next.js

09a38566 - fix: ignore all `.env` files for `create-next-app` by default (#61920)

fix: ignore all `.env` files for `create-next-app` by default (#61920) We've seen too many instances of folks accidentally committing their `.env` files that I feel it's time to make this change. Up until now, Next.js has recommended that you use `.env.local` when working locally to store your environment variables. Some developers do intentionally want to commit their `.env` file without secret values to source control. However, the ecosystem is fragmented on `.local` support. There are tools which require secrets values that do _not_ support `.local` and require using `.env`. This means that it's possible to dump your secret values into a `.env` file and commit to source control, thinking that the defaults would have you covered. This change updates the defaults for `create-next-app` to ignore all `.env` files by default. If you want to commit then, you opt-in by modifying your `.gitignore`, versus the opposite. Related: https://x.com/complexlity/status/1755890800527892716 --------- Co-authored-by: Sam Ko <sam@vercel.com>