🚨 [security] Upgrade next: 10.0.9 → 12.0.1 (major)

[depfu]

---

🚨 Your current dependencies have known security vulnerabilities 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!

---

Here is everything you need to know about this upgrade. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ next (10.0.9 → 12.0.1) · Repo

Security Advisories 🚨

🚨 XSS in Image Optimization API for Next.js

Impact

• Affected: All of the following must be true to be affected
  • Next.js between version 10.0.0 and 11.1.0
  • The next.config.js file has images.domains array assigned
  • The image host assigned in images.domains allows user-provided SVG
• Not affected: The next.config.js file has images.loader assigned to something other than default
• Not affected: Deployments on Vercel are not affected

Patches

Next.js v11.1.1

🚨 Open Redirect in Next.js

Impact

• Affected: Users of Next.js between 10.0.5 and 10.2.0
• Affected: Users of Next.js between 11.0.0 and 11.0.1 using pages/_error.js without getInitialProps
• Affected: Users of Next.js between 11.0.0 and 11.0.1 using pages/_error.js and next export
• Not affected: Deployments on Vercel (vercel.com) are not affected
• Not affected: Deployments with pages/404.js

We recommend everyone to upgrade regardless of whether you can reproduce the issue or not.

Patches

https://github.com/vercel/next.js/releases/tag/v11.1.0

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by 28 commits:

• v12.0.1
• v12.0.1-canary.5
• Revert "Make check release job parallel to build job (#30350)" (#30388)
• Fix PerformanceObserver usage for older browsers and CI (#30387)
• v12.0.1-canary.4
• Disable loading of `.swcrc` (#30384)
• Fix exportRuntime and react-18 concurrent tests (#30381)
• Make check release job parallel to build job (#30350)
• lint: remove unused (#30370)
• feat: ignore incremental TS compilation build info (#30362)
• v12.0.1-canary.3
• fix rsc on windows (#30364)
• keep sortedMiddleware intact as it's used by the runtime (#30361)
• Fix typo `currentFeatures` to `concurrentFeatures` (#30356)
• Added warning about trusted domains (#30348)
• Fix lint on react-18 docs (#30354)
• v12.0.1-canary.2
• Fix flight loader parsing (#30345)
• Update SWC OS and CPU fields (#30341)
• fix missed hmr events (#30309)
• Ensure linux-aarch64-musl swc target skips when cached (#30331)
• Clear up confusion around SWC being disabled for Babel while swcMinify is on (#30337)
• Add missing closing quote (#30336)
• v12.0.1-canary.1
• Add new target for middleware (#30299)
• v12.0.1-canary.0
• Add React 18 docs (#30325)
• Update manifest.json

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)

[vercel]

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/joelhooks/next-typescript-tailwind-mdx-starter/2fbNSCxcMqdoZM8TBuFhcHtrAezA
✅ Preview: Failed

[depfu]

Closed in favor of #158.