theskumar · Apr 7, 2024 · Apr 8, 2024 · Apr 8, 2024 · Apr 29, 2024 · Jul 18, 2024
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
@@ -0,0 +1,18 @@
+# Security Policy
+
+## Supported Versions
+
+| Version   | Supported          |
+| --------- | ------------------ |
+| latest    | :white_check_mark: |
+| 0.x       | :x:                |
+
+## Reporting a Vulnerability
+
+If you believe you have identified a security issue with python-dotenv, please email
+python-dotenv@saurabh-kumar.com. A maintainer will contact you acknowledging the report
+and how to continue.
+
+Be sure to include as much detail as necessary in your report. As with reporting normal
+issues, a minimal reproducible example will help the maintainers address the issue faster.
+If you are able, you may also include a fix for the issue generated with `git format-patch`.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,13 @@
+# Keep GitHub Actions up to date with GitHub's Dependabot...
+# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot
+# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    groups:
+      github-actions:
+        patterns:
+          - "*"  # Group all Actions updates into a single larger pull request
+    schedule:
+      interval: weekly
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -8,9 +8,9 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Set up Python
-      uses: actions/setup-python@v2
+      uses: actions/setup-python@v5
       with:
         python-version: '3.x'
     - name: Install dependencies

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -7,24 +7,28 @@ jobs:
     runs-on: ${{ matrix.os }}
 
     strategy:
+      fail-fast: false
       max-parallel: 8
       matrix:
         os:
           - ubuntu-latest
-        python-version: ["3.8", "3.9", "3.10", "3.11", "3.12", pypy3.9, pypy3.10]
+        python-version:
+          ["3.9", "3.10", "3.11", "3.12", "3.13", pypy3.9, pypy3.10]
 
     steps:
-    - uses: actions/checkout@v4
+      - uses: actions/checkout@v4
 
-    - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v4
-      with:
-        python-version: ${{ matrix.python-version }}
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+          allow-prereleases: true
 
-    - name: Install dependencies
-      run:
-        python -m pip install --upgrade pip
-        pip install tox tox-gh-actions
+      - name: Upgrade pip
+        run: python -m pip install --upgrade pip
 
-    - name: Test with tox
-      run: tox
+      - name: Install dependencies
+        run: pip install tox tox-gh-actions
+
+      - name: Test with tox
+        run: tox
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,12 +5,25 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this
 project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+
+## [1.1.0] - 2025-03-25
+
+**Feature**
+- Add support for python 3.13
+- Enhance `dotenv run`, switch to `execvpe` for better resource management and signal handling ([#523]) by [@eekstunt]
+
+**Fixed**
+- `find_dotenv` and `load_dotenv` now correctly looks up at the current directory when running in debugger or pdb ([#553] by [@randomseed42])
+
+**Misc**
+- Drop support for Python 3.8
+
 ## [1.0.1] - 2024-01-23
 
 **Fixed**
 
 * Gracefully handle code which has been imported from a zipfile ([#456] by [@samwyma])
-* Allow modules using load_dotenv to be reloaded when launched in a separate thread ([#497] by [@freddyaboulton])
+* Allow modules using `load_dotenv` to be reloaded when launched in a separate thread ([#497] by [@freddyaboulton])
 * Fix file not closed after deletion, handle error in the rewrite function ([#469] by [@Qwerty-133])
 
 **Misc**
@@ -317,7 +330,7 @@ project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## 0.5.1
 
--   Fix find\_dotenv - it now start search from the file where this
+-   Fix `find_dotenv` - it now start search from the file where this
     function is called from.
 
 ## 0.5.0
@@ -346,6 +359,8 @@ project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 [#466]: https://github.com/theskumar/python-dotenv/issues/466
 [#454]: https://github.com/theskumar/python-dotenv/issues/454
 [#474]: https://github.com/theskumar/python-dotenv/issues/474
+[#523]: https://github.com/theskumar/python-dotenv/issues/523
+[#553]: https://github.com/theskumar/python-dotenv/issues/553
 
 [@alanjds]: https://github.com/alanjds
 [@altendky]: https://github.com/altendky
@@ -356,6 +371,7 @@ project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 [@cjauvin]: https://github.com/cjauvin
 [@eaf]: https://github.com/eaf
 [@earlbread]: https://github.com/earlbread
+[@eekstunt]: https://github.com/eekstunt
 [@eggplants]: https://github.com/@eggplants
 [@ekohl]: https://github.com/ekohl
 [@elbehery95]: https://github.com/elbehery95
@@ -389,7 +405,7 @@ project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 [@x-yuri]: https://github.com/x-yuri
 [@yannham]: https://github.com/yannham
 [@zueve]: https://github.com/zueve
-
+[@randomseed42]: https://github.com/zueve
 
 [Unreleased]: https://github.com/theskumar/python-dotenv/compare/v1.0.1...HEAD
 [1.0.1]: https://github.com/theskumar/python-dotenv/compare/v1.0.0...v1.0.1

diff --git a/README.md b/README.md
@@ -3,7 +3,7 @@
 [![Build Status][build_status_badge]][build_status_link]
 [![PyPI version][pypi_badge]][pypi_link]
 
-Python-dotenv reads key-value pairs from a `.env` file and can set them as environment
+python-dotenv reads key-value pairs from a `.env` file and can set them as environment
 variables. It helps in the development of applications following the
 [12-factor](https://12factor.net/) principles.
 
@@ -29,20 +29,20 @@ If your application takes its configuration from environment variables, like a 1
 application, launching it in development is not very practical because you have to set
 those environment variables yourself.
 
-To help you with that, you can add Python-dotenv to your application to make it load the
+To help you with that, you can add python-dotenv to your application to make it load the
 configuration from a `.env` file when it is present (e.g. in development) while remaining
 configurable via the environment:
 
 ```python
 from dotenv import load_dotenv
 
-load_dotenv()  # take environment variables from .env.
+load_dotenv()  # take environment variables
 
 # Code of your application, which uses environment variables (e.g. from `os.environ` or
 # `os.getenv`) as if they came from the actual environment.
 ```
 
-By default, `load_dotenv` doesn't override existing environment variables.
+By default, `load_dotenv` doesn't override existing environment variables and looks for a `.env` file in same directory as python script or searches for it incrementally higher up.
 
 To configure the development environment, add a `.env` in the root directory of your
 project:
@@ -201,7 +201,7 @@ empty string.
 
 ### Variable expansion
 
-Python-dotenv can interpolate variables using POSIX variable expansion.
+python-dotenv can interpolate variables using POSIX variable expansion.
 
 With `load_dotenv(override=True)` or `dotenv_values()`, the value of a variable is the
 first of the values defined in the following list:

diff --git a/mkdocs.yml b/mkdocs.yml
@@ -13,13 +13,7 @@ markdown_extensions:
   - mdx_truly_sane_lists
 
 plugins:
-  - mkdocstrings:
-      handlers:
-        python:
-          rendering:
-            show_root_heading: yes
-            show_submodules: no
-            separate_signature: yes
+  - mkdocstrings
   - search
 nav:
   - Home: index.md

diff --git a/setup.cfg b/setup.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 1.0.0
+current_version = 1.1.0
 commit = True
 tag = True
 

diff --git a/setup.py b/setup.py
@@ -4,59 +4,68 @@
 def read_files(files):
     data = []
     for file in files:
-        with open(file, encoding='utf-8') as f:
+        with open(file, encoding="utf-8") as f:
             data.append(f.read())
     return "\n".join(data)
 
 
-long_description = read_files(['README.md', 'CHANGELOG.md'])
+long_description = read_files(["README.md", "CHANGELOG.md"])
 
 meta = {}
-with open('./src/dotenv/version.py', encoding='utf-8') as f:
+with open("./src/dotenv/version.py", encoding="utf-8") as f:
     exec(f.read(), meta)
 
 setup(
     name="python-dotenv",
     description="Read key-value pairs from a .env file and set them as environment variables",
     long_description=long_description,
-    long_description_content_type='text/markdown',
-    version=meta['__version__'],
+    long_description_content_type="text/markdown",
+    version=meta["__version__"],
     author="Saurabh Kumar",
     author_email="me+github@saurabh-kumar.com",
     url="https://github.com/theskumar/python-dotenv",
-    keywords=['environment variables', 'deployments', 'settings', 'env', 'dotenv',
-              'configurations', 'python'],
-    packages=['dotenv'],
-    package_dir={'': 'src'},
+    keywords=[
+        "environment variables",
+        "deployments",
+        "settings",
+        "env",
+        "dotenv",
+        "configurations",
+        "python",
+    ],
+    packages=["dotenv"],
+    package_dir={"": "src"},
     package_data={
-        'dotenv': ['py.typed'],
+        "dotenv": ["py.typed"],
     },
-    python_requires=">=3.8",
+    python_requires=">=3.9",
     extras_require={
-        'cli': ['click>=5.0', ],
+        "cli": [
+            "click>=5.0",
+        ],
     },
     entry_points={
         "console_scripts": [
             "dotenv=dotenv.__main__:cli",
         ],
     },
-    license='BSD-3-Clause',
+    license="BSD-3-Clause",
     classifiers=[
-        'Development Status :: 5 - Production/Stable',
-        'Programming Language :: Python',
-        'Programming Language :: Python :: 3',
-        'Programming Language :: Python :: 3.8',
-        'Programming Language :: Python :: 3.9',
-        'Programming Language :: Python :: 3.10',
-        'Programming Language :: Python :: 3.11',
-        'Programming Language :: Python :: 3.12',
-        'Programming Language :: Python :: Implementation :: PyPy',
-        'Intended Audience :: Developers',
-        'Intended Audience :: System Administrators',
-        'License :: OSI Approved :: BSD License',
-        'Operating System :: OS Independent',
-        'Topic :: System :: Systems Administration',
-        'Topic :: Utilities',
-        'Environment :: Web Environment',
-    ]
+        "Development Status :: 5 - Production/Stable",
+        "Programming Language :: Python",
+        "Programming Language :: Python :: 3",
+        "Programming Language :: Python :: 3.9",
+        "Programming Language :: Python :: 3.10",
+        "Programming Language :: Python :: 3.11",
+        "Programming Language :: Python :: 3.12",
+        "Programming Language :: Python :: 3.13",
+        "Programming Language :: Python :: Implementation :: PyPy",
+        "Intended Audience :: Developers",
+        "Intended Audience :: System Administrators",
+        "License :: OSI Approved :: BSD License",
+        "Operating System :: OS Independent",
+        "Topic :: System :: Systems Administration",
+        "Topic :: Utilities",
+        "Environment :: Web Environment",
+    ],
 )
diff --git a/src/dotenv/cli.py b/src/dotenv/cli.py
@@ -3,8 +3,7 @@
 import shlex
 import sys
 from contextlib import contextmanager
-from subprocess import Popen
-from typing import Any, Dict, IO, Iterator, List
+from typing import Any, Dict, IO, Iterator, List, Optional
 
 try:
     import click
@@ -17,7 +16,7 @@
 from .version import __version__
 
 
-def enumerate_env():
+def enumerate_env() -> Optional[str]:
     """
     Return a path for the ${pwd}/.env file.
 
@@ -161,14 +160,13 @@ def run(ctx: click.Context, override: bool, commandline: List[str]) -> None:
     if not commandline:
         click.echo('No command given.')
         exit(1)
-    ret = run_command(commandline, dotenv_as_dict)
-    exit(ret)
+    run_command(commandline, dotenv_as_dict)
 
 
-def run_command(command: List[str], env: Dict[str, str]) -> int:
-    """Run command in sub process.
+def run_command(command: List[str], env: Dict[str, str]) -> None:
+    """Replace the current process with the specified command.
 
-    Runs the command in a sub process with the variables from `env`
+    Replaces the current process with the specified command and the variables from `env`
     added in the current environment variables.
 
     Parameters
@@ -180,20 +178,13 @@ def run_command(command: List[str], env: Dict[str, str]) -> int:
 
     Returns
     -------
-    int
-        The return code of the command
+    None
+        This function does not return any value. It replaces the current process with the new one.
 
     """
     # copy the current environment variables and add the vales from
     # `env`
     cmd_env = os.environ.copy()
     cmd_env.update(env)
 
-    p = Popen(command,
-              universal_newlines=True,
-              bufsize=0,
-              shell=False,
-              env=cmd_env)
-    _, _ = p.communicate()
-
-    return p.returncode
+    os.execvpe(command[0], args=command, env=cmd_env)