[Snyk] Upgrade dotenv from 8.2.0 to 16.0.1 #9

snyk-bot · 2022-08-19T03:38:56Z

Snyk has created this PR to upgrade dotenv from 8.2.0 to 16.0.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

The recommended version is 29 versions ahead of your current version.
The recommended version was released 3 months ago, on 2022-05-10.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Prototype Pollution SNYK-JS-LODASH-608086	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-567746	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept
Command Injection SNYK-JS-LODASH-1040724	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept
Denial of Service SNYK-JS-NODEFETCH-674311	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	No Known Exploit
Information Exposure SNYK-JS-NODEFETCH-2342118	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: dotenv

16.0.1 - 2022-05-10
Version bump - patch 16.0.1
16.0.0 - 2022-02-02
Remove multiline on option. Just works now
15.0.1 - 2022-02-02
Patch empty values when single or double quoted
15.0.0 - 2022-01-31
Update CHANGELOG
14.3.2 - 2022-01-25
…ng #
14.3.1 - 2022-01-25
Version v14.3.1 - patch exports
14.3.0 - 2022-01-24
Update CHANGELOG for v14.3.0
14.2.0 - 2022-01-17
Version 14.2.0
14.1.1 - 2022-01-17
Remove verbose test and move -Rspec option to standard test
14.1.0 - 2022-01-17
Version 14.1.0
14.0.1 - 2022-01-17
14.0.0 - 2022-01-17
13.0.1 - 2022-01-16
13.0.0 - 2022-01-16
12.0.4 - 2022-01-16
12.0.3 - 2022-01-15
12.0.2 - 2022-01-15
12.0.1 - 2022-01-15
12.0.0 - 2022-01-14
11.0.0 - 2022-01-11
10.0.0 - 2021-05-21
9.0.2 - 2021-05-10
9.0.1 - 2021-05-09
9.0.0 - 2021-05-05
8.6.0 - 2021-05-05
8.5.1 - 2021-05-05
8.5.0 - 2021-05-05
8.4.0 - 2021-05-05
8.3.0 - 2021-05-05
8.2.0 - 2019-10-16

from dotenv GitHub release notes

Commit messages

Package name: dotenv

b016108 Version bump - patch 16.0.1
582afcd Update CHANGELOG
b5d6c02 Merge pull request Line messging_api github/platform-samples#658 from motdotla/dev-dep-updates
f71fdcd Update various dev dependencies
6be370b Update dev dependency @ types/node
0318510 Update links in README
1c2092c Change link
578574c Update README
5e2f74a Update README
49256ae Update README
b895c45 Add note above README
f6c4bc3 Use dotenv-vault
2b8e540 Merge pull request Framework github/platform-samples#646 from motdotla/test-clarifications
6e42595 Clarify that inline comments do not require a space after the number sign
6ff9947 Merge pull request line-sdk-android github/platform-samples#643 from odcey/fix-readme-returnline-typo
884955d fix: update typo on readme concerning return line documentation
f3b3419 Merge pull request package.json github/platform-samples#628 from kunalpanchal/patch-1
15ade25 Update the broken reference link to require module
0e00497 Merge pull request Website github/platform-samples#621 from motdotla/braces-spec
a82f623 Add spec confirming https://github.com/Bad management of pairs of braces motdotla/dotenv-expand#49 no longer an issue
9a5ec29 Update CHANGELOG
c20ee46 Remove multiline on option. Just works now
cfeb0f2 Remove other usage in README
5b725a4 Update README