bump(deps): update dependency next to v14.2.10 [security] (#331)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [next](https://nextjs.org)
([source](https://redirect.github.com/vercel/next.js)) | [`14.2.3` ->
`14.2.10`](https://renovatebot.com/diffs/npm/next/14.2.3/14.2.10) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/next/14.2.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/next/14.2.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/next/14.2.3/14.2.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/next/14.2.3/14.2.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2024-46982](https://redirect.github.com/vercel/next.js/security/advisories/GHSA-gp8f-8m3g-qvj9)

### Impact

By sending a crafted HTTP request, it is possible to poison the cache of
a non-dynamic server-side rendered route in the pages router (this does
not affect the app router). When this crafted request is sent it could
coerce Next.js to cache a route that is meant to not be cached and send
a `Cache-Control: s-maxage=1, stale-while-revalidate` header which some
upstream CDNs may cache as well.

To be potentially affected all of the following must apply: 

- Next.js between 13.5.1 and 14.2.9
- Using pages router
- Using non-dynamic server-side rendered routes e.g.
`pages/dashboard.tsx` not `pages/blog/[slug].tsx`

The below configurations are unaffected:

- Deployments using only app router
- Deployments on [Vercel](https://vercel.com/) are not affected

### Patches

This vulnerability was resolved in Next.js v13.5.7, v14.2.10, and later.
We recommend upgrading regardless of whether you can reproduce the issue
or not.

### Workarounds

There are no official or recommended workarounds for this issue, we
recommend that users patch to a safe version.

#### Credits

- Allam Rachid (zhero_)
- Henry Chen

####
[CVE-2024-47831](https://redirect.github.com/vercel/next.js/security/advisories/GHSA-g77x-44xx-532m)

### Impact
The image optimization feature of Next.js contained a vulnerability
which allowed for a potential Denial of Service (DoS) condition which
could lead to excessive CPU consumption.

**Not affected:**
- The `next.config.js` file is configured with `images.unoptimized` set
to `true` or `images.loader` set to a non-default value.
- The Next.js application is hosted on Vercel. 

### Patches
This issue was fully patched in Next.js `14.2.7`. We recommend that
users upgrade to at least this version.

### Workarounds
Ensure that the `next.config.js` file has either `images.unoptimized`,
`images.loader` or `images.loaderFile` assigned.

#### Credits
Brandon Dahler (brandondahler), AWS
Dimitrios Vlastaras

---

### Release Notes

<details>
<summary>vercel/next.js (next)</summary>

###
[`v14.2.10`](https://redirect.github.com/vercel/next.js/compare/v14.2.9...v14.2.10)

[Compare
Source](https://redirect.github.com/vercel/next.js/compare/v14.2.9...v14.2.10)

###
[`v14.2.9`](https://redirect.github.com/vercel/next.js/compare/v14.2.8...v14.2.9)

[Compare
Source](https://redirect.github.com/vercel/next.js/compare/v14.2.8...v14.2.9)

###
[`v14.2.8`](https://redirect.github.com/vercel/next.js/compare/v14.2.7...v14.2.8)

[Compare
Source](https://redirect.github.com/vercel/next.js/compare/v14.2.7...v14.2.8)

###
[`v14.2.7`](https://redirect.github.com/vercel/next.js/compare/v14.2.6...v14.2.7)

[Compare
Source](https://redirect.github.com/vercel/next.js/compare/v14.2.6...v14.2.7)

###
[`v14.2.6`](https://redirect.github.com/vercel/next.js/compare/v14.2.5...v14.2.6)

[Compare
Source](https://redirect.github.com/vercel/next.js/compare/v14.2.5...v14.2.6)

###
[`v14.2.5`](https://redirect.github.com/vercel/next.js/compare/v14.2.4...v14.2.5)

[Compare
Source](https://redirect.github.com/vercel/next.js/compare/v14.2.4...v14.2.5)

###
[`v14.2.4`](https://redirect.github.com/vercel/next.js/releases/tag/v14.2.4)

[Compare
Source](https://redirect.github.com/vercel/next.js/compare/v14.2.3...v14.2.4)

> \[!NOTE]\
> This release is backporting bug fixes. It does **not** include all
pending features/changes on canary.

##### Core Changes

- fix: ensure route handlers properly track dynamic access
([#&#8203;66446](https://redirect.github.com/vercel/next.js/issues/66446))
- fix NextRequest proxy in edge runtime
([#&#8203;66551](https://redirect.github.com/vercel/next.js/issues/66551))
- Fix next/dynamic with babel and src dir
([#&#8203;65177](https://redirect.github.com/vercel/next.js/issues/65177))
- Use vercel deployment url for metadataBase fallbacks
([#&#8203;65089](https://redirect.github.com/vercel/next.js/issues/65089))
- fix(next/image): detect react@19 for fetchPriority prop
([#&#8203;65235](https://redirect.github.com/vercel/next.js/issues/65235))
- Fix loading navigation with metadata and prefetch
([#&#8203;66447](https://redirect.github.com/vercel/next.js/issues/66447))
- prevent duplicate RSC fetch when action redirects
([#&#8203;66620](https://redirect.github.com/vercel/next.js/issues/66620))
- ensure router cache updates reference the latest cache values
([#&#8203;66681](https://redirect.github.com/vercel/next.js/issues/66681))
- Prevent append of trailing slash in cases where path ends with a file
extension
([#&#8203;66636](https://redirect.github.com/vercel/next.js/issues/66636))
- Fix inconsistency with 404 getStaticProps cache-control
([#&#8203;66674](https://redirect.github.com/vercel/next.js/issues/66674))
- Use addDependency to track metadata route file changes
([#&#8203;66714](https://redirect.github.com/vercel/next.js/issues/66714))
- Add timeout/retry handling for fetch cache
([#&#8203;66652](https://redirect.github.com/vercel/next.js/issues/66652))
- fix: app-router prefetch crash when an invalid URL is passed to Link
([#&#8203;66755](https://redirect.github.com/vercel/next.js/issues/66755))

##### Credits

Huge thanks to [@&#8203;ztanner](https://redirect.github.com/ztanner),
[@&#8203;ijjk](https://redirect.github.com/ijjk),
[@&#8203;wbinnssmith](https://redirect.github.com/wbinnssmith),
[@&#8203;huozhi](https://redirect.github.com/huozhi), and
[@&#8203;lubieowoce](https://redirect.github.com/lubieowoce) for
helping!

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/fuxingloh/cryptomatter).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC44MC4wIiwidXBkYXRlZEluVmVyIjoiMzguMTIwLjEiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

website/package.json

@@ -47,7 +47,7 @@
     "dayjs": "^1.11.11",
     "framer-motion": "11.2.10",
     "html-to-react": "^1.7.0",
-    "next": "14.2.3",
+    "next": "14.2.10",
     "react": "18.3.1",
     "react-dom": "18.3.1",
     "sharp": "^0.33.4",