v1.2.0

Added

• tools: declare openWorldHint:true on every tool (#185) (c6b41b8)

Fixed

• ci: add top-level permissions: contents: read to auto-merge (#186) (e88fec2)
• ci: align auto-merge filter on klodr-release-please[bot] (#169) (d05cb2b)
• ci: drop paths filter on actions-pinned (#168) (7aec6f9)
• ci: gate auto-merge caller on bot login before passing secrets (#161) (783bf24)
• ci: repin reusable auto-merge to a reachable SHA (#170) (2ca78ac)
• lint: drain CR findings + valid globs syntax (#165) (fe94e93)
• pinact: dot-prefix config + recursive action globs (#166) (3ca1d3a)
• pre-commit: call ./node_modules/.bin/lint-staged directly (#176) (ed51f6f)
• scripts: tolerate trailing release-please marker on VERSION line (#180) (0504299)
• verify-release: pin cosign predicate to SLSA Provenance v1 (#184) (9d74677)

Changed

• add auto-merge caller for release-please PRs (#154) (c5f13ec)
• add leak-detect caller workflow (#177) (70d3208)
• add pinact config + actions-pinned CI gate (#163) (e121bd8)
• add yamllint+markdownlint+commitlint+lint-staged pack (#162) (77ef7b0)
• bump actions/checkout from 4.2.2 to 6.0.2 (#167) (1f4595d)
• bump actions/github-script from d746ffe35508b1917358783b479e04febd2b8f71 to 3a2844b7e9c422d3c10d287c895573f7108da1b3 (#158) (ce74391)
• bump github/codeql-action from 4.35.3 to 4.35.4 (#156) (94a290c)
• bump sigstore/cosign-installer from 4.1.1 to 4.1.2 (#157) (6bbbcc4)
• bundle-analysis: run on Dependabot PRs to satisfy required check (#160) (52b670a)
• dependabot: use chore(deps) prefix for Conventional Commits (#155) (f7e9393)
• deps-dev: bump the dev-dependencies group with 2 updates (#159) (f9b0243)
• fix four workflow errors (pinact, gitleaks, auto-merge, coderabbit) (#182) (addfffd)
• husky: adopt shared pre-push template (#164) (7cec70c)
• leak-detect: re-pin reusable workflow to fix yq checksum SHA (#181) (1e42398)
• lint-staged: add prettier --write to all globs (#172) (eebb888)
• lint: reactivate 6 markdownlint rules previously disabled (#183) (d8ce9c3)
• migrate ci.yml to reusable-node-ci (#171) (8d9e13a)
• node: align .npmrc rationale + bump .nvmrc to 22.22.2 (CVE floor) (#175) (cbb3096)
• pre-commit: warn on missing system tooling (yamllint) (#173) (a2c41f7)
• pre-push: sync with canonical template (SC2034 + drop npm audit) (#174) (7f7c54a)
• test: harmonise vitest coverage config with klodr/* ecosystem (#178) (0220137)

Full changelog: https://github.com/klodr/gmail-mcp/blob/v1.2.0/CHANGELOG.md
npm: https://www.npmjs.com/package/@klodr/gmail-mcp/v/1.2.0

v1.1.8

Fixed

• use named import for nodemailer createTransport (#151) (6382e81)

Full changelog: https://github.com/klodr/gmail-mcp/blob/v1.1.8/CHANGELOG.md
npm: https://www.npmjs.com/package/@klodr/gmail-mcp/v/1.1.8

v1.1.7

Changed

• add eslint-plugin-jsonc for JSON file linting (#149) (b210703)

Full changelog: https://github.com/klodr/gmail-mcp/blob/v1.1.7/CHANGELOG.md
npm: https://www.npmjs.com/package/@klodr/gmail-mcp/v/1.1.7

v1.1.6

Changed

• codecov: silence GPG trust + multi-language search warnings (#144) (088fd9f)

Full changelog: https://github.com/klodr/gmail-mcp/blob/v1.1.6/CHANGELOG.md
npm: https://www.npmjs.com/package/@klodr/gmail-mcp/v/1.1.6

v1.1.5

Changed

• release-please: chain on workflow_run instead of racing CI (#139) (d622b1b)
• release: re-publish 1.1.5 after husky strip-prepare fix (#141) (f1bca07)
• release: strip prepare + prepublishOnly before npm publish (#140) (53335ce)

Full changelog: https://github.com/klodr/gmail-mcp/blob/v1.1.5/CHANGELOG.md
npm: https://www.npmjs.com/package/@klodr/gmail-mcp/v/1.1.5

v1.1.4

Fixed

• husky: node codepoint count instead of locale-dependent wc -m (#136) (8b75d6d)

Changed

• eslint: add eslint-plugin-import-x (flat/recommended) (#135) (674937c)
• eslint: add eslint-plugin-promise (flat/recommended) (#132) (bb50202)
• eslint: switch to tseslint.configs.strict (#133) (90ea15a)
• eslint: switch to tseslint.configs.strictTypeChecked (#134) (221e729)
• husky: pre-push gate format+lint+typecheck+test+audit (#131) (0dfbe55)
• lockfile-lint: fail-fast on unsupported lockfile shape (#130) (0857041)
• lockfile-lint: use npm ci + npx instead of pinned tarball (#127) (b5ea36b)
• release-please: expose chore + ci in CHANGELOG sections (#138) (41e403f)
• release-please: mint App token instead of GITHUB_TOKEN (#128) (5c47c0e)

Full changelog: https://github.com/klodr/gmail-mcp/blob/v1.1.4/CHANGELOG.md
npm: https://www.npmjs.com/package/@klodr/gmail-mcp/v/1.1.4

v1.1.3

Fixed

• security: aggregate supply-chain hardenings into a release (#125) (7acdc38)

Full changelog: https://github.com/klodr/gmail-mcp/blob/v1.1.3/CHANGELOG.md
npm: https://www.npmjs.com/package/@klodr/gmail-mcp/v/1.1.3

v1.1.2

Changed

• bump ip-address and express-rate-limit (#111) (4d0c92b)

Full changelog: https://github.com/klodr/gmail-mcp/blob/v1.1.2/CHANGELOG.md
npm: https://www.npmjs.com/package/@klodr/gmail-mcp/v/1.1.2

v1.1.1

Changed

• bump hono from 4.12.14 to 4.12.18 (#113) (e397c28)
• bump zod from 4.4.2 to 4.4.3 in the production-dependencies group (#110) (c25ceb7)

Full changelog: https://github.com/klodr/gmail-mcp/blob/v1.1.1/CHANGELOG.md
npm: https://www.npmjs.com/package/@klodr/gmail-mcp/v/1.1.1

v1.1.0

Changed

• zod 4.3.6 → 4.4.2 (production). Schemas drive every tool input/output in this repo; bumped on its own PR (#107) for independent triage. Tests 675/675 pass against the new minor.
• nodemailer 8.0.6 → 8.0.7 (production, patch).
• eslint 10.2.1 → 10.3.0 (dev, minor).
• typescript-eslint 8.59.0 → 8.59.1 (dev, patch).

Pre-empts the weekly dependabot run rather than letting it open the bumps over multiple cycles. Two PRs: dev-deps (#106) and prod-deps (#107).

Full changelog: https://github.com/klodr/gmail-mcp/blob/v1.1.0/CHANGELOG.md
npm: https://www.npmjs.com/package/@klodr/gmail-mcp/v/1.1.0