chore(devdeps): update dependency dotenv to v17.2.3 #406

renovate · 2025-09-05T21:12:25Z

This PR contains the following updates:

Package	Change	Age	Confidence
dotenv	`17.2.0` -> `17.2.3`

Release Notes

motdotla/dotenv (dotenv)

`v17.2.3`

Compare Source

Changed

Fixed typescript error definition (#912)

`v17.2.2`

Compare Source

Added

🙏 A big thank you to new sponsor Tuple.app - the premier screen sharing app for developers on macOS and Windows. Go check them out. It's wonderful and generous of them to give back to open source by sponsoring dotenv. Give them some love back.

`v17.2.1`

Compare Source

Changed

Fix clickable tip links by removing parentheses (#897)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

changeset-bot · 2025-09-05T21:12:30Z

⚠️ No Changeset found

Latest commit: 0a0fc1f

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

nx-cloud · 2025-09-05T21:13:11Z

View your CI Pipeline Execution ↗ for commit 0a0fc1f

Command	Status	Duration	Result
`nx affected -t build typecheck lint test e2e-ci`	❌ Failed	1m 4s	View ↗
`nx-cloud record -- nx format:check`	✅ Succeeded	1s	View ↗

☁️ Nx Cloud last updated this comment at 2025-10-20 15:51:07 UTC

codecov-commenter · 2025-09-05T21:15:35Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 18.75%. Comparing base (6b110df) to head (fa7576a).

❌ Your project status has failed because the head coverage (18.75%) is below the target coverage (40.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #406   +/-   ##
=======================================
  Coverage   18.75%   18.75%           
=======================================
  Files         138      138           
  Lines       27368    27368           
  Branches      951      951           
=======================================
  Hits         5132     5132           
  Misses      22236    22236

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

github-actions · 2025-09-05T21:15:55Z

Deployed 168de56 to https://ForgeRock.github.io/ping-javascript-sdk/pr-406/168de56b8a78a23c1b9139dcd2f7025c5d1f5fba branch gh-pages in ForgeRock/ping-javascript-sdk

github-actions · 2025-09-05T21:16:00Z

📦 Bundle Size Analysis

🚨 Significant Changes

🔻 @forgerock/journey-client - 0.0 KB (-82.0 KB, -100.0%)

📊 Minor Changes

📈 @forgerock/journey-client - 82.0 KB (+0.0 KB)

➖ No Changes

➖ @forgerock/device-client - 9.2 KB
➖ @forgerock/oidc-client - 23.0 KB
➖ @forgerock/protect - 150.1 KB
➖ @forgerock/sdk-utilities - 7.5 KB
➖ @forgerock/sdk-types - 8.0 KB
➖ @forgerock/storage - 1.4 KB
➖ @forgerock/sdk-logger - 1.6 KB
➖ @forgerock/iframe-manager - 2.4 KB
➖ @forgerock/sdk-request-middleware - 4.4 KB
➖ @forgerock/sdk-oidc - 2.5 KB
➖ @forgerock/davinci-client - 34.5 KB

13 packages analyzed • Baseline from latest main build

Legend

🆕 New package
🔺 Size increased
🔻 Size decreased
➖ No change

ℹ️ How bundle sizes are calculated

Current Size: Total gzipped size of all files in the package's dist directory
Baseline: Comparison against the latest build from the main branch
Files included: All build outputs except source maps and TypeScript build cache
Exclusions: .map, .tsbuildinfo, and .d.ts.map files

_{🔄 Updated automatically on each push to this PR}

coderabbitai · 2025-09-23T21:40:48Z

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

pkg-pr-new · 2025-10-03T00:41:44Z

Open in StackBlitz

@forgerock/davinci-client

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/davinci-client@406

@forgerock/oidc-client

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/oidc-client@406

@forgerock/protect

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/protect@406

@forgerock/sdk-types

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-types@406

@forgerock/sdk-utilities

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-utilities@406

@forgerock/iframe-manager

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/iframe-manager@406

@forgerock/sdk-logger

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-logger@406

@forgerock/sdk-oidc

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-oidc@406

@forgerock/sdk-request-middleware

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-request-middleware@406

@forgerock/storage

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/storage@406

commit: fa7576a

nx-cloud

Nx Cloud has identified a possible root cause for your failed CI:

The pull request modifies only the dotenv package version in scratchpad/package.json and the corresponding lock file entries. This is a patch-level dependency update (17.2.0 → 17.2.3) for a development dependency used for environment variable loading.

The failing task @forgerock/davinci-suites:e2e-ci--src/protect.test.ts contains two test failures at lines 42 and 79. Both tests follow the same pattern:

Navigate to a DaVinci flow URL
Fill in username and password credentials
Click the "Sign On" button
Expect to see a message indicating the user was blocked by risk detection

Both tests fail at the assertion that checks for the blocking message visibility. The tests expect to find text matching /Sorry Bot, we cannot let you in this time.|You were blocked by PingOne Risk/ but receive <element(s) not found> after the 5000ms timeout.

The dotenv package is a utility for parsing .env files and loading environment variables. It has no runtime impact on:

Playwright browser automation
Authentication flow logic
Risk detection services
UI rendering or text content

The test failures indicate an issue with the external PingOne Risk service not returning the expected bot-blocking response, or a timing/configuration issue in the test environment. The tests are dependent on external services behaving in a specific way (blocking the authentication attempt), which makes them susceptible to environmental factors.

Since the dependency change cannot affect the authentication flow behavior or the risk service responses, this failure is classified as environmental or flaky rather than caused by the code changes.

A code change would likely not resolve this issue, so no action was taken.

View in Nx Cloud ↗

_{🎓 To learn more about Self Healing CI, please visit nx.dev}

renovate bot added the UPDATE-PATCH label Sep 5, 2025

renovate-approve bot approved these changes Sep 5, 2025

View reviewed changes

renovate bot force-pushed the renovate/dotenv-17.x branch 3 times, most recently from ceb7ebb to adcda60 Compare September 10, 2025 19:08