[Snyk] Upgrade dotenv from 8.2.0 to 16.0.1 #15

baby636 · 2022-08-02T19:12:57Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade dotenv from 8.2.0 to 16.0.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

The recommended version is 29 versions ahead of your current version.
The recommended version was released 3 months ago, on 2022-05-10.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Arbitrary File Write SNYK-JS-TAR-1579155	425/1000 Why? CVSS 8.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	425/1000 Why? CVSS 8.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	425/1000 Why? CVSS 8.5	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	425/1000 Why? CVSS 8.5	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536528	425/1000 Why? CVSS 8.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579155	425/1000 Why? CVSS 8.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	425/1000 Why? CVSS 8.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	425/1000 Why? CVSS 8.5	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	425/1000 Why? CVSS 8.5	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536528	425/1000 Why? CVSS 8.5	No Known Exploit
Denial of Service (DoS) SNYK-JS-SQLITE3-2388645	425/1000 Why? CVSS 8.5	Proof of Concept
SQL Injection SNYK-JS-SEQUELIZE-2959225	425/1000 Why? CVSS 8.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	425/1000 Why? CVSS 8.5	Proof of Concept
Directory Traversal SNYK-JS-MOMENT-2440688	425/1000 Why? CVSS 8.5	No Known Exploit
Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	425/1000 Why? CVSS 8.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	425/1000 Why? CVSS 8.5	Proof of Concept
Prototype Pollution SNYK-JS-ASYNC-2441827	425/1000 Why? CVSS 8.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	425/1000 Why? CVSS 8.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	425/1000 Why? CVSS 8.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	425/1000 Why? CVSS 8.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	425/1000 Why? CVSS 8.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	425/1000 Why? CVSS 8.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	425/1000 Why? CVSS 8.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	425/1000 Why? CVSS 8.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	425/1000 Why? CVSS 8.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	425/1000 Why? CVSS 8.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	425/1000 Why? CVSS 8.5	No Known Exploit
SQL Injection SNYK-JS-SEQUELIZE-2932027	425/1000 Why? CVSS 8.5	Proof of Concept
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	425/1000 Why? CVSS 8.5	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	425/1000 Why? CVSS 8.5	Proof of Concept
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	425/1000 Why? CVSS 8.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: dotenv

16.0.1 - 2022-05-10
Version bump - patch 16.0.1
16.0.0 - 2022-02-02
Remove multiline on option. Just works now
15.0.1 - 2022-02-02
Patch empty values when single or double quoted
15.0.0 - 2022-01-31
Update CHANGELOG
14.3.2 - 2022-01-25
…ng #
14.3.1 - 2022-01-25
Version v14.3.1 - patch exports
14.3.0 - 2022-01-24
Update CHANGELOG for v14.3.0
14.2.0 - 2022-01-17
Version 14.2.0
14.1.1 - 2022-01-17
Remove verbose test and move -Rspec option to standard test
14.1.0 - 2022-01-17
Version 14.1.0
14.0.1 - 2022-01-17
14.0.0 - 2022-01-17
13.0.1 - 2022-01-16
13.0.0 - 2022-01-16
12.0.4 - 2022-01-16
12.0.3 - 2022-01-15
12.0.2 - 2022-01-15
12.0.1 - 2022-01-15
12.0.0 - 2022-01-14
11.0.0 - 2022-01-11
10.0.0 - 2021-05-21
9.0.2 - 2021-05-10
9.0.1 - 2021-05-09
9.0.0 - 2021-05-05
8.6.0 - 2021-05-05
8.5.1 - 2021-05-05
8.5.0 - 2021-05-05
8.4.0 - 2021-05-05
8.3.0 - 2021-05-05
8.2.0 - 2019-10-16

from dotenv GitHub release notes

Commit messages

Package name: dotenv

b016108 Version bump - patch 16.0.1
582afcd Update CHANGELOG
b5d6c02 Merge pull request #658 from motdotla/dev-dep-updates
f71fdcd Update various dev dependencies
6be370b Update dev dependency @ types/node
0318510 Update links in README
1c2092c Change link
578574c Update README
5e2f74a Update README
49256ae Update README
b895c45 Add note above README
f6c4bc3 Use dotenv-vault
2b8e540 Merge pull request #646 from motdotla/test-clarifications
6e42595 Clarify that inline comments do not require a space after the number sign
6ff9947 Merge pull request #643 from odcey/fix-readme-returnline-typo
884955d fix: update typo on readme concerning return line documentation
f3b3419 Merge pull request #628 from kunalpanchal/patch-1
15ade25 Update the broken reference link to require module
0e00497 Merge pull request #621 from motdotla/braces-spec
a82f623 Add spec confirming https://github.com/Bad management of pairs of braces motdotla/dotenv-expand#49 no longer an issue
9a5ec29 Update CHANGELOG
c20ee46 Remove multiline on option. Just works now
cfeb0f2 Remove other usage in README
5b725a4 Update README