[Security] Bump next from 8.1.0 to 10.0.1

[dependabot-preview]

Bumps next from 8.1.0 to 10.0.1. This update includes a security fix.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Moderate severity vulnerability that affects next

Impact

• Not affected: Deployments on ZEIT Now v2 (https://zeit.co) are not affected
• Not affected: Deployments using the serverless target
• Not affected: Deployments using next export
• Affected: Users of Next.js below 9.3.2

We recommend everyone to upgrade regardless of whether you can reproduce the issue or not.

Patches

https://github.com/zeit/next.js/releases/tag/v9.3.2

References

https://github.com/zeit/next.js/releases/tag/v9.3.2

Affected versions: < 9.3.2

Release notes

Sourced from next's releases.

v10.0.1

Core Changes

• Add err.sh for missing images domain: #18325
• Unlazify images if no intersection observer found: #18345
• Add err.sh for image config errors: #18424
• Add err.sh for i18n config errors: #18425
• Ensure custom routes handling with i18n: #18427
• Ensure i18n context values are provided for blocking 404: #18513
• Add layout prop to Image component: #18491
• Deprecate Image unsized property and add layout="fill": #18562
• Add all deviceSizes to srcset for responsive and fill: #18594
• Avoid calling setState in callback ref: #18589
• Ensure correct params are used with i18n revalidation: #18569
• Fix image format for Safari and old browsers: #18646
• Update 3rd party image loaders to prevent upscaling: #18647
• fix: add missing dot to https://err.sh/nextjs: #18652
• Remove the static optimization indicator: #18629
• Rotate image from EXIF data: #18687
• Ensure preload works correctly with locale option: #18511
• Ensure html lang is updating on locale transition: #18699
• Ensure getStaticProps isn't called without params with i18n: #18702
• Ensure localeDetection: false doesn't detect from header: #18695
• Allow passing statusCode for GS(S)P redirect: #18422
• Ensure correct locale is used for non-prefixed path: #18708
• Ensure locale is added/stripped correctly: #18712
• Update default widths configuration to handle 2x/3x DPI: #18717
• Ensure multi-level basePath works properly: #18715
• Fix dynamic css unloading: #17173
• Prevent Next.js from removing all of its styles on hydration: #18723
• Ensure redirect from GS(S)P doesn't render: #18749

Documentation Changes

• Fix docs default config values: #18319
• Update docs with details for cached images: #18399
• Update image optimization docs to include blog details: #18401
• docs: Add description to i18n-routing: #18438
• Update install-sharp.md: #18508
• docs: fix missing comma in invalid redirect gssp: #18580
• Update redirect and notFound GS(S)P documentation: #18690
• Add documentation for localeDetection: false: #18696
• Update Gatsby migration guide to include next/image.: #18741

Example Changes

• fix: Order moduleFileExtensions left-to-right: #18328
• Tweak Image Optimization URL in example: #18355
• remove unneeded deps & updated example: #17651
• Fix GSP page titles in i18n-routing example: #18465

Commits

• 3c33794 v10.0.1
• d4a92d9 Update example for Image Component (#18762)
• 89a3249 v10.0.1-canary.7
• f791577 Ensure redirect from GS(S)P doesn't render (#18749)
• b87b2d4 add rewrites in storybook preset (#18364)
• 44ea598 Update next-translate example to support Next 10 with i18n routing (#18480)
• 4620dcc Update Gatsby migration guide to include next/image. (#18741)
• 27d7b76 Prevent Next.js from removing all of its styles on hydration (#18723)
• b1503e1 Fix dynamic css unloading (#17173)
• 56bd464 v10.0.1-canary.6
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

Superseded by #53.