[Security] Bump next from 8.1.0 to 9.5.0

[dependabot-preview]

Bumps next from 8.1.0 to 9.5.0. This update includes a security fix.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Moderate severity vulnerability that affects next

Impact

• Not affected: Deployments on ZEIT Now v2 (https://zeit.co) are not affected
• Not affected: Deployments using the serverless target
• Not affected: Deployments using next export
• Affected: Users of Next.js below 9.3.2

We recommend everyone to upgrade regardless of whether you can reproduce the issue or not.

Patches

https://github.com/zeit/next.js/releases/tag/v9.3.2

References

https://github.com/zeit/next.js/releases/tag/v9.3.2

Affected versions: < 9.3.2

Release notes

Sourced from next's releases.

v9.5.0

Minor Changes

• Fix pages/index.js and pages/index/index.js behavior: #13699
• Use buildManifest to load page JS: #13870
• Enable Optional Catch-All by Default: #14687
• Add no-anon-default-export Babel lint rule: #14519
• Re-enable scroll restoration behind flag: #14046
• Attach previewData to API Route request: #13373
• Add res.redirect response helper: #14705
• Stabilize revalidate: #15338
• Use chunkhash instead of buildId for pages: #13937
• De-experimentalize basePath config: #14283

• De-experimentalize custom-routes: #14602
• Stabilize Trailing Slash API: #15331

Patches

Documentation

• Better NODE_ENV explanation: #13476
• Update AMP validation docs: #13525
• Update environment variables documentation: #13618
• Update links in environment variables documentation: #13621
• Suggest npx over npm init: #13637
• Add missing CMS links: #13683
• Add postcss-preset-env to the warning when customising the PostCSS configuration: #13695
• Use proper Jamstack casing: #13697
• Added React Strict Mode documentation: #13723
• Add supported browsers and features: #13741
• Small wording change (can => have to): #13757
• Update instances of Now to Vercel where applicable: #13760
• Adjust custom polyfill suggestion: #13766
• Add App.getInitialProps example to the TypeScript page: #13785
• Prefer docs site for documentation links in CMS examples: #13826
• Add FAQ section to Built-in CSS Support: #13846
• Small grammar fix.: #14043
• Update custom server docs: #14147
• Update preview-mode.md: #14210
• Add Fast Refresh Documentation: #14273
• Fix typo in fast refresh documentation: #14296
• Docs: update links to docs site: #14305

• [Docs] Focus on useRouter: #14515
• Update the passHref link: #14584
• Updated exportPathMap docs: #14630
• Add basePath documentation: #14882
• Add custom routes docs (rewrites, redirects, headers): #14887
• Change default response code to 307 from 302 in docs: #14947

Commits

• d33dbea v9.5.0
• a3eec3b Update custom webpack config docs to mention existing features (#15517)
• 1ee1516 v9.4.5-canary.45
• ac12c07 Fix peer dependency (#15511)
• 3accce3 v9.4.5-canary.44
• e837c22 Upgrade cssnano-simple dependency (#15488)
• f98e38c Add static tweet link (#15493)
• 2f50f1f Stabilize more tests (#15470)
• d3955cd TypeScript documentation for _document.tsx (#15386)
• ebe4bb1 Upgrade Apollo Client to 3.0 in `examples/api-routes-apollo-server-and-client...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

Superseded by #33.