[Snyk] Upgrade dotenv from 16.4.7 to 16.6.1#2
Conversation
Snyk has created this PR to upgrade dotenv from 16.4.7 to 16.6.1. See this package in pnpm: dotenv See this project in Snyk: https://app.snyk.io/org/smsdao/project/bd064e83-f2aa-4c6e-82ee-1155af3d9107?utm_source=github&utm_medium=referral&page=upgrade-pr
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
There was a problem hiding this comment.
Pull request overview
This PR upgrades the dotenv package from version 16.4.7 to 16.6.1 in the discord-bot-starter example project, as recommended by Snyk for dependency maintenance.
Key Changes:
- Updates dotenv dependency specification from ^16.4.7 to ^16.6.1 in the example's package.json
- Updates the pnpm-lock.yaml file with corresponding version changes and integrity hashes for the new version
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| examples/discord-bot-starter/package.json | Updates dotenv dependency specification to version 16.6.1 |
| examples/discord-bot-starter/pnpm-lock.yaml | Updates lock file entries for dotenv across multiple sections (importers, packages, and snapshots) to reflect the new version |
Files not reviewed (1)
- examples/discord-bot-starter/pnpm-lock.yaml: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "dependencies": { | ||
| "discord.js": "^14.17.2", | ||
| "dotenv": "^16.4.7", | ||
| "dotenv": "^16.6.1", |
There was a problem hiding this comment.
This PR upgrades dotenv only in the discord-bot-starter example, but the main package.json at the repository root still specifies dotenv version 16.4.7. For consistency and to ensure the entire project benefits from any security fixes or improvements in version 16.6.1, consider also upgrading dotenv in the root package.json.
There was a problem hiding this comment.
Updated in commit 291e25f: root package.json now uses dotenv ^16.6.1, and root pnpm-lock.yaml entries were aligned to 16.6.1. No UI changes in this PR, so no screenshot is applicable.
Agent-Logs-Url: https://github.com/SMSDAO/solana-agent-kit/sessions/d8d578ce-0802-447a-8a11-c46f1e0dacaf Co-authored-by: SMSDAO <144380926+SMSDAO@users.noreply.github.com>
Applied in commit |
Snyk has created this PR to upgrade dotenv from 16.4.7 to 16.6.1.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 3 versions ahead of your current version.
The recommended version was released 6 months ago.
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: