Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency dotenv to v16.4.7 #64

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): update dependency dotenv to v16.4.7 #64

wants to merge 1 commit into from
+7 −6

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Mar 20, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
dotenv 16.3.1 -> 16.4.7 age adoption passing confidence

Release Notes

motdotla/dotenv (dotenv)

v16.4.7

Compare Source

Changed
  • Ignore .tap folder when publishing. (oops, sorry about that everyone. - @​motdotla) #​848

v16.4.6

Compare Source

Changed
  • Clean up stale dev dependencies #​847
  • Various README updates clarifying usage and alternative solutions using dotenvx

v16.4.5

Compare Source

Changed
  • 🐞 fix recent regression when using path option. return to historical behavior: do not attempt to auto find .env if path set. (regression was introduced in 16.4.3) #​814

v16.4.4

Compare Source

Changed
  • 🐞 Replaced chaining operator ?. with old school && (fixing node 12 failures) #​812

v16.4.3

Compare Source

Changed
  • Fixed processing of multiple files in options.path #​805

v16.4.2

Compare Source

Changed

v16.4.1

Compare Source

  • Patch support for array as path option #​797

v16.4.0

Compare Source

  • Add error.code to error messages around .env.vault decryption handling #​795
  • Add ability to find .env.vault file when filename(s) passed as an array #​784

v16.3.2

Compare Source

Added
  • Add debug message when no encoding set #​735
Changed
  • Fix output typing for populate #​792
  • Use subarray instead of slice #​793

Configuration

📅 Schedule: Branch creation - "* 0-4 * * 3" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions GitHub Actions
Copy link

[puLL-Merge] - motdotla/[email protected]

Description

This PR introduces several updates to the dotenv library. It includes changes to funding URLs, incorporation of code coverage reporting using Codecov, additions and updates to .gitignore and .npmignore files, extensive updates to the README and documentation files, introduction of handling multiple .env files, and various minor code improvements and bug fixes.

Changes

Changes

Funding and Documentation URLs

  • .github/FUNDING.yml: URL modified to point to https://www.dotenvx.com.
  • README.md, README-es.md, and other documentation files: Various changes including the announcement of dotenvx, updates to sponsor links, and changes to documented URLs to use https and point to updated resources.

CI and Code Coverage

  • .github/workflows/ci.yml: Added steps for generating test coverage reports and uploading them to Codecov.

Git and NPM Ignore Files

  • .gitignore: Added coverage/ and .idea/ directories.
  • .npmignore: Added coverage/ to the ignore list.

Changelog

  • CHANGELOG.md: Extensive update listing new versions and changes, including bug fixes, new features, and improvements.

Library and TypeScript Definitions

  • lib/main.d.ts: Adjustments for TypeScript definitions including corrections and updates to comments.
  • lib/main.js: Various improvements and bug fixes, including error handling and support for handling multiple .env files.

Package Metadata

  • package.json: Updated package version to 16.4.5, modified funding URL, and added a test:coverage script.

Tests

  • Adjustments to test files to align with the changes and new features introduced in the library.

Security Hotspots

  1. Use of Secrets in CI Workflow (.github/workflows/ci.yml): The change introduces a CODECOV_TOKEN secret for uploading coverage data to Codecov. Ensure that the secret is securely managed and has limited permissions.

  2. Loading of Environment Variables from Multiple Sources (lib/main.js): With the added capability to load .env files from multiple paths, care should be taken to ensure that sensitive information is not unintentionally exposed or overwritten.

  3. Error Handling and Messaging (lib/main.js): The modifications include throwing and logging errors for various cases (e.g., missing DOTENV_KEY, decryption failures). It's important to verify that these error messages do not inadvertently disclose sensitive information about the application's configuration or environment.

  4. HTTPS URLs in Documentation: Ensure that all external links are valid, point to trusted sources, and use HTTPS to prevent MITM attacks.

These hotspots should be reviewed carefully to avoid introducing vulnerabilities or exposing sensitive information.

@renovate renovate bot changed the title Update dependency dotenv to v16.4.5 chore(deps): update dependency dotenv to v16.4.5 Oct 8, 2024
@renovate renovate bot force-pushed the renovate/dotenv-16.x branch from 79dbfd8 to c6f4fa4 Compare December 7, 2024 03:10
@renovate renovate bot changed the title chore(deps): update dependency dotenv to v16.4.5 chore(deps): update dependency dotenv to v16.4.6 Dec 7, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 7, 2024

[puLL-Merge] - motdotla/[email protected]

Description

This PR makes several significant changes to the dotenv library, including updating dependencies, modifying configuration options, improving error handling, and updating documentation. The changes aim to enhance the library's functionality, improve its performance, and provide better support for different use cases.

Possible Issues

  1. Removal of support for Node.js versions 12.x and 14.x might break compatibility for projects using these older versions.
  2. Changes to the behavior of the path option in the config function could potentially cause issues for existing implementations that rely on the previous behavior.

Security Hotspots

No significant security vulnerabilities were introduced in this PR. However, the changes to error handling and decryption logic should be carefully reviewed to ensure they don't introduce any new security risks.

Changes

Changes

  1. .github/FUNDING.yml:

  2. .github/workflows/ci.yml:

    • Updated Node.js versions for testing (removed 12.x and 14.x, added 22.x)
    • Added code coverage reporting using Codecov

  3. .gitignore and .npmignore:

    • Updated ignored files and directories

  4. CHANGELOG.md:

    • Added entries for versions 16.4.0 to 16.4.6

  5. README.md:

    • Added announcement for dotenvx
    • Updated documentation, examples, and FAQ
    • Removed some sponsorship information

  6. lib/main.js and lib/main.d.ts:

    • Modified config function to support array of paths
    • Improved error handling with error codes
    • Updated decryption logic
    • Modified populate function return type

  7. package.json:

    • Updated version to 16.4.6
    • Updated dependencies and scripts
    • Changed funding link to https://dotenvx.com

  8. Various test files:

    • Updated and added new tests to cover new functionality and edge cases
sequenceDiagram
    participant User
    participant Dotenv
    participant FileSystem
    participant ProcessEnv

    User->>Dotenv: config({path: ['.env.local', '.env']})
    Dotenv->>FileSystem: Read .env.local
    FileSystem-->>Dotenv: File contents
    Dotenv->>Dotenv: Parse .env.local
    Dotenv->>FileSystem: Read .env
    FileSystem-->>Dotenv: File contents
    Dotenv->>Dotenv: Parse .env
    Dotenv->>Dotenv: Merge parsed contents
    Dotenv->>ProcessEnv: Populate environment variables
    Dotenv-->>User: Return parsed result
Loading

@renovate renovate bot force-pushed the renovate/dotenv-16.x branch from c6f4fa4 to 5c0249a Compare December 7, 2024 19:47
@renovate renovate bot changed the title chore(deps): update dependency dotenv to v16.4.6 chore(deps): update dependency dotenv to v16.4.7 Dec 7, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 7, 2024

[puLL-Merge] - motdotla/[email protected]

Description

This PR introduces several significant changes to the dotenv library, including updates to functionality, documentation, and testing. The changes aim to enhance the library's capabilities, improve code quality, and update the project's overall structure.

Possible Issues

  1. The removal of support for Node.js versions 12.x and 14.x may cause compatibility issues for projects still using these older versions.
  2. Changes to the configuration behavior, especially regarding multiple file handling and overriding, might lead to unexpected behavior in existing implementations.

Security Hotspots

No significant security vulnerabilities were introduced in this change. However, the modifications to the decryption process and error handling should be carefully reviewed to ensure they don't introduce any new vulnerabilities.

Changes

Changes

  1. README.md:

    • Updated installation instructions and usage examples
    • Added information about new features like command substitution and multiple environment handling
    • Updated links and references to external resources
    • Removed outdated sponsorship information

  2. CHANGELOG.md:

    • Added entries for versions 16.4.1 through 16.4.7
    • Detailed various bug fixes and feature additions

  3. package.json:

    • Updated version to 16.4.7
    • Modified test scripts and dev dependencies
    • Updated Node.js engine requirements

  4. lib/main.js:

    • Enhanced error handling with more specific error codes
    • Improved support for multiple .env files
    • Updated vault path handling and decryption process

  5. lib/main.d.ts:

    • Updated TypeScript definitions to reflect new functionality

  6. tests/:

    • Added new test cases for multiple file handling and updated existing tests
    • Introduced .env.local for testing purposes

  7. .github/workflows/ci.yml:

    • Updated Node.js versions for CI testing (removed 12.x and 14.x, added 22.x)
    • Added code coverage reporting

  8. Various other files:

    • Minor updates to .gitignore, .npmignore, and other configuration files
sequenceDiagram
    participant User
    participant Dotenv
    participant FileSystem
    participant ProcessEnv

    User->>Dotenv: config({options})
    Dotenv->>FileSystem: Read .env file(s)
    FileSystem-->>Dotenv: File contents
    Dotenv->>Dotenv: Parse file contents
    alt DOTENV_KEY present
        Dotenv->>Dotenv: Attempt decryption
    end
    Dotenv->>ProcessEnv: Populate environment variables
    Dotenv-->>User: Return parsed result
Loading

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
puLL-Merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants