[Snyk] Upgrade dotenv from 5.0.0 to 16.0.1

[baby636]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade dotenv from 5.0.0 to 16.0.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 39 versions ahead of your current version.
• The recommended version was released 3 months ago, on 2022-05-10.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) npm:sshpk:20180409	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution npm:extend:20180424	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-Y18N-1021887	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-73638	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-608086	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-450202	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Command Injection SNYK-JS-LODASH-1040724	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Cryptographic Issues SNYK-JS-ELLIPTIC-571484	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-ASYNC-2441827	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-AJV-584908	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Uninitialized Memory Exposure npm:stringstream:20180511	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Mature
	Prototype Pollution npm:hoek:20180212	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Insecure Randomness npm:cryptiles:20180710	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Timing Attack SNYK-JS-ELLIPTIC-511941	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: dotenv

• 16.0.1 - 2022-05-10
  

  Version bump - patch 16.0.1

• 16.0.0 - 2022-02-02
  

  Remove multiline on option. Just works now

• 15.0.1 - 2022-02-02
  

  Patch empty values when single or double quoted

• 15.0.0 - 2022-01-31
  

  Update CHANGELOG

• 14.3.2 - 2022-01-25
  

  …ng #

• 14.3.1 - 2022-01-25
  

  Version v14.3.1 - patch exports

• 14.3.0 - 2022-01-24
  

  Update CHANGELOG for v14.3.0

• 14.2.0 - 2022-01-17
  

  Version 14.2.0

• 14.1.1 - 2022-01-17
  

  Remove verbose test and move -Rspec option to standard test

• 14.1.0 - 2022-01-17
  

  Version 14.1.0

• 14.0.1 - 2022-01-17
• 14.0.0 - 2022-01-17
• 13.0.1 - 2022-01-16
• 13.0.0 - 2022-01-16
• 12.0.4 - 2022-01-16
• 12.0.3 - 2022-01-15
• 12.0.2 - 2022-01-15
• 12.0.1 - 2022-01-15
• 12.0.0 - 2022-01-14
• 11.0.0 - 2022-01-11
• 10.0.0 - 2021-05-21
• 9.0.2 - 2021-05-10
• 9.0.1 - 2021-05-09
• 9.0.0 - 2021-05-05
• 8.6.0 - 2021-05-05
• 8.5.1 - 2021-05-05
• 8.5.0 - 2021-05-05
• 8.4.0 - 2021-05-05
• 8.3.0 - 2021-05-05
• 8.2.0 - 2019-10-16
• 8.1.0 - 2019-08-18
• 8.0.0 - 2019-05-02
• 7.0.0 - 2019-03-13
• 6.2.0 - 2018-12-05
• 6.2.0-rc1 - 2018-11-01
• 6.2.0-0 - 2018-12-04
• 6.1.0 - 2018-10-08
• 6.0.0 - 2018-06-02
  

  Remove multiline on option. Just works now

• 5.0.1 - 2018-02-26
  

  Patch empty values when single or double quoted

• 5.0.0 - 2018-01-29
  

  Update CHANGELOG

from dotenv GitHub release notes

Commit messages

Package name: dotenv

• b016108 Version bump - patch 16.0.1
• 582afcd Update CHANGELOG
• b5d6c02 Merge pull request Fixed many typos (like it's -> its), removed UTF-8 apostrophes and other fixes. ethereumbook/ethereumbook#658 from motdotla/dev-dep-updates
• f71fdcd Update various dev dependencies
• 6be370b Update dev dependency @ types/node
• 0318510 Update links in README
• 1c2092c Change link
• 578574c Update README
• 5e2f74a Update README
• 49256ae Update README
• b895c45 Add note above README
• f6c4bc3 Use dotenv-vault
• 2b8e540 Merge pull request smart-contracts: Fixed typos ethereumbook/ethereumbook#646 from motdotla/test-clarifications
• 6e42595 Clarify that inline comments do not require a space after the number sign
• 6ff9947 Merge pull request Added my name as contributor ethereumbook/ethereumbook#643 from odcey/fix-readme-returnline-typo
• 884955d fix: update typo on readme concerning return line documentation
• f3b3419 Merge pull request removed Dapp-tools from Dapp page ethereumbook/ethereumbook#628 from kunalpanchal/patch-1
• 15ade25 Update the broken reference link to require module
• 0e00497 Merge pull request EVM - more languages that compile to EVM ethereumbook/ethereumbook#621 from motdotla/braces-spec
• a82f623 Add spec confirming https://github.com/Bad management of pairs of braces motdotla/dotenv-expand#49 no longer an issue
• 9a5ec29 Update CHANGELOG
• c20ee46 Remove multiline on option. Just works now
• cfeb0f2 Remove other usage in README
• 5b725a4 Update README

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs