Update dotenv peer dependency version

[ham7a7]

Update dotenv peer dependency version

why

The previous version causes conflicts with the new version projects

what changed

dotenv dependency version from "^16.4.5" to "^17.2.3"

test plan

---

Summary by cubic

Updated dotenv peer dependency to ^17.2.3 to prevent conflicts with projects using dotenv v17. Ensures the core package remains compatible and resolves peers correctly.

^{Written for commit 4800f0d. Summary will update automatically on new commits.}

[changeset-bot]

⚠️ No Changeset found

Latest commit: 4800f0d

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[cubic-dev-ai]

No issues found across 1 file

[greptile-apps]

Greptile Overview

Greptile Summary

Updated dotenv peer dependency from ^16.4.5 to ^17.2.3 to resolve version conflicts with newer projects.

Key Changes

• Version bump addresses compatibility issues reported in the PR description
• Dotenv v17 introduces a breaking change: the quiet option now defaults to false, meaning runtime log messages will be displayed by default

Considerations

• The dotenv v17.2.3 package exists and is compatible with the existing Node.js version requirement (>=12)
• The codebase uses dotenv.config() without explicit quiet options in multiple places, so users may see new console output like [[email protected]] injecting env (1) from .env
• Other workspace packages (packages/server and packages/evals) still use dotenv v16.4.5, which may need updating for consistency

Confidence Score: 2/5

• This PR introduces a behavioral change that may produce unexpected console output in production
• The version update is valid but includes a breaking change where dotenv v17 shows runtime logs by default. While not a critical issue, this could create unexpected console output in multiple places across the codebase where dotenv.config() is called without the quiet option.
• Pay attention to packages/core/package.json - the dotenv v17 upgrade changes default logging behavior

Important Files Changed

File Analysis

Filename	Score	Overview
packages/core/package.json	2/5	Updated dotenv peer dependency from ^16.4.5 to ^17.2.3; breaking change: v17 defaults quiet to false (shows runtime logs)

Sequence Diagram

sequenceDiagram
    participant App as Application Code
    participant Dotenv as dotenv v17.2.3
    participant Env as process.env
    participant Console as Console Output
    
    App->>Dotenv: dotenv.config()
    Note over Dotenv: quiet defaults to false in v17
    Dotenv->>Env: Load .env variables
    Dotenv->>Console: [[email protected]] injecting env (N) from .env
    Dotenv-->>App: Return config result
    
    Note over App,Console: Previously (v16): No console output by default
    Note over App,Console: Now (v17): Runtime logs shown by default

Loading

[greptile-apps]

Additional Comments (1)

1. packages/core/package.json, line 42 (link)

   style: Dotenv v17 changes default behavior: quiet now defaults to false, showing runtime log messages like [[email protected]] injecting env (1) from .env by default. Consider calling dotenv.config({ quiet: true }) if you want to suppress these logs.

_{1 file reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}