[Security] Bump next from 8.1.0 to 9.5.3

[dependabot-preview]

Bumps next from 8.1.0 to 9.5.3. This update includes a security fix.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Moderate severity vulnerability that affects next

Impact

• Not affected: Deployments on ZEIT Now v2 (https://zeit.co) are not affected
• Not affected: Deployments using the serverless target
• Not affected: Deployments using next export
• Affected: Users of Next.js below 9.3.2

We recommend everyone to upgrade regardless of whether you can reproduce the issue or not.

Patches

https://github.com/zeit/next.js/releases/tag/v9.3.2

References

https://github.com/zeit/next.js/releases/tag/v9.3.2

Affected versions: < 9.3.2

Release notes

Sourced from next's releases.

v9.5.3

Core Changes

• Add codemod documentation: #16067
• Remove tslint disables: #16116
• Strongly type PageLoader: #16132
• Strongly type Head Manager: #16144
• Improve page loader types: #16145
• Dedupe ComponentRes type: #16148
• Remove unused router method: #16149
• Add initial handling for dynamic route href resolving and rewrites on the client: #15231
• Reduce router code: #16159
• Convert performance relayer to TypeScript: #16161
• Convert next/client to TypeScript: #16167
• Remove unused dependency: #16168
• Share NEXT_DATA type instead of recreating it: #16174
• Modify low priority files in manifest: #16181
• fix: add missing dependency caniuse-lite: #16091
• Refactor files: #16184
• Update rewrite params query appending: #16189
• Update to Terser 5: #16194
• Make css-minimizer compatible with webpack 5: #16250
• Fix data URL with root-catchall and basePath: #16263
• Handle cases where config is exported after its declaration: #16211
• ci: add pnp test: #16255
• Update stylesheets on page navigation: #16126
• Fix forEach error in CSS commit in ie11: #16282
• Allow React experimental version without warning: #16140
• Add experimental webpack 5 cache option: #16307
• Fix old TypeScript version compatibility: #16288
• Replace broken prop-types-exact package: #15953
• Force browser to recompute layout on page nav: #16318
• Add <link> attributes in proper order: #16319
• Add at attribute to image preload link: #16328
• Fix IE11 CSS Compatibility: #16336
• Make loadPage track success of script loading: #16334
• Normalize request URL/asPath for fallback SSG pages: #16352
• Reduce filesystem lookups during bootup: #16354
• Fix basePath and public folder check ending routes early: #16356
• Fix page checking failing with trailingSlash: #16362
• Add serialization for mini-css-plugin webpack 5 caching: #16379
• Correct comment on --help: #16391
• Fix mini-css-plugin webpack 5 deprecation warnings: #16390
• Add debug flag for extra build output: #16399
• Warn on duplicate Sass deps: #16398
• Ensure unknown static paths 404 for data request: #16401
• AMP compatibility for Font optimization: #16208
• Solve last mini-css-plugin webpack 5 warning: #16447
• Fix optional catch-all /index revalidate params: #16451
• Do not alias Node modules for webpack 4: #16452

Commits

• b6df810 v9.5.3
• 48ce4de v9.5.3-canary.27
• e34e5e0 Revert #14580 (#16757)
• 808d6b9 [EXAMPLE] with-framer-motion: fix broken images (#16714)
• 1c45f70 [test] Update hydration marker for React 17 (#16756)
• d20dbd6 Export return type for GetStaticPaths (#16580)
• d59f12c v9.5.3-canary.26
• 91a50d3 Revert "fix: Promise.prototype.finally is object (#16620)" (#16753)
• f921b4f Auto enable React's new JSX transform on 17.x (#16603)
• 6f60a22 fix: fix hashing algo and locale value hydration (#16692)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

Superseded by #44.