[Snyk] Security upgrade next from 12.3.4 to 13.5.4

[Woodpile37]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • examples/with-typescript-graphql/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	49/1000 Why? Confidentiality impact: None, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 2, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.06, Score Version: V5	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: next

The new version differs by 250 commits.

• 1e8dca4 v13.5.4
• 9e24d6f v13.5.4-canary.11
• 281ae41 Fix build output logging order (Fix build output logging order vercel/next.js#56335)
• d7626ff Revert "misc: shortcut styled-jsx in external resolution (misc: shortcut styled-jsx in external resolution vercel/next.js#56291)" (Revert "misc: shortcut styled-jsx in external resolution (#56291)" vercel/next.js#56334)
• db48052 v13.5.4-canary.10
• 7df92b8 test: add flaky turbopack integration tests to manifest (test: add flaky turbopack integration tests to manifest vercel/next.js#56309)
• eeb9b33 fix: Invalid URL (404) provided on server actions error (fix: Invalid URL (404) provided on server actions error vercel/next.js#56323)
• 3172cfe fix: support both decoded and encoded url requests of conventioned files (fix: support both decoded and encoded url requests of conventioned files  vercel/next.js#56187)
• a2f9ef5 fix(next/client): keep hash when navigating from app to pages router (fix(next/client): keep hash when navigating from app to pages router vercel/next.js#56223)
• a970f28 Add code freeze GitHub actions for releasing (Add code freeze GitHub actions for releasing vercel/next.js#56325)
• 5fbc23e misc: fix instrumentation with bundled server (misc: fix instrumentation with bundled server vercel/next.js#56318)
• 98432a4 Remove buildId test as it's no longer relevant (Remove buildId test as it's no longer relevant vercel/next.js#56316)
• 86274e6 fix(app dir next.config.js option crossOrigin: 'anonymous' not working vercel/next.js#53190): add missing crossOrigin to assetsPrefix resources (fix(#53190): add missing crossOrigin to assetsPrefix resources vercel/next.js#56311)
• e970e05 Reland static prefetches & fix prefetch bailout behavior (Reland static prefetches & fix prefetch bailout behavior vercel/next.js#56228)
• be952fb fix: typo in `with-stripe-typescript` example (fix: typo in with-stripe-typescript example vercel/next.js#56274)
• 7f60cc8 Support serverRuntimeConfig and publicRuntimeConfig in Turbopack (Support serverRuntimeConfig and publicRuntimeConfig in Turbopack vercel/next.js#56310)
• 8d18ad6 update webp crate (update webp crate vercel/next.js#56307)
• ac95a20 Fix flaky test for size output (Fix flaky test for size output vercel/next.js#56303)
• dba978f misc: shortcut styled-jsx in external resolution (misc: shortcut styled-jsx in external resolution vercel/next.js#56291)
• 458dab8 misc: update code owners (misc: update code owners vercel/next.js#56290)
• 5254aae Update image.mdx (Update image.mdx vercel/next.js#56266)
• 0d4859b Update image.mdx (Update image.mdx vercel/next.js#56269)
• 59bda2d More Turbopack fixes (More Turbopack fixes vercel/next.js#56299)
• ecd94c1 misc: enable source maps for bundled runtime (misc: enable source maps for bundled runtime vercel/next.js#56289)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Input Validation

[changeset-bot]

⚠️ No Changeset found

Latest commit: ef7ddd2

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR