chore(deps): update dependency @dotenvx/dotenvx to v1.51.4 #4966

renovate · 2025-06-21T03:16:39Z

This PR contains the following updates:

Package	Change	Age	Confidence
@dotenvx/dotenvx	`1.44.2` → `1.51.4`

Release Notes

dotenvx/dotenvx (@dotenvx/dotenvx)

`v1.51.4`

Compare Source

Changed

Change description of dotenvx-ops to better reflect its tooling as operational primitives on top of dotenvx for production use cases. (#721)

`v1.51.3`

Compare Source

Added

Add hint on .env.keys for dotenvx ops backup. Dotenvx Ops Backup lets you back up your private keys securely with just a single command. It's a convenient alterantive to manually copy/pasting them in and out of 1Password. (#718)

`v1.51.2`

Compare Source

Changed

Switch npm publish to use Dotenvx Ops' new Rotation Tokens (ROTs) (#715)

This will allow us to start dogfooding our own solution for third-party API key rotation. Third-party API key rotation would drastically improve security industry wide. Please get in touch if this is interesting to you.

`v1.51.1`

Compare Source

Added

Add opsOff type information

`v1.51.0`

Compare Source

Added

Add config({opsOff: true}) options and --ops-off flag for turning off Dotenvx Ops features. (#680)

`v1.50.1`

Compare Source

Removed

Remove listed command to radar (now ops) (#678)

`v1.50.0`

Compare Source

Added

Add optional dotenvx ops command (#677)
Ops is a coming rename of Radar. Radar will become a feature inside ops.
With dotenvx ops use dotenvx across your team, infrastructure, agents, and more.

 _______________________________________________________________________
|                                                                       |
|  Dotenvx Ops: Commercial Tooling for Dotenvx                          |
|                                                                       |
|  ░▒▓██████▓▒░░▒▓███████▓▒░ ░▒▓███████▓▒░                              |
| ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░                                     |
| ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░                                     |
| ░▒▓█▓▒░░▒▓█▓▒░▒▓███████▓▒░ ░▒▓██████▓▒░                               |
| ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░             ░▒▓█▓▒░                              |
| ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░             ░▒▓█▓▒░                              |
|  ░▒▓██████▓▒░░▒▓█▓▒░      ░▒▓███████▓▒░                               |
|                                                                       |
|  Use dotenvx across your team, infrastructure, agents, and more.      |
|                                                                       |
|  Learn more at https://dotenvx.com/ops                                |
|_______________________________________________________________________|

`v1.49.1`

Compare Source

Changed

🐞 patch bug with variable expansion of single quoted values (#675)

`v1.49.0`

Compare Source

Added

For precommit and prebuild, ignore .env.x file like we do with .env.vault file. (#666)

`v1.48.4`

Compare Source

Removed

Remove unnecessary use of eval in proKeypair helper (#654)

`v1.48.3`

Compare Source

Changed

Include privateKeyName and privateKey on internal processedEnv object (#649)

`v1.48.2`

Compare Source

Changed

Check radar status before sending (#646)

`v1.48.1`

Compare Source

Changed

Send beforEnv and afterEnv to Radar if user has installed (#645)

`v1.48.0`

Compare Source

Added

Include beforeEnv and afterEnv for user debugging (#644)

`v1.47.7`

Compare Source

Changed

src should be in internal processEnv object (#643)

`v1.47.6`

Compare Source

Changed

Make Radar call non-blocking (#642)

`v1.47.5`

Compare Source

Changed

Add resilient handling of any Radar failures (#639)

`v1.47.4`

Compare Source

Changed

Smarter require of non-installed libs like dotenvx-radar (#638)

`v1.47.3`

Compare Source

Added

Send to radar#observe if Radar installed by user (#631)

Removed

Remove cli in package.json (#632)

`v1.47.2`

Compare Source

Added

Export cli in package.json (#629)

`v1.47.1`

Compare Source

Added

Add convenience log that radar active 📡 when dotenvx-radar is installed (#625)

`v1.47.0`

Compare Source

Added

Add optional dotenvx radar command (#624)
Radar is an early access commercial extension for dotenvx that will auto backup your .env files.

 _______________________________________________________________________
|                                                                       |
|  Dotenvx Radar: Env Observability                                     |
|                                                                       |
|  ░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓███████▓▒░    |
|  ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   |
|  ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   |
|  ░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓████████▓▒░▒▓███████▓▒░    |
|  ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   |
|  ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   |
|  ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   |
|                                                                       |
|  Observe, version, and back up your environment variables at runtime. |
|                                                                       |
|  Purchase lifetime access at https://dotenvx.com/radar                |
|                                                                       |
| --------------------------------------------------------------------- |
| - thank you for using dotenvx! - @&#8203;motdotla                            |
|_______________________________________________________________________|

`v1.46.0`

Compare Source

Added

Add error when hoisting issue experienced around commander.js (#623)

Removed

Remove git-dotenvx and git dotenvx shorthand (#621)

`v1.45.2`

Compare Source

Changed

Minor README updates

`v1.45.1`

Compare Source

Changed

Include setLogName and setLogVersion in config (#613)

`v1.45.0`

Compare Source

Added

Add logger.setName and logger.setVersion for customization of logger (#612)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

roomote

I found one additional minor maintainability note; see inline.

roomote · 2025-10-05T15:45:04Z

pnpm-lock.yaml

@@ -5970,6 +5970,15 @@ packages:
      picomatch:
        optional: true

+  fdir@6.5.0:
+    resolution: {integrity: sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==}


[P3] Multiple fdir versions: lockfile now contains fdir 6.5.0 alongside 6.4.x (e.g., under tinyglobby). Consider a follow-up pnpm dedupe --lockfile-only to converge on a single fdir where possible; smaller tree and fewer transitive mismatches. Not blocking.

roomote

I found one additional minor note not covered by existing comments.

roomote · 2025-10-06T16:08:44Z

pnpm-lock.yaml

@@ -5419,8 +5419,8 @@ packages:
    resolution: {integrity: sha512-7GO6HghkA5fYG9TYnNxi14/7K9f5occMlp3zXAuSxn7CKCxt9xbNWG7yF8hTCSUchlfWSe3uLmlPfigevRItzQ==}
    engines: {node: '>=12'}

-  dotenv@16.5.0:
-    resolution: {integrity: sha512-m/C+AwOAr9/W1UOIZUo232ejMNnJAJtYQjUbHoNTBNTJSvqzzDh7vnrei3o3r3m9blf6ZoDkvcw0VmozNRFJxg==}
+  dotenv@17.2.3:


[P3] Duplicate dotenv versions: lockfile contains both dotenv 16.0.3 and 17.2.3. If feasible, try converging dependents to a single version via a follow-up pnpm dedupe --lockfile-only or targeted bumps to avoid inconsistent parsing behavior across tools. Non-blocking.

roomote

I found one minor maintainability note; see inline.

roomote · 2025-10-06T17:13:31Z

pnpm-lock.yaml

      picomatch: 4.0.2

  tinyglobby@0.2.14:
    dependencies:
-      fdir: 6.4.6(picomatch@4.0.2)
+      fdir: 6.5.0(picomatch@4.0.2)


[P3] Two tinyglobby versions (0.2.13 and 0.2.14) are present after this bump. If feasible, align dependents to a single minor to minimize duplicates (e.g., run pnpm dedupe --lockfile-only in a follow-up or adjust constraints) to keep the tree smaller. Non-blocking.

roomote

I found one additional minor note that needs attention.

roomote · 2025-10-07T22:15:41Z

pnpm-lock.yaml

    engines: {node: '>=10'}
    hasBin: true

+  semver@7.7.3:


[P3] Duplicate semver versions: both semver 7.7.2 and 7.7.3 appear in the lockfile after this bump. Consider a follow-up pnpm dedupe --lockfile-only (or align dependents) to converge on a single semver version and reduce duplication. Non-blocking.

roomote

I found some issues that need attention. See inline for a couple of minor, non-blocking notes on transitive crypto library bumps.

roomote · 2025-10-08T02:10:18Z

pnpm-lock.yaml


-  '@noble/curves@1.9.2':
-    resolution: {integrity: sha512-HxngEd2XUcg9xi20JkwlLCtYwfoFw4JGkuZpT+WlsPD4gB/cxkvTD8fSsoAnphGZhFdZYKeQIPCuFlWPm1uE0g==}
+  '@noble/curves@1.9.7':


[P3] Transitive crypto update: '@noble/curves' bumped to 1.9.7 via eciesjs/dotenvx. While low-risk, crypto stacks can have subtle compat differences. If any env-vault/ECIES flows are exercised (even indirectly), consider a quick encrypt/decrypt smoke test. Non-blocking.

roomote · 2025-10-08T02:10:18Z

pnpm-lock.yaml


-  '@ecies/ciphers@0.2.3':
-    resolution: {integrity: sha512-tapn6XhOueMwht3E2UzY0ZZjYokdaw9XtL9kEyjhQ/Fb9vL9xTFbOaI+fV0AWvTpYu4BNloC6getKW6NtSg4mA==}
+  '@ecies/ciphers@0.2.4':


[P3] '@ecies/ciphers' moved to 0.2.4. Recent releases also removed an eval usage in related helpers (hardening). No action required—just flagging the stack change alongside noble/curves. Non-blocking.

roomote

No new issues found - all concerns already addressed in existing comments.

roomote · 2025-10-21T10:10:59Z

Rooviewer Follow along on Roo Cloud

Review Summary

This dependency update has been reviewed. All previously identified issues remain valid. No new issues were found in the latest commit.

Issues Identified

[P2] Variable expansion behavior change: dotenv 17.2.3 includes a fix for single-quoted variable expansion (v1.49.1). If any .env entries use single-quoted interpolation with ${...}, values may change. Recommend smoke testing .env parsing.
[P3] Duplicate picomatch versions: Both 4.0.2 and 4.0.3 are present. Consider running pnpm dedupe --lockfile-only in a follow-up to reduce duplication.
[P3] Duplicate fdir versions: Multiple fdir versions (6.4.x and 6.5.0) exist. Consider pnpm dedupe --lockfile-only to converge on a single version.
[P3] Duplicate semver versions: Both 7.7.2 and 7.7.3 are present. Consider pnpm dedupe --lockfile-only to reduce duplication.
[P3] Duplicate dotenv versions: Both 16.0.3 and 17.2.3 exist. Consider converging to a single version via pnpm dedupe --lockfile-only.
[P3] Duplicate tinyglobby versions: Both 0.2.13 and 0.2.14 are present. Consider aligning to a single version.
[P3] Optional Ops features: dotenvx 1.50+ adds Ops with potential network calls. Consider disabling explicitly with DOTENVX_OPS_OFF=1 or --ops-off flag if telemetry is a concern.
[P3] Transitive crypto update: @noble/curves bumped to 1.9.7. Low-risk but consider smoke testing any ECIES/env-vault flows if used.
[P3] @ecies/ciphers update: Moved to 0.2.5 with eval usage removal in related helpers (hardening).

Recommendation

All flagged issues are informational (P3) or low-priority (P2). The P2 item suggests smoke testing single-quoted env variable expansion. The P3 items are optimization suggestions for follow-up work (deduplication, telemetry configuration).

This is a standard lockfile-only dependency update with no blocking issues.

Previous reviews

3862a50: Review #1

8fbfd54: Review #2

ba69ca2: Review #3

1d62639: Review #4

ddf9bc7: Review #5

9beea36: Review #6

_{Mention @roomote in a comment to request specific changes to this pull request or fix all unresolved issues.}

renovate bot requested review from cte, jr and mrubens as code owners June 21, 2025 03:16

github-project-automation bot added this to Roo Code Roadmap and Roo Code Roadmap Jun 21, 2025

github-project-automation bot moved this to New in Roo Code Roadmap Jun 21, 2025

github-project-automation bot moved this to Triage in Roo Code Roadmap Jun 21, 2025

hannesrudolph added the Issue/PR - Triage New issue. Needs quick review to confirm validity and assign labels. label Jun 21, 2025

daniel-lxs approved these changes Jun 21, 2025

View reviewed changes

dosubot bot added the lgtm This PR has been approved by a maintainer label Jun 21, 2025

daniel-lxs moved this from Triage to PR [Needs Review] in Roo Code Roadmap Jun 21, 2025

hannesrudolph added PR - Needs Review and removed Issue/PR - Triage New issue. Needs quick review to confirm validity and assign labels. labels Jun 21, 2025

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch from 1b84670 to 65b8871 Compare June 22, 2025 14:31

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch from 65b8871 to b36748a Compare July 2, 2025 05:46

renovate bot changed the title ~~chore(deps): update dependency @dotenvx/dotenvx to v1.45.1~~ chore(deps): update dependency @dotenvx/dotenvx to v1.45.2 Jul 2, 2025

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch from b36748a to 327e5c1 Compare July 2, 2025 12:49

renovate bot changed the title ~~chore(deps): update dependency @dotenvx/dotenvx to v1.45.2~~ chore(deps): update dependency @dotenvx/dotenvx to v1.46.0 Jul 7, 2025

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch from 327e5c1 to 7961c7d Compare July 7, 2025 19:48

hannesrudolph moved this from PR [Needs Review] to renovate BOT in Roo Code Roadmap Jul 8, 2025

renovate bot changed the title ~~chore(deps): update dependency @dotenvx/dotenvx to v1.46.0~~ chore(deps): update dependency @dotenvx/dotenvx to v1.47.0 Jul 8, 2025

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch from 7961c7d to 4f5d484 Compare July 8, 2025 23:18

renovate bot changed the title ~~chore(deps): update dependency @dotenvx/dotenvx to v1.47.0~~ chore(deps): update dependency @dotenvx/dotenvx to v1.47.1 Jul 9, 2025

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch from 4f5d484 to e85b5a6 Compare July 9, 2025 00:39

renovate bot changed the title ~~chore(deps): update dependency @dotenvx/dotenvx to v1.47.1~~ chore(deps): update dependency @dotenvx/dotenvx to v1.47.2 Jul 9, 2025

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch 2 times, most recently from d9056dc to 710bd50 Compare July 9, 2025 23:10

renovate bot changed the title ~~chore(deps): update dependency @dotenvx/dotenvx to v1.47.2~~ chore(deps): update dependency @dotenvx/dotenvx to v1.47.3 Jul 9, 2025

renovate bot changed the title ~~chore(deps): update dependency @dotenvx/dotenvx to v1.47.3~~ chore(deps): update dependency @dotenvx/dotenvx to v1.47.4 Jul 11, 2025

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch from 710bd50 to a4cb9aa Compare July 11, 2025 18:27

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch 2 times, most recently from 3080afb to fb1cc41 Compare October 5, 2025 14:24

roomote bot reviewed Oct 5, 2025

View reviewed changes

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch 2 times, most recently from c715a14 to 880cec2 Compare October 6, 2025 15:38

roomote bot reviewed Oct 6, 2025

View reviewed changes

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch from 880cec2 to 88e825e Compare October 7, 2025 21:52

roomote bot reviewed Oct 7, 2025

View reviewed changes

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch from 88e825e to dbab6d6 Compare October 8, 2025 01:40

roomote bot reviewed Oct 8, 2025

View reviewed changes

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch from dbab6d6 to 5d79b41 Compare October 9, 2025 03:58

roomote bot reviewed Oct 9, 2025

View reviewed changes

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch from 5d79b41 to 9beea36 Compare October 21, 2025 10:10

roomote bot approved these changes Oct 21, 2025

View reviewed changes

renovate bot changed the title ~~chore(deps): update dependency @dotenvx/dotenvx to v1.51.0~~ chore(deps): update dependency @dotenvx/dotenvx to v1.51.1 Nov 4, 2025

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch 2 times, most recently from ddf9bc7 to 1d62639 Compare November 6, 2025 21:50

roomote bot approved these changes Nov 6, 2025

View reviewed changes

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch 2 times, most recently from ba69ca2 to 8fbfd54 Compare November 11, 2025 01:05

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch from 8fbfd54 to 3862a50 Compare November 18, 2025 14:48

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch from 3862a50 to 0f8fb75 Compare December 3, 2025 16:04

renovate bot changed the title ~~chore(deps): update dependency @dotenvx/dotenvx to v1.51.1~~ chore(deps): update dependency @dotenvx/dotenvx to v1.51.2 Dec 12, 2025

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch from 0f8fb75 to 8534f7a Compare December 12, 2025 18:38

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch from 8534f7a to 61c0b95 Compare December 29, 2025 21:27

renovate bot changed the title ~~chore(deps): update dependency @dotenvx/dotenvx to v1.51.2~~ chore(deps): update dependency @dotenvx/dotenvx to v1.51.4 Dec 29, 2025

chore(deps): update dependency @dotenvx/dotenvx to v1.51.4

1e35abc

renovate bot force-pushed the renovate/dotenvx-dotenvx-1.x-lockfile branch from 61c0b95 to 1e35abc Compare December 31, 2025 17:46

chore(deps): update dependency @dotenvx/dotenvx to v1.51.4 #4966

Are you sure you want to change the base?

chore(deps): update dependency @dotenvx/dotenvx to v1.51.4 #4966

Conversation

renovate bot commented Jun 21, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

Changed

Added

Changed

Added

Added

Removed

Added

Changed

Added

Removed

Changed

Changed

Changed

Added

Changed

Changed

Changed

Changed

Added

Removed

Added

Added

Added

Added

Removed

Changed

Changed

Added

Configuration

Uh oh!

roomote bot left a comment

Choose a reason for hiding this comment

Uh oh!

roomote bot Oct 5, 2025

Choose a reason for hiding this comment

Uh oh!

roomote bot left a comment

Choose a reason for hiding this comment

Uh oh!

roomote bot Oct 6, 2025

Choose a reason for hiding this comment

Uh oh!

roomote bot left a comment

Choose a reason for hiding this comment

Uh oh!

roomote bot Oct 6, 2025

Choose a reason for hiding this comment

Uh oh!

roomote bot left a comment

Choose a reason for hiding this comment

Uh oh!

roomote bot Oct 7, 2025

Choose a reason for hiding this comment

Uh oh!

roomote bot left a comment

Choose a reason for hiding this comment

Uh oh!

roomote bot Oct 8, 2025

Choose a reason for hiding this comment

Uh oh!

roomote bot Oct 8, 2025

Choose a reason for hiding this comment

Uh oh!

roomote bot left a comment

Choose a reason for hiding this comment

Uh oh!

roomote bot commented Oct 21, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Review Summary

Issues Identified

Recommendation

Uh oh!

Reviewers

renovate bot commented Jun 21, 2025 •

edited

Loading

roomote bot commented Oct 21, 2025 •

edited

Loading