Update dependency next to v14.2.21 [SECURITY] (#1829)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [next](https://nextjs.org)
([source](https://redirect.github.com/vercel/next.js)) | dependencies |
patch | [`14.2.15` ->
`14.2.21`](https://renovatebot.com/diffs/npm/next/14.2.15/14.2.21) |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

---

### Next.js Allows a Denial of Service (DoS) with Server Actions
[CVE-2024-56332](https://nvd.nist.gov/vuln/detail/CVE-2024-56332) /
[GHSA-7m27-7ghc-44w9](https://redirect.github.com/advisories/GHSA-7m27-7ghc-44w9)

<details>
<summary>More information</summary>

#### Details
##### Impact
A Denial of Service (DoS) attack allows attackers to construct requests
that leaves requests to Server Actions hanging until the hosting
provider cancels the function execution.

_Note: Next.js server is idle during that time and only keeps the
connection open. CPU and memory footprint are low during that time._

Deployments without any protection against long running Server Action
invocations are especially vulnerable. Hosting providers like Vercel or
Netlify set a default maximum duration on function execution to reduce
the risk of excessive billing.

This is the same issue as if the incoming HTTP request has an invalid
`Content-Length` header or never closes. If the host has no other
mitigations to those then this vulnerability is novel.

This vulnerability affects only Next.js deployments using Server
Actions.

##### Patches

This vulnerability was resolved in Next.js 14.2.21, 15.1.2, and 13.5.8.
We recommend that users upgrade to a safe version.

##### Workarounds

There are no official workarounds for this vulnerability.

##### Credits

Thanks to the PackDraw team for responsibly disclosing this
vulnerability.

#### Severity
- CVSS Score: 5.3 / 10 (Medium)
- Vector String: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L`

#### References
-
[https://github.com/vercel/next.js/security/advisories/GHSA-7m27-7ghc-44w9](https://redirect.github.com/vercel/next.js/security/advisories/GHSA-7m27-7ghc-44w9)
-
[https://nvd.nist.gov/vuln/detail/CVE-2024-56332](https://nvd.nist.gov/vuln/detail/CVE-2024-56332)
-
[https://github.com/vercel/next.js](https://redirect.github.com/vercel/next.js)

This data is provided by
[OSV](https://osv.dev/vulnerability/GHSA-7m27-7ghc-44w9) and the [GitHub
Advisory Database](https://redirect.github.com/github/advisory-database)
([CC-BY
4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)).
</details>

---

### Release Notes

<details>
<summary>vercel/next.js (next)</summary>

###
[`v14.2.21`](https://redirect.github.com/vercel/next.js/releases/tag/v14.2.21)

[Compare
Source](https://redirect.github.com/vercel/next.js/compare/v14.2.20...v14.2.21)

> \[!NOTE]\
> This release is backporting bug fixes. It does **not** include all
pending features/changes on canary.

##### Core Changes

- Upgrade React from
[`14898b6`](https://redirect.github.com/vercel/next.js/commit/14898b6a9)
to
[`178c267`](https://redirect.github.com/vercel/next.js/commit/178c267a4e):
[https://github.com/vercel/next.js/pull/74115](https://redirect.github.com/vercel/next.js/pull/74115)
- Fix unstable_allowDynamic when used with pnpm:
[https://github.com/vercel/next.js/pull/73765](https://redirect.github.com/vercel/next.js/pull/73765)

##### Misc Changes

- chore(docs): add missing search: '' on remotePatterns:
[https://github.com/vercel/next.js/pull/73927](https://redirect.github.com/vercel/next.js/pull/73927)
- chore(docs): update version history of next/image:
[https://github.com/vercel/next.js/pull/73926](https://redirect.github.com/vercel/next.js/pull/73926)

##### Credits

Huge thanks to
[@&#8203;unstubbable](https://redirect.github.com/unstubbable),
[@&#8203;ztanner](https://redirect.github.com/ztanner), and
[@&#8203;styfle](https://redirect.github.com/styfle) for helping!

###
[`v14.2.20`](https://redirect.github.com/vercel/next.js/releases/tag/v14.2.20)

[Compare
Source](https://redirect.github.com/vercel/next.js/compare/v14.2.19...v14.2.20)

> \[!NOTE]\
> This release is backporting bug fixes. It does **not** include all
pending features/changes on canary.

##### Core Changes

- Fix fetch cloning bug
([https://github.com/vercel/next.js/pull/73532](https://redirect.github.com/vercel/next.js/pull/73532))

##### Credits

Huge thanks to [@&#8203;wyattjoh](https://redirect.github.com/wyattjoh)
for helping!

###
[`v14.2.19`](https://redirect.github.com/vercel/next.js/releases/tag/v14.2.19)

[Compare
Source](https://redirect.github.com/vercel/next.js/compare/v14.2.18...v14.2.19)

> \[!NOTE]\
> This release is backporting bug fixes. It does **not** include all
pending features/changes on canary.

##### Core Changes

- ensure worker exits bubble to parent process
([#&#8203;73433](https://redirect.github.com/vercel/next.js/issues/73433))
- Increase max cache tags to 128
([#&#8203;73125](https://redirect.github.com/vercel/next.js/issues/73125))

##### Misc Changes

- Update max tag items limit in docs
([#&#8203;73445](https://redirect.github.com/vercel/next.js/issues/73445))

##### Credits

Huge thanks to [@&#8203;ztanner](https://redirect.github.com/ztanner)
and [@&#8203;ijjk](https://redirect.github.com/ijjk) for helping!

###
[`v14.2.18`](https://redirect.github.com/vercel/next.js/releases/tag/v14.2.18)

[Compare
Source](https://redirect.github.com/vercel/next.js/compare/v14.2.17...v14.2.18)

> \[!NOTE]\
> This release is backporting bug fixes. It does **not** include all
pending features/changes on canary.

##### Core Changes

- Fix: (third-parties) sendGTMEvent not queueing events before GTM init
([#&#8203;68683](https://redirect.github.com/vercel/next.js/issues/68683))
([#&#8203;72111](https://redirect.github.com/vercel/next.js/issues/72111))
- Ignore error pages for cache revalidate
([#&#8203;72412](https://redirect.github.com/vercel/next.js/issues/72412))
([#&#8203;72484](https://redirect.github.com/vercel/next.js/issues/72484))

##### Credits

Huge thanks to [@&#8203;huozhi](https://redirect.github.com/huozhi) and
[@&#8203;ijjk](https://redirect.github.com/ijjk) for helping!

###
[`v14.2.17`](https://redirect.github.com/vercel/next.js/releases/tag/v14.2.17)

[Compare
Source](https://redirect.github.com/vercel/next.js/compare/v14.2.16...v14.2.17)

> \[!NOTE]\
> This release is backporting bug fixes. It does **not** include all
pending features/changes on canary.

##### Core Changes

- Fix: revert the bad node binary handling
([#&#8203;72356](https://redirect.github.com/vercel/next.js/issues/72356))
- Ensure pages/500 handles cache-control as expected
([#&#8203;72050](https://redirect.github.com/vercel/next.js/issues/72050))
([#&#8203;72110](https://redirect.github.com/vercel/next.js/issues/72110))
- fix unhandled runtime error from generateMetadata in parallel routes
([#&#8203;72153](https://redirect.github.com/vercel/next.js/issues/72153))

##### Credits

Huge thanks to [@&#8203;huozhi](https://redirect.github.com/huozhi),
[@&#8203;ztanner](https://redirect.github.com/ztanner), and
[@&#8203;ijjk](https://redirect.github.com/ijjk) for helping!

###
[`v14.2.16`](https://redirect.github.com/vercel/next.js/compare/v14.2.15...v14.2.16)

[Compare
Source](https://redirect.github.com/vercel/next.js/compare/v14.2.15...v14.2.16)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - "every weekday"
(UTC).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xOS4wIiwidXBkYXRlZEluVmVyIjoiMzkuMTkuMCIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiLCJpbXBhY3Qvbm8tY2hhbmdlbG9nLXJlcXVpcmVkIl19-->

Co-authored-by: pulumi-renovate[bot] <189166143+pulumi-renovate[bot]@users.noreply.github.com>

Author: pulumi-renovate[bot]

aws-ts-nextjs/demoapp/package.json

@@ -15,7 +15,7 @@
     "autoprefixer": "10.4.14",
     "eslint": "8.46.0",
     "eslint-config-next": "13.4.12",
-    "next": "14.2.15",
+    "next": "14.2.21",
     "postcss": "8.4.31",
     "react": "18.2.0",
     "react-dom": "18.2.0",