbcef)
- upgrade @iconify/react from 6.0.0 to 6.0.1 (7c8be2d)
- upgrade docusaurus-json-schema-plugin from 1.14.0 to 1.15.0 (d52a366)
Performance Improvements
- eliminate duplicate gmail search (d5d601b)
- hort-circuit evaluation in orderRules comparators to minimize API calls (bfe149c)
- optimize thread message count retrieval (5e3acd9)
Detailed Dependency Changes
+ @eslint/js: ^10.0.1
+ @rollup/plugin-swc: 0.4.0
+ @types/google-apps-script: ^2.0.8
+ @types/jest: 30.0.0
+ @types/node: 25.6.0
+ @types/react-dom: 19.2.3
+ @types/react: 19.2.14
+ eslint-plugin-import-x: 4.16.2
+ eslint-plugin-jest: 29.15.2
+ globals: ^17.5.0
+ knip: 6.4.1
+ patch-package: ^8.0.1
+ rollup-plugin-filesize: 10.0.0
+ typescript-eslint: 8.58.2
- @babel/plugin-transform-class-properties: 7.27.1
- @babel/plugin-transform-class-static-block: 7.27.1
- @babel/plugin-transform-logical-assignment-operators: 7.27.1
- @babel/plugin-transform-private-methods: 7.27.1
- @rollup/plugin-babel: 6.0.4
- @rollup/plugin-terser: 0.4.4
- eslint-plugin-import: 2.31.0
- rollup-plugin-analyzer: 4.0.0
- ts-prune: 0.10.3
~ @babel/plugin-proposal-decorators: 7.27.1 -> 7.29.0 [MINOR]
~ @babel/plugin-transform-class-properties: 7.27.1 -> 7.28.6 [MINOR]
~ @cantoo/pdf-lib: 2.4.2 -> 2.6.5 [MINOR]
~ @casualbot/jest-sonar-reporter: 2.4.0 -> 2.6.0 [MINOR]
~ @docsearch/react: 3.9.0 -> 4.6.2 [MAJOR]
~ @docusaurus/core: 3.8.0 -> 3.10.0 [MINOR]
~ @docusaurus/eslint-plugin: 3.8.0 -> 3.10.0 [MINOR]
~ @docusaurus/module-type-aliases: 3.8.0 -> 3.10.0 [MINOR]
~ @docusaurus/preset-classic: 3.8.0 -> 3.10.0 [MINOR]
~ @docusaurus/tsconfig: 3.8.0 -> 3.10.0 [MINOR]
~ @docusaurus/types: 3.8.0 -> 3.10.0 [MINOR]
~ @eslint/js: 9.31.0 -> 10.0.1 [MAJOR]
~ @google/clasp: 2.5.0 -> 3.3.0 [MAJOR]
~ @iconify/react: 6.0.0 -> 6.0.2 [PATCH]
~ @mdx-js/loader: 3.1.0 -> 3.1.1 [PATCH]
~ @mdx-js/react: 3.1.0 -> 3.1.1 [PATCH]
~ @rollup/plugin-commonjs: 28.0.6 -> 29.0.2 [MAJOR]
~ @rollup/plugin-node-resolve: 16.0.1 -> 16.0.3 [PATCH]
~ @rollup/plugin-replace: 6.0.2 -> 6.0.3 [PATCH]
~ @roll...