Bajron · Bajron · Apr 4, 2024 · Mar 11, 2024 · Apr 8, 2024 · Apr 29, 2024
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
@@ -0,0 +1,19 @@
+# Security Policy
+
+## Supported Versions
+
+| Version   | Supported          |
+| --------- | ------------------ |
+| latest    | :white_check_mark: |
+| 0.x       | :x:                |
+
+## Reporting a Vulnerability
+
+If you believe you have identified a security issue with Python-dotenv, please email
+python-dotenv@saurabh-kumar.com. A maintainer will contact you acknowledging the report
+and how to continue.
+
+Be sure to include as much detail as necessary in your report. As with reporting normal
+issues, a minimal reproducible example will help the maintainers address the issue faster.
+If you are able, you may also include a fix for the issue generated with `git
+format-patch`.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,13 @@
+# Keep GitHub Actions up to date with GitHub's Dependabot...
+# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot
+# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    groups:
+      github-actions:
+        patterns:
+          - "*"  # Group all Actions updates into a single larger pull request
+    schedule:
+      interval: weekly
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -7,6 +7,7 @@ jobs:
     runs-on: ${{ matrix.os }}
 
     strategy:
+      fail-fast: false
       max-parallel: 8
       matrix:
         os:
@@ -18,14 +19,15 @@ jobs:
     - uses: actions/checkout@v4
 
     - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       with:
         python-version: ${{ matrix.python-version }}
 
+    - name: Upgrade pip
+      run: python -m pip install --upgrade pip
+
     - name: Install dependencies
-      run:
-        python -m pip install --upgrade pip
-        pip install tox tox-gh-actions
+      run: pip install tox tox-gh-actions
 
     - name: Test with tox
       run: tox
diff --git a/README.md b/README.md
@@ -36,13 +36,13 @@ configurable via the environment:
 ```python
 from dotenv import load_dotenv
 
-load_dotenv()  # take environment variables from .env.
+load_dotenv()  # take environment variables
 
 # Code of your application, which uses environment variables (e.g. from `os.environ` or
 # `os.getenv`) as if they came from the actual environment.
 ```
 
-By default, `load_dotenv` doesn't override existing environment variables.
+By default, `load_dotenv` doesn't override existing environment variables and looks for a `.env` file in same directory as python script or searches for it incrementally higher up.
 
 To configure the development environment, add a `.env` in the root directory of your
 project:

diff --git a/src/dotenv/cli.py b/src/dotenv/cli.py
@@ -1,10 +1,8 @@
 import json
 import os
 import shlex
-import shutil
 import sys
 from contextlib import contextmanager
-from subprocess import Popen
 from typing import Any, Dict, IO, Iterator, Tuple
 
 try:
@@ -162,15 +160,15 @@ def run(ctx: click.Context, override: bool, commandline: Tuple[str, ...]) -> Non
     if not commandline:
         click.echo('No command given.')
         exit(1)
-    ret = run_command(commandline, dotenv_as_dict)
-    exit(ret)
+    run_command(commandline, dotenv_as_dict)
 
 
-def run_command(command: Tuple[str, ...], env: Dict[str, str]) -> int:
-    """Run command in sub process.
+def run_command(command: Tuple[str, ...], env: Dict[str, str]) -> None:
+    """Replace the current process with the specified command.
 
-    Runs the command in a sub process with the variables from `env`
-    added in the current environment variables.
+    Replaces the current process with the specified command
+    and the variables from `env` added in the current environment variables.
+    The command is looked up in PATH environement variable (see os.execvpe).
 
     Parameters
     ----------
@@ -181,25 +179,13 @@ def run_command(command: Tuple[str, ...], env: Dict[str, str]) -> int:
 
     Returns
     -------
-    int
-        The return code of the command
+    None
+        This function does not return any value. It replaces the current process with the new one.
 
     """
     # copy the current environment variables and add the vales from
     # `env`
     cmd_env = os.environ.copy()
     cmd_env.update(env)
 
-    # Resolve path in a consistent way
-    app = shutil.which(command[0])
-    if app is not None:
-        command = (app,) + command[1:]
-
-    p = Popen(command,
-              universal_newlines=True,
-              bufsize=0,
-              shell=False,
-              env=cmd_env)
-    _, _ = p.communicate()
-
-    return p.returncode
+    os.execvpe(command[0], args=command, env=cmd_env)
diff --git a/src/dotenv/main.py b/src/dotenv/main.py
@@ -413,7 +413,9 @@ def load_dotenv(
         Bool: True if at least one environment variable is set else False
 
     If both `dotenv_path` and `stream` are `None`, `find_dotenv()` is used to find the
-    .env file.
+    .env file with it's default parameters. If you need to change the default parameters
+    of `find_dotenv()`, you can explicitly call `find_dotenv()` and pass the result
+    to this function as `dotenv_path`.
     """
     if dotenv_path is None and stream is None:
         dotenv_path = find_dotenv()