chore(deps): update dependency @dotenvx/dotenvx to v1.51.1 #4966

Add optional dotenvx ops command (#677)
Ops is a coming rename of Radar. Radar will become a feature inside ops.
With dotenvx ops use dotenvx across your team, infrastructure, agents, and more.

 _______________________________________________________________________
|                                                                       |
|  Dotenvx Ops: Commercial Tooling for Dotenvx                          |
|                                                                       |
|  ░▒▓██████▓▒░░▒▓███████▓▒░ ░▒▓███████▓▒░                              |
| ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░                                     |
| ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░                                     |
| ░▒▓█▓▒░░▒▓█▓▒░▒▓███████▓▒░ ░▒▓██████▓▒░                               |
| ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░             ░▒▓█▓▒░                              |
| ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░             ░▒▓█▓▒░                              |
|  ░▒▓██████▓▒░░▒▓█▓▒░      ░▒▓███████▓▒░                               |
|                                                                       |
|  Use dotenvx across your team, infrastructure, agents, and more.      |
|                                                                       |
|  Learn more at https://dotenvx.com/ops                                |
|_______________________________________________________________________|

`v1.49.1`

Compare Source

Changed

🐞 patch bug with variable expansion of single quoted values (#675)

`v1.49.0`

Compare Source

Added

For precommit and prebuild, ignore .env.x file like we do with .env.vault file. (#666)

`v1.48.4`

Compare Source

Removed

Remove unnecessary use of eval in proKeypair helper (#654)

`v1.48.3`

Compare Source

Changed

Include privateKeyName and privateKey on internal processedEnv object (#649)

`v1.48.2`

Compare Source

Changed

Check radar status before sending (#646)

`v1.48.1`

Compare Source

Changed

Send beforEnv and afterEnv to Radar if user has installed (#645)

`v1.48.0`

Compare Source

Added

Include beforeEnv and afterEnv for user debugging (#644)

`v1.47.7`

Compare Source

Changed

src should be in internal processEnv object (#643)

`v1.47.6`

Compare Source

Changed

Make Radar call non-blocking (#642)

`v1.47.5`

Compare Source

Changed

Add resilient handling of any Radar failures (#639)

`v1.47.4`

Compare Source

Changed

Smarter require of non-installed libs like dotenvx-radar (#638)

`v1.47.3`

Compare Source

Added

Send to radar#observe if Radar installed by user (#631)

Removed

Remove cli in package.json (#632)

`v1.47.2`

Compare Source

Added

Export cli in package.json (#629)

`v1.47.1`

Compare Source

Added

Add convenience log that radar active 📡 when dotenvx-radar is installed (#625)

`v1.47.0`

Compare Source

Added

Add optional dotenvx radar command (#624)
Radar is an early access commercial extension for dotenvx that will auto backup your .env files.

 _______________________________________________________________________
|                                                                       |
|  Dotenvx Radar: Env Observability                                     |
|                                                                       |
|  ░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓███████▓▒░    |
|  ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   |
|  ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   |
|  ░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓████████▓▒░▒▓███████▓▒░    |
|  ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   |
|  ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   |
|  ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   |
|                                                                       |
|  Observe, version, and back up your environment variables at runtime. |
|                                                                       |
|  Purchase lifetime access at https://dotenvx.com/radar                |
|                                                                       |
| --------------------------------------------------------------------- |
| - thank you for using dotenvx! - @&#8203;motdotla                            |
|_______________________________________________________________________|

`v1.46.0`

Compare Source

Added

Add error when hoisting issue experienced around commander.js (#623)

Removed

Remove git-dotenvx and git dotenvx shorthand (#621)

`v1.45.2`

Compare Source

Changed

Minor README updates

`v1.45.1`

Compare Source

Changed

Include setLogName and setLogVersion in config (#613)

`v1.45.0`

Compare Source

Added

Add logger.setName and logger.setVersion for customization of logger (#612)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

roomote

No new issues found - change is limited to lockfile updates. A quick note inline about transitive bumps and engine compatibility.

roomote · 2025-10-03T04:42:10Z

pnpm-lock.yaml

      '@dotenvx/dotenvx':
        specifier: ^1.34.0
-        version: 1.44.2
+        version: 1.51.0


[P3] Transitive upgrades: this bump to @dotenvx/dotenvx also updates dotenv to 17.2.3 and fdir/picomatch. Node engine constraints remain compatible (>=12). Given dotenv minor version jump, consider a quick smoke run of any scripts using dotenvx run to confirm no edge-case parsing differences (e.g., single-quoted expansion) affect our usage. No blocking issues from my side.

roomote

I found one compatibility note inline related to dotenvx/dotenv parser behavior changes.

roomote · 2025-10-03T14:27:14Z

pnpm-lock.yaml


-  '@dotenvx/dotenvx@1.44.2':
-    resolution: {integrity: sha512-2C44+G2dch4cB6zw7+oGQ9VcFQuuVhc5xOzfVvY7iUEj2PRhiVMIB6SpNMK1V5TvpdqrAqCYFjclK18Mh9vwNQ==}
+  '@dotenvx/dotenvx@1.51.0':


[P2] Transitive behavior change: @dotenvx/dotenvx includes a fix for variable expansion of single‑quoted values (v1.49.1) and now pulls dotenv 17.2.3. If any .env entries rely on single‑quoted interpolation semantics, values may change. Recommend a quick smoke test of .env parsing in CI/dev (especially single‑quoted variables with ${...}).

roomote

I found a minor maintainability note not covered by existing comments; see inline.

roomote · 2025-10-03T15:30:45Z

pnpm-lock.yaml

    engines: {node: '>=8.6'}

  [email protected]:
    resolution: {integrity: sha512-M7BAV6Rlcy5u+m6oPhAPFgJTzAioX/6B0DxyvDlo9l8+T3nLKbrczg2WLUyzd45L8RqfUMyGPzekbMvX2Ldkwg==}


[P3] Duplicate versions: both picomatch 4.0.2 and 4.0.3 are present after this bump (introduced via [email protected]). If feasible, consider running pnpm dedupe --lockfile-only in a follow-up to reduce duplication. Not blocking.

roomote

I found one additional note not covered by existing comments. See inline for details.

roomote · 2025-10-03T16:19:36Z

pnpm-lock.yaml

  '@csstools/[email protected](@csstools/[email protected])':
    dependencies:
      '@csstools/css-tokenizer': 3.0.4



[P3] Optional Ops features: dotenvx 1.50+ adds Ops and a new opsOff flag. To avoid any network calls/telemetry during CI or local scripts, consider disabling Ops explicitly (e.g., DOTENVX_OPS_OFF=1 or pass --ops-off when invoking dotenvx). Non-blocking.

roomote

I found one additional minor maintainability note; see inline.

roomote · 2025-10-05T15:45:04Z

pnpm-lock.yaml

        optional: true

+  [email protected]:
+    resolution: {integrity: sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==}


[P3] Multiple fdir versions: lockfile now contains fdir 6.5.0 alongside 6.4.x (e.g., under tinyglobby). Consider a follow-up pnpm dedupe --lockfile-only to converge on a single fdir where possible; smaller tree and fewer transitive mismatches. Not blocking.

roomote

I found one additional minor note not covered by existing comments.

roomote · 2025-10-06T16:08:44Z

pnpm-lock.yaml


-  dotenv@16.5.0:
-    resolution: {integrity: sha512-m/C+AwOAr9/W1UOIZUo232ejMNnJAJtYQjUbHoNTBNTJSvqzzDh7vnrei3o3r3m9blf6ZoDkvcw0VmozNRFJxg==}
+  dotenv@17.2.3:


[P3] Duplicate dotenv versions: lockfile contains both dotenv 16.0.3 and 17.2.3. If feasible, try converging dependents to a single version via a follow-up pnpm dedupe --lockfile-only or targeted bumps to avoid inconsistent parsing behavior across tools. Non-blocking.

roomote

I found one minor maintainability note; see inline.

roomote · 2025-10-06T17:13:31Z

pnpm-lock.yaml

  [email protected]:
    dependencies:
-      fdir: 6.4.6([email protected])
+      fdir: 6.5.0([email protected])


[P3] Two tinyglobby versions (0.2.13 and 0.2.14) are present after this bump. If feasible, align dependents to a single minor to minimize duplicates (e.g., run pnpm dedupe --lockfile-only in a follow-up or adjust constraints) to keep the tree smaller. Non-blocking.

roomote

I found one additional minor note that needs attention.

roomote · 2025-10-07T22:15:41Z

pnpm-lock.yaml

    engines: {node: '>=10'}
    hasBin: true

+  [email protected]:


[P3] Duplicate semver versions: both semver 7.7.2 and 7.7.3 appear in the lockfile after this bump. Consider a follow-up pnpm dedupe --lockfile-only (or align dependents) to converge on a single semver version and reduce duplication. Non-blocking.

roomote

I found some issues that need attention. See inline for a couple of minor, non-blocking notes on transitive crypto library bumps.

roomote · 2025-10-08T02:10:18Z

pnpm-lock.yaml


-  '@noble/[email protected].2':
-    resolution: {integrity: sha512-HxngEd2XUcg9xi20JkwlLCtYwfoFw4JGkuZpT+WlsPD4gB/cxkvTD8fSsoAnphGZhFdZYKeQIPCuFlWPm1uE0g==}
+  '@noble/[email protected].7':


[P3] Transitive crypto update: '@noble/curves' bumped to 1.9.7 via eciesjs/dotenvx. While low-risk, crypto stacks can have subtle compat differences. If any env-vault/ECIES flows are exercised (even indirectly), consider a quick encrypt/decrypt smoke test. Non-blocking.

roomote · 2025-10-08T02:10:18Z

pnpm-lock.yaml


-  '@ecies/[email protected].3':
-    resolution: {integrity: sha512-tapn6XhOueMwht3E2UzY0ZZjYokdaw9XtL9kEyjhQ/Fb9vL9xTFbOaI+fV0AWvTpYu4BNloC6getKW6NtSg4mA==}
+  '@ecies/[email protected].4':


[P3] '@ecies/ciphers' moved to 0.2.4. Recent releases also removed an eval usage in related helpers (hardening). No action required—just flagging the stack change alongside noble/curves. Non-blocking.

roomote

No new issues found - all concerns already addressed in existing comments.

roomote · 2025-10-21T10:10:59Z

Review Summary

This dependency update has been reviewed. The existing comments identify several informational items for awareness:

Issues Identified

[P2] Variable expansion behavior change: dotenv 17.2.3 includes a fix for single-quoted variable expansion (v1.49.1). If any .env entries use single-quoted interpolation with ${...}, values may change. Recommend smoke testing .env parsing.
[P3] Duplicate picomatch versions: Both 4.0.2 and 4.0.3 are present. Consider running pnpm dedupe --lockfile-only in a follow-up to reduce duplication.
[P3] Duplicate fdir versions: Multiple fdir versions (6.4.x and 6.5.0) exist. Consider pnpm dedupe --lockfile-only to converge on a single version.
[P3] Duplicate semver versions: Both 7.7.2 and 7.7.3 are present. Consider pnpm dedupe --lockfile-only to reduce duplication.
[P3] Duplicate dotenv versions: Both 16.0.3 and 17.2.3 exist. Consider converging to a single version via pnpm dedupe --lockfile-only.
[P3] Duplicate tinyglobby versions: Both 0.2.13 and 0.2.14 are present. Consider aligning to a single version.
[P3] Optional Ops features: dotenvx 1.50+ adds Ops with potential network calls. Consider disabling explicitly with DOTENVX_OPS_OFF=1 or --ops-off flag if telemetry is a concern.
[P3] Transitive crypto update: @noble/curves bumped to 1.9.7. Low-risk but consider smoke testing any ECIES/env-vault flows if used.
[P3] @ecies/ciphers update: Moved to 0.2.4 with eval usage removal in related helpers (hardening).

Recommendation

All flagged issues are informational (P3) or low-priority (P2). The P2 item suggests smoke testing single-quoted env variable expansion. The P3 items are optimization suggestions for follow-up work (deduplication, telemetry configuration).

This is a standard lockfile-only dependency update with no blocking issues.

Previous Reviews

9beea36: Review #1

_{Mention @roomote in a comment to trigger your PR Fixer agent and make changes to this pull request.}

renovate bot requested review from cte, jr and mrubens as code owners June 21, 2025 03:16

github-project-automation bot added this to Roo Code Roadmap and Roo Code Roadmap Jun 21, 2025

github-project-automation bot moved this to New in Roo Code Roadmap Jun 21, 2025

github-project-automation bot moved this to Triage in Roo Code Roadmap Jun 21, 2025

hannesrudolph added the Issue/PR - Triage New issue. Needs quick review to confirm validity and assign labels. label Jun 21, 2025

daniel-lxs approved these changes Jun 21, 2025

View reviewed changes

dosubot bot added the lgtm This PR has been approved by a maintainer label Jun 21, 2025

daniel-lxs moved this from Triage to PR [Needs Review] in Roo Code Roadmap Jun 21, 2025

hannesrudolph added PR - Needs Review and removed Issue/PR - Triage New issue. Needs quick review to confirm validity and assign labels. labels Jun 21, 2025

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch from 1b84670 to 65b8871 Compare June 22, 2025 14:31

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch from 65b8871 to b36748a Compare July 2, 2025 05:46

renovate bot changed the title ~~chore(deps): update dependency @dotenvx/dotenvx to v1.45.1~~ chore(deps): update dependency @dotenvx/dotenvx to v1.45.2 Jul 2, 2025

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch from b36748a to 327e5c1 Compare July 2, 2025 12:49

renovate bot changed the title ~~chore(deps): update dependency @dotenvx/dotenvx to v1.45.2~~ chore(deps): update dependency @dotenvx/dotenvx to v1.46.0 Jul 7, 2025

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch from 327e5c1 to 7961c7d Compare July 7, 2025 19:48

hannesrudolph moved this from PR [Needs Review] to renovate BOT in Roo Code Roadmap Jul 8, 2025

renovate bot changed the title ~~chore(deps): update dependency @dotenvx/dotenvx to v1.46.0~~ chore(deps): update dependency @dotenvx/dotenvx to v1.47.0 Jul 8, 2025

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch from 7961c7d to 4f5d484 Compare July 8, 2025 23:18

renovate bot changed the title ~~chore(deps): update dependency @dotenvx/dotenvx to v1.47.0~~ chore(deps): update dependency @dotenvx/dotenvx to v1.47.1 Jul 9, 2025

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch from 4f5d484 to e85b5a6 Compare July 9, 2025 00:39

renovate bot changed the title ~~chore(deps): update dependency @dotenvx/dotenvx to v1.47.1~~ chore(deps): update dependency @dotenvx/dotenvx to v1.47.2 Jul 9, 2025

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch 2 times, most recently from d9056dc to 710bd50 Compare July 9, 2025 23:10

renovate bot changed the title ~~chore(deps): update dependency @dotenvx/dotenvx to v1.47.2~~ chore(deps): update dependency @dotenvx/dotenvx to v1.47.3 Jul 9, 2025

renovate bot changed the title ~~chore(deps): update dependency @dotenvx/dotenvx to v1.47.3~~ chore(deps): update dependency @dotenvx/dotenvx to v1.47.4 Jul 11, 2025

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch from 710bd50 to a4cb9aa Compare July 11, 2025 18:27

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch 2 times, most recently from b12e0d2 to 02b09ee Compare October 3, 2025 04:17

roomote bot reviewed Oct 3, 2025

View reviewed changes

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch 2 times, most recently from 54f8c1c to 0b39b81 Compare October 3, 2025 14:06

roomote bot reviewed Oct 3, 2025

View reviewed changes

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch 2 times, most recently from 1ea286d to a68414c Compare October 3, 2025 14:36

roomote bot reviewed Oct 3, 2025

View reviewed changes

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch 3 times, most recently from 3080afb to fb1cc41 Compare October 5, 2025 14:24

roomote bot reviewed Oct 5, 2025

View reviewed changes

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch 2 times, most recently from c715a14 to 880cec2 Compare October 6, 2025 15:38

roomote bot reviewed Oct 6, 2025

View reviewed changes

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch from 880cec2 to 88e825e Compare October 7, 2025 21:52

roomote bot reviewed Oct 7, 2025

View reviewed changes

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch from 88e825e to dbab6d6 Compare October 8, 2025 01:40

roomote bot reviewed Oct 8, 2025

View reviewed changes

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch from dbab6d6 to 5d79b41 Compare October 9, 2025 03:58

roomote bot reviewed Oct 9, 2025

View reviewed changes

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch from 5d79b41 to 9beea36 Compare October 21, 2025 10:10

roomote bot approved these changes Oct 21, 2025

View reviewed changes

chore(deps): update dependency @dotenvx/dotenvx to v1.51.1

ddf9bc7

renovate bot changed the title ~~chore(deps): update dependency @dotenvx/dotenvx to v1.51.0~~ chore(deps): update dependency @dotenvx/dotenvx to v1.51.1 Nov 4, 2025

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch from 9beea36 to ddf9bc7 Compare November 4, 2025 03:18

chore(deps): update dependency @dotenvx/dotenvx to v1.51.1 #4966

Are you sure you want to change the base?

chore(deps): update dependency @dotenvx/dotenvx to v1.51.1 #4966

Uh oh!

Conversation

renovate bot commented Jun 21, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

Added

Added

Removed

Added

Changed

Added

Removed

Changed

Changed

Changed

Added

Changed

Changed

Changed

Changed

Added

Removed

Added

Added

Added

Added

Removed

Changed

Changed

Added

Configuration

Uh oh!

roomote bot left a comment

Choose a reason for hiding this comment

Uh oh!

roomote bot Oct 3, 2025

Choose a reason for hiding this comment

Uh oh!

roomote bot left a comment

Choose a reason for hiding this comment

Uh oh!

roomote bot Oct 3, 2025

Choose a reason for hiding this comment

Uh oh!

roomote bot left a comment

Choose a reason for hiding this comment

Uh oh!

roomote bot Oct 3, 2025

Choose a reason for hiding this comment

Uh oh!

roomote bot left a comment

Choose a reason for hiding this comment

Uh oh!

roomote bot Oct 3, 2025

Choose a reason for hiding this comment

Uh oh!

roomote bot left a comment

Choose a reason for hiding this comment

Uh oh!

roomote bot Oct 5, 2025

Choose a reason for hiding this comment

Uh oh!

roomote bot left a comment

Choose a reason for hiding this comment

Uh oh!

roomote bot Oct 6, 2025

Choose a reason for hiding this comment

Uh oh!

roomote bot left a comment

Choose a reason for hiding this comment

Uh oh!

roomote bot Oct 6, 2025

Choose a reason for hiding this comment

Uh oh!

roomote bot left a comment

Choose a reason for hiding this comment

Uh oh!

renovate bot commented Jun 21, 2025 •

edited

Loading

roomote bot commented Oct 21, 2025 •

edited

Loading