Skip to content

fix(deps): update dependency @dotenvx/dotenvx to v2#641

Open
renovate[bot] wants to merge 2 commits into
mainfrom
renovate/dotenvx-dotenvx-2.x
Open

fix(deps): update dependency @dotenvx/dotenvx to v2#641
renovate[bot] wants to merge 2 commits into
mainfrom
renovate/dotenvx-dotenvx-2.x

Conversation

@renovate

@renovate renovate Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
@dotenvx/dotenvx ^1.75.1^2.0.0 age confidence

Release Notes

dotenvx/dotenvx (@​dotenvx/dotenvx)

v2.0.0

Compare Source

Changed
  • BREAKING: lib/main#set async only (#​855)
  • BREAKING: lib/main#get async only (#​855)
  • New keyring support - for local and armor providers and to unlock future providers (#​855)
  • Route run, config, and get through shared env and keypair resolvers backed by @dotenvx/primitives (#​855)
  • Route set, encrypt, and decrypt through shared transforms that operate on primitive scan, parse, encrypt, and upsert results (#​855)
  • Update library parse to use primitive parsing while preserving dotenvx-style encrypted value errors (#​855)
Removed
  • BREAKING: Remove the rotate command (it will return in 2.1 or 2.2 soon with a more complete implementation for local and armored keys) (#​855)
  • BREAKING: Remove the library doctor, keypair, and genexample exports from lib/main (#​855)

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.


Note

Low Risk
Dependency-only change with CLI usage unchanged; v2 breaking changes apply to programmatic APIs not used here. Lockfile churn may affect transitive builds but not app logic.

Overview
Bumps @dotenvx/dotenvx from ^1.75.1 to ^2.0.0 in the root package.json and refreshes pnpm-lock.yaml (including @dotenvx/primitives 1.7.0 and assorted transitive bumps such as Vue 3.5.39, @vueuse/core 14.3.0, and OpenTelemetry alignment).

There are no application source changes; env loading still goes through the existing apply:env script (dotenvx run -f .env -f .env.local ...), not the dotenvx programmatic API.

dotenvx v2 introduces breaking library behavior (async-only get/set, removed rotate and some lib/main exports). That matters only if the repo later imports those APIs; the current CLI-based workflow is the typical upgrade path for this project.

Reviewed by Cursor Bugbot for commit 1b0072e. Bugbot is set up for automated code reviews on this repo. Configure here.

@renovate renovate Bot added the dependencies Pull requests that update a dependency file label Jun 30, 2026
@renovate

renovate Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants