[Snyk] Upgrade dotenv from 8.1.0 to 16.0.1 #12

baby636 · 2022-08-02T18:35:17Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade dotenv from 8.1.0 to 16.0.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

The recommended version is 30 versions ahead of your current version.
The recommended version was released 3 months ago, on 2022-05-10.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-LODASH-608086	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-567746	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-GRPC-598671	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Cryptographic Issues SNYK-JS-ELLIPTIC-571484	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Timing Attack SNYK-JS-ELLIPTIC-511941	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: dotenv

16.0.1 - 2022-05-10
Version bump - patch 16.0.1
16.0.0 - 2022-02-02
Remove multiline on option. Just works now
15.0.1 - 2022-02-02
Patch empty values when single or double quoted
15.0.0 - 2022-01-31
Update CHANGELOG
14.3.2 - 2022-01-25
…ng #
14.3.1 - 2022-01-25
Version v14.3.1 - patch exports
14.3.0 - 2022-01-24
Update CHANGELOG for v14.3.0
14.2.0 - 2022-01-17
Version 14.2.0
14.1.1 - 2022-01-17
Remove verbose test and move -Rspec option to standard test
14.1.0 - 2022-01-17
Version 14.1.0
14.0.1 - 2022-01-17
14.0.0 - 2022-01-17
13.0.1 - 2022-01-16
13.0.0 - 2022-01-16
12.0.4 - 2022-01-16
12.0.3 - 2022-01-15
12.0.2 - 2022-01-15
12.0.1 - 2022-01-15
12.0.0 - 2022-01-14
11.0.0 - 2022-01-11
10.0.0 - 2021-05-21
9.0.2 - 2021-05-10
9.0.1 - 2021-05-09
9.0.0 - 2021-05-05
8.6.0 - 2021-05-05
8.5.1 - 2021-05-05
8.5.0 - 2021-05-05
8.4.0 - 2021-05-05
8.3.0 - 2021-05-05
8.2.0 - 2019-10-16
8.1.0 - 2019-08-18

from dotenv GitHub release notes

Commit messages

Package name: dotenv

b016108 Version bump - patch 16.0.1
582afcd Update CHANGELOG
b5d6c02 Merge pull request #658 from motdotla/dev-dep-updates
f71fdcd Update various dev dependencies
6be370b Update dev dependency @ types/node
0318510 Update links in README
1c2092c Change link
578574c Update README
5e2f74a Update README
49256ae Update README
b895c45 Add note above README
f6c4bc3 Use dotenv-vault
2b8e540 Merge pull request #646 from motdotla/test-clarifications
6e42595 Clarify that inline comments do not require a space after the number sign
6ff9947 Merge pull request #643 from odcey/fix-readme-returnline-typo
884955d fix: update typo on readme concerning return line documentation
f3b3419 Merge pull request #628 from kunalpanchal/patch-1
15ade25 Update the broken reference link to require module
0e00497 Merge pull request #621 from motdotla/braces-spec
a82f623 Add spec confirming https://github.com/Bad management of pairs of braces motdotla/dotenv-expand#49 no longer an issue
9a5ec29 Update CHANGELOG
c20ee46 Remove multiline on option. Just works now
cfeb0f2 Remove other usage in README
5b725a4 Update README