search

stanleyowen / otlio

An open source project of Todo which is easy to use and easy to organize!
https://otlio.netlify.app
MIT License
23 stars 4 forks source link

[Snyk] Upgrade dotenv from 16.0.3 to 16.3.1 #418

Open stanleyowen opened 1 year ago

stanleyowen commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade dotenv from 16.0.3 to 16.3.1.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **10 versions** ahead of your current version. - The recommended version was released **22 days ago**, on 2023-06-17. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-WORDWRAP-3149973](https://snyk.io/vuln/SNYK-JS-WORDWRAP-3149973) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept | Prototype Pollution
[SNYK-JS-TOUGHCOOKIE-5672873](https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: dotenv
  • 16.3.1 - 2023-06-17

    16.3.1

      </li>
  <li>
    <b>16.3.0</b> - <a href="https://snyk.io/redirect/github/motdotla/dotenv/releases/tag/v16.3.0">2023-06-16</a></br><p>16.3.0</p>
  </li>
  <li>
    <b>16.2.0</b> - <a href="https://snyk.io/redirect/github/motdotla/dotenv/releases/tag/v16.2.0">2023-06-16</a></br><p>16.2.0</p>
  </li>
  <li>
    <b>16.1.4</b> - <a href="https://snyk.io/redirect/github/motdotla/dotenv/releases/tag/v16.1.4">2023-06-04</a></br><p>16.1.4</p>
  </li>
  <li>
    <b>16.1.3</b> - <a href="https://snyk.io/redirect/github/motdotla/dotenv/releases/tag/v16.1.3">2023-05-31</a></br><p>16.1.3</p>
  </li>
  <li>
    <b>16.1.2</b> - <a href="https://snyk.io/redirect/github/motdotla/dotenv/releases/tag/v16.1.2">2023-05-31</a></br><p>16.1.2</p>
  </li>
  <li>
    <b>16.1.1</b> - <a href="https://snyk.io/redirect/github/motdotla/dotenv/releases/tag/v16.1.1">2023-05-31</a></br><p>v16.1.1</p>
  </li>
  <li>
    <b>16.1.0</b> - <a href="https://snyk.io/redirect/github/motdotla/dotenv/releases/tag/v16.1.0">2023-05-30</a></br><p>Update CHANGELOG and README</p>
  </li>
  <li>
    <b>16.1.0-rc2</b> - <a href="https://snyk.io/redirect/github/motdotla/dotenv/releases/tag/v16.1.0-rc2">2023-05-21</a></br><p>Version 16.1.0-rc2</p>
  </li>
  <li>
    <b>16.1.0-rc1</b> - <a href="https://snyk.io/redirect/github/motdotla/dotenv/releases/tag/v16.1.0-rc1">2023-04-07</a></br><p>16.1.0-rc1</p>
  </li>
  <li>
    <b>16.0.3</b> - 2022-09-29
  </li>
</ul>
from <a href="https://snyk.io/redirect/github/motdotla/dotenv/releases">dotenv GitHub release notes</a>

Commit messages
Package name: dotenv
  • b13ca7b 16.3.1
  • 9bcc2e7 Merge pull request #756 from motdotla/type-fix
  • 80fff4b Add type definition for DOTENV_KEY
  • 50163a1 update type file
  • 5c7d7f5 Add example demonstrating setting DOTENV_KEY
  • 76d3682 16.3.0
  • 80219ae Merge pull request #754 from motdotla/dotenv-key-option
  • dacd450 Add DOTENV_KEY to cli config and environment config options
  • f20e646 Add options.DOTENV_KEY
  • 5861f6a Add failing test demonstrating need for DOTENV_KEY option
  • 4f48954 Update README
  • ab578c1 Add example of writing to a custom object rather than process.env
  • a0e21a5 16.2.0
  • 406f2c3 Merge pull request #753 from motdotla/target
  • ea8db8c update README
  • 431521d Update CHANGELOG and README
  • 96c29b4 Add ability to change the target from process.env to your own object
  • 75cee88 Update CHANGELOG
  • 0a87d62 Merge pull request #751 from Jakousa/patch-1
  • ad2f100 fix missing import
  • dc1cd6c 16.1.4
  • be94778 Update CHANGELOG
  • 4443c59 Merge pull request #747 from ericcornelissen/patch-1
  • f003766 Add .github/ to .npmignore
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

netlify[bot] commented 1 year ago

Deploy Preview for otlio ready!

Name Link
Latest commit 96729c7919f52210f985f275a672aa4cdfab4a49
Latest deploy log https://app.netlify.com/sites/otlio/deploys/64aac6b576b87e0008b6ff6e
Deploy Preview https://deploy-preview-418--otlio.netlify.app
Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.