search

stanleyowen / otlio

An open source project of Todo which is easy to use and easy to organize!
https://otlio.netlify.app
MIT License
23 stars 4 forks source link

[Snyk] Upgrade dotenv from 16.0.3 to 16.2.0 #417

Open stanleyowen opened 1 year ago

stanleyowen commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade dotenv from 16.0.3 to 16.2.0.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **8 versions** ahead of your current version. - The recommended version was released **21 days ago**, on 2023-06-16. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Prototype Pollution
[SNYK-JS-TOUGHCOOKIE-5672873](https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873) | **504/1000**
**Why?** Proof of Concept exploit, Recently disclosed, CVSS 6.5 | Proof of Concept | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-WORDWRAP-3149973](https://snyk.io/vuln/SNYK-JS-WORDWRAP-3149973) | **504/1000**
**Why?** Proof of Concept exploit, Recently disclosed, CVSS 6.5 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: dotenv
  • 16.2.0 - 2023-06-16

    16.2.0

      </li>
  <li>
    <b>16.1.4</b> - <a href="https://snyk.io/redirect/github/motdotla/dotenv/releases/tag/v16.1.4">2023-06-04</a></br><p>16.1.4</p>
  </li>
  <li>
    <b>16.1.3</b> - <a href="https://snyk.io/redirect/github/motdotla/dotenv/releases/tag/v16.1.3">2023-05-31</a></br><p>16.1.3</p>
  </li>
  <li>
    <b>16.1.2</b> - <a href="https://snyk.io/redirect/github/motdotla/dotenv/releases/tag/v16.1.2">2023-05-31</a></br><p>16.1.2</p>
  </li>
  <li>
    <b>16.1.1</b> - <a href="https://snyk.io/redirect/github/motdotla/dotenv/releases/tag/v16.1.1">2023-05-31</a></br><p>v16.1.1</p>
  </li>
  <li>
    <b>16.1.0</b> - <a href="https://snyk.io/redirect/github/motdotla/dotenv/releases/tag/v16.1.0">2023-05-30</a></br><p>Update CHANGELOG and README</p>
  </li>
  <li>
    <b>16.1.0-rc2</b> - <a href="https://snyk.io/redirect/github/motdotla/dotenv/releases/tag/v16.1.0-rc2">2023-05-21</a></br><p>Version 16.1.0-rc2</p>
  </li>
  <li>
    <b>16.1.0-rc1</b> - <a href="https://snyk.io/redirect/github/motdotla/dotenv/releases/tag/v16.1.0-rc1">2023-04-07</a></br><p>16.1.0-rc1</p>
  </li>
  <li>
    <b>16.0.3</b> - <a href="https://snyk.io/redirect/github/motdotla/dotenv/releases/tag/v16.0.3">2022-09-29</a></br><p>v16.0.3</p>
  </li>
</ul>
from <a href="https://snyk.io/redirect/github/motdotla/dotenv/releases">dotenv GitHub release notes</a>

Commit messages
Package name: dotenv
  • a0e21a5 16.2.0
  • 406f2c3 Merge pull request #753 from motdotla/target
  • ea8db8c update README
  • 431521d Update CHANGELOG and README
  • 96c29b4 Add ability to change the target from process.env to your own object
  • 75cee88 Update CHANGELOG
  • 0a87d62 Merge pull request #751 from Jakousa/patch-1
  • ad2f100 fix missing import
  • dc1cd6c 16.1.4
  • be94778 Update CHANGELOG
  • 4443c59 Merge pull request #747 from ericcornelissen/patch-1
  • f003766 Add .github/ to .npmignore
  • 4d25544 16.1.3
  • 1ab96d7 Merge pull request #745 from motdotla/browser-defaults
  • 080779a Update CHANGELOG
  • 0ab684d Update README
  • bf7e626 Default fs to false as it cannot be duplicated in the browser
  • ec5eef8 Update README
  • 7968a7f Update README
  • 86ef7b2 Remove browser key
  • 3f40e12 16.1.2
  • 78e5a02 Merge pull request #744 from motdotla/configDotenv
  • 53bbc1f update CHANGELOG
  • d0675f2 Expose configDotenv as public method
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

netlify[bot] commented 1 year ago

Deploy Preview for otlio ready!

Name Link
Latest commit 8a2fe0fec95f914339bbb45bcc1eb9ae0e3498e5
Latest deploy log https://app.netlify.com/sites/otlio/deploys/64a8345f9e593900078a6f3f
Deploy Preview https://deploy-preview-417--otlio.netlify.app
Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.