[Security] Bump next from 8.1.0 to 10.0.4

[dependabot-preview]

Bumps next from 8.1.0 to 10.0.4. This update includes a security fix.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Moderate severity vulnerability that affects next

Impact

• Not affected: Deployments on ZEIT Now v2 (https://zeit.co) are not affected
• Not affected: Deployments using the serverless target
• Not affected: Deployments using next export
• Affected: Users of Next.js below 9.3.2

We recommend everyone to upgrade regardless of whether you can reproduce the issue or not.

Patches

https://github.com/zeit/next.js/releases/tag/v9.3.2

References

https://github.com/zeit/next.js/releases/tag/v9.3.2

Affected versions: < 9.3.2

Release notes

Sourced from next's releases.

v10.0.4

Core Changes

• Ensure next commands respect termination signals: #19433
• Break up the serverless loader into typed handlers: #19511
• fix: Revert #18921 and inline absolute babel runtime only for YarnPnp: #19542
• Fix cloudinary default quality to use q_auto: #19694
• Css optimizations: #16539
• Script loader component: #18281
• Error Message Clarity: #16052
• Update @ampproject/toolbox-optimizer to latest version: #19722
• Making font optimization as default: #19758
• Ensure i18n custom routes resolves correctly : #19766
• Improve way cache version string is created: #19763
• Custom Server with bodyParser, don't parse body again in API Route: #16169
• Ensure trailingSlash redirect applies correctly for i18n: #19859
• Remove aliases that are no longer needed: #19937
• Fix failing Azure tests: #19877
• Clear up production build missing message for next start and next export: #19777
• Fix double-quoted hotlinks in dev error panel: #19974
• Update logo for dark mode: #20047
• Upgrade Terser: #20063
• [Image Component] image sizes property becomes 100vw by default: #20067
• Ensure href resolvedAs is correct with locale: #20080
• Update terser-webpack-plugin to support webpack 4: #20089
• Fix prefetching for URLs including trailing slash: #19474
• Update import to prevent loader from erroring in webpack 5: #20211
• Update font-stylesheet-gathering-plugin to be webpack 5 compatible: #20229
• Add required server files manifest: #20035
• Upgrade http-proxy dependency: #20239
• Added flag to identify shallow router events: #19802
• Move productionBrowserSourceMaps out of experimental: #20267
• Upgrade webpack-bundle-analyzer: #20232
• Extend IncomingMessage type to include cookies from middleware: #19724
• Update experimental profiling: #20357
• temporary: re-flag font optimization: #20372
• Ensure only backslashes are in pages-manifest with i18n: #20376
• Fix webpack 5 terser compat: #20378
• fix: set empty document files for amp first: #16934

Documentation Changes

• Typo: #19475
• Update next export docs to mention i18n caveat: #19491
• Fix grammar in API routes: Introduction: #19385
• Update documentation links: #19502
• Remove mention of the Next.js site repo from docs: #19504
• Update getInitialProps.md: #19506
• Fix typo in image-optimization.md: #19670
• Avoid misleading inline comments in .env example: #19708

Commits

• eeb2838 v10.0.4
• 625d854 v10.0.4-canary.10
• 9c917ab Add note to deployment docs about handling new versions. (#20373)
• c86757b changed ref from 'master' to 'main' branch (#20390)
• 5cabe5e fix: set empty document files for amp first (#16934)
• 64c1f72 Fix webpack 5 terser compat (#20378)
• 788183e Ensure only backslashes are in pages-manifest with i18n (#20376)
• 2a6f481 v10.0.4-canary.9
• 260ab51 temporary: re-flag font optimization (#20372)
• a9f1975 Update experimental profiling (#20357)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

Superseded by #62.