[Snyk] Upgrade dotenv from 8.2.0 to 16.0.1 #36

MarcelRaschke · 2022-08-20T00:27:20Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade dotenv from 8.2.0 to 16.0.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

The recommended version is 29 versions ahead of your current version.
The recommended version was released 3 months ago, on 2022-05-10.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Improper Privilege Management SNYK-JS-SHELLJS-2332187	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1585624	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1584358	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-MERGEDEEP-1070277	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-I18NEXT-1065979	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Remote Code Execution (RCE) SNYK-JS-EJS-2803307	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-ASYNC-2441827	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-ASYNC-2441827	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-2824151	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1047770	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-PATHVAL-596926	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Information Exposure SNYK-JS-NODEFETCH-2342118	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Information Exposure SNYK-JS-NANOID-2332193	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-I18NEXT-585930	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Buffer Overflow SNYK-JS-I18NEXT-575536	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-HAPISTATEHOOD-2769251	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-FLAT-596927	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary Code Injection SNYK-JS-EJS-1049328	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: dotenv

16.0.1 - 2022-05-10
Version bump - patch 16.0.1
16.0.0 - 2022-02-02
Remove multiline on option. Just works now
15.0.1 - 2022-02-02
Patch empty values when single or double quoted
15.0.0 - 2022-01-31
Update CHANGELOG
14.3.2 - 2022-01-25
…ng #
14.3.1 - 2022-01-25
Version v14.3.1 - patch exports
14.3.0 - 2022-01-24
Update CHANGELOG for v14.3.0
14.2.0 - 2022-01-17
Version 14.2.0
14.1.1 - 2022-01-17
Remove verbose test and move -Rspec option to standard test
14.1.0 - 2022-01-17
Version 14.1.0
14.0.1 - 2022-01-17
14.0.0 - 2022-01-17
13.0.1 - 2022-01-16
13.0.0 - 2022-01-16
12.0.4 - 2022-01-16
12.0.3 - 2022-01-15
12.0.2 - 2022-01-15
12.0.1 - 2022-01-15
12.0.0 - 2022-01-14
11.0.0 - 2022-01-11
10.0.0 - 2021-05-21
9.0.2 - 2021-05-10
9.0.1 - 2021-05-09
9.0.0 - 2021-05-05
8.6.0 - 2021-05-05
8.5.1 - 2021-05-05
8.5.0 - 2021-05-05
8.4.0 - 2021-05-05
8.3.0 - 2021-05-05
8.2.0 - 2019-10-16

from dotenv GitHub release notes

Commit messages

Package name: dotenv

b016108 Version bump - patch 16.0.1
582afcd Update CHANGELOG
b5d6c02 Merge pull request How to download files ipfs/ipfs-desktop#658 from motdotla/dev-dep-updates
f71fdcd Update various dev dependencies
6be370b Update dev dependency @ types/node
0318510 Update links in README
1c2092c Change link
578574c Update README
5e2f74a Update README
49256ae Update README
b895c45 Add note above README
f6c4bc3 Use dotenv-vault
2b8e540 Merge pull request C&P hash to clipboard is not working ipfs/ipfs-desktop#646 from motdotla/test-clarifications
6e42595 Clarify that inline comments do not require a space after the number sign
6ff9947 Merge pull request property 'statusCode' of undefined: in npm install ipfs/ipfs-desktop#643 from odcey/fix-readme-returnline-typo
884955d fix: update typo on readme concerning return line documentation
f3b3419 Merge pull request Adding thousands of files at once (EMFILE) ipfs/ipfs-desktop#628 from kunalpanchal/patch-1
15ade25 Update the broken reference link to require module
0e00497 Merge pull request feat: default profile as dhtclient ipfs/ipfs-desktop#621 from motdotla/braces-spec
a82f623 Add spec confirming https://github.com/Bad management of pairs of braces motdotla/dotenv-expand#49 no longer an issue
9a5ec29 Update CHANGELOG
c20ee46 Remove multiline on option. Just works now
cfeb0f2 Remove other usage in README
5b725a4 Update README

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade dotenv from 8.2.0 to 16.0.1. See this package in npm: https://www.npmjs.com/package/dotenv See this project in Snyk: https://app.snyk.io/org/marcelraschke/project/c43862e2-04e0-46c7-9027-49ad8d871d46?utm_source=github&utm_medium=referral&page=upgrade-pr

snyk-bot and others added 2 commits August 20, 2022 00:27

Merge branch 'master' into snyk-upgrade-d5cd3145200b3bf33d71f9255dce7a66

f17e15d

MarcelRaschke self-assigned this Sep 28, 2022

MarcelRaschke added the ⤵️ pull label Sep 28, 2022

MarcelRaschke added this to the snyk milestone Sep 28, 2022

MarcelRaschke merged commit 7bb82c2 into master Sep 28, 2022

delete-merged-branch bot deleted the snyk-upgrade-d5cd3145200b3bf33d71f9255dce7a66 branch September 28, 2022 23:29

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade dotenv from 8.2.0 to 16.0.1 #36

[Snyk] Upgrade dotenv from 8.2.0 to 16.0.1 #36

MarcelRaschke commented Aug 20, 2022

[Snyk] Upgrade dotenv from 8.2.0 to 16.0.1 #36

[Snyk] Upgrade dotenv from 8.2.0 to 16.0.1 #36

Conversation

MarcelRaschke commented Aug 20, 2022

Snyk has created this PR to upgrade dotenv from 8.2.0 to 16.0.1.