[Security] Bump next from 8.1.0 to 10.0.2

[dependabot-preview]

Bumps next from 8.1.0 to 10.0.2. This update includes a security fix.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Moderate severity vulnerability that affects next

Impact

• Not affected: Deployments on ZEIT Now v2 (https://zeit.co) are not affected
• Not affected: Deployments using the serverless target
• Not affected: Deployments using next export
• Affected: Users of Next.js below 9.3.2

We recommend everyone to upgrade regardless of whether you can reproduce the issue or not.

Patches

https://github.com/zeit/next.js/releases/tag/v9.3.2

References

https://github.com/zeit/next.js/releases/tag/v9.3.2

Affected versions: < 9.3.2

Release notes

Sourced from next's releases.

v10.0.2

Core Changes

• Fix router not working on some protocol: #16650
• Remove @babel/preset-modules: #18759
• Typo in err.sh url nextjs instead of next.js: #18787
• Omit ignored property from to prevent confusion: #18796
• Update Image docs with links to examples: #18770
• Print error when Image src is protocol-relative: #18809
• Disable image optimization for Data URLs: #18804
• ncc inlining optimizations: #18752
• Ensure redirects are handled properly from cache: #18806
• Update ncc: #18823
• tests(create-next-app): increase coverage: #18630
• Speed up SSG prefetching: #18813
• Make getInlineScriptSource arg Readonly: #17281
• Upgrade browserslist: #17662
• ncc Babel inlining: #18768
• (docs) Add format to notFound for consistency: #18363
• Add props objectFit and objectPosition to Image component: #18849
• Fix chromedriver set-up to test electron separately: #18854
• yarn dev regression fix, ncc revert: #18861
• Fix lazy loaded images on IE 11 when no IntersectionObserver detected: #18868
• Ensure we prefetch on hover: #18859
• ncc 0.25.0 upgrade and fixes: #18873
• Upgrade cssnano: #18879
• Load CSS early instead of only preloading: #18846
• Ensure correct target is used for ncc'ing web-vitals: #18905
• Control prefetching with React: #18904
• Fix redirect query handling for param like values: #17448
• Fix html validation for Image component: #18903
• Ensure auto-export dynamic routes work with i18n next start: #18930
• Export ImageProps from Image component: #18576
• Fix false positive in isSerializable with shared references in arrays: #18232
• Upgrade sass-loader to 10.0.5: #18972
• Add etag header to optimized image response: #18986
• Remove next-head-count: #16758
• Fixed wrong function name in error message: #19034
• Ensure correct defaultLocale is provided for locale domain: #19040
• Ensure basePath behavior with GS(S)P redirect: #18988
• Update chokidar to latest: #18995
• fix(next): resolve absolute path to @babel/runtime: #18921
• Print error during next export with default image loader: #19032
• Replace page loader with new route loader: #19006
• Ensure params and locale are parsed correctly in fallback mode: #19063
• Add test and errsh for mixed notFound/redirect error: #19076
• Add experimental Next.js plugin version locking: #19084
• Ensure i18n with basePath works properly: #19083
• Upgrade use-subscription for React 16/17 bicompat: #19087
• Adjust how CSS files are fetched: #19091

Commits

• ce5d9c8 v10.0.2
• c3293b7 Fix docs about the return of getStaticProps on basic-features/pages (#19267)
• b955268 Update next/link docs to not include example without href (#19247)
• 0f5db2a Fix link to developer plan in Kontent example (#19265)
• 5e5f206 v10.0.2-canary.20
• ca590c4 Ensure i18n + trailingSlash: true handles correctly (#19149)
• 2750880 v10.0.2-canary.19
• 99e10a0 Ensure data prefetch for default locale is correct (#19085)
• ab0e274 Upgrade styled-jsx (#19241)
• c283442 Update 1.Bug_report.md
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

Superseded by #56.