Commit f50f5f6
authored
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?v=4&size=40){kind=avatar}
chore(deps): update dependency dotenv to v17
This PR contains the following updates:
| Package | Change | Age | Confidence |
|---|---|---|---|
| [dotenv](https://redirect.github.com/motdotla/dotenv) | [`^16.0.1` ->
`^17.0.0`](https://renovatebot.com/diffs/npm/dotenv/16.0.1/17.2.1) |
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
---
### Release Notes
<details>
<summary>motdotla/dotenv (dotenv)</summary>
###
[`v17.2.1`](https://redirect.github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1721-2025-07-24)
[Compare
Source](https://redirect.github.com/motdotla/dotenv/compare/v17.2.0...v17.2.1)
##### Changed
- Fix clickable tip links by removing parentheses
([#​897](https://redirect.github.com/motdotla/dotenv/pull/897))
###
[`v17.2.0`](https://redirect.github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1720-2025-07-09)
[Compare
Source](https://redirect.github.com/motdotla/dotenv/compare/v17.1.0...v17.2.0)
##### Added
- Optionally specify `DOTENV_CONFIG_QUIET=true` in your environment or
`.env` file to quiet the runtime log
([#​889](https://redirect.github.com/motdotla/dotenv/pull/889))
- Just like dotenv any `DOTENV_CONFIG_` environment variables take
precedence over any code set options like `({quiet: false})`
```ini
```
###
[`v17.1.0`](https://redirect.github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1710-2025-07-07)
[Compare
Source](https://redirect.github.com/motdotla/dotenv/compare/v17.0.1...v17.1.0)
##### Added
- Add additional security and configuration tips to the runtime log
([#​884](https://redirect.github.com/motdotla/dotenv/pull/884))
- Dim the tips text from the main injection information text
```js
const TIPS = [
'🔐 encrypt with dotenvx: https://dotenvx.com',
'🔐 prevent committing .env to code: https://dotenvx.com/precommit',
'🔐 prevent building .env in docker: https://dotenvx.com/prebuild',
'🛠️ run anywhere with `dotenvx run -- yourcommand`',
'⚙️ specify custom .env file path with { path: \'/custom/path/.env\' }',
'⚙️ enable debug logging with { debug: true }',
'⚙️ override existing env vars with { override: true }',
'⚙️ suppress all logs with { quiet: true }',
'⚙️ write to custom object with { processEnv: myObject }',
'⚙️ load multiple .env files with { path: [\'.env.local\', \'.env\'] }'
]
```
###
[`v17.0.1`](https://redirect.github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1701-2025-07-01)
[Compare
Source](https://redirect.github.com/motdotla/dotenv/compare/v17.0.0...v17.0.1)
##### Changed
- Patched injected log to count only populated/set keys to process.env
([#​879](https://redirect.github.com/motdotla/dotenv/pull/879))
###
[`v17.0.0`](https://redirect.github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1700-2025-06-27)
[Compare
Source](https://redirect.github.com/motdotla/dotenv/compare/v16.6.1...v17.0.0)
##### Changed
- Default `quiet` to false - informational (file and keys count) runtime
log message shows by default
([#​875](https://redirect.github.com/motdotla/dotenv/pull/874))
###
[`v16.6.1`](https://redirect.github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1661-2025-06-27)
[Compare
Source](https://redirect.github.com/motdotla/dotenv/compare/v16.6.0...v16.6.1)
##### Changed
- Default `quiet` to true – hiding the runtime log message
([#​874](https://redirect.github.com/motdotla/dotenv/pull/874))
- NOTICE: 17.0.0 will be released with quiet defaulting to false. Use
`config({ quiet: true })` to suppress.
- And check out the new
[dotenvx](https://redirect.github.com/dotenvx/dotenvx). As coding
workflows evolve and agents increasingly handle secrets, encrypted .env
files offer a much safer way to deploy both agents and code together
with secure secrets. Simply switch `require('dotenv').config()` for
`require('@​dotenvx/dotenvx').config()`.
###
[`v16.6.0`](https://redirect.github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1660-2025-06-26)
[Compare
Source](https://redirect.github.com/motdotla/dotenv/compare/v16.5.0...v16.6.0)
##### Added
- Default log helpful message `[dotenv@16.6.0] injecting env (1) from
.env`
([#​870](https://redirect.github.com/motdotla/dotenv/pull/870))
- Use `{ quiet: true }` to suppress
- Aligns dotenv more closely with
[dotenvx](https://redirect.github.com/dotenvx/dotenvx).
###
[`v16.5.0`](https://redirect.github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1650-2025-04-07)
[Compare
Source](https://redirect.github.com/motdotla/dotenv/compare/v16.4.7...v16.5.0)
##### Added
- 🎉 Added new sponsor
[Graphite](https://graphite.dev/?utm_source=github\&utm_medium=repo\&utm_campaign=dotenv)
- *the AI developer productivity platform helping teams on GitHub ship
higher quality software, faster*.
> \[!TIP]
> **[Become a sponsor](https://redirect.github.com/sponsors/motdotla)**
>
> The dotenvx README is viewed thousands of times DAILY on GitHub and
NPM.
> Sponsoring dotenv is a great way to get in front of developers and
give back to the developer community at the same time.
##### Changed
- Remove `_log` method. Use `_debug`
[#​862](https://redirect.github.com/motdotla/dotenv/pull/862)
###
[`v16.4.7`](https://redirect.github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1647-2024-12-03)
[Compare
Source](https://redirect.github.com/motdotla/dotenv/compare/v16.4.6...v16.4.7)
##### Changed
- Ignore `.tap` folder when publishing. (oops, sorry about that
everyone. - [@​motdotla](https://redirect.github.com/motdotla))
[#​848](https://redirect.github.com/motdotla/dotenv/pull/848)
###
[`v16.4.6`](https://redirect.github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1646-2024-12-02)
[Compare
Source](https://redirect.github.com/motdotla/dotenv/compare/v16.4.5...v16.4.6)
##### Changed
- Clean up stale dev dependencies
[#​847](https://redirect.github.com/motdotla/dotenv/pull/847)
- Various README updates clarifying usage and alternative solutions
using [dotenvx](https://redirect.github.com/dotenvx/dotenvx)
###
[`v16.4.5`](https://redirect.github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1645-2024-02-19)
[Compare
Source](https://redirect.github.com/motdotla/dotenv/compare/v16.4.4...v16.4.5)
##### Changed
- 🐞 Fix recent regression when using `path` option. return to historical
behavior: do not attempt to auto find `.env` if `path` set. (regression
was introduced in `16.4.3`)
[#​814](https://redirect.github.com/motdotla/dotenv/pull/814)
###
[`v16.4.4`](https://redirect.github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1644-2024-02-13)
[Compare
Source](https://redirect.github.com/motdotla/dotenv/compare/v16.4.3...v16.4.4)
##### Changed
- 🐞 Replaced chaining operator `?.` with old school `&&` (fixing node 12
failures)
[#​812](https://redirect.github.com/motdotla/dotenv/pull/812)
###
[`v16.4.3`](https://redirect.github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1643-2024-02-12)
[Compare
Source](https://redirect.github.com/motdotla/dotenv/compare/v16.4.2...v16.4.3)
##### Changed
- Fixed processing of multiple files in `options.path`
[#​805](https://redirect.github.com/motdotla/dotenv/pull/805)
###
[`v16.4.2`](https://redirect.github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1642-2024-02-10)
[Compare
Source](https://redirect.github.com/motdotla/dotenv/compare/v16.4.1...v16.4.2)
##### Changed
- Changed funding link in package.json to
[`dotenvx.com`](https://dotenvx.com)
###
[`v16.4.1`](https://redirect.github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1641-2024-01-24)
[Compare
Source](https://redirect.github.com/motdotla/dotenv/compare/v16.4.0...v16.4.1)
- Patch support for array as `path` option
[#​797](https://redirect.github.com/motdotla/dotenv/pull/797)
###
[`v16.4.0`](https://redirect.github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1640-2024-01-23)
[Compare
Source](https://redirect.github.com/motdotla/dotenv/compare/v16.3.2...v16.4.0)
- Add `error.code` to error messages around `.env.vault` decryption
handling
[#​795](https://redirect.github.com/motdotla/dotenv/pull/795)
- Add ability to find `.env.vault` file when filename(s) passed as an
array
[#​784](https://redirect.github.com/motdotla/dotenv/pull/784)
###
[`v16.3.2`](https://redirect.github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1632-2024-01-18)
[Compare
Source](https://redirect.github.com/motdotla/dotenv/compare/v16.3.1...v16.3.2)
##### Added
- Add debug message when no encoding set
[#​735](https://redirect.github.com/motdotla/dotenv/pull/735)
##### Changed
- Fix output typing for `populate`
[#​792](https://redirect.github.com/motdotla/dotenv/pull/792)
- Use subarray instead of slice
[#​793](https://redirect.github.com/motdotla/dotenv/pull/793)
###
[`v16.3.1`](https://redirect.github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1631-2023-06-17)
[Compare
Source](https://redirect.github.com/motdotla/dotenv/compare/v16.3.0...v16.3.1)
##### Added
- Add missing type definitions for `processEnv` and `DOTENV_KEY`
options.
[#​756](https://redirect.github.com/motdotla/dotenv/pull/756)
###
[`v16.3.0`](https://redirect.github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1630-2023-06-16)
[Compare
Source](https://redirect.github.com/motdotla/dotenv/compare/v16.2.0...v16.3.0)
##### Added
- Optionally pass `DOTENV_KEY` to options rather than relying on
`process.env.DOTENV_KEY`. Defaults to `process.env.DOTENV_KEY`
[#​754](https://redirect.github.com/motdotla/dotenv/pull/754)
###
[`v16.2.0`](https://redirect.github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1620-2023-06-15)
[Compare
Source](https://redirect.github.com/motdotla/dotenv/compare/v16.1.4...v16.2.0)
##### Added
- Optionally write to your own target object rather than `process.env`.
Defaults to `process.env`.
[#​753](https://redirect.github.com/motdotla/dotenv/pull/753)
- Add import type URL to types file
[#​751](https://redirect.github.com/motdotla/dotenv/pull/751)
###
[`v16.1.4`](https://redirect.github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1614-2023-06-04)
[Compare
Source](https://redirect.github.com/motdotla/dotenv/compare/v16.1.3...v16.1.4)
##### Added
- Added `.github/` to `.npmignore`
[#​747](https://redirect.github.com/motdotla/dotenv/pull/747)
###
[`v16.1.3`](https://redirect.github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1613-2023-05-31)
[Compare
Source](https://redirect.github.com/motdotla/dotenv/compare/v16.1.2...v16.1.3)
##### Removed
- Removed `browser` keys for `path`, `os`, and `crypto` in package.json.
These were set to false incorrectly as of 16.1. Instead, if using dotenv
on the front-end make sure to include polyfills for `path`, `os`, and
`crypto`.
[node-polyfill-webpack-plugin](https://redirect.github.com/Richienb/node-polyfill-webpack-plugin)
provides these.
###
[`v16.1.2`](https://redirect.github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1612-2023-05-31)
[Compare
Source](https://redirect.github.com/motdotla/dotenv/compare/v16.1.1...v16.1.2)
##### Changed
- Exposed private function `_configDotenv` as `configDotenv`.
[#​744](https://redirect.github.com/motdotla/dotenv/pull/744)
###
[`v16.1.1`](https://redirect.github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1611-2023-05-30)
[Compare
Source](https://redirect.github.com/motdotla/dotenv/compare/v16.1.0...v16.1.1)
##### Added
- Added type definition for `decrypt` function
##### Changed
- Fixed `{crypto: false}` in `packageJson.browser`
###
[`v16.1.0`](https://redirect.github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1610-2023-05-30)
[Compare
Source](https://redirect.github.com/motdotla/dotenv/compare/v16.0.3...v16.1.0)
##### Added
- Add `populate` convenience method
[#​733](https://redirect.github.com/motdotla/dotenv/pull/733)
- Accept URL as path option
[#​720](https://redirect.github.com/motdotla/dotenv/pull/720)
- Add dotenv to `npm fund` command
- Spanish language README
[#​698](https://redirect.github.com/motdotla/dotenv/pull/698)
- Add `.env.vault` support. 🎉
([#​730](https://redirect.github.com/motdotla/dotenv/pull/730))
ℹ️ `.env.vault` extends the `.env` file format standard with a localized
encrypted vault file. Package it securely with your production code
deploys. It's cloud agnostic so that you can deploy your secrets
anywhere – without [risky third-party
integrations](https://techcrunch.com/2023/01/05/circleci-breach/). [read
more](https://redirect.github.com/motdotla/dotenv#-deploying)
##### Changed
- Fixed "cannot resolve 'fs'" error on tools like Replit
[#​693](https://redirect.github.com/motdotla/dotenv/pull/693)
###
[`v16.0.3`](https://redirect.github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1603-2022-09-29)
[Compare
Source](https://redirect.github.com/motdotla/dotenv/compare/v16.0.2...v16.0.3)
##### Changed
- Added library version to debug logs
([#​682](https://redirect.github.com/motdotla/dotenv/pull/682))
###
[`v16.0.2`](https://redirect.github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1602-2022-08-30)
[Compare
Source](https://redirect.github.com/motdotla/dotenv/compare/v16.0.1...v16.0.2)
##### Added
- Export `env-options.js` and `cli-options.js` in package.json for use
with downstream
[dotenv-expand](https://redirect.github.com/motdotla/dotenv-expand)
module
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/gr2m/github-project).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MC42Mi4xIiwidXBkYXRlZEluVmVyIjoiNDEuNDAuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>1 parent 69d2e1b commit f50f5f6
2 files changed
+11
-8
lines changedSome generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
30 | 30 | | |
31 | 31 | | |
32 | 32 | | |
33 | | - | |
| 33 | + | |
34 | 34 | | |
35 | 35 | | |
36 | 36 | | |
| |||
0 commit comments