Upgrade next/webpack

[brandonchinn178]

ssri has a vulnerability:

CVE-2021-27290
high severity
Vulnerable versions: >= 5.2.2, < 8.0.1
Patched version: 8.0.1
ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.

We use this in two places: storybook and next, both of which had webpack as a dependency which transitively uses ssri. Turns out NextJS removed the webpack dependency, which means it pulls from the version of webpack we install. We install webpack 5.28, which uses terser-webpack-plugin 5.1.1, which doesn't seem to use cacache anymore, which is how ssri was being pulled in.

So now, ssri is only pulled in with storybook, which is only for dev

[vercel[bot]]

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/brandonchinn178/worship-mate/GAqquhhHwY2af16keg6F1mUB4hrR
✅ Preview: Canceled

[Deployment for e7de40d canceled]

[codecov[bot]]

Codecov Report

Merging #529 (e7de40d) into main (745ef0d) will not change coverage. The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #529   +/-   ##
=======================================
  Coverage   93.79%   93.79%           
=======================================
  Files          25       25           
  Lines         274      274           
  Branches       32       32           
=======================================
  Hits          257      257           
  Misses         10       10           
  Partials        7        7           

---

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 745ef0d...e7de40d. Read the comment docs.