deps(deps): bump the node-dependencies group with 3 updates

[dependabot]

Bumps the node-dependencies group with 3 updates: @snazzah/davey, dotenv and nodemailer.

Updates @snazzah/davey from 0.1.6 to 0.1.7

Release notes

Sourced from @​snazzah/davey's releases.

davey-node@0.1.7

Changelog

All notable changes to this project will be documented in this file.

Commits

• c99ba12 chore: fix node publish workflow
• e1ccf96 chore: davey-node@0.1.7
• 6644191 chore: davey@0.0.1-pre.6
• 3ac3765 chore: fix clippy error
• 46e0a6e chore: davey-python@0.1.1
• f25dd72 chore: davey@0.0.1-pre.5
• 505de34 feat: support H264 frame encryption (#3)
• bab1f74 chore: update usage document to allow for multiple transitions
• e23089c chore: davey-python@0.1.0
• 18be61f chore: reformat typings file
• Additional commits viewable in compare view

Updates dotenv from 16.6.1 to 17.2.3

Changelog

Sourced from dotenv's changelog.

17.2.3 (2025-09-29)

Changed

• Fixed typescript error definition (#912)

17.2.2 (2025-09-02)

Added

• 🙏 A big thank you to new sponsor Tuple.app - the premier screen sharing app for developers on macOS and Windows. Go check them out. It's wonderful and generous of them to give back to open source by sponsoring dotenv. Give them some love back.

17.2.1 (2025-07-24)

Changed

• Fix clickable tip links by removing parentheses (#897)

17.2.0 (2025-07-09)

Added

• Optionally specify DOTENV_CONFIG_QUIET=true in your environment or .env file to quiet the runtime log (#889)
• Just like dotenv any DOTENV_CONFIG_ environment variables take precedence over any code set options like ({quiet: false})

# .env
DOTENV_CONFIG_QUIET=true
HELLO="World"

// index.js
require('dotenv').config()
console.log(`Hello ${process.env.HELLO}`)

$ node index.js
Hello World
or
$ DOTENV_CONFIG_QUIET=true node index.js

17.1.0 (2025-07-07)

Added

• Add additional security and configuration tips to the runtime log (#884)
• Dim the tips text from the main injection information text

... (truncated)

Commits

• affe113 17.2.3
• db1ff1f changelog 🪵
• 7063f16 Merge pull request #913 from motdotla/new-tips
• 0bbe72c test against expected tips
• 017951b only run .js tests
• 39eda1f add space back
• fcc030e update tips
• b6c7a0d updated tips - as Dotenvx Radar has been renamed Dotenvx Ops
• b3c8b16 remove unnecessary call to npx
• d6e4c17 Merge pull request #912 from adjerbetian/fix/typescript-error-definition
• Additional commits viewable in compare view

Updates nodemailer from 6.10.1 to 7.0.9

Release notes

Sourced from nodemailer's releases.

v7.0.9

7.0.9 (2025-10-07)

Bug Fixes

• release: Trying to fix release proecess by upgrading Node version in runner (579fce4)

v7.0.8

7.0.8 (2025-10-07)

Bug Fixes

• addressparser: flatten nested groups per RFC 5322 (8f8a77c)

v7.0.7

7.0.7 (2025-10-05)

Bug Fixes

• addressparser: Fixed addressparser handling of quoted nested email addresses (1150d99)
• dns: add memory leak prevention for DNS cache (0240d67)
• linter: Updated eslint and created prettier formatting task (df13b74)
• refresh expired DNS cache on error (#1759) (ea0fc5a)
• resolve linter errors in DNS cache tests (3b8982c)

v7.0.6

7.0.6 (2025-08-27)

Bug Fixes

• encoder: avoid silent data loss by properly flushing trailing base64 (#1747) (01ae76f)
• handle multiple XOAUTH2 token requests correctly (#1754) (dbe0028)
• ReDoS vulnerability in parseDataURI and _processDataUrl (#1755) (90b3e24)

v7.0.5

7.0.5 (2025-07-07)

Bug Fixes

• updated well known delivery service list (fa2724b)

v7.0.4

7.0.4 (2025-06-29)

... (truncated)

Changelog

Sourced from nodemailer's changelog.

7.0.9 (2025-10-07)

Bug Fixes

• release: Trying to fix release proecess by upgrading Node version in runner (579fce4)

7.0.8 (2025-10-07)

Bug Fixes

• addressparser: flatten nested groups per RFC 5322 (8f8a77c)

7.0.7 (2025-10-05)

Bug Fixes

• addressparser: Fixed addressparser handling of quoted nested email addresses (1150d99)
• dns: add memory leak prevention for DNS cache (0240d67)
• linter: Updated eslint and created prettier formatting task (df13b74)
• refresh expired DNS cache on error (#1759) (ea0fc5a)
• resolve linter errors in DNS cache tests (3b8982c)

7.0.6 (2025-08-27)

Bug Fixes

• encoder: avoid silent data loss by properly flushing trailing base64 (#1747) (01ae76f)
• handle multiple XOAUTH2 token requests correctly (#1754) (dbe0028)
• ReDoS vulnerability in parseDataURI and _processDataUrl (#1755) (90b3e24)

7.0.5 (2025-07-07)

Bug Fixes

• updated well known delivery service list (fa2724b)

7.0.4 (2025-06-29)

Bug Fixes

• pools: Emit 'clear' once transporter is idle and all connections are closed (839e286)
• smtp-connection: jsdoc public annotation for socket (#1741) (c45c84f)
• well-known-services: Added AliyunQiye (bb9e6da)

7.0.3 (2025-05-08)

Bug Fixes

... (truncated)

Commits

• 92ae1c4 chore(master): release 7.0.9 (#1769)
• c675d9e Merge branch 'master' of github.com:nodemailer/nodemailer
• 579fce4 fix(release): Trying to fix release proecess by upgrading Node version in runner
• a0a4af1 chore(master): release 7.0.8 (#1768)
• 378d01a chore: upgrade release-please action to v4
• e1f40ee test(addressparser): add comprehensive edge case tests
• 6219754 chore: exclude CHANGELOG.md from prettier formatting
• 8f8a77c fix(addressparser): flatten nested groups per RFC 5322
• ce120a3 chore: migrate npm publishing to trusted publishers with OIDC
• 9357a71 chore(master): release 7.0.7 [skip-ci] (#1761)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for nodemailer since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, javascript. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.