python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback
set_key() and unset_key() in python-dotenv follow symbolic links when rewriting .env files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when a cross-device rename fallback is triggered.