Update dependency dotenv to v17 #56

dependencyupdates · 2025-07-17T21:59:25Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
dotenv	`^16.0.1` -> `^17.0.0`

Release Notes

motdotla/dotenv (dotenv)

`v17.2.1`

Compare Source

Changed

Fix clickable tip links by removing parentheses (#897)

`v17.2.0`

Compare Source

Added

Optionally specify DOTENV_CONFIG_QUIET=true in your environment or .env file to quiet the runtime log (#889)
Just like dotenv any DOTENV_CONFIG_ environment variables take precedence over any code set options like ({quiet: false})

`v17.1.0`

Compare Source

Added

Add additional security and configuration tips to the runtime log (#884)
Dim the tips text from the main injection information text

const TIPS = [
  '🔐 encrypt with dotenvx: https://dotenvx.com',
  '🔐 prevent committing .env to code: https://dotenvx.com/precommit',
  '🔐 prevent building .env in docker: https://dotenvx.com/prebuild',
  '🛠️  run anywhere with `dotenvx run -- yourcommand`',
  '⚙️  specify custom .env file path with { path: \'/custom/path/.env\' }',
  '⚙️  enable debug logging with { debug: true }',
  '⚙️  override existing env vars with { override: true }',
  '⚙️  suppress all logs with { quiet: true }',
  '⚙️  write to custom object with { processEnv: myObject }',
  '⚙️  load multiple .env files with { path: [\'.env.local\', \'.env\'] }'
]

`v17.0.1`

Compare Source

Changed

Patched injected log to count only populated/set keys to process.env (#879)

`v17.0.0`

Compare Source

Changed

Default quiet to false - informational (file and keys count) runtime log message shows by default (#875)

`v16.6.1`

Compare Source

Changed

Default quiet to true – hiding the runtime log message (#874)
NOTICE: 17.0.0 will be released with quiet defaulting to false. Use config({ quiet: true }) to suppress.
And check out the new dotenvx. As coding workflows evolve and agents increasingly handle secrets, encrypted .env files offer a much safer way to deploy both agents and code together with secure secrets. Simply switch require('dotenv').config() for require('@dotenvx/dotenvx').config().

`v16.6.0`

Compare Source

Added

Default log helpful message [[email protected]] injecting env (1) from .env (#870)
Use { quiet: true } to suppress
Aligns dotenv more closely with dotenvx.

`v16.5.0`

Compare Source

Added

🎉 Added new sponsor Graphite - the AI developer productivity platform helping teams on GitHub ship higher quality software, faster.

[!TIP]
Become a sponsor

The dotenvx README is viewed thousands of times DAILY on GitHub and NPM.
Sponsoring dotenv is a great way to get in front of developers and give back to the developer community at the same time.

Changed

Remove _log method. Use _debug #862

`v16.4.7`

Compare Source

Changed

Ignore .tap folder when publishing. (oops, sorry about that everyone. - @motdotla) #848

`v16.4.6`

Compare Source

Changed

Clean up stale dev dependencies #847
Various README updates clarifying usage and alternative solutions using dotenvx

`v16.4.5`

Compare Source

Changed

🐞 Fix recent regression when using path option. return to historical behavior: do not attempt to auto find .env if path set. (regression was introduced in 16.4.3) #814

`v16.4.4`

Compare Source

Changed

🐞 Replaced chaining operator ?. with old school && (fixing node 12 failures) #812

`v16.4.3`

Compare Source

Changed

🐞 Fix recent regression when using path option. return to historical behavior: do not attempt to auto find .env if path set. (regression was introduced in 16.4.3) #814

`v16.4.2`

Compare Source

Changed

Changed funding link in package.json to dotenvx.com

`v16.4.1`

Compare Source

Patch support for array as path option #797

`v16.4.0`

Compare Source

Add error.code to error messages around .env.vault decryption handling #795
Add ability to find .env.vault file when filename(s) passed as an array #784

`v16.3.2`

Compare Source

Added

Add debug message when no encoding set #735

Changed

Fix output typing for populate #792
Use subarray instead of slice #793

`v16.3.1`

Compare Source

Added

Add missing type definitions for processEnv and DOTENV_KEY options. #756

`v16.3.0`

Compare Source

Added

Optionally pass DOTENV_KEY to options rather than relying on process.env.DOTENV_KEY. Defaults to process.env.DOTENV_KEY #754

`v16.2.0`

Compare Source

Added

Optionally write to your own target object rather than process.env. Defaults to process.env. #753
Add import type URL to types file #751

`v16.1.4`

Compare Source

Added

Added .github/ to .npmignore #747

`v16.1.3`

Compare Source

Removed

Removed browser keys for path, os, and crypto in package.json. These were set to false incorrectly as of 16.1. Instead, if using dotenv on the front-end make sure to include polyfills for path, os, and crypto. node-polyfill-webpack-plugin provides these.

`v16.1.2`

Compare Source

Changed

Exposed private function _configDotenv as configDotenv. #744

`v16.1.1`

Compare Source

Added

Added type definition for decrypt function

Changed

Fixed {crypto: false} in packageJson.browser

`v16.1.0`

Compare Source

Added

Add populate convenience method #733
Accept URL as path option #720
Add dotenv to npm fund command
Spanish language README #698
Add .env.vault support. 🎉 (#730)

ℹ️ .env.vault extends the .env file format standard with a localized encrypted vault file. Package it securely with your production code deploys. It's cloud agnostic so that you can deploy your secrets anywhere – without risky third-party integrations. read more

Changed

Fixed "cannot resolve 'fs'" error on tools like Replit #693

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

Commands to ignore dependencies

You can trigger dependency actions by commenting on this PR:

@particularbot ignore this major version
@particularbot ignore this minor version
@particularbot ignore this dependency

dependencyupdates bot added dependencies Pull requests that update a dependency file npm labels Jul 17, 2025

danielmarbach approved these changes Aug 14, 2025

View reviewed changes

danielmarbach enabled auto-merge August 14, 2025 10:07

Update dependency dotenv to v17

352d4f6

dependencyupdates bot force-pushed the renovate/dotenv-17.x branch from 345c315 to 352d4f6 Compare August 14, 2025 10:09

danielmarbach merged commit d0132f1 into main Aug 14, 2025
7 checks passed

danielmarbach deleted the renovate/dotenv-17.x branch August 14, 2025 10:12

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Update dependency dotenv to v17 #56

Update dependency dotenv to v17 #56

Uh oh!

dependencyupdates bot commented Jul 17, 2025 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Update dependency dotenv to v17 #56

Update dependency dotenv to v17 #56

Uh oh!

Conversation

dependencyupdates bot commented Jul 17, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

Changed

Added

Added

Changed

Changed

Changed

Added

Added

Changed

Changed

Changed

Changed

Changed

Changed

Changed

Added

Changed

Added

Added

Added

Added

Removed

Changed

Added

Changed

Added

Changed

Configuration

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

dependencyupdates bot commented Jul 17, 2025 •

edited

Loading