chore: Bump dotenv from 17.3.1 to 17.4.1 (#420)

Bumps [dotenv](https://github.com/motdotla/dotenv) from 17.3.1 to
17.4.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md">dotenv's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/motdotla/dotenv/compare/v17.4.0...v17.4.1">17.4.1</a>
(2026-04-05)</h2>
<h3>Changed</h3>
<ul>
<li>Change text <code>injecting</code> to <code>injected</code> (<a
href="https://redirect.github.com/motdotla/dotenv/pull/1005">#1005</a>)</li>
</ul>
<h2><a
href="https://github.com/motdotla/dotenv/compare/v17.3.1...v17.4.0">17.4.0</a>
(2026-04-01)</h2>
<h3>Added</h3>
<ul>
<li>Add <code>skills/</code> folder with focused agent skills:
<code>skills/dotenv/SKILL.md</code> (core usage) and
<code>skills/dotenvx/SKILL.md</code> (encryption, multiple environments,
variable expansion) for AI coding agent discovery via the skills.sh
ecosystem (<code>npx skills add motdotla/dotenv</code>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Tighten up logs: <code>◇ injecting env (14) from .env</code> (<a
href="https://redirect.github.com/motdotla/dotenv/pull/1003">#1003</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/motdotla/dotenv/commit/48aa216de16846724e7bc80756fd42745116e4aa"><code>48aa216</code></a>
17.4.1</li>
<li><a
href="https://github.com/motdotla/dotenv/commit/e4282b0286703784f4c5f7fda6c0e30739aead77"><code>e4282b0</code></a>
changelog 🪵</li>
<li><a
href="https://github.com/motdotla/dotenv/commit/c540e75d3cfde551865be9bdcb0218fbfffc9229"><code>c540e75</code></a>
Merge pull request <a
href="https://redirect.github.com/motdotla/dotenv/issues/1006">#1006</a>
from motdotla/skills-update</li>
<li><a
href="https://github.com/motdotla/dotenv/commit/5626f9b07e49a353b1fdf35077ea58d1d080cbdc"><code>5626f9b</code></a>
dotenvx skill</li>
<li><a
href="https://github.com/motdotla/dotenv/commit/2411f2a61b0c957b0756942c2d6e4ba572e0fd3d"><code>2411f2a</code></a>
update dotenvx skill</li>
<li><a
href="https://github.com/motdotla/dotenv/commit/1e08a70b6e5a5e55d974a46bca87bd35cf3807e4"><code>1e08a70</code></a>
simplify dotenv skill</li>
<li><a
href="https://github.com/motdotla/dotenv/commit/747f4171feb7364993465915a8cd8929cef0e0cb"><code>747f417</code></a>
Merge pull request <a
href="https://redirect.github.com/motdotla/dotenv/issues/1005">#1005</a>
from motdotla/injected</li>
<li><a
href="https://github.com/motdotla/dotenv/commit/271df30f90869c04c666d8652895a909c097fea7"><code>271df30</code></a>
changelog 🪵</li>
<li><a
href="https://github.com/motdotla/dotenv/commit/3f01a8b61addc4e6978f2c40b0147f6812e2f64b"><code>3f01a8b</code></a>
<code>injecting</code> to <code>injected</code></li>
<li><a
href="https://github.com/motdotla/dotenv/commit/ccc50d50d9e398a0b20355748e710852e1db5d07"><code>ccc50d5</code></a>
update</li>
<li>Additional commits viewable in <a
href="https://github.com/motdotla/dotenv/compare/v17.3.1...v17.4.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dotenv&package-manager=npm_and_yarn&previous-version=17.3.1&new-version=17.4.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

You can trigger a rebase of this PR by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

> **Note**
> Automatic rebases have been disabled on this pull request as it has
been open for over 30 days.

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Abhishek Pillai <pillaiabhishek27@gmail.com>

Author: dependabot[bot]

package-lock.json

@@ -34,7 +34,7 @@
     "ajv": "^8.18.0",
     "async-retry": "^1.3.3",
     "debug": "^4.4.3",
-    "dotenv": "^17.3.1",
+    "dotenv": "^17.4.1",
     "micro": "9.3.4",
     "microrouter": "^3.1.3",
     "serve-handler": "^6.1.7",