fix(microsoft-excel): unblock OneDrive users and validate driveId in sheets route

- Add credential to any[] arrays so OneDrive users (no drive selected)
  still pass the dependsOn gate while driveSelector remains in the
  dependency list for context flow to SharePoint users
- Add /^[\w-]+$/ validation for driveId in sheets API route

Author: waleedlatif1

apps/sim/app/api/tools/microsoft_excel/sheets/route.ts

@@ -62,6 +62,10 @@ export async function GET(request: NextRequest) {
       `[${requestId}] Fetching worksheets from Microsoft Graph API for workbook ${spreadsheetId}`
     )
 
+    if (driveId && !/^[\w-]+$/.test(driveId)) {
+      return NextResponse.json({ error: 'Invalid drive ID format' }, { status: 400 })
+    }
+
     const basePath = driveId
       ? `https://graph.microsoft.com/v1.0/drives/${driveId}/items/${spreadsheetId}`
       : `https://graph.microsoft.com/v1.0/me/drive/items/${spreadsheetId}`

apps/sim/blocks/blocks/microsoft_excel.ts

@@ -431,7 +431,7 @@ export const MicrosoftExcelV2Block: BlockConfig<MicrosoftExcelV2Response> = {
       requiredScopes: [],
       mimeType: 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
       placeholder: 'Select a spreadsheet',
-      dependsOn: { all: ['credential'], any: ['driveSelector'] },
+      dependsOn: { all: ['credential'], any: ['credential', 'driveSelector'] },
       mode: 'basic',
     },
     // Manual Spreadsheet ID (advanced mode)
@@ -441,7 +441,7 @@ export const MicrosoftExcelV2Block: BlockConfig<MicrosoftExcelV2Response> = {
       type: 'short-input',
       canonicalParamId: 'spreadsheetId',
       placeholder: 'Enter spreadsheet ID',
-      dependsOn: { all: ['credential'], any: ['manualDriveId'] },
+      dependsOn: { all: ['credential'], any: ['credential', 'manualDriveId'] },
       mode: 'advanced',
     },
     // Drive ID for SharePoint (advanced mode)
@@ -480,7 +480,7 @@ export const MicrosoftExcelV2Block: BlockConfig<MicrosoftExcelV2Response> = {
       required: true,
       dependsOn: {
         all: ['credential'],
-        any: ['manualDriveId'],
+        any: ['credential', 'manualDriveId'],
       },
       mode: 'advanced',
     },