[Snyk] Upgrade next from 12.0.5 to 12.3.7

[q1blue]

Snyk has created this PR to upgrade next from 12.0.5 to 12.3.7.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 282 versions ahead of your current version.

• The recommended version was released 4 months ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Improper Input Validation SNYK-JS-NANOID-8492085	44	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8187303	44	Proof of Concept
	Excessive Platform Resource Consumption within a Loop SNYK-JS-BRACES-6838727	44	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	44	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8172694	44	No Known Exploit
	Information Exposure SNYK-JS-NODEFETCH-2342118	44	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577916	44	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577917	44	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577918	44	Proof of Concept
	Denial of Service (DoS) SNYK-JS-NEXT-2388583	44	No Known Exploit
	User Interface (UI) Misrepresentation of Critical Information SNYK-JS-NEXT-2405694	44	No Known Exploit
	Improper Authorization SNYK-JS-NEXT-9508709	44	Mature
	Information Exposure SNYK-JS-ELLIPTIC-8720086	44	Proof of Concept
	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	44	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	44	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	44	No Known Exploit
	Information Exposure SNYK-JS-NANOID-2332193	44	Proof of Concept

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​next/​swc-android-arm-eabi@​12.3.4
	@​next/​swc-freebsd-x64@​12.3.4
	@​next/​swc-android-arm64@​12.0.5 ⏵ 12.3.4
	@​next/​swc-darwin-arm64@​12.0.5 ⏵ 12.3.4
	@​next/​swc-darwin-x64@​12.0.5 ⏵ 12.3.4
	@​next/​swc-linux-arm-gnueabihf@​12.0.5 ⏵ 12.3.4
	@​next/​swc-linux-arm64-gnu@​12.0.5 ⏵ 12.3.4
	@​next/​swc-linux-arm64-musl@​12.0.5 ⏵ 12.3.4
	@​next/​swc-linux-x64-gnu@​12.0.5 ⏵ 12.3.4
	@​next/​swc-linux-x64-musl@​12.0.5 ⏵ 12.3.4
	@​next/​swc-win32-arm64-msvc@​12.0.5 ⏵ 12.3.4
	@​next/​swc-win32-ia32-msvc@​12.0.5 ⏵ 12.3.4
	@​next/​swc-win32-x64-msvc@​12.0.5 ⏵ 12.3.4
	node-releases@​1.1.77 ⏵ 2.0.1			-29
	@​next/​env@​12.0.5 ⏵ 12.3.7
	tr46@​1.0.1 ⏵ 0.0.3	+1		-27	+1
	escape-string-regexp@​4.0.0
	use-sync-external-store@​1.2.0
	@​swc/​helpers@​0.4.11
	caniuse-lite@​1.0.30001278 ⏵ 1.0.30001727	+1		-24	-1
	next@​12.0.5 ⏵ 12.3.7		+50	+3
	buffer@​5.6.0 ⏵ 5.7.1	+1
	@​babel/​runtime@​7.15.4 ⏵ 7.16.0	+1		+1
	source-map-js@​1.2.1
	json5@​1.0.2 ⏵ 2.2.0	+1	-15	+3
	color-convert@​2.0.1
	nanoid@​3.1.30 ⏵ 3.3.11		+9
	styled-jsx@​5.0.0-beta.3 ⏵ 5.0.7	+1		+1
	webidl-conversions@​4.0.2 ⏵ 3.0.1	+1		-10
	whatwg-url@​7.1.0 ⏵ 5.0.0	+1		-9
See 4 more rows in the dashboard

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click for details)
Warn		caniuse-lite@1.0.30001727 has a License Policy Violation. License: CC-BY-4.0 (npm metadata) License: CC-BY-4.0 (package/LICENSE) License: CC-BY-4.0 (package/package.json) From: yarn.lock → npm/caniuse-lite@1.0.30001727 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/caniuse-lite@1.0.30001727. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report