chore(deps): update dependency gohugoio/hugo to v0.164.0#57
Open
renovate[bot] wants to merge 1 commit into
Open
chore(deps): update dependency gohugoio/hugo to v0.164.0#57renovate[bot] wants to merge 1 commit into
renovate[bot] wants to merge 1 commit into
Conversation
renovate
Bot
force-pushed
the
renovate/gohugoio-hugo-0.x
branch
from
January 5, 2024 14:36
8fa3c06 to
d27487e
Compare
renovate
Bot
force-pushed
the
renovate/gohugoio-hugo-0.x
branch
from
January 26, 2024 17:18
d27487e to
435402b
Compare
renovate
Bot
force-pushed
the
renovate/gohugoio-hugo-0.x
branch
2 times, most recently
from
February 21, 2024 10:53
e134e3a to
fe561be
Compare
renovate
Bot
force-pushed
the
renovate/gohugoio-hugo-0.x
branch
from
February 22, 2024 19:36
fe561be to
c66ae80
Compare
renovate
Bot
force-pushed
the
renovate/gohugoio-hugo-0.x
branch
from
February 23, 2024 18:47
c66ae80 to
1afa7a5
Compare
renovate
Bot
force-pushed
the
renovate/gohugoio-hugo-0.x
branch
from
February 26, 2024 20:13
1afa7a5 to
bc2bafc
Compare
renovate
Bot
force-pushed
the
renovate/gohugoio-hugo-0.x
branch
2 times, most recently
from
February 28, 2024 21:19
b5f8149 to
e9f4d96
Compare
renovate
Bot
force-pushed
the
renovate/gohugoio-hugo-0.x
branch
from
March 1, 2024 18:12
e9f4d96 to
f0d7cd5
Compare
renovate
Bot
force-pushed
the
renovate/gohugoio-hugo-0.x
branch
from
March 7, 2024 17:52
f0d7cd5 to
e9f97a0
Compare
renovate
Bot
force-pushed
the
renovate/gohugoio-hugo-0.x
branch
from
March 16, 2024 20:07
e9f97a0 to
03461fa
Compare
renovate
Bot
force-pushed
the
renovate/gohugoio-hugo-0.x
branch
from
March 20, 2024 13:22
03461fa to
9021224
Compare
renovate
Bot
force-pushed
the
renovate/gohugoio-hugo-0.x
branch
from
April 16, 2024 16:33
9021224 to
5335642
Compare
renovate
Bot
force-pushed
the
renovate/gohugoio-hugo-0.x
branch
from
April 18, 2024 10:38
5335642 to
b399d23
Compare
renovate
Bot
force-pushed
the
renovate/gohugoio-hugo-0.x
branch
2 times, most recently
from
May 15, 2024 20:42
0bd885f to
56c226e
Compare
renovate
Bot
force-pushed
the
renovate/gohugoio-hugo-0.x
branch
from
May 30, 2024 18:02
56c226e to
d905d21
Compare
renovate
Bot
force-pushed
the
renovate/gohugoio-hugo-0.x
branch
from
June 2, 2024 13:55
d905d21 to
2189d73
Compare
renovate
Bot
force-pushed
the
renovate/gohugoio-hugo-0.x
branch
from
June 5, 2024 12:15
2189d73 to
e0d5470
Compare
renovate
Bot
force-pushed
the
renovate/gohugoio-hugo-0.x
branch
from
June 25, 2024 18:37
e0d5470 to
4d9f32c
Compare
renovate
Bot
force-pushed
the
renovate/gohugoio-hugo-0.x
branch
from
July 2, 2024 09:01
4d9f32c to
8452958
Compare
renovate
Bot
force-pushed
the
renovate/gohugoio-hugo-0.x
branch
from
July 4, 2024 09:51
8452958 to
ccede93
Compare
renovate
Bot
force-pushed
the
renovate/gohugoio-hugo-0.x
branch
from
July 17, 2024 15:55
ccede93 to
c97be24
Compare
renovate
Bot
force-pushed
the
renovate/gohugoio-hugo-0.x
branch
from
July 29, 2024 15:02
c97be24 to
107f9ab
Compare
renovate
Bot
force-pushed
the
renovate/gohugoio-hugo-0.x
branch
from
August 2, 2024 11:06
107f9ab to
23aa08b
Compare
renovate
Bot
force-pushed
the
renovate/gohugoio-hugo-0.x
branch
from
August 12, 2024 17:03
23aa08b to
70ca2c7
Compare
renovate
Bot
force-pushed
the
renovate/gohugoio-hugo-0.x
branch
from
August 13, 2024 11:41
70ca2c7 to
344449f
Compare
renovate
Bot
force-pushed
the
renovate/gohugoio-hugo-0.x
branch
from
August 14, 2024 18:43
344449f to
2068f91
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v0.121.0→v0.164.0Release Notes
gohugoio/hugo (gohugoio/hugo)
v0.164.0Compare Source
Notable new features in this release are:
Notes
29ed932@bep #15086Changes
5a5f4a5@bepd83ce27@bep #15056c6acc24@bep #534929ed932@bep #15086671897a@bejaratommy #11794499794d@sjh9714 #1507865c8217@bepdfb35dc@bep #15072a5ec542@bep #15068 #15060e46d37a@jmooring #15057fe06735@jmooring #15052128fb17@jmooring #15062Dependency Updates
921db7b@dependabot[bot]786ce71@dependabot[bot]5ad2846@dependabot[bot]36ad9f5@dependabot[bot]7c0a0bc@dependabot[bot]a879ebf@dependabot[bot]332d5ec@dependabot[bot]212cc11@dependabot[bot]884439b@bep #15033790a8aa@bep #15017v0.163.3Compare Source
What's Changed
ce1a7e0@bep thanks to @k0ngj1 for reporting this issue.70a9068@bep9d66d51@jmooring #15039 #15040 #15043f013346@jmooring #15046v0.163.2Compare Source
What's Changed
134674f@bep #15041147f605@jmooring #14222v0.163.1Compare Source
The majority of the fixes in this release are security related (including the upstream fix in
93c8c7d(golang.org/x/image)). Thanks to @vnth4nhnt for finding the issues fixed ina00b5c7andcf9c8f9(I will do the CVE work on this later). There has been a uptick in security reports lately, which doesn't mean that Hugo has gotten less secure, this is mostly the work of the new and powerful AI tools using Hugo's restrictive security model as their baseline. Just take a look at Go's recent security issue list to see a demonstration of this.What's Changed
93c8c7d@dependabot[bot]95e5e9f@bep #15024a00b5c7@bepcf9c8f9@bep #150192602796@jmooring #15012v0.163.0Compare Source
The main topic in this release is improvements to the AVIF image handling that we introduced in
v0.162.0. See the docs for details, but:qualityfor AVIF to 60. Turns out, JPEG/WebP with quality 75 is comparable to AVIF with quality 60. You can now also set quality per image format in your project config (and also per image processed if needed).hintto the AVIF with the same values as forWEBP. Forlossycompression, the photo/picture hints (and the default) encodes with YUV420 chroma subsampling instead of YUV444, keeping 444 for text/icon/drawing. This greatly reduces the memory needed to encode these images.Improvements
ff2903a@bep #14991 #14996ca68936@jmooring781fabf@bep1d018ef@anupamojha-eng #14999121bc6c@bepcf18b82@bep #1499898ad9b3@bep #14997b89e7fe@bep #11574e8fefc8@bep #14990a043d3e@bep #14992341f575@bep #14987248241b@bep #149814e47d95@bep #1497903b4b54@bep #1497979be053@bep #149830f44046@bep #149774e17421@bep #14985b01ecd4@bep #1495745c00b7@jmooring #14936 #14950 #1496528d882a@bepDependency Updates
0d29fc8@dependabot[bot]bb57404@dependabot[bot]7d1b1fb@dependabot[bot]77a1147@dependabot[bot]v0.162.1Compare Source
What's Changed
59f35cd@jmooring #14959c270975@bep #14958ea8b48a@jmooring #14948v0.162.0Compare Source
The notable new feature in this release is support for AVIF images (both encoder and decoder). There's a demo site set up that demonstrates the difference between HDR AVIF and SDR JPEG images. Note that that demo is only really interesting if viewed on an HDR capable screen (e.g. Apple Retina).
Security fixes
There are some notable security fixes in this release.
Security fixes in Go
This release upgrades from Go 1.26.1 to 126.3, which brings a set of security fixes. Some relevant for Hugo are:
Security fixes and hardening in Hugo
The following changes either fix a concrete issue or reduce the default attack surface of
hugobuilds.text/htmlcontent files by default (e41a064). A newsecurity.allowContentpolicy gates which content media types may be used for pages under/content.text/htmlis denied by default; sites that rely on hand-authored or adapter-emitted HTML content can opt back in withsecurity.allowContent = ['.*'].security.http.urlson every redirect hop inresources.GetRemote(86fbb0f).resources.Get(f8b5fa0).We will update this section later with links to CVEs where applicable.
All changes
df54219@bep #149424bc7cae@bep5d51b82@jmooring #1492181d7762@jmooring #14795 #14906f8b5fa0@bep88d838a@xndvaz #14831e41a064@bep90d9f81@bep #783780e6084@jmooring #14944aeb9a5c@bep #14939c4bbc28@bepd8c7021@jmooring #14932ee4f1ac@bep #14855b613365@bep #11872d2c821b@bep4ed7600@bepcbe4339@bep #149126475d30@bep #14912 #1491767aede4@bep87f194b@bep #14897d81e3c2@bep #148977c65a4d@bepd31a927@bepc36608c@jmooring #149092f361a8@xndvaz #148865559263@jmooring #13869656fc04@bep #14062a20cb5b@bep #148984d775cb@bep #13492ae7bf74@bep #13987ba5d812@bep #12899 #14882be4a0df@bepe4cf565@bep9e64953@xndvaz #13737f0cfc28@xndvaz #1368816e854a@bep86fbb0f@bep #148717d4af7a@xndvaz #712828147cb@bep #14862e51e761@bep #148497011239@bep #14848694906f@cyphercodes #14820d27b9c0@ogulcanaydogan #1406262cef36@bep #14837ff22c62@jmooring #148174f444c8@dependabot[bot]fe6c726@dependabot[bot]6a2a038@dependabot[bot]cf1de59@dependabot[bot]97f990c@dependabot[bot]b99634e@dependabot[bot]fdd977e@dependabot[bot]123018d@dependabot[bot]b88fa8c@bep #14839v0.161.1Compare Source
What's Changed
c4eba92@bep #148288b40a96@bep #14823d65af84@bep #14824454450a@bep #14825v0.161.0Compare Source
This release contains two security hardening fixes:
--permissionflag with the permissions defined in security.node.permissions. This means that you need Node >= 22 installed and thatcss.TailwindCSSnow requires that the Tailwind CSS CLI must be installed as a Node.js package. The standalone executable is no longer supportedBut there are some notable new features, as well:
Nested vars support in css.Build and css.Sass
A practical example in
css.Buildwould be to have something like this inhugo.toml:And in the stylesheet:
Slice-based permalinks config
The
permalinksconfiguration is now much more flexible (the old setup still works). It uses the same target matchers as in thecascadeconfig, meaning you can now do:The above example isn't great, but it at least shows the gist of it.
A more flexible scheme for identifiers in filenames
What we had before was e.g.
content/mypost.en.mdwhich told Hugo that the content files was in English. With the new setup you could also name the filecontent/mypost._language_en_.md. This alone doesn't sound very useful, but this allows you to use more prefixes:All Changes
72b85d5@jmooring #79826436deb@jmooring #12602 #12786 #14112 #147691eea9fb@jmooring #147638d6145f@bep #147569747724@bep #14749 #147527622dd8@bep #147050814059@bep #148108920d56@jmooring #14807633cc77@jmooring #142434c40c6d@bepd2594db@bepab2de51@bep75f6183@jmooring1b7495b@jmooring #910979f030b@bep #14792a54c398@bep #7287f5fce93@bep #147774169c1f@bep #147837574e35@bep017a7cd@bep #14744e3413d9@bepb01cc14@bep #147718ee19ff@bep0d58e42@jmooringce2a156@bep #14750a17bdbc@jmooring #146968f94d65@bep90d8bf3@bepbbb42b5@bepd4ae662@dependabot[bot]9ede5fb@dependabot[bot]833a878@dependabot[bot]4c03129@dependabot[bot]080970b@bep896bc89@dependabot[bot]100dde5@dependabot[bot]bdebb79@dependabot[bot]52123ae@dependabot[bot]38b8afd@dependabot[bot]9276660@dependabot[bot]790f408@dependabot[bot]de6955b@dependabot[bot]a77bd52@bep #14758547ab29@dependabot[bot]9a5c7e0@dependabot[bot]6613b08@dependabot[bot]582c26e@dependabot[bot]a4f2a8a@dependabot[bot]v0.160.1Compare Source
What's Changed
8b00030@bep #14677c485516@bep #14740161d0d4@bep #1245745e4596@bep #1473258927aa@bepce009e3@bep #146810755872@chicks-netv0.160.0Compare Source
Now you can inject CSS vars, e.g. from the configuration, into your stylesheets when building with css.Build. Also, now all the render hooks has a .Position method, now also more accurate and effective.
Bug fixes
4e91e14@bep #14710dc9b51d@bep #1471543aad71@bep #14711Improvements
481baa0@bep5d09b5e@bep #14699303e443@bep #14663638262c@bepDependency Updates
bf6e35a@dependabot[bot]0eda24e@dependabot[bot]beb57a6@dependabot[bot]Documentation
9f1f1be@jmooringv0.159.2Compare Source
Note that the security fix below is not a potential threat if you either:
EDIT IN: This release also adds release archives for non-extended-withdeploy builds.
What's Changed
479fe6c@bepdf520e3@jmooring #14684v0.159.1Compare Source
The regression fixed in this release isn't new, but it's so subtle that we thought we'd release this sooner rather than later. For some time now, the minifier we use have stripped namespaced attributes in SVGs, which broke dynamic constructs using e.g. AlpineJS' x-bind: namespace (library used by Hugo's documentation site).
To fix this, the upstream library has hadded a
keepNamespacesslice option. It was not possible to find a default that would make all happy, so we opted for an option that at least would make AlpineJS sites work out of the box:What's Changed
42289d7@bep #14669v0.159.0Compare Source
This release greatly improves and simplifies management of Node.js/npm dependencies in a multi-module setup. See this page for more information.
Note
a8fca59@bep182b104@bepeb11c3d@bepBug fixes
eaf4c75@jmooring #14649Improvements
807cae1@mango766 #14112c4fb61d@xndvaz #4621hugo mod npm packd88a29e[@bep](https://redirect.github.comConfiguration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.