[Snyk] Security upgrade next from 12.2.4 to 13.5.0

[t10-13rocket]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Resource Exhaustion SNYK-JS-NEXT-6032387	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: next

The new version differs by 250 commits.

• ffafad2 v13.5.0
• 4a589ed v13.4.20-canary.41
• deb81cf fix styled-jsx alias (#55581)
• 1a9b0f6 improve internal error logging (#55582)
• 0631549 Fix react packages are not bundled for metadata routes (#55579)
• bad5365 Update supported config options for Turbopack (#55556)
• 8881c41 Fix useState function initialiser case for `optimize_server_react` transform (#55551)
• 1025011 Add react-icons to optimizePackageImports (#55572)
• d5c35a1 chore: replace issue triaing actions with `nissuer` (#55525)
• 33c561b Consolidate experimental React opt-in & add `ppr` flag (#55560)
• f630cb8 Add `mui-core` to the default `optimizePackageImports` list (#55554)
• caa9083 chore: Fix heading hierarchy in revalidateTag documentation (#55470)
• d01ab61 v13.4.20-canary.40
• 6123a97 Fix missing trace file and unhandledRejection in ensurePage (#55553)
• b5beb3a Correct spelling in playwright docs (#55557)
• 4c6d4b3 Type Error on Event Type payment_intent webhook (#55493)
• 41c89f0 v13.4.20-canary.39
• 7fe01bb Disable client-only for middleware and pages api layer (#55541)
• e4439b1 chore(third-parties): replace rimraf with rm.mjs (#55547)
• 1b8ce8f Add route groups example to revalidatePath doc (#55543)
• 9697bcd Fix notFound status code with ISR in app (#55542)
• 0338dcd fix next.js own build on windows (#55544)
• 4f98dc6 v13.4.20-canary.38
• 0ddb15b fix: run turbopack in forked process (#55545)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Resource Exhaustion

[pull-request-quantifier-deprecated]

This PR has 2 quantified lines of changes. In general, a change size of upto 200 lines is ideal for the best PR experience!

---

Quantification details

Label      : Extra Small
Size       : +1 -1
Percentile : 0.8%

Total files changed: 1

Change summary by file extension:
.json : +1 -1

Change counts above are quantified counts, based on the PullRequestQuantifier customizations.

Why proper sizing of changes matters

Optimal pull request sizes drive a better predictable PR flow as they strike a
balance between between PR complexity and PR review overhead. PRs within the
optimal size (typical small, or medium sized PRs) mean:

• Fast and predictable releases to production:
  • Optimal size changes are more likely to be reviewed faster with fewer
    iterations.
  • Similarity in low PR complexity drives similar review times.
• Review quality is likely higher as complexity is lower:
  • Bugs are more likely to be detected.
  • Code inconsistencies are more likely to be detected.
• Knowledge sharing is improved within the participants:
  • Small portions can be assimilated better.
• Better engineering practices are exercised:
  • Solving big problems by dividing them in well contained, smaller problems.
  • Exercising separation of concerns within the code changes.

What can I do to optimize my changes

• Use the PullRequestQuantifier to quantify your PR accurately
  • Create a context profile for your repo using the context generator
  • Exclude files that are not necessary to be reviewed or do not increase the review complexity. Example: Autogenerated code, docs, project IDE setting files, binaries, etc. Check out the Excluded section from your prquantifier.yaml context profile.
  • Understand your typical change complexity, drive towards the desired complexity by adjusting the label mapping in your prquantifier.yaml context profile.
  • Only use the labels that matter to you, see context specification to customize your prquantifier.yaml context profile.
• Change your engineering behaviors
  • For PRs that fall outside of the desired spectrum, review the details and check if:
    • Your PR could be split in smaller, self-contained PRs instead
    • Your PR only solves one particular issue. (For example, don't refactor and code new features in the same PR).

How to interpret the change counts in git diff output

• One line was added: +1 -0
• One line was deleted: +0 -1
• One line was modified: +1 -1 (git diff doesn't know about modified, it will
  interpret that line like one addition plus one deletion)
• Change percentiles: Change characteristics (addition, deletion, modification)
  of this PR in relation to all other PRs within the repository.

---

Was this comment helpful? 👍  :ok_hand:  :thumbsdown: (Email)
Customize PullRequestQuantifier for this repository.