socket-security[bot]
commented
1 year ago New dependency changes detected. Learn more about Socket for GitHub βοΈ
π No new dependency issues detected in pull request
Bot Commands
To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all
Pull request alert summary
| Issue | Status |
|---|---|
| Install scripts | β 0 issues |
| Native code | β 0 issues |
| Bin script shell injection | β 0 issues |
| Unresolved require | β 0 issues |
| Invalid package.json | β 0 issues |
| HTTP dependency | β 0 issues |
| Git dependency | β 0 issues |
| Potential typo squat | β 0 issues |
| Known Malware | β 0 issues |
| Telemetry | β 0 issues |
| Protestware/Troll package | β 0 issues |
π Modified Dependency Overview:
| β¬οΈ Updated Package | Version Diff | Added Capability Access | +/- Transitive Count |
Publisher |
|---|---|---|---|---|
| dotenv@16.1.3 | 16.0.3...16.1.3 | None | +0/-0 |
motdotla |
This PR contains the following updates:
16.0.3->16.1.3Release Notes
motdotla/dotenv
### [`v16.1.3`](https://togithub.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1613-httpsgithubcommotdotladotenvcomparev1612v1613-2023-05-31) [Compare Source](https://togithub.com/motdotla/dotenv/compare/v16.1.2...v16.1.3) ##### Removed - Removed `browser` keys for `path`, `os`, and `crypto` in package.json. These were set to false incorrectly as of 16.1. Instead, if using dotenv on the front-end make sure to include polyfills for `path`, `os`, and `crypto`. [node-polyfill-webpack-plugin](https://togithub.com/Richienb/node-polyfill-webpack-plugin) provides these. ### [`v16.1.2`](https://togithub.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1612-httpsgithubcommotdotladotenvcomparev1611v1612-2023-05-31) [Compare Source](https://togithub.com/motdotla/dotenv/compare/v16.1.1...v16.1.2) ##### Changed - Exposed private function `_configDotenv` as `configDotenv`. [#744](https://togithub.com/motdotla/dotenv/pull/744) ### [`v16.1.1`](https://togithub.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1611-httpsgithubcommotdotladotenvcomparev1610v1611-2023-05-30) [Compare Source](https://togithub.com/motdotla/dotenv/compare/v16.1.0...v16.1.1) ##### Added - Added type definition for `decrypt` function ##### Changed - Fixed `{crypto: false}` in `packageJson.browser` ### [`v16.1.0`](https://togithub.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1610-httpsgithubcommotdotladotenvcomparev1603v1610-2023-05-30) [Compare Source](https://togithub.com/motdotla/dotenv/compare/v16.0.3...v16.1.0) ##### Added - Add `populate` convenience method [#733](https://togithub.com/motdotla/dotenv/pull/733) - Accept URL as path option [#720](https://togithub.com/motdotla/dotenv/pull/720) - Add dotenv to `npm fund` command - Spanish language README [#698](https://togithub.com/motdotla/dotenv/pull/698) - Add `.env.vault` support. π ([#730](https://togithub.com/motdotla/dotenv/pull/730)) βΉοΈ `.env.vault` extends the `.env` file format standard with a localized encrypted vault file. Package it securely with your production code deploys. It's cloud agnostic so that you can deploy your secrets anywhere βΒ without [risky third-party integrations](https://techcrunch.com/2023/01/05/circleci-breach/). [read more](https://togithub.com/motdotla/dotenv#-deploying) ##### Changed - Fixed "cannot resolve 'fs'" error on tools like Replit [#693](https://togithub.com/motdotla/dotenv/pull/693)Configuration
π Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.