chore(deps): update dependency dotenv to v17 #566

renovate · 2025-07-04T23:48:15Z

This PR contains the following updates:

Package	Change	Age	Confidence
dotenv	`16.4.5` -> `17.2.3`

Release Notes

motdotla/dotenv (dotenv)

`v17.2.3`

Compare Source

Changed

Fixed typescript error definition (#912)

`v17.2.2`

Compare Source

Added

🙏 A big thank you to new sponsor Tuple.app - the premier screen sharing app for developers on macOS and Windows. Go check them out. It's wonderful and generous of them to give back to open source by sponsoring dotenv. Give them some love back.

`v17.2.1`

Compare Source

Changed

Fix clickable tip links by removing parentheses (#897)

`v17.2.0`

Compare Source

Added

Optionally specify DOTENV_CONFIG_QUIET=true in your environment or .env file to quiet the runtime log (#889)
Just like dotenv any DOTENV_CONFIG_ environment variables take precedence over any code set options like ({quiet: false})

`v17.1.0`

Compare Source

Added

Add additional security and configuration tips to the runtime log (#884)
Dim the tips text from the main injection information text

const TIPS = [
  '🔐 encrypt with dotenvx: https://dotenvx.com',
  '🔐 prevent committing .env to code: https://dotenvx.com/precommit',
  '🔐 prevent building .env in docker: https://dotenvx.com/prebuild',
  '🛠️  run anywhere with `dotenvx run -- yourcommand`',
  '⚙️  specify custom .env file path with { path: \'/custom/path/.env\' }',
  '⚙️  enable debug logging with { debug: true }',
  '⚙️  override existing env vars with { override: true }',
  '⚙️  suppress all logs with { quiet: true }',
  '⚙️  write to custom object with { processEnv: myObject }',
  '⚙️  load multiple .env files with { path: [\'.env.local\', \'.env\'] }'
]

`v17.0.1`

Compare Source

Changed

Patched injected log to count only populated/set keys to process.env (#879)

`v17.0.0`

Compare Source

Changed

Default quiet to false - informational (file and keys count) runtime log message shows by default (#875)

`v16.6.1`

Compare Source

Changed

Default quiet to true – hiding the runtime log message (#874)
NOTICE: 17.0.0 will be released with quiet defaulting to false. Use config({ quiet: true }) to suppress.
And check out the new dotenvx. As coding workflows evolve and agents increasingly handle secrets, encrypted .env files offer a much safer way to deploy both agents and code together with secure secrets. Simply switch require('dotenv').config() for require('@dotenvx/dotenvx').config().

`v16.6.0`

Compare Source

Added

Default log helpful message [[email protected]] injecting env (1) from .env (#870)
Use { quiet: true } to suppress
Aligns dotenv more closely with dotenvx.

`v16.5.0`

Compare Source

Added

🎉 Added new sponsor Graphite - the AI developer productivity platform helping teams on GitHub ship higher quality software, faster.

[!TIP]
Become a sponsor

The dotenvx README is viewed thousands of times DAILY on GitHub and NPM.
Sponsoring dotenv is a great way to get in front of developers and give back to the developer community at the same time.

Changed

Remove _log method. Use _debug #862

`v16.4.7`

Compare Source

Changed

Ignore .tap folder when publishing. (oops, sorry about that everyone. - @motdotla) #848

`v16.4.6`

Compare Source

Changed

Clean up stale dev dependencies #847
Various README updates clarifying usage and alternative solutions using dotenvx

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

vercel · 2025-07-04T23:48:16Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
dapp-demo	Error			Sep 30, 2025 1:37am

changeset-bot · 2025-07-04T23:48:18Z

⚠️ No Changeset found

Latest commit: 7eb32ef

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

gitstream-cm · 2025-07-04T23:48:19Z

🚨 gitStream Monthly Automation Limit Reached 🚨

Your organization has exceeded the number of pull requests allowed for automation with gitStream.
Monthly PRs automated: 251/250

To continue automating your PR workflows and unlock additional features, please contact LinearB.

coderabbitai · 2025-07-04T23:48:20Z

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

🧪 Early access (Sonnet 4.5): enabled

We are currently testing the Sonnet 4.5 model, which is expected to improve code review quality. However, this model may lead to increased noise levels in the review comments. Please disable the early access features if the noise level causes any inconvenience.

Note:

Public repositories are always opted into early access features.
You can enable or disable early access features from the CodeRabbit UI or by updating the CodeRabbit configuration file.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

socket-security · 2025-07-04T23:49:02Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	dotenv@16.4.5 ⏵ 17.2.3	⁺¹		⁺¹	⁺¹⁰

View full report

ellipsis-dev

Important

Looks good to me! 👍

Reviewed everything up to 7717b4c in 57 seconds. Click for details.

Reviewed 16 lines of code in 2 files
Skipped 0 files when reviewing.
Skipped posting 1 draft comments. View those below.
Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. package.json:43

Draft comment:
The dotenv dependency was bumped to v17.0.1, which changes the default logging behavior (quiet defaults to false now). If you rely on silent env loading, consider explicitly setting config({ quiet: true }).
Reason this comment was not posted:
Decided after close inspection that this draft comment was likely wrong and/or not actionable: usefulness confidence = 0% vs. threshold = 50% The rules explicitly state "Do NOT comment on dependency changes, library versions that you don't recognize, or anything else related to dependencies." This is exactly what this comment is about - a dependency version change and its potential implications. Even though the comment provides specific information about behavior changes, the rules are clear that we should not comment on dependency changes. The comment does provide potentially valuable information about a breaking change that could affect the application's behavior. Maybe this is important enough to be an exception to the rule? No, the rules are very clear about not commenting on dependency changes. We must trust that the developer has reviewed the changelog and understands the implications of their dependency updates. This comment should be deleted as it violates the explicit rule against commenting on dependency changes, regardless of how informative it might be.

Workflow ID: wflow_g9Uubc52115DZ39R

^{You can customize}^{by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}

vercel bot deployed to Preview July 4, 2025 23:48 View deployment

ellipsis-dev bot reviewed Jul 4, 2025

View reviewed changes

renovate bot force-pushed the renovate/dotenv-17.x branch from 7717b4c to bdf229d Compare July 8, 2025 04:14

vercel bot deployed to Preview July 8, 2025 04:14 View deployment

renovate bot force-pushed the renovate/dotenv-17.x branch from bdf229d to 726cf60 Compare July 9, 2025 18:30

vercel bot deployed to Preview July 9, 2025 18:30 View deployment

renovate bot force-pushed the renovate/dotenv-17.x branch from 726cf60 to 6fa6417 Compare July 24, 2025 21:47

vercel bot deployed to Preview July 24, 2025 21:49 View deployment

renovate bot force-pushed the renovate/dotenv-17.x branch from 6fa6417 to f86ce40 Compare September 6, 2025 19:58

vercel bot had a problem deploying to Preview September 6, 2025 19:59 Failure

chore(deps): update dependency dotenv to v17

7eb32ef

renovate bot force-pushed the renovate/dotenv-17.x branch from f86ce40 to 7eb32ef Compare September 30, 2025 01:37

vercel bot had a problem deploying to Preview September 30, 2025 01:37 Failure

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

chore(deps): update dependency dotenv to v17 #566

chore(deps): update dependency dotenv to v17 #566

Uh oh!

renovate bot commented Jul 4, 2025 •

edited

Loading

Uh oh!

vercel bot commented Jul 4, 2025 •

edited

Loading

Uh oh!

changeset-bot bot commented Jul 4, 2025 •

edited

Loading

Uh oh!

gitstream-cm bot commented Jul 4, 2025

Uh oh!

coderabbitai bot commented Jul 4, 2025 •

edited

Loading

Review skipped

Uh oh!

socket-security bot commented Jul 4, 2025 •

edited

Loading

Uh oh!

ellipsis-dev bot left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

chore(deps): update dependency dotenv to v17 #566

Are you sure you want to change the base?

chore(deps): update dependency dotenv to v17 #566

Uh oh!

Conversation

renovate bot commented Jul 4, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

Changed

Added

Changed

Added

Added

Changed

Changed

Changed

Added

Added

Changed

Changed

Changed

Configuration

Uh oh!

vercel bot commented Jul 4, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

changeset-bot bot commented Jul 4, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

⚠️ No Changeset found

Uh oh!

gitstream-cm bot commented Jul 4, 2025

Uh oh!

coderabbitai bot commented Jul 4, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Review skipped

Uh oh!

socket-security bot commented Jul 4, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

ellipsis-dev bot left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

renovate bot commented Jul 4, 2025 •

edited

Loading

vercel bot commented Jul 4, 2025 •

edited

Loading

changeset-bot bot commented Jul 4, 2025 •

edited

Loading

coderabbitai bot commented Jul 4, 2025 •

edited

Loading

socket-security bot commented Jul 4, 2025 •

edited

Loading