deps: update dotenv to 17.2.4

deps: update dotenv to 17.2.3
2026-02-16 07:00:23 -08:00 · 2026-02-03 19:09:22 -08:00
4 changed files with 31 additions and 27 deletions
@@ -0,0 +1,25 @@
+# Package Manager Configuration
+# Force pnpm usage - breaks npm/yarn intentionally
+node-linker=pnpm
+
+# Security: Disable all lifecycle scripts
+ignore-scripts=true
+enable-pre-post-scripts=false
+
+# Security: Require packages to be 10+ days old before installation
+minimum-release-age=14400
+
+# Security: Verify package integrity hashes
+verify-store-integrity=true
+
+# Security: Enforce strict trust policies
+trust-policy=strict
+
+# Security: Strict peer dependency resolution
+strict-peer-dependencies=true
+
+# Performance: Use symlinks for node_modules
+symlink=true
+
+# Lockfile: Ensure lockfile is not modified during install
+frozen-lockfile=false
@@ -38,7 +38,7 @@
    "@sentry/integrations": "7.114.0",
    "@sentry/node": "7.114.0",
    "discord.js": "14.15.2",
-    "dotenv": "16.4.5",
+    "dotenv": "17.2.4",
    "fastify": "5.0.0",
    "winston": "3.13.0"
  }
@@ -18,8 +18,8 @@ importers:
        specifier: 14.15.2
        version: 14.15.2
      dotenv:
-        specifier: 16.4.5
-        version: 16.4.5
+        specifier: 17.2.4
+        version: 17.2.4
      fastify:
        specifier: 5.0.0
        version: 5.0.0
@@ -472,8 +472,8 @@ packages:
    resolution: {integrity: sha512-yS+Q5i3hBf7GBkd4KG8a7eBNNWNGLTaEwwYWUijIYM7zrlYDM0BFXHjjPWlWZ1Rg7UaddZeIDmi9jF3HmqiQ2w==}
    engines: {node: '>=6.0.0'}

-  dotenv@16.4.5:
-    resolution: {integrity: sha512-ZmdL2rui+eB2YwhsWzjInR8LldtZHGDoQ1ugH85ppHKwpUHL7j7rN0Ti9NCnGiQbhaZ11FpR+7ao1dNsmduNUg==}
+  dotenv@17.2.4:
+    resolution: {integrity: sha512-mudtfb4zRB4bVvdj0xRo+e6duH1csJRM8IukBqfTRvHotn9+LBXB8ynAidP9zHqoRC/fsllXgk4kCKlR21fIhw==}
    engines: {node: '>=12'}

  enabled@2.0.0:
@@ -1853,7 +1853,7 @@ snapshots:
    dependencies:
      esutils: 2.0.3

-  dotenv@16.4.5: {}
+  dotenv@17.2.4: {}

  enabled@2.0.0: {}

@@ -1,21 +0,0 @@
-# Security
-
-# Do not execute any scripts of installed packages (project scripts still run)
-ignoreDepScripts: true
-# Do not automatically run pre/post scripts (e.g. preinstall, postbuild)
-enablePrePostScripts: false
-# Only allow packages published at least 10 days ago (reduces risk of compromised packages)
-minimumReleaseAge: 14400
-# Fail if a package's trust level has decreased compared to previous releases
-trustPolicy: no-downgrade
-# Ignore trust policy for packages published more than 1 year ago (predates provenance signing)
-trustPolicyIgnoreAfter: 525960
-# Fail if there are missing or invalid peer dependencies
-strictPeerDependencies: true
-# Prevent transitive dependencies from using exotic sources (git repos, direct tarball URLs)
-blockExoticSubdeps: true
-
-# Lockfile
-
-# Allow the lockfile to be updated during install (set to true in CI for stricter reproducibility)
-preferFrozenLockfile: false
Author	SHA1	Message	Date
minori	681eee3cb5	deps: update dotenv to 17.2.4 Node.js CI / CI (pull_request) Failing after 13s Details Security Scan and Upload / Security & DefectDojo Upload (pull_request) Successful in 1m5s Details	2026-02-16 07:00:23 -08:00
minori	efc1a9d015	deps: update dotenv to 17.2.3 Node.js CI / CI (pull_request) Failing after 16s Details Security Scan and Upload / Security & DefectDojo Upload (pull_request) Successful in 1m18s Details	2026-02-03 19:09:22 -08:00