[Snyk] Upgrade dotenv from 16.0.3 to 16.4.0

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade dotenv from 16.0.3 to 16.4.0.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

- The recommended version is **12 versions** ahead of your current version. - The recommended version was released **22 days ago**, on 2024-01-23. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:-------------------------

| Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept

| Regular Expression Denial of Service (ReDoS)
[SNYK-JS-ADOBECSSTOOLS-6096077](https://snyk.io/vuln/SNYK-JS-ADOBECSSTOOLS-6096077) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | No Known Exploit

| Improper Input Validation
[SNYK-JS-FOLLOWREDIRECTS-6141137](https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept

| Prototype Pollution
[SNYK-JS-TOUGHCOOKIE-5672873](https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept

| Regular Expression Denial of Service (ReDoS)
[SNYK-JS-ADOBECSSTOOLS-5871286](https://snyk.io/vuln/SNYK-JS-ADOBECSSTOOLS-5871286) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | No Known Exploit

| Regular Expression Denial of Service (ReDoS)
[SNYK-JS-WORDWRAP-3149973](https://snyk.io/vuln/SNYK-JS-WORDWRAP-3149973) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept

| Incomplete List of Disallowed Inputs
[SNYK-JS-BABELTRAVERSE-5962462](https://snyk.io/vuln/SNYK-JS-BABELTRAVERSE-5962462) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: dotenv

16.4.0 - 2024-01-23

16.4.0

  </li>
  <li>
    <b>16.3.2</b> - <a href="https://snyk.io/redirect/github/motdotla/dotenv/releases/tag/v16.3.2">2024-01-19</a></br><p>16.3.2</p>
  </li>
  <li>
    <b>16.3.1</b> - <a href="https://snyk.io/redirect/github/motdotla/dotenv/releases/tag/v16.3.1">2023-06-17</a></br><p>16.3.1</p>
  </li>
  <li>
    <b>16.3.0</b> - <a href="https://snyk.io/redirect/github/motdotla/dotenv/releases/tag/v16.3.0">2023-06-16</a></br><p>16.3.0</p>
  </li>
  <li>
    <b>16.2.0</b> - <a href="https://snyk.io/redirect/github/motdotla/dotenv/releases/tag/v16.2.0">2023-06-16</a></br><p>16.2.0</p>
  </li>
  <li>
    <b>16.1.4</b> - <a href="https://snyk.io/redirect/github/motdotla/dotenv/releases/tag/v16.1.4">2023-06-04</a></br><p>16.1.4</p>
  </li>
  <li>
    <b>16.1.3</b> - <a href="https://snyk.io/redirect/github/motdotla/dotenv/releases/tag/v16.1.3">2023-05-31</a></br><p>16.1.3</p>
  </li>
  <li>
    <b>16.1.2</b> - <a href="https://snyk.io/redirect/github/motdotla/dotenv/releases/tag/v16.1.2">2023-05-31</a></br><p>16.1.2</p>
  </li>
  <li>
    <b>16.1.1</b> - <a href="https://snyk.io/redirect/github/motdotla/dotenv/releases/tag/v16.1.1">2023-05-31</a></br><p>v16.1.1</p>
  </li>
  <li>
    <b>16.1.0</b> - <a href="https://snyk.io/redirect/github/motdotla/dotenv/releases/tag/v16.1.0">2023-05-30</a></br><p>Update CHANGELOG and README</p>
  </li>
  <li>
    <b>16.1.0-rc2</b> - 2023-05-21
  </li>
  <li>
    <b>16.1.0-rc1</b> - 2023-04-07
  </li>
  <li>
    <b>16.0.3</b> - 2022-09-29
  </li>
</ul>
from <a href="https://snyk.io/redirect/github/motdotla/dotenv/releases">dotenv GitHub release notes</a>

Commit messages

Package name: dotenv

1259e30 add dotenvx environments example
57c46be 16.4.0
405bf3f update CHANGELOG 🪵
b9e729a Merge pull request #781 from ckng0221/deprecation-fix
18a5a83 update CHANGELOG
58cb202 Merge pull request #784 from motdotla/multiple-files
74d8199 Merge pull request #786 from alexv-ds/master
55ca625 Merge pull request #795 from motdotla/error-codes
8911035 update CHANGELOG
93821bb add tests to show .code string
7488faa add error.code(s)
883d6a6 16.3.2
0489c7d Merge pull request #793 from zshnb/fix-buffer-slice
8609b84 update CHANGELOG
54d54e9 update CHANGELOG
630d2a0 Merge pull request #735 from anthonyshibitov/encoding-fix
823d0b8 Merge branch 'master' of github.com:motdotla/dotenv
2cffe84 update CHANGELOG
27e4c2b Merge pull request #792 from phuvinhbmt/fix/populate-return-type
1548c27 Update README
2eed66b Update README
6979f94 fix: use subarray instead of slice
c5b7592 refactor: remove redundant params
060db4f refactor doc of populate() signature

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Name	Link
Latest commit	72ef1a85db30c121b5929582f327dd2d084ab80a
Latest deploy log	https://app.netlify.com/sites/otlio/deploys/65ccfbde03a9e90008099273
Deploy Preview	https://deploy-preview-430--otlio.netlify.app
Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
Lighthouse	1 paths audited Performance: 67 (no change from production) Accessibility: 94 (no change from production) Best Practices: 92 (🟢 up 9 from production) SEO: 97 (no change from production) PWA: 70 (no change from production) View the detailed breakdown and full score reports

stanleyowen / otlio