Add support for backticks #615
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Was it necessary to bump the major version number for this? Normally, adding a new feature isn't a breaking change. |
|
@s100 i think it is a breaking change see also: "If you had values containing the backtick character, please quote those values with either single or double quotes." |
|
@s100 it is a good point you raise. The difficulty with the nature of this repo (and we err on the side of safety) is that a regex change on the parser can break edge cases for users of the older version. For example, in this case there could be users out there with a value like this:
|
|
@motdotla what are the security implications of backtick support? |
|
@mo great question, Mo. Also great short handle! There is no execution of variables (as there is in node template variables), so there are no additional security implications here. The backticks simply act as a parsing wrapper - like single or double quotes. |
1 task
Vylpes
pushed a commit
to Vylpes/Droplet
that referenced
this pull request
Sep 14, 2023
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [dotenv](https://github.com/motdotla/dotenv) | dependencies | major | [`^10.0.0` -> `^16.0.0`](https://renovatebot.com/diffs/npm/dotenv/10.0.0/16.0.3) | --- ### Release Notes <details> <summary>motdotla/dotenv</summary> ### [`v16.0.3`](https://github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#​1603-httpsgithubcommotdotladotenvcomparev1602v1603-2022-09-29) [Compare Source](motdotla/dotenv@v16.0.2...v16.0.3) ##### Changed - Added library version to debug logs ([#​682](motdotla/dotenv#682)) ### [`v16.0.2`](https://github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#​1602-httpsgithubcommotdotladotenvcomparev1601v1602-2022-08-30) [Compare Source](motdotla/dotenv@v16.0.1...v16.0.2) ##### Added - Export `env-options.js` and `cli-options.js` in package.json for use with downstream [dotenv-expand](https://github.com/motdotla/dotenv-expand) module ### [`v16.0.1`](https://github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#​1601-httpsgithubcommotdotladotenvcomparev1600v1601-2022-05-10) [Compare Source](motdotla/dotenv@v16.0.0...v16.0.1) ##### Changed - Minor README clarifications - Development ONLY: updated devDependencies as recommended for development only security risks ([#​658](motdotla/dotenv#658)) ### [`v16.0.0`](https://github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#​1600-httpsgithubcommotdotladotenvcomparev1501v1600-2022-02-02) [Compare Source](motdotla/dotenv@v15.0.1...v16.0.0) ##### Added - *Breaking:* Backtick support 🎉 ([#​615](motdotla/dotenv#615)) If you had values containing the backtick character, please quote those values with either single or double quotes. ### [`v15.0.1`](https://github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#​1501-httpsgithubcommotdotladotenvcomparev1500v1501-2022-02-02) [Compare Source](motdotla/dotenv@v15.0.0...v15.0.1) ##### Changed - Properly parse empty single or double quoted values 🐞 ([#​614](motdotla/dotenv#614)) ### [`v15.0.0`](https://github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#​1500-httpsgithubcommotdotladotenvcomparev1432v1500-2022-01-31) [Compare Source](motdotla/dotenv@v14.3.2...v15.0.0) `v15.0.0` is a major new release with some important breaking changes. ##### Added - *Breaking:* Multiline parsing support (just works. no need for the flag.) ##### Changed - *Breaking:* `#` marks the beginning of a comment (UNLESS the value is wrapped in quotes. Please update your `.env` files to wrap in quotes any values containing `#`. For example: `SECRET_HASH="something-with-a-#-hash"`). ..Understandably, (as some teams have noted) this is tedious to do across the entire team. To make it less tedious, we recommend using [dotenv cli](https://github.com/dotenv-org/cli) going forward. It's an optional plugin that will keep your `.env` files in sync between machines, environments, or team members. ##### Removed - *Breaking:* Remove multiline option (just works out of the box now. no need for the flag.) ### [`v14.3.2`](https://github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#​1432-httpsgithubcommotdotladotenvcomparev1431v1432-2022-01-25) [Compare Source](motdotla/dotenv@v14.3.1...v14.3.2) ##### Changed - Preserve backwards compatibility on values containing `#` 🐞 ([#​603](motdotla/dotenv#603)) ### [`v14.3.1`](https://github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#​1431-httpsgithubcommotdotladotenvcomparev1430v1431-2022-01-25) [Compare Source](motdotla/dotenv@v14.3.0...v14.3.1) ##### Changed - Preserve backwards compatibility on exports by re-introducing the prior in-place exports 🐞 ([#​606](motdotla/dotenv#606)) ### [`v14.3.0`](https://github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#​1430-httpsgithubcommotdotladotenvcomparev1420v1430-2022-01-24) [Compare Source](motdotla/dotenv@v14.2.0...v14.3.0) ##### Added - Add `multiline` option 🎉 ([#​486](motdotla/dotenv#486)) ### [`v14.2.0`](https://github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#​1420-httpsgithubcommotdotladotenvcomparev1411v1420-2022-01-17) [Compare Source](motdotla/dotenv@v14.1.1...v14.2.0) ##### Added - Add `dotenv_config_override` cli option - Add `DOTENV_CONFIG_OVERRIDE` command line env option ### [`v14.1.1`](https://github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#​1411-httpsgithubcommotdotladotenvcomparev1410v1411-2022-01-17) [Compare Source](motdotla/dotenv@v14.1.0...v14.1.1) ##### Added - Add React gotcha to FAQ on README ### [`v14.1.0`](https://github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#​1410-httpsgithubcommotdotladotenvcomparev1401v1410-2022-01-17) [Compare Source](motdotla/dotenv@v14.0.1...v14.1.0) ##### Added - Add `override` option 🎉 ([#​595](motdotla/dotenv#595)) ### [`v14.0.1`](https://github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#​1401-httpsgithubcommotdotladotenvcomparev1400v1401-2022-01-16) [Compare Source](motdotla/dotenv@v14.0.0...v14.0.1) ##### Added - Log error on failure to load `.env` file ([#​594](motdotla/dotenv#594)) ### [`v14.0.0`](https://github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#​1400-httpsgithubcommotdotladotenvcomparev1301v1400-2022-01-16) [Compare Source](motdotla/dotenv@v13.0.1...v14.0.0) ##### Added - *Breaking:* Support inline comments for the parser 🎉 ([#​568](motdotla/dotenv#568)) ### [`v13.0.1`](https://github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#​1301-httpsgithubcommotdotladotenvcomparev1300v1301-2022-01-16) [Compare Source](motdotla/dotenv@v13.0.0...v13.0.1) ##### Changed - Hide comments and newlines from debug output ([#​404](motdotla/dotenv#404)) ### [`v13.0.0`](https://github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#​1300-httpsgithubcommotdotladotenvcomparev1204v1300-2022-01-16) [Compare Source](motdotla/dotenv@v12.0.4...v13.0.0) ##### Added - *Breaking:* Add type file for `config.js` ([#​539](motdotla/dotenv#539)) ### [`v12.0.4`](https://github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#​1204-httpsgithubcommotdotladotenvcomparev1203v1204-2022-01-16) [Compare Source](motdotla/dotenv@v12.0.3...v12.0.4) ##### Changed - README updates - Minor order adjustment to package json format ### [`v12.0.3`](https://github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#​1203-httpsgithubcommotdotladotenvcomparev1202v1203-2022-01-15) [Compare Source](motdotla/dotenv@v12.0.2...v12.0.3) ##### Changed - Simplified jsdoc for consistency across editors ### [`v12.0.2`](https://github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#​1202-httpsgithubcommotdotladotenvcomparev1201v1202-2022-01-15) [Compare Source](motdotla/dotenv@v12.0.1...v12.0.2) ##### Changed - Improve embedded jsdoc type documentation ### [`v12.0.1`](https://github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#​1201-httpsgithubcommotdotladotenvcomparev1200v1201-2022-01-15) [Compare Source](motdotla/dotenv@v12.0.0...v12.0.1) ##### Changed - README updates and clarifications ### [`v12.0.0`](https://github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#​1200-httpsgithubcommotdotladotenvcomparev1100v1200-2022-01-15) [Compare Source](motdotla/dotenv@v11.0.0...v12.0.0) ##### Removed - *Breaking:* drop support for Flow static type checker ([#​584](motdotla/dotenv#584)) ##### Changed - Move types/index.d.ts to lib/main.d.ts ([#​585](motdotla/dotenv#585)) - Typescript cleanup ([#​587](motdotla/dotenv#587)) - Explicit typescript inclusion in package.json ([#​566](motdotla/dotenv#566)) ### [`v11.0.0`](https://github.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#​1100-httpsgithubcommotdotladotenvcomparev1000v1100-2022-01-11) [Compare Source](motdotla/dotenv@v10.0.0...v11.0.0) ##### Changed - *Breaking:* drop support for Node v10 ([#​558](motdotla/dotenv#558)) - Patch debug option ([#​550](motdotla/dotenv#550)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC43NC4yIiwidXBkYXRlZEluVmVyIjoiMzQuNzQuMiJ9--> Co-authored-by: Renovate Bot <renovate@vylpes.com> Reviewed-on: https://gitea.vylpes.xyz/RabbitLabs/Droplet/pulls/105 Reviewed-by: Vylpes <ethan@vylpes.com> Co-authored-by: RenovateBot <renovate@vylpes.com> Co-committed-by: RenovateBot <renovate@vylpes.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.