fix: nodemailer - email to an unintended domain can occur due to interpretation conflict. (#15356)

Resolves [Dependabot Alert
289](https://github.com/twentyhq/twenty/security/dependabot/289) and a
couple other alerts.

Removed types for `imapflow` since the package ships them internally
now. `yarn.lock` has major changes due to an upgraded AWS SDK
`@aws-sdk/client-sesv2` which is used by Nodemailer 7.

- No breaking changes were introduced in imapflow and mailparser. 
- Nodemailer's breaking change was dropping the legacy SES transport; we
already use the SMTP transport + our own AWS SES client, so nothing else
needs changing.

package.json

@@ -113,7 +113,6 @@
     "@types/express": "^4.17.13",
     "@types/fs-extra": "^11.0.4",
     "@types/graphql-fields": "^1.3.6",
-    "@types/imapflow": "^1.0.21",
     "@types/inquirer": "^9.0.9",
     "@types/jest": "^30.0.0",
     "@types/lodash.camelcase": "^4.3.7",
@@ -130,7 +129,6 @@
     "@types/lodash.pickby": "^4.6.9",
     "@types/lodash.snakecase": "^4.1.7",
     "@types/lodash.upperfirst": "^4.3.7",
-    "@types/mailparser": "^3.4.6",
     "@types/ms": "^0.7.31",
     "@types/node": "^24.0.0",
     "@types/passport-google-oauth20": "^2.0.11",

packages/twenty-server/package.json

@@ -115,7 +115,7 @@
     "graphql-upload": "13.0.0",
     "graphql-yoga": "4.0.5",
     "html-to-text": "^9.0.5",
-    "imapflow": "1.0.187",
+    "imapflow": "1.1.0",
     "ioredis": "5.6.0",
     "jsdom": "^26.1.0",
     "json-schema": "0.4.0",
@@ -138,12 +138,12 @@
     "lodash.uniq": "^4.5.0",
     "lodash.uniqby": "^4.7.0",
     "lodash.upperfirst": "4.3.1",
-    "mailparser": "3.7.3",
+    "mailparser": "3.7.5",
     "microdiff": "1.4.0",
     "ms": "2.1.3",
     "nest-commander": "^3.19.1",
     "node-ical": "^0.20.1",
-    "nodemailer": "6.9.14",
+    "nodemailer": "^7.0.10",
     "openapi-types": "12.1.3",
     "openid-client": "^5.7.0",
     "otplib": "^12.0.1",
@@ -190,7 +190,6 @@
     "@types/express-session": "^1.18.0",
     "@types/graphql-upload": "^8.0.12",
     "@types/html-to-text": "^9.0.4",
-    "@types/imapflow": "^1.0.21",
     "@types/lodash.chunk": "^4.2.9",
     "@types/lodash.differencewith": "^4.5.9",
     "@types/lodash.isempty": "^4.4.7",
@@ -206,7 +205,7 @@
     "@types/mailparser": "^3.4.6",
     "@types/ms": "^0.7.31",
     "@types/node": "^24.0.0",
-    "@types/nodemailer": "^6.4.17",
+    "@types/nodemailer": "^7.0.3",
     "@types/openid-client": "^3.7.0",
     "@types/passport-google-oauth20": "^2.0.11",
     "@types/passport-jwt": "^3.0.8",

packages/twenty-server/src/engine/core-modules/serverless/drivers/layers/1/package.json

@@ -37,7 +37,7 @@
     "lodash.pickby": "^4.6.0",
     "lodash.snakecase": "^4.1.1",
     "lodash.upperfirst": "^4.3.1",
-    "nodemailer": "^6.9.14",
+    "nodemailer": "^7.0.10",
     "sharp": "^0.33.5",
     "uuid": "^10.0.0",
     "winston": "^3.14.2"

packages/twenty-server/src/engine/core-modules/serverless/drivers/layers/1/yarn.lock

@@ -2325,10 +2325,10 @@ __metadata:
   languageName: node
   linkType: hard
 
-"nodemailer@npm:^6.9.14":
-  version: 6.9.14
-  resolution: "nodemailer@npm:6.9.14"
-  checksum: 10c0/2542986849bc6ec2bf12fb7b72226da0ce9c6a0946216dea020d9eedee3ac1a4eb2413f59772a3ddd4bb9188d5ce859167a030c065719473f71319e052a319dc
+"nodemailer@npm:^7.0.10":
+  version: 7.0.10
+  resolution: "nodemailer@npm:7.0.10"
+  checksum: 10c0/9bb39bde904397879a6394e5202146167cabc3bd4089c1b0255ce16875e721d1cf132afde25a570fc4cf38f159ba6b6b5411d3b9371775543d38343fbd505101
   languageName: node
   linkType: hard
 
@@ -2682,7 +2682,7 @@ __metadata:
     lodash.pickby: "npm:^4.6.0"
     lodash.snakecase: "npm:^4.1.1"
     lodash.upperfirst: "npm:^4.3.1"
-    nodemailer: "npm:^6.9.14"
+    nodemailer: "npm:^7.0.10"
     sharp: "npm:^0.33.5"
     uuid: "npm:^10.0.0"
     winston: "npm:^3.14.2"