Update dependency next to 12.0.9 [SECURITY] - autoclosed

This PR contains the following updates:

Package	Change
next	`12.0.3` -> `12.0.9`

GitHub Vulnerability Alerts

CVE-2021-43803

Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next start or a custom server. Deployments on Vercel are not affected, along with similar environments where invalid requests are filtered before reaching Next.js. Versions 12.0.5 and 11.1.3 contain patches for this issue.

CVE-2022-21721

Impact

Vulnerable code could allow a bad actor to trigger a denial of service attack for anyone running a Next.js app at version >= 12.0.0, and using i18n functionality.

Affected: All of the following must be true to be affected by this CVE
- Next.js versions above v12.0.0
- Using next start or a custom server
- Using the built-in i18n support
Not affected:
- Deployments on Vercel (vercel.com) are not affected along with similar environments where invalid requests are filtered before reaching Next.js.

Patches

A patch has been released, next@12.0.9, that mitigates this issue. We recommend all affected users upgrade as soon as possible.

Workarounds

We recommend upgrading whether you can reproduce or not although you can ensure /${locale}/_next/ is blocked from reaching the Next.js instance until you upgrade.

For more information

If you have any questions or comments about this advisory:

Open an issue in next
Email us at security@vercel.com

Configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you click the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN using --force I sure hope you know what you are doing.
npm ERR! code EBADPLATFORM
npm ERR! notsup Unsupported platform for @next/swc-darwin-arm64@12.0.9: wanted {"os":"darwin","arch":"arm64"} (current: {"os":"linux","arch":"x64"})
npm ERR! notsup Valid OS:    darwin
npm ERR! notsup Valid Arch:  arm64
npm ERR! notsup Actual OS:   linux
npm ERR! notsup Actual Arch: x64

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate-cache/others/npm/_logs/2022-01-29T00_20_47_918Z-debug.log

ampproject / bentojs.dev