[Security] Bump next from 8.1.0 to 9.5.2

[dependabot-preview]

Bumps next from 8.1.0 to 9.5.2. This update includes a security fix.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Moderate severity vulnerability that affects next

Impact

• Not affected: Deployments on ZEIT Now v2 (https://zeit.co) are not affected
• Not affected: Deployments using the serverless target
• Not affected: Deployments using next export
• Affected: Users of Next.js below 9.3.2

We recommend everyone to upgrade regardless of whether you can reproduce the issue or not.

Patches

https://github.com/zeit/next.js/releases/tag/v9.3.2

References

https://github.com/zeit/next.js/releases/tag/v9.3.2

Affected versions: < 9.3.2

Release notes

Sourced from next's releases.

v9.5.2

Core Changes

• Fix hot reloader edge case with broken webpack plugins: #15659
• Add additional pageProps check: #15667
• Error overlay should not be dismissable for a server error: #14011
• Strictly type react-dev-overlay: #15669
• Fix wrong asPath on 404: #15728
• [webpack5] Complile for ES5: #15708
• Remove unused error: #15748
• Fix asPath of rewrite without basePath: #15760
• Improve router types: #15775
• Fix dotenv loading with cascading values: #15799
• Solve large portion of webpack 5 deprecation warnings: #15806
• Fix some webpack 5 deprecation warnings: #15797
• Rename exportTrailingSlash to existing trailingSlash property: #15768
• Support persisting the dev cache buster: #15827
• Fix CSS grid-column shorthand syntax: #15848
• Add missing nomodule polyfills and suggest using features only up to ES2019 for browser compatibility: #15772
• Bug fix: Font optimization: #15644
• Progress bar for static build: #15297
• Incremental static generation and regeneration in build output table: #14365
• Add support for fallback: 'blocking': #15672
• fixed issue with runtime-config returning undefined when building or in a development environment: #15777
• Disallow basePath: false for internal routes: #15837
• Run Fast Refresh Loader in Babel Loader: #15851
• Add experimental image post-processing: #15875
• Allow absolute urls in router and Link: #15792
• Enhance module not found error: #15860
• Normalize serverless asPath value: #15914
• Adjust overlay modal padding on mobile: #15915
• Disallow re-export all exports from Next.js pages: #14325
• Delay server start message until it's listening: #15929
• Warn when Fast Refresh is disabled (React <16.10): #15931
• Remove querystring from the client: #15378
• Improve Vercel's badge: #15946
• notify component when route hash changes: #13894
• Added Friendly error for res.redirect 🐝: #15844
• Fix asPath normalizing for non-dynamic pages: #15960
• Make helpers.ts compatible with ie11: #15973
• Bug fix: Font optimization: #15984
• Fix amphtml link rel not respecting basePath: #15949
• Add browser polyfils for Node.js modules (webpack 5 backwards compat): #16022
• Move next-codemod to Next.js monorepo: #15536
• Resolve alias modules: #16033
• Add cli for @next/codemod: #16039
• Do not bundle caniuse-lite: #16048
• upgrade @ampproject/toolbox-optimizer to 2.6.0: #16043
• Do not assign to readonly property in Safari: #16051
• Improvements - Font optimizations: #16031

Commits

• 07df897 v9.5.2
• 1bc63a3 v9.5.2-canary.18
• 4b2a825 Fix with-i18n-rosetta example (#16023)
• 782d27e v9.5.2-canary.17
• 052a9d2 Don’t prevent the browser’s default behavior for Alt key (#16003)
• 378f092 v9.5.2-canary.16
• 2ddfd84 Improvements - Font optimizations (#16031)
• bd70354 v9.5.2-canary.15
• 6d71eef Do not assign to readonly property in Safari (#16051)
• 4a04212 v9.5.2-canary.14
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

Superseded by #40.