build(deps): update dependency next to v12

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
next (source)	11.0.1 -> 12.0.10

---

Release Notes

vercel/next.js

v12.0.10

Compare Source

Core Changes

• fix: image optimizer hangs when invalid image is requested: #​33719
• feat: make compress configurable in standalone mode: #​33717
• fix: allow certain variable names in development: #​33638
• Use swc parse for flight server and client loaders: #​33713
• Properly support custom 500 page in the web server: #​33729
• chore: deprecate process.browser: #​32862
• Improve tests for streaming and server components: #​33740
• fix: fixes #​33314 move is-plain-object for es5 compilation: #​33690
• Add stale-while-revalidate pattern to Image Optimization API: #​33735
• Allow to delete URL search params in middleware rewrites: #​33725
• Ensure all CSS files are included for experimental critical CSS: #​33752
• Ensure non-error thrown in getStaticPaths shows correctly: #​33753
• Fix encoding error with location and refresh headers: #​33763
• Fix duplicate image src causing canceled request: #​33776
• Generate functions manifest: #​33770
• Enable jest hoist transform when using next/jest: #​33731
• fix typo: #​33840
• fix(next/image): render valid html according to W3C: #​33825

Documentation Changes

• Update Time to First Byte (TTFB) link: #​33715
• Changed data fetching file name to overview to fix meta data title: #​33232
• Correct misspelling in testing documentation #​33754: #​33755
• Move custom server note from middleware doc: #​33744
• Fixed duplicate data fetching overview page + links: #​33774
• [docs] Mention SWC in TypeScript documentation.: #​33801
• Testing docs: Comment out optional config that points to a file: #​33827
• Update Content-Security-Policy header usage explanation: #​33833

Example Changes

• Fix with-docker example dockerfile: #​33695
• Added next.config.js with datocms-assets domain in allow list: #​33647
• Fix: broken npm install: #​33767
• [example] Upgrade the with-stripe-typescript example app: #​33761
• Upgrade to @​stitches/react 1.2.6: #​33817
• Doc: fix broken link to api routes doc: #​33836

Misc Changes

• run stale 20 minutes earlier
• fix: use github action instead of bot: #​33718
• fix syntax error in lock.yml
• fix rsc test suite runner: #​33745

Credits

Huge thanks to @​Vienio99, @​balazsorban44, @​kyliau, @​molebox, @​huozhi, @​shuding, @​PepijnSenders, @​krystofex, @​PizzaPete, @​souljuse, @​styfle, @​Schniz, @​Nelsonfrank, @​ijjk, @​Mhmdrza, @​timneutkens, @​hideokamoto-stripe, @​Emrin, @​gr-qft, @​delbaoliveira, @​redbar0n, @​amandeepmittal, @​lxy-yz, and @​Divlo for helping!

v12.0.9

Compare Source

This upgrade is completely backward-compatible and recommended for all users on versions below 12.0.9

Vulnerable code could allow a bad actor to trigger a denial of service attack via the /${locale}/_next/ route for anyone running a Next.js app at version >= 12.0.0, and using built-in i18n routing functionality.

How to Upgrade

• We have released patch versions for both the stable and canary channels of Next.js.
• To upgrade run npm install next@latest --save

Impact

• Affected: All of the following must be true to be affected by this CVE
  • Next.js versions between v12.0.0 and v12.0.9
  • Using next start or a custom server
  • Using the built-in i18n support
• Not affected:
  • Deployments on Vercel (vercel.com) are not affected along with similar environments where invalid requests are filtered before reaching Next.js.

We recommend everyone to upgrade regardless of whether you can reproduce the issue or not.

How to Assess Impact

If your server has seen requests to any route under the prefix /${locale}/_next/ that have triggered a heap overflow error, this was caused by the patched issue.

What is Being Done

As Next.js has grown in popularity and usage by enterprises, it has received the attention of security researchers and auditors. We are thankful to our users for their investigation and responsible disclosure of the original bug.

We've landed a patch that ensures this is handled properly so the requested route no longer crashes and triggers a heap overflow.

Regression tests for this attack were added to the i18n integration test suite

• A public CVE was released.
• We encourage responsible disclosure of future reports. Please email us at [email protected]. We are actively monitoring this mailbox.

Core Changes

• middlewares: limit process.env to inferred usage: #​33186
• update webpack: #​33207
• Abstract out native filesystem usage from the base server: #​33226
• use text data url instead of base64 for shorter encoding: #​33218
• chore(deps): upgrade postcss: #​33142
• Fix global process testing for the process polyfill: #​33220
• Update swc: #​33201
• improve full refresh overlay: #​33301
• Custom app for server components: #​33149
• Update yarn PnP tests and disable swc file reading for PnP: #​33236
• Base Http for BaseServer: #​32999
• Update swc: #​33342
• Update check for fallback pages during export: #​33323
• Pre-compile more dependencies: #​32742
• Remove node fetch polyfill from base server: #​33395
• Replace regexp to plain string for optimization render HTML: #​33306
• Fix broken html on streaming render for error page: #​33399
• Disable cache for rsc pages: #​33438
• Fix pre-compiled check from copying react-refresh-utils: #​33442
• fix(next-swc): Update swc: #​33427
• Move middleware handling to node server: #​33448
• Enforce absolute URLs in Edge Functions runtime: #​33410
• feat(next-swc): Update swc: #​33461
• Update main field for nccd jest-worker: #​33465
• chore(deps): upgrade node-fetch: #​33466
• Move static serving to next server: #​33475
• feat(next-swc): Update swc: #​33485
• Fix multiple calls to image onLoadingComplete(): #​33474
• Refactor base server to remove native dependencies: #​33499
• Update swc: #​33514
• Implement abstract methods to get manifest files in the base server: #​33537
• Simplify getMiddlewareInfo calls: #​33542
• Fix static file check with i18n: #​33503
• Bump styled-jsx: #​33546
• Ensure optional value normalizing is correct for index: #​33547
• Bump nft to 0.17.4: #​33548
• Add next-multilingual example: #​29386
• Removed the s from NextConfig: #​33560
• feat(next-swc): Update swc: #​33595
• Fix rsc export component name detection: #​33608
• upgrade webpack: #​33549
• Ensure fetch polyfill is loaded in next-server: #​33616
• feat(next-swc): Update swc: #​33628
• Add lazyRoot optional property to next/image component : #​33290
• feat(next-swc): Update swc: #​33675
• Implement web server as the request handler for edge SSR: #​33635
• Relay Support in Rust Compiler: #​33240
• Revert "Relay Support in Rust Compiler": #​33699

Documentation Changes

• Fixed broken link related to the recently merged Data fetching docs refactor: #​33209
• Removed backticks on data fetching api titles: #​33216
• Added links to data fetching api refs, fixed title: #​33221
• Remove outdated & possibly confusing statement about redirects: #​33224
• [examples] Add a statically generated blog example using Next.js and Builder.io: #​22094
• Typo Fix: #​33252
• Update font-optimization.md: #​33266
• Fixed broken links in data fetching docs: #​33250
• docs: Mention middleware for getStaticProps: #​33273
• Add sections for Remove React Properties and Remove Console to compiler docs: #​33311
• Update links in next export + next/image error message: #​33317
• Add onLoad gottcha note to next/script docs: #​33097
• Update security-headers.md: fix path does not match homepage: #​33137
• fix minor typo in SWR: #​33378
• ReferenceError in authentication.md example fixed: #​33411
• docs: fix url: #​33409
• fix(docs): Fix typo in Custom Build Id docs: #​33515
• [docs] Update authentication docs to fix iron-session link.: #​33483
• docs(authentication): fix iron-session example link: #​33502
• Update middleware documentation for custom server: #​33535
• Removed unrequired path in docs' manifest: #​33579
• Update next/server documentation for geo: #​33609
• Clarify next/image usage with next export based on feedback.: #​33555
• Clarify headers config option description: #​33484
• fix(errors/no-cache): netlify-plugin-cache-nextjs has been deprecated: #​33629
• Updated docs for getServerSideProps and getStaticProps return values: #​33577
• Use relative path for example: #​33565
• chore(docs): update security headers specification: #​33673
• REMOVE: duplicate key in docs/testing.md: #​33681

Example Changes

• [examples] Update remark dependency for blog-starter: #​33313
• Update package.json for examples/with-supabase-auth-realtime-db: #​33321
• Working example for building forms with Next.js: #​32669
• Updates dependency version of frontend SDK in with-supertokens example: #​33393
• docs: add skynexui to examples: #​33326
• Update with-linaria dependency: #​33487
• Update Supabase example README.: #​33610
• [examples] Add new Tailwind CSS Prettier plugin to example: #​33614

Misc Changes

• Update license year
• fix(docs): master branch renaming: #​33312
• Add link to security email directly.: #​33358
• Fix getServerSideProps hanging in dev on early end: #​33366
• [docs] Fix 404 link for testing example.: #​33407
• Update to latest version of turbo: #​33613
• Update other instances of node-fetch: #​33617

Credits

Huge thanks to @​molebox, @​Schniz, @​sokra, @​kachkaev, @​shuding, @​teleaziz, @​OgbeniHMMD, @​goncy, @​balazsorban44, @​MaedahBatool, @​bennettdams, @​kdy1, @​huozhi, @​hsynlms, @​styfle, @​ijjk, @​callumgare, @​jonrosner, @​karaggeorge, @​rpie3, @​MartijnHols, @​leerob, @​bashunaimiroy, @​NOCELL, @​rishabhpoddar, @​omariosouto, @​hanneslund, @​theMosaad, @​javivelasco, @​pierrenel, @​lobsterkatie, @​tharakabimal, @​vvo, @​saevarb, @​lfades, @​nbouvrette, @​paulnbrd, @​ecklf, @​11koukou, @​renbaoshuo, @​chozzz, @​tbezman, @​karlhorky, @​j-mendez, and @​ffan0811 for helping!

v12.0.8

Compare Source

Core Changes

• Fix no-server-import-in-page eslint rule for subfolder middleware: #​32139
• Create Base Server: #​32154
• Revert support for render prop in <Main />: #​32184
• Refactor FS references in the Base Server: #​32179
• telemetry: collect feature usage for linting during build: #​32022
• Chore/load bindings improvements: #​32191
• fix(NODE_ENV): Warn when launching start or build on development: #​14033
• Fix crash in no-page-custom-font eslint rule when default export is unnamed.: #​32251
• Add docs for leveraging outputStandalone config: #​32255
• Replace raw-body with get-stream and bytes: #​21915
• Update to latest ncc and ensure caniuse-lite data is external : #​32064
• Update swc: #​32210
• Simplify custom Writable: #​32247
• Add shake exports transform to next-swc: #​32253
• Revert "Replace raw-body with get-stream and bytes": #​32305
• Re-open chore(deps): upgrade browserslist: #​32300
• Fix RSC link navigation: #​32303
• Compile escape-string-regexp: #​32310
• Add unstable_useRefreshRoot: #​32342
• Upate swc: #​32365
• fix unstable_useRefreshRoot typing: #​32364
• fix(next-swc/styled-jsx): Fix nth: #​32358
• Rename experimental vital hook: #​32343
• Inline server data response with partial hydration: #​32330
• Update jsx transform of swc: #​32383
• Fix running server with Polyfilled fetch: #​32368
• Fix dynamic routes with pages under index folder: #​32440
• Fixes #​32338 missing Document components trigger an error for production builds: #​32345
• Fixes for inline embedding data in the web runtime: #​32471
• Add vitals and rsc to npm files: #​32472
• fixes to allow lazy compilation for import(): #​32441
• upgrade webpack and watchpack: #​32173
• Update to filter loader specific files from traces: #​32267
• Fix server data cache key: #​32506
• [middleware] Fix hydration for rewrites to dynamic pages: #​32534
• Ensure image-optimizer is traced for standalone mode: #​32522
• Remove unused classnames dependency from react-dev-overlay: #​32487
• next-swc: Emit errors and add tests to next-ssg: #​32254
• Include message body in redirect responses: #​31886
• Prevent NEXT_PHASE env change in workers: #​28941
• Check stack property for page export exceptions: #​32289
• fix(next-swc/styled-jsx): Fix interpolation in media query: #​32490
• Update swc: #​32566
• Add turbo / improve Rust build caching in GitHub Actions: #​31464
• Fix ReadableStream.pipeTo() being unimplemented in the web runtime: #​32602
• Ensure AMP optimizer is only excluded from trace when not used: #​32577
• Upgraded next-env dependencies: #​32613
• Feat/14701 full reload notification: #​28866
• Move fs API for inc cache to node server: #​32604
• Add options to defaultGetInitialProps and upgrade styled-jsx-with-csp example: #​32594
• Fix style.filter on image with placeholder=blur: #​32623
• Fix writing strings to the writable stream writer: #​32637
• fix(next/jest): do not watch .next folder: #​32659
• chore: Update swc: #​32664
• Pre-compile more dependencies: #​32627
• Upgrade react 18 to rc, drop prerelease warning: #​32619
• next-swc: styled-jsx error checking and reporting updated (invalid-styled-jsx-children.md): #​31940
• Fix style reset on image with placeholder=blur: #​32680
• Pre-compile more dependencies continued: #​32679
• web runtime: add AbortController & AbortSignal: #​32089
• Don't swallow test failures caused by POSIX signals: #​32688
• Escape from next head in rsc _error page: #​32624
• fix popstate detection for safari when basepath is present: #​32687
• Bust cache for RSC in each render: #​32710
• Update web runtime externals: #​32717
• Reduce styled-jsx size in client bundle: #​32730
• Bump nft to version 0.17.1: #​32737
• Remove anonymous default export rule from Babel: #​32763
• feat(eslint): allow a for internal url when target="blank" present: #​32780
• fix(eslint-plugin-next): Broken links in eslint output: #​32837
• [ESLint] Adds lint rule to flag usage of <head>: #​32897
• ignore .d.ts files inside pages folder: #​30728
• Fix next/image noscript tag to only render when lazy: #​32918
• Simplify trace span id generation: #​32946
• Move resolve-url-loader into Next.js: #​32932
• fix(router): scroll to top when href="/" and hash already present: #​32954
• Remove un-needed test dependency: #​32616
• Fix issue with escape-string-regexp in IE11: #​32708
• Allow to opt-out from preflight cache: #​32767
• Ensure setImmediate and punycode are polyfilled: #​32768
• Fixes issue with makeStylesheetInert: #​32027
• Reduce install size for linux glibc/musl: #​32850
• Ensure middleware is output in standalone mode: #​32967
• Revert "Reduce install size for linux glibc/musl": #​32973
• feat(cli): introduce next info CLI command: #​32972
• Ensure NODE_ENV is not inlined for next/jest: #​33032
• converted the old tailwind css example to typescript : #​32808
• fix: ensure revalidation error is logged from response-cache: #​32657
• Bump @vercel/nft to 0.17.2: #​33048
• Add util for generating new tests/error documents: #​33001
• Fix middleware at root in standalone mode: #​33053
• Update swc: #​33063
• use a separate webpack runtime for middleware: #​33134
• Allow dependencies to use environment variables in middlewares: #​33141
• next-swc: fix ssg code elimination when used in render: #​32709
• drop dynamic import with ssr: false on server-side: #​32606
• Fix broken yarn pnp: #​32867
• Add util for normalizing errors: #​33159

Documentation Changes

• Fixed Yarn and NPM dev swapped arguments: #​32135
• Removed misleading id's from headings: #​32163
• Details about starting dev server Next.js docs.: #​32002
• Add Umbraco Heartcore blog example: #​21409
• Fix error page doc for no server import in page: #​32164
• Document staticPageGenerationTimeout config: #​32306
• Change using-preact example dependencies and docs: #​30394
• Updated link to Local Images: #​32427
• docs: remove empty example link: #​32439
• Update react version to rc in react-18 doc: #​32473
• doc: update remark import: #​32481
• Include mention of the onError Prop for next/script: #​31945
• Document basePath redirect field for getStaticProps/getServerSideProps: #​32550
• Fix typo in documentation: #​32581
• Add moduleDirectories for TS Jest Config: #​32574
• Added section about router methods returning a promise: #​31341
• Added example for setting cookie before redirect in middleware: #​32542
• chore: convert Jest examples to TypeScript: #​32705
• Update note about .next/static in standalone mode: #​32771
• Fixed syntax error in the example of React Hydration Error: #​32773
• fix: typo: #​32820
• Update the React 18 documentation: #​32896
• doc: add quotes to api: #​32898
• Update lint-staged example to use node.js path: #​30510
• Update scrolling example using query param instead of hash: #​31473
• Updated wrong link to example of gtag init in measuring-performance.md: #​32974
• Update deployment documentation.: #​32006
• Fix link for Next.js Analytics in docs: #​33049
• docs: fix typo in MDX docs: #​33077
• docs: minor text-copy cleanup: #​33120
• No info on environment variables in the src folder (#​33110): #​33136
• Add Caveats section to custom error page: #​33160
• Fixes #​33153: Updating cross-references from master to main + canary: #​33198
• Docs: correct ignorance pattern for .env.local: #​32647
• Refactor data fetching API docs: #​30615

Example Changes

• fix cms-sanity example: #​32182
• Fix issue in auth0 example: #​32293
• Update Next.js version in api rate limits example: #​32326
• Update example for Tailwind v3: #​32339
• chore: remove duplicate example: #​32391
• Updated to working example: #​32256
• Update Dockerfile: #​32299
• Update docker image to leverage output traces: #​32258
• chore(blog-starter): update tailwindcss to v3: #​32398
• fix: setup prismic image host: #​31589
• fix: add .web.jsx extension support in react-native-web example: #​32076
• Update 14-alpine to 16-alpine: #​31777
• chore(blog-starter-typescript): update tailwindcss to v3: #​32579
• Typo fix in comments: #​32609
• This example does not show how to use Jest with TypeScript: #​32633
• Updates with-supertokens example: Fixes init race condition: #​32706
• Add authentication example using Stytch: #​32194
• Update Sentry example readme to mention Next.js 12 support: #​32724
• fix(examples): Update nextjs-graphql-with-prisma-simple example API endpoint: #​32759
• chore(examples): remove duplicate examples: #​32779
• fix(examples): bring with-semantic-ui example up-to-date: #​32805
• fix(examples): update link URL in cms-kontent example: #​32806
• Add id to inline Segment script: #​32878
• Remove un-necessary second yarn install from example Dockerfile: #​32934
• fix(examples): add missing dependencies: #​32977
• Rename api in with-redis example: #​33016
• fix(examples/cms-contentful): add correct Content-Type + missing closing tag for html: #​30321
• Avoid page double render with emotion vanilla: #​30541
• fix: typescript example supporting strict w/ version >= 4.4: #​33042
• [chore] Update deta version in examples: #​30204
• (examples/with-next-translate) Removed Redundancies in Strings: #​29501
• Remove extra config from tailwind example: #​33062
• Adding Asset Component for Rich Text Renderer: #​32503

Misc Changes

• chore: auto close inactive issues without reproduction: #​32214
• Ensure wasm dev artifact uploads even on cache hit: #​32248
• Ensure test wasm does not fail for docs only change: #​32259
• chore: lock version on stale action: #​32262
• Fix styled-jsx tests from swc bump: #​32297
• Update AMP validation tests: #​32327
• Update only fetch all tags for publish commits: #​32337
• Fix flakey next/link react streaming test: #​32351
• test: add wait timeout between clicks for rsc link: #​32376
• test: add timeout for dev entries to avoid hard navigation: #​32476
• chore: lock stale & closed issues sooner
• Added docs issue template: #​32488
• Ensure experimental SWC options invalidate the cache: #​32540
• Edited contribution docs: #​32583
• Update contributing guidelines for examples: #​32584
• Remove unused turbo env vars: #​32588
• Move some img tests out of serverless mode: #​32620
• Disable turbo for build-native temporarily: #​32621
• Add test case for middleware rewrite to fallback: true page: #​32626
• Ensure device IP is used for safari browserstack test: #​32712
• fix: run prettier on with-jest and with-jest-babel examples
• Update readme.md of next-mdx to allow typescript file extensions for pages: #​32830
• chore: decrease stale time before closing issues with no reproduction: #​32955
• Re-enable turbo caching for swc build jobs: #​32617
• fix(ci): Remove unused turbo remote cache env vars: #​33030
• Update next.config.js: #​33091

Credits

Huge thanks to @​arthurfiorette, @​thibautsabot, @​shuding, @​chimit, @​joperron, @​devknoll, @​MaedahBatool, @​kyliau, @​padmaia, @​moh12594, @​rasmusjp, @​balazsorban44, @​molebox, @​bryanrsmith, @​TrySound, @​josharsh, @​kdy1, @​styfle, @​huozhi, @​delbaoliveira, @​PizzaPete, @​thecrypticace, @​arturparkhisenko, @​segheysens, @​thevinter, @​AryanBeezadhur, @​xiaohp, @​tknickman, @​javivelasco, @​oriolcp, @​sokra, @​smakosh, @​ijjk, @​jorrit, @​timneutkens, @​hanneslund, @​mix3d, @​Clecio013, @​michielvangendt, @​intergalacticspacehighway, @​jbraithwaite, @​marcelocarmona, @​benmerckx, @​haykerman, @​steven-tey, @​jaredpalmer, @​pi-guy-in-the-sky, @​JuanM04, @​apollisa, @​D-Pagey, @​jameshfisher, @​rishabhpoddar, @​Kikobeats, @​ramosbugs, @​dan-weaver, @​chris-stytch, @​MikevPeeren, @​janpio, @​emw3, @​nubpro, @​cmdcolin, @​joostdecock, @​sgallese, @​housseindjirdeh, @​minervabot, @​cjboco, @​Ryuurock, @​dm430, @​mkarkachov, @​nvh95, @​gfortaine, @​kumard3, @​zifeo, @​vicente-s, @​Rohithgilla12, @​brookton, @​leerob, @​skirsten, @​davidfateh, @​DavidBabel, @​mannybecerra, @​Schniz, @​glenngijsberts, @​pveyes, @​kaykdm, and @​xhiroga for helping!

v12.0.7

Compare Source

Core Changes

• Add test for TailwindCSS JIT mode reloading: #​32130
• Ensure conf type for createServer is not changed: #​32134

Credits

Huge thanks to @​timneutkens for helping!

v12.0.6

Compare Source

Core Changes

• Fix document type import path: #​32117

v12.0.5

Compare Source

This upgrade is completely backward-compatible and recommended for all users on versions below 12.0.5. A backport of the patch to Next.js 11 is available as 11.1.3.

When a URL is provided to next-server that cannot be parsed, an unhandledPromiseRejection could occur. On Node.js versions < v15.0.0 this isn't a fatal issue as only a warning is shown. However, in Node.js versions > v15.0.0, this causes the server process to exit, which can result in unexpected server crashes.

How to Upgrade

• We have released patch versions for both the stable and canary channels of Next.js.
• To upgrade run npm install next@latest --save

Impact

• Affected: All of the following must be true to be affected
  • Next.js versions above v11.1.0 and below v12.0.5
  • Node.js above v15.0.0 being used
  • Using next start or a custom server
• Not affected: Deployments on Vercel (vercel.com) are not affected along with similar environments where invalid requests are filtered before reaching Next.js.

We recommend everyone to upgrade regardless of whether you can reproduce the issue or not.

How to Assess Impact

If you are running Node.js > v15.0.0 with Next.js, you can filter any server error logs for ERR_INVALID_URL.

What is Being Done

As Next.js has grown in popularity and usage by enterprises, it has received the attention of security researchers and auditors. We are thankful to GitHub user hopeless-programmer-online for their investigation and discovery of the original bug.

We've landed a patch that ensures this is handled properly so the unhandledPromiseRejection issue no longer occurs.

Regression tests for this attack were added to the security integration test suite

• A public CVE is requested.
• We encourage responsible disclosure of future reports. Please email us at [email protected]. We are actively monitoring this mailbox.

---

Core Changes

• Add a swc transform for removal of console.* calls.: #​31449
• Support ESLint v8: #​29865
• fix: allow next lint without eslint-config-next installed: #​29823
• Remove TextEncoder and TextDecoder wrappers: #​31490
• simplify output messages: #​31454
• update webpack: #​31455
• NextResponse: add .json static method: #​31483
• Use _error for development in streaming: #​31466
• Refactor the middleware SSR loader: #​31508
• Add detection for Google-PageRenderer bot: #​31521
• Click-to-open error state for development overlay #​14461: #​21819
• Ensure only one doctype is rendered: #​31534
• Update swc: #​31540
• Add/wasm build: #​31470
• telemetry: track usage of 'optimizeFonts': #​31522
• Make missing Document components an error: #​31505
• Adjust AVIF size so that its smaller than WebP size: #​31494
• Fix unhandled rejection on route change in dev: #​31554
• Re-add native package folders and ensure wasm artifacts are downloaded: #​31561
• Fix HMR for middleware #​30791: #​31548
• Minor simplifications to renderToWebStream: #​31553
• Fix accessing router before ready for HMR ping: #​31588
• Implement SWC port of next-page-disallow-re-export-all-exports: #​31582
• [ESLint] Prevent no-html-link-for-pages from warning for static files: #​31495
• Move root div to an app wrapper: #​31596
• Add types for geo lat and long: #​31624
• Fix non-concurrent function _document: #​31628
• Remove outdated comment about string children being deprecated in next/link: #​30606
• fix(middleware): consider localhost variations: #​31603
• Update swc: #​31639
• Extract next-swc Rust code into its own package: #​31635
• Fix dev router usage before router initializing: #​31632
• avoid mutating response.cookie options: #​31679
• Add cookies and headers for request using in RSC: #​31623
• Remove trace_target env var in favor of .next/trace: #​31697
• Add error link when hydration error occurs: #​31519
• Fix initial compile timing incorrect measurement: #​31733
• Lazily init getStaticPathsWorker: #​31760
• Remove noop import: #​31722
• update webpack: #​31759
• Fix wasm loading: #​31772
• Remove some watcher hacks and update version: #​31768
• Improve and refactor some types: #​31704
• read file in swc when no loaders follow the next-swc-loader: #​31682
• Lazy-load postcss: #​31762
• update webpack: #​31798
• Ensure middleware order is preserved: #​31801
• Refactor sandbox module cache: #​31822
• Fix hydration middleware effects: #​31800
• fix: support function components in _document in no-page-custom-font: #​31560
• Add support for removing React properties.: #​31606
• Include submodules in exported type definition: #​28316
• Move require.resolve into the module scope: #​31799
• fix amp validator message format: #​31018
• Fix auto export condition in edge SSR: #​31845
• bugfix: href value is not defined when typing out the href: #​31813
• Do not load external binding if local was found: #​31853
• fix: rsc headers: #​31854
• Add port and hostname options to Next Server: #​31858
• Fix: Cannot assign to read only property 'children': #​31784
• Fix disabling of built-in CSS support if there is a custom loader: #​31078
• include no-document-import-in-page rule in plugin index: #​31890
• Account for platform/arch not supported by napi-rs: #​31938
• Removng prop writable checking in prod: #​31929
• Enable default functional document when concurrentFeatures is enabled: [#​31954](https://togithub.com/vercel/next.js/issues/319

---

Configuration

📅 Schedule: "before 2am" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.