diff --git a/package.json b/package.json
index c4123bf..3aa7cc6 100644
--- a/package.json
+++ b/package.json
@@ -43,7 +43,7 @@
     "clsx": "^2.1.1",
     "concurrently": "^9.1.2",
     "declarative-routing": "^0.1.20",
-    "dotenv": "^16.4.7",
+    "dotenv": "^17.0.0",
     "drizzle-orm": "^0.44.0",
     "eslint-plugin-drizzle": "^0.2.3",
     "lucide-react": "^0.554.0",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 57db74a..c3e4225 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -63,8 +63,8 @@ importers:
         specifier: ^0.1.20
         version: 0.1.20
       dotenv:
-        specifier: ^16.4.7
-        version: 16.6.1
+        specifier: ^17.0.0
+        version: 17.2.3
       drizzle-orm:
         specifier: ^0.44.0
         version: 0.44.7(better-sqlite3@12.4.1)(gel@2.0.1)(kysely@0.28.8)(postgres@3.4.7)
@@ -2492,8 +2492,8 @@ packages:
     resolution: {integrity: sha512-35mSku4ZXK0vfCuHEDAwt55dg2jNajHZ1odvF+8SSr82EsZY4QmXfuWso8oEd8zRhVObSN18aM0CjSdoBX7zIw==}
     engines: {node: '>=0.10.0'}
 
-  dotenv@16.6.1:
-    resolution: {integrity: sha512-uBq4egWHTcTt33a72vpSG0z3HnPuIl6NqYcTrKEg2azoEyl2hpW0zqlxysq2pK9HlDIHyHyakeYaYnSAwd8bow==}
+  dotenv@17.2.3:
+    resolution: {integrity: sha512-JVUnt+DUIzu87TABbhPmNfVdBDt18BLOWjMUFJMSi/Qqg7NTYtabbvSNJGOJ7afbRuv9D/lngizHtP7QyLQ+9w==}
     engines: {node: '>=12'}
 
   drizzle-kit@0.31.7:
@@ -3448,6 +3448,7 @@ packages:
   next@15.5.6:
     resolution: {integrity: sha512-zTxsnI3LQo3c9HSdSf91O1jMNsEzIXDShXd4wVdg9y5shwLqBXi4ZtUUJyB86KGVSJLZx0PFONvO54aheGX8QQ==}
     engines: {node: ^18.18.0 || ^19.8.0 || >= 20.0.0}
+    deprecated: This version has a security vulnerability. Please upgrade to a patched version. See https://nextjs.org/blog/CVE-2025-66478 for more details.
     hasBin: true
     peerDependencies:
       '@opentelemetry/api': ^1.1.0
@@ -6728,7 +6729,7 @@ snapshots:
     dependencies:
       esutils: 2.0.3
 
-  dotenv@16.6.1: {}
+  dotenv@17.2.3: {}
 
   drizzle-kit@0.31.7:
     dependencies: