fix(deps): update dependency dotenv to v16.6.1

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
dotenv	16.0.0 -> 16.6.1
dotenv	16.3.1 -> 16.6.1

---

Release Notes

motdotla/dotenv (dotenv)

v16.6.1

Compare Source

Changed

• Default quiet to true – hiding the runtime log message (#​874)
• NOTICE: 17.0.0 will be released with quiet defaulting to false. Use config({ quiet: true }) to suppress.
• And check out the new dotenvx. As coding workflows evolve and agents increasingly handle secrets, encrypted .env files offer a much safer way to deploy both agents and code together with secure secrets. Simply switch require('dotenv').config() for require('@​dotenvx/dotenvx').config().

v16.6.0

Compare Source

Added

• Default log helpful message [dotenv@16.6.0] injecting env (1) from .env (#​870)
• Use { quiet: true } to suppress
• Aligns dotenv more closely with dotenvx.

v16.5.0

Compare Source

Added

• 🎉 Added new sponsor Graphite - the AI developer productivity platform helping teams on GitHub ship higher quality software, faster.

[!TIP]
Become a sponsor

The dotenvx README is viewed thousands of times DAILY on GitHub and NPM.
Sponsoring dotenv is a great way to get in front of developers and give back to the developer community at the same time.

Changed

• Remove _log method. Use _debug #​862

v16.4.7

Compare Source

Changed

• Ignore .tap folder when publishing. (oops, sorry about that everyone. - @​motdotla) #​848

v16.4.6

Compare Source

Changed

• Clean up stale dev dependencies #​847
• Various README updates clarifying usage and alternative solutions using dotenvx

v16.4.5

Compare Source

Changed

• 🐞 Fix recent regression when using path option. return to historical behavior: do not attempt to auto find .env if path set. (regression was introduced in 16.4.3) #​814

v16.4.4

Compare Source

Changed

• 🐞 Replaced chaining operator ?. with old school && (fixing node 12 failures) #​812

v16.4.3

Compare Source

Changed

• Fixed processing of multiple files in options.path #​805

v16.4.2

Compare Source

Changed

• Changed funding link in package.json to dotenvx.com

v16.4.1

Compare Source

• Patch support for array as path option #​797

v16.4.0

Compare Source

• Add error.code to error messages around .env.vault decryption handling #​795
• Add ability to find .env.vault file when filename(s) passed as an array #​784

v16.3.2

Compare Source

Added

• Add debug message when no encoding set #​735

Changed

• Fix output typing for populate #​792
• Use subarray instead of slice #​793

v16.3.1

Compare Source

Added

• Add missing type definitions for processEnv and DOTENV_KEY options. #​756

v16.3.0

Compare Source

Added

• Optionally pass DOTENV_KEY to options rather than relying on process.env.DOTENV_KEY. Defaults to process.env.DOTENV_KEY #​754

v16.2.0

Compare Source

Added

• Optionally write to your own target object rather than process.env. Defaults to process.env. #​753
• Add import type URL to types file #​751

v16.1.4

Compare Source

Added

• Added .github/ to .npmignore #​747

v16.1.3

Compare Source

Removed

• Removed browser keys for path, os, and crypto in package.json. These were set to false incorrectly as of 16.1. Instead, if using dotenv on the front-end make sure to include polyfills for path, os, and crypto. node-polyfill-webpack-plugin provides these.

v16.1.2

Compare Source

Changed

• Exposed private function _configDotenv as configDotenv. #​744

v16.1.1

Compare Source

Added

• Added type definition for decrypt function

Changed

• Fixed {crypto: false} in packageJson.browser

v16.1.0

Compare Source

Added

• Add populate convenience method #​733
• Accept URL as path option #​720
• Add dotenv to npm fund command
• Spanish language README #​698
• Add .env.vault support. 🎉 (#​730)

ℹ️ .env.vault extends the .env file format standard with a localized encrypted vault file. Package it securely with your production code deploys. It's cloud agnostic so that you can deploy your secrets anywhere – without risky third-party integrations. read more

Changed

• Fixed "cannot resolve 'fs'" error on tools like Replit #​693

v16.0.3

Compare Source

Changed

• Added library version to debug logs (#​682)

v16.0.2

Compare Source

Added

• Export env-options.js and cli-options.js in package.json for use with downstream dotenv-expand module

v16.0.1

Compare Source

Changed

• Minor README clarifications
• Development ONLY: updated devDependencies as recommended for development only security risks (#​658)

---

Configuration

📅 Schedule: Branch creation - Only on Sunday and Saturday ( * * * * 0,6 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	dotenv@​16.0.0 ⏵ 16.6.1			+1

View full report