chore(deps-dev): bump dotenv from 16.5.0 to 17.1.0

[dependabot]

Bumps dotenv from 16.5.0 to 17.1.0.

Changelog

Sourced from dotenv's changelog.

17.1.0 (2025-07-07)

Added

• Add additional security and configuration tips to the runtime log (#884)
• Dim the tips text from the main injection information text

const TIPS = [
  '🔐 encrypt with dotenvx: https://dotenvx.com',
  '🔐 prevent committing .env to code: https://dotenvx.com/precommit',
  '🔐 prevent building .env in docker: https://dotenvx.com/prebuild',
  '🛠️  run anywhere with `dotenvx run -- yourcommand`',
  '⚙️  specify custom .env file path with { path: \'/custom/path/.env\' }',
  '⚙️  enable debug logging with { debug: true }',
  '⚙️  override existing env vars with { override: true }',
  '⚙️  suppress all logs with { quiet: true }',
  '⚙️  write to custom object with { processEnv: myObject }',
  '⚙️  load multiple .env files with { path: [\'.env.local\', \'.env\'] }'
]

17.0.1 (2025-07-01)

Changed

• Patched injected log to count only populated/set keys to process.env (#879)

17.0.0 (2025-06-27)

Changed

• Default quiet to false - informational (file and keys count) runtime log message shows by default (#875)

16.6.1 (2025-06-27)

Changed

• Default quiet to true – hiding the runtime log message (#874)
• NOTICE: 17.0.0 will be released with quiet defaulting to false. Use config({ quiet: true }) to suppress.
• And check out the new dotenvx. As coding workflows evolve and agents increasingly handle secrets, encrypted .env files offer a much safer way to deploy both agents and code together with secure secrets. Simply switch require('dotenv').config() for require('@dotenvx/dotenvx').config().

16.6.0 (2025-06-26)

Added

• Default log helpful message [[email protected]] injecting env (1) from .env (#870)
• Use { quiet: true } to suppress
• Aligns dotenv more closely with dotenvx.

Commits

• 13bc310 17.1.0
• 0bc76fe add to test coverage
• a43eecf changelog 🪵
• 956638e adjust test
• d559cd6 standard formatting 🧼
• 9b44ff4 adjust tips
• 478d904 add tips around prebuild and precommit
• e2863e6 dim tips
• 9b71dc1 Merge pull request #884 from motdotla/copilot/fix-883
• 8083e59 Remove _getRandomTip from public exports
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

🔭🐙🐈 Test this branch here: https://db-ui.github.io/base/review/dependabot-npm_and_yarn-dotenv-17.1.0