[Security] Bump next from 8.1.0 to 10.0.0

[dependabot-preview]

Bumps next from 8.1.0 to 10.0.0. This update includes a security fix.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Moderate severity vulnerability that affects next

Impact

• Not affected: Deployments on ZEIT Now v2 (https://zeit.co) are not affected
• Not affected: Deployments using the serverless target
• Not affected: Deployments using next export
• Affected: Users of Next.js below 9.3.2

We recommend everyone to upgrade regardless of whether you can reproduce the issue or not.

Patches

https://github.com/zeit/next.js/releases/tag/v9.3.2

References

https://github.com/zeit/next.js/releases/tag/v9.3.2

Affected versions: < 9.3.2

Release notes

Sourced from next's releases.

v10.0.0

Core Changes

• Add handling for domain to locale mapping: #17771
• Make sure locale detecting is case-insensitive: #17757
• Fix a couple i18n cases: #17805
• Font optimization for webpack 5: #17450
• Allow pages to be async modules to enable top-level-await: #17590
• Update redirect handling for locale domains: #17856
• Image component foundation: #17343
• chore(collect-plugins.ts): removes duplicated entries: #17441
• Resolve to real path before checking for path inequality: #17279
• Handle preferring default locale over accept-lang preferred locale: #17883
• Add locale prop for transitioning locales client side: #17898
• Make sure that params are properly passed to hybrid amp pages: #17461
• Add i18n items to routes manifest: #17893
• Add support for returning 404 from getStaticProps: #17755
• Ensure i18n support with AMP: #17923
• Call Web Vitals reporting at correct time: #17933
• Fix initialRevalidateSeconds manifest field with i18n: #17926
• Add support for Image Optimizer: #17749
• Add missing next/image package file: #17940
• Only load plugins with @next prefix: #17945
• Update default configuration to match image optimization: #17943
• Fix width param name for Image Optimizer: #17952
• Unify config.image.breakpoints to config.image.sizes: #17953
• Improve types for Image Component: #17954
• Add perf data experiment: #17956
• Make sure w parameter is only included when a width is provided.: #17971
• Image component lazy loading: #17916
• Make sure animated assets aren't de-animated by optimizer: #17974
• Fix types for lazy image component: #17984
• Update to postcss-loader 4.0.2.: #17458
• Update handling for relative files in image-optimizer: #17998
• Ensure correct default locale is detected for domain locale: #18046
• Remove multi-host support for image component and support quality pass-through: #18038
• Add width and height props to Image component: #18031
• Ensure root index GSP page's revalidate is recorded: #18053
• Update resolve-url-loader to fix vulnerability: #18064
• Pass locales to getStaticPaths for i18n: #18077
• Add unsized property to Image component: #18059
• Fix css dependency in /_error: #17301
• Move sharp to optionalDependencies: #18068
• Update to PostCSS 8.: #17415
• Update peerdependency to account for React 17: #18089
• Upgrade to Chokidar 3.: #17558
• Upgrade @ampproject/toolbox-optimizer: #18087
• Fix precompiled code: #18093
• Image Component: Support for Akamai image CDN: #18100
• Fix Image component defaults & remove autoOptimize: #18101

Commits

• 118ab79 v10.0.0
• 308ec39 v9.5.6-canary.18
• 9a13dd3 Enable i18n feature flag (#18303)
• 0f25051 Ensure getStaticProps is called for SSG 404 in blocking mode (#18300)
• f7ba546 Fix trailing slash for default image loader (#18298)
• ab0b0a8 Update docs - add default config for images property (#18296)
• 26c438b Record leveraged configs (#18175)
• f773a1a Rename iconSizes to imageSizes, remove size limitation (#18294)
• 774286f update @now/next to @vercel/next (#18246)
• a9984e4 Update example link text (#18286)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

You can always request more updates by clicking Bump now in your Dependabot dashboard.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in the .dependabot/config.yml file in this repo:

• Update frequency
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

The following labels could not be found: dependencies, worktree.

[dependabot-preview]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.