Lockdown image and style sources (#198)

* Lockdown next images and CSP style sources
* Upgrade Next related libs

next.config.js

@@ -11,7 +11,7 @@ const isDev = process.env.NODE_ENV !== 'production'
 // Sometimes useful to disable this during development
 const ENABLE_CSP_HEADER = true;
 const FRAME_SRC_HOSTS = ['https://*.walletconnect.com', 'https://*.walletconnect.org','https://*.solflare.com'];
-const STYLE_SRC_HOSTS = ['https://*.googleapis.com']
+const STYLE_SRC_HOSTS = []
 const IMG_SRC_HOSTS = ['https://*.walletconnect.com', 'https://*.githubusercontent.com'];
 const cspHeader = `
   default-src 'self';
@@ -75,16 +75,6 @@ const nextConfig = {
     ]
   },
 
-  // TODO consider restricting image sources
-  images: {
-    remotePatterns: [
-      {
-        protocol: "https",
-        hostname: "**",
-      },
-    ],
-  },
-
   env: {
     NEXT_PUBLIC_VERSION: version,
   },

package.json

@@ -24,7 +24,7 @@
     "@metamask/post-message-stream": "6.1.2",
     "@metamask/providers": "10.2.1",
     "@rainbow-me/rainbowkit": "1.3.0",
-    "@sentry/nextjs": "^7.93.0",
+    "@sentry/nextjs": "^7.118.0",
     "@solana/spl-token": "^0.3.8",
     "@solana/wallet-adapter-base": "^0.9.22",
     "@solana/wallet-adapter-react": "^0.15.32",
@@ -38,7 +38,7 @@
     "cosmjs-types": "^0.9.0",
     "formik": "^2.4.5",
     "framer-motion": "^10.16.4",
-    "next": "^13.2.4",
+    "next": "^13.5.6",
     "react": "^18.2.0",
     "react-dom": "^18.2.0",
     "react-toastify": "^9.1.3",
@@ -48,7 +48,7 @@
     "zustand": "^4.3.9"
   },
   "devDependencies": {
-    "@next/bundle-analyzer": "^14.0.4",
+    "@next/bundle-analyzer": "^14.2.5",
     "@trivago/prettier-plugin-sort-imports": "^4.1.1",
     "@types/jest": "^29.5.3",
     "@types/node": "^18.11.18",