chore(deps): update dependency gohugoio/hugo to v0.152.2

[renovate]

This PR contains the following updates:

Package	Update	Change
gohugoio/hugo	minor	v0.147.2 -> v0.152.2

---

Release Notes

gohugoio/hugo (gohugoio/hugo)

v0.152.2

Compare Source

In v0.152.0 we tightened the source validation for file mounts. We always said that project mounts can mount with absolute file/directorynames, modules/themes are restricted to relative. In v0.152.0 we narrowed module/themes mounts to be local, which made the setup in the bug report listed below fail:

[[module.mounts]]
source = '../../node_modules/bootstrap'
target = 'assets/vendor/bootstrap'

One part of this is security. But the construct above is usually very odd (the project uses files in a theme/module, not the other way around) and not very portable. But the example above demonstrates a valid exception, that we now have added support for in a portable way. The above example now works as it did before v0.152.0, but going forward you can also write:

[[module.mounts]]
source = 'node_modules/bootstrap'
target = 'assets/vendor/bootstrap'

We now have the node_modules as a special case: For themes/modules we first check if the mounted source exists locally, if not we try relative to the project root.

What's Changed

• deps: Update github.com/tdewolff/minify v2.24.4 => v2.24.5 1c8c21e @​jmooring #​14086
• hugofs: Make node_modules a "special case" mount 809ebe0 @​bep #​14089
• github: Fix typo in stale PR message 08a0679 @​jordelver

v0.152.1

Compare Source

These fixes are are all related to the YAML library upgrade in v0.152.0.

• Expand the numeric conversions to template funcs/methods e08278d @​bep #​14079
• Fix where with uint64 df4f80d @​bep #​14081
• Fix it so YAML integer types can be used where Go int types are expected d4c7888 @​bep #​14079
• tpl/compare: Fix compare/sort of uint64s 29e2c2f @​bep #​14078
• Fix "assignment to entry in nil map" on empty YAML config files 0579afc @​bep #​14074

v0.152.0

Compare Source

The big new thing and the motivation behind this release is the upgrade to a more modern YAML library in @​goccy 's github.com/goccy/go-yaml. It's been a surprisingly long and winding road to get here. Note that this upgrade comes with some minor breaking changes, most notably that the old YAML 1.1 spec listed a set of strings that, when unquoted, were treated as boolean true or false. So if you're using any of the values in the table below as booleans, you need to adjust your YAML, but I suspect that fixing this very surprising behavior will fix more issues than it introduces. A big new thing with this new YAML library is the support for YAML anchors and aliases which helps to reduce duplication in e.g. your configuration. There are some examples in Hugo's release build configuration and in the Hugo's CI release setup.

Values	Old meaning	New meaning
yes, Yes, YES, y, Y, on, On, ON	true (bool)	yes, Yes, YES, y, Y, on, On, ON (string)
no, No, NO, n, N, off, Off, OFF	false (bool)	no, No, NO, n, N, off, Off, OFF (string)

Note

• Replace to gopkg.in/yaml with github.com/goccy/go-yaml (note) a3d9548 @​bep #​8822 #​13043 #​14053

Improvements

• config: Clone language map entries before modifying them a130770 @​bep #​14072
• Skip flaky test for now 9425b93 @​bep #​14072
• Misc YAML adjustments bd50c9c @​bep #​14067
• hugofs: Make sure that non-project module mounts are local paths a8e0ca9 @​bep #​14069
• langs/i18n: Improve reserved key error message 559a029 @​jmooring #​14061
• langs: Add test case using a "reserved" i18n code 5bad0d5 @​bep #​14061

Dependency Updates

• deps: Upgrade github.com/gohugoio/go-i18n/v2 184b10e @​bep
• build(deps): bump github.com/tdewolff/minify/v2 from 2.24.3 to 2.24.4 9e344bb @​dependabot[bot]

Build Setup

• Merge branch 'release-0.151.2' d51adca @​bep

v0.151.2

Compare Source

What's Changed

• parser/pageparser: Add a testcase for nested shortcodes of the same name 989454a @​bep #​14054
• parser/pageparser: Fix shortcode nesting regression 1e91e46 @​bep #​14054

v0.151.1

Compare Source

This release is mostly motivated by some upstream security fixes:

• Upgrade from Go 1.25.1 to Go 1.25.3 which comes with 10 security fixes.
• Go's net/html package also has one security patch

I, @​bep, have inspected the above issues, and none of them seem to be relevant for Hugo, but we understand that many want to have a clean security report.

Bug fixes

• tpl: Fix strings/truncate CJK handling 88aea56 @​oishikazuo #​14039
• parser/pagerparser: Fix closing shortcode error handling when repeated a133393 @​bep

Improvements

• Upgrade Go to 1.25.3 e2fb0b0 @​bep
• create/skeletons: Wrap section and home lists with section tags 29cf874 @​imomaliev
• markup/goldmark: Align blockquote default output with Goldmark 1b4dd43 @​jmooring #​14046
• parser/pageparser: Store shortcode names as unique.Handle[string] to save memory allocations 4414ef7 @​bep
• testscripts: Make test assertion less specific 9197deb @​bep

Dependency Updates

• build(deps): bump github.com/gohugoio/hashstructure from 0.5.0 to 0.6.0 f4c1157 @​dependabot[bot]
• build(deps): bump golang.org/x/image from 0.30.0 to 0.32.0 54075ac @​dependabot[bot]
• build(deps): bump github.com/evanw/esbuild from 0.25.10 to 0.25.11 8b52303 @​dependabot[bot]
• build(deps): bump golang.org/x/tools from 0.37.0 to 0.38.0 3d45d30 @​dependabot[bot]
• build(deps): bump golang.org/x/mod from 0.28.0 to 0.29.0 095157c @​dependabot[bot]

v0.151.0

Compare Source

Some notable new features in Hugo v0.151.0 are:

• New transform.HTMLToMarkdown template function. One possible use case would be to provide LLM friendly content.
• Hugo now reports OSC 9;4 progress when building; progress bars/indicators are supported by terminals such as Ghostty on Macos and Linux, Windows terminal.
• Several new config options for Markdown foot notes.

Note

• transform/livereloadinject: Skip livereload.js injection if no tags found (note) 7fd6762 @​AndrewChubatiuk

Improvements and bug fixes

• Fix file caching for 404 responses in resources.GetRemote 03b33ec @​bep #​14019
• markup/goldmark: Enhance footnote extension with backlinkHTML option b462980 @​jmooring #​11434
• markup/goldmark: Enhance footnote extension with auto-prefixing option 47678d8 @​jmooring #​8045
• Adjust the terminal progress reporter a little 510d98b @​bep
• Add transform.HTMLToMarkdown c5dca3b @​bep #​13946
• Report OSC 9;4 progress when building ec463c0 @​bep
• tpl: Workaround s390x precision of Atan and Tan 105d3bc @​toddy15
• cache/httpcache: Add respectCacheControlNoStoreInResponse and respectCacheControlNoStoreInRequest options 3e46ba5 @​bep #​13990
• common/hreflect: Speed up IsTrutfulValue 4d13035 @​bep

Dependency Updates

• build(deps): bump google.golang.org/api from 0.248.0 to 0.251.0 584f052 @​dependabot[bot]
• build(deps): bump github.com/aws/aws-sdk-go-v2/service/cloudfront b76d717 @​dependabot[bot]
• build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.38.1 to 1.39.2 4d2743e @​dependabot[bot]
• build(deps): bump golang.org/x/tools from 0.36.0 to 0.37.0 c20f70d @​dependabot[bot]
• build(deps): bump github.com/spf13/afero from 1.14.0 to 1.15.0 1b55621 @​dependabot[bot]
• build(deps): bump github.com/tdewolff/minify/v2 from 2.24.2 to 2.24.3 106c8e6 @​dependabot[bot]
• build(deps): bump github.com/evanw/esbuild from 0.25.9 to 0.25.10 9928122 @​dependabot[bot]
• build(deps): bump golang.org/x/text from 0.28.0 to 0.29.0 9943c1b @​dependabot[bot]
• build(deps): bump github.com/olekukonko/tablewriter from 1.0.9 to 1.1.0 7667573 @​dependabot[bot]
• build(deps): bump github.com/spf13/cast from 1.9.2 to 1.10.0 d71c07c @​dependabot[bot]

v0.150.1

Compare Source

What's Changed

• hugolib: Change duplicate content path warning to an info log 64f4073 @​jmooring
• hugolib: Restore integration test 1140314 @​jmooring #​13991
• commands: Map --minify CLI flag to the correct configuration key 404fd9e @​jmooring #​13988
• snap: Add desktop plug b1b0cde @​maxkapur
• test(deps): Update setup-ruby action to v1.257.0 3eea082 @​maxkapur

v0.150.0

Compare Source

The big new feature in this relase is the new version config option on Module imports, which allows you to set the requested module version query directly in your Hugo configuration (e.g. hugo.toml). This is a feature that have been requested by many, and I (@​bep) was reminded about it by this recent thread, which also outlines a common use case for this: Mounting multiple old versions/branches of API documentation into the project.

What's Changed

• build(deps): bump golang.org/x/mod from 0.27.0 to 0.28.0 d1f6a1d @​dependabot[bot]
• modules: Add support for direct version module imports in hugo.toml 747cf4a @​bep #​13964
• resources/page: Fix truncated summary logic d8774d7 @​jmooring #​13967 #​13968
• config/security: Add PROGRAMDATA to the osenv allowlist 3b8947d @​jmooring

v0.149.1

Compare Source

The main motivation behind this release is the Go 1.25.1 upgrade, which comes with a security fix. Hugo does not use the feature in question, but we understand that many Hugo users like to have a clean security report.

Note

Note that CSS minification now targets CSS3, removing certain optimizations that were specific to CSS2.

What's Changed

• Remove noindex meta tag from alias.html 25c0f24 @​lzap
• Fix nilpointer on ToC heading 4f2d2b2 @​bep #​11843
• tpl/collections: Require collections.D args to be ints b8eb45c @​bep #​13952
• Upgrade to Go 1.25.1 1d90aff @​bep #​13960
• Fix config env handling for some slice options e751afa @​PikachuTW #​13950
• minifiers: Update deprecation handling a09b8a6 @​jmooring #​11893 #​13947 #​13948

v0.149.0

Compare Source

[!NOTE]
If running on Netlify, make sure you have configured your build with their latest build image, see this issue.

Hugo v0.149.0 comes with bug fixes and a set of new features/improvements, notably:

• We now build with the recently released Go 1.25
• A new collections.D template function that generates random sequences of integers using J. S. Vitter’s Method D, by some called The Best Algorithm No One Knows About.
• Two new permalinks tokens, :sectionslug and :sectionslugs, especially useful in multilingual Hugo projects.
• A new --omitClassComments flag on hugo gen chromastyles
• Several improvements to how ToC from Markdown gets rendered, see #​13401 and #​12605.
• A new format option in transform.Unmarshal

Note

• Remove test with deprecated path usage 80e973e @​bep

Bug fixes

• create: Fix new content command with future dates bb4e66c @​justuswilhelm #​12599
• Fix server rebuild when adding a new leaf bundle with resources in one go 13b43e6 @​bep #​13925
• Fix rebuild when deleting a content adapter file 87e100e @​bep

Improvements

• tpl/collections: Add an integration test for collections.D 84b5123 @​bep
• tpl/collections: Add collections.D using Vitter's Method D for sequential random sampling 1ba8087 @​bep
• commands: Deprecate --omitEmpty on chromastyles command 61ec7a2 @​bep
• commands: Add --omitClassComments to the chromastyles command c289fca @​bep
• all: Use slices.Equal ecdef2b @​minxinyi
• resources/page: Add :sectionslug and :sectionslugs permalink tokens 12ace3a @​DustinFischer #​13788
• Upgrade to Go 1.25 c14fddd @​bep #​13924 #​13931
• common/hcontext: Replace with external package 186934f @​bep
• resources/page: Use reflect.TypeFor bff4ddd @​cuiweixie
• tpl/strings: Remove unnecessary error check 348aae9 @​Nigel2392
• markup/goldmark: Apply Hugo Goldmark Extras when rendering TOC 61482cf @​jmooring #​12605
• markup/goldmark: Sanitize TOC heading titles 5fdcc09 @​jmooring #​13401
• Add a key to the partialCached deadlock prevention 2216028 @​n1xx1 #​13889
• transform: Add support for "format" option in transform.Unmarshal ecc3dd1 @​n1xx1 #​13887
• Skip flakey test on CI de4a7f1 @​bep

Dependency Updates

• build(deps): bump github.com/getkin/kin-openapi from 0.132.0 to 0.133.0 45ec2f8 @​dependabot[bot]
• build(deps): bump google.golang.org/api from 0.247.0 to 0.248.0 84dd495 @​dependabot[bot]
• build(deps): bump github.com/evanw/esbuild from 0.25.6 to 0.25.9 327bbc6 @​dependabot[bot]
• build(deps): bump gocloud.dev from 0.40.0 to 0.43.0 2447138 @​dependabot[bot]
• deps: Upgrade github.com/alecthomas/chroma/v2 v2.19.0 => v2.20.0 cfc38ec @​bep #​13917
• build(deps): bump github.com/aws/aws-sdk-go-v2/service/cloudfront 22e579e @​dependabot[bot]
• build(deps): bump github.com/tdewolff/minify/v2 from 2.23.11 to 2.24.0 b886615 @​dependabot[bot]
• build(deps): bump github.com/tdewolff/minify/v2 from 2.23.8 to 2.23.11 885cd29 @​dependabot[bot]
• build(deps): bump github.com/olekukonko/tablewriter from 1.0.8 to 1.0.9 debf3c5 @​dependabot[bot]
• build(deps): bump google.golang.org/api from 0.237.0 to 0.247.0 1649f31 @​dependabot[bot]
• build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.36.4 to 1.38.0 ccd6a4b @​dependabot[bot]
• build(deps): bump golang.org/x/tools from 0.35.0 to 0.36.0 6dc1a17 @​dependabot[bot]
• build(deps): bump github.com/bep/simplecobra from 0.6.0 to 0.6.1 806d484 @​dependabot[bot]
• build(deps): bump golang.org/x/mod from 0.25.0 to 0.27.0 04ee1b9 @​dependabot[bot]
• build(deps): bump github.com/yuin/goldmark from 1.7.12 to 1.7.13 7a86fe9 @​dependabot[bot]
• build(deps): bump golang.org/x/image from 0.28.0 to 0.30.0 f5245a7 @​dependabot[bot]
• deps: Upgrade github.com/niklasfasching/go-org v1.8.0 => v1.9.1 5029676 @​jmooring #​13846

Documentation

• misc: Update Go version to 1.24.0 in README 2912415 @​jmooring
• Update README.md 01b0eda @​bep

v0.148.2

Compare Source

What's Changed

• tpl: Add test for recent template selection regression 7ff5ec7 @​bep #​13868
• Revert "hugolib: Honor implicit "page" type during template selection" 3937ab2 @​bep #​13868
• Fix regression with hyphenated codeblock templates, e.g. render-codeblock-go-html-template.html 9c57af1 @​bep #​13864
• commands: Avoid full browser refresh on simple CSS changes d240a70 @​bep

v0.148.1

Compare Source

What's Changed

• Fix assignment to entry in nil map 6f42cfb @​bep #​13853
• deps: Downgrade github.com/niklasfasching/go-org v1.9.0 => v1.8.0 a84beee @​bep #​13846

v0.148.0

Compare Source

[!NOTE]
There's some minor breaking changes in this release. Please read this thread for more information.

Note

• Fix some uglyURLs issues for home, section and taxonomy kind (note) b8ba33c @​bep #​4428 #​7497
• Fix branch paths when OutputFormat.Path is configured (note) f967212 @​bep #​13829

Bug fixes

• resources/page: Allow full datetime prefix in filenames 1b4c423 @​jmooring #​13830

Improvements

• Add Ancestors (plural) method to GitInfo, rename Ancestor field to Parent 3e2f1cd @​bep #​13839
• Allow creating home pages from content adapters bba6996 @​bep
• Remove the internal GitInfo type and make Page.GitInf() return a pointer 90d397b @​bep #​5693
• source: Expose Ancestor in GitInfo 61e6c73 @​jenbroek #​5693
• config: Increase test coverage 266d46d @​pixel365
• markup/goldmark: Change link and image render hook enablement to enums 84b3172 @​jmooring #​13535
• hugolib: Honor implicit "page" type during template selection cfc8d31 @​jmooring #​13826
• deploy: walkLocal worker pool for performance dd6e2c8 @​davidejones

Dependency Updates

• build(deps): bump github.com/evanw/esbuild from 0.25.5 to 0.25.6 0a5b870 @​dependabot[bot]
• build(deps): bump github.com/olekukonko/tablewriter from 1.0.7 to 1.0.8 94e2c27 @​dependabot[bot]
• build(deps): bump github.com/niklasfasching/go-org from 1.8.0 to 1.9.0 e77b2ad @​dependabot[bot]
• build(deps): bump github.com/alecthomas/chroma/v2 from 2.18.0 to 2.19.0 9487acf @​dependabot[bot]
• build(deps): bump golang.org/x/tools from 0.32.0 to 0.34.0 1e9a0b9 @​dependabot[bot]

v0.147.9

Compare Source

Improvements and fixes

• Remove WARN with false negatives 6a4a3ab @​bep #​13806
• resources/page: Make sure a map is always initialized 36f6f98 @​bep #​13810
• tpl/tplimpl: Copy embedded HTML table render hook to each output format 18a9ca7 @​jmooring #​13351
• tpl/tplimpl: Change resources.GetRemote errors to suppressible warnings b6c8dfa @​jmooring #​13803
• common/terminal: Enable color output on windows 4217fee @​jmooring #​8209
• hugolib: Remove test for deprecated future 4ef5720 @​bep

Dependency Updates

• build(deps): bump google.golang.org/api from 0.221.0 to 0.237.0 621ea42 @​dependabot[bot]
• build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.36.1 to 1.36.4 34e8378 @​dependabot[bot]
• build(deps): bump golang.org/x/image from 0.27.0 to 0.28.0 4d3ebe4 @​dependabot[bot]
• deps: Upgrade github.com/spf13/cast v1.8.0 => v1.9.2 b5c0383 @​jmooring

v0.147.8

Compare Source

The primary motivation behind this release is to get the Docker package security patched and up to date.

Improvements

• dockerfile: Update Alpine 8e61f1f @​bep #​13783
• dockerfile: Update Go version f37412a @​bep #​13780
• hugolib: Emit ignorable warning when home page is a leaf bundle 01241d5 @​jmooring #​13538
• all: Replace _build with build in tests 32eb1a8 @​bep

Dependency Updates

• build(deps): bump github.com/evanw/esbuild from 0.25.3 to 0.25.5 21a4a9a @​dependabot[bot]
• build(deps): bump github.com/niklasfasching/go-org from 1.7.0 to 1.8.0 7a4a479 @​dependabot[bot]
• build(deps): bump golang.org/x/net from 0.39.0 to 0.40.0 54065b7 @​dependabot[bot]
• build(deps): bump github.com/yuin/goldmark from 1.7.11 to 1.7.12 e333836 @​dependabot[bot]
• build(deps): bump github.com/tdewolff/minify/v2 from 2.23.5 to 2.23.8 cc7bfee @​dependabot[bot]

v0.147.7

Compare Source

Bug fixes

• Fix language handling in shortcode templates 5273a88 @​bep #​13767
• Make sure that unreferenced but changed bundle resources gets republished 766a2e7 @​bep #​13748
• resources/page: Respect disablePathToLower for permalink tokens 843ffeb @​jmooring #​13755

Improvements

• Handle KaTeX warnings (#​13760) 6334948 @​bep #​13735
• common/collections: Increase test coverage bff5d19 @​pixel365
• parser/pageparser: Add coverage for all IsX methods of Item da370d3 @​pixel365
• resources: Remove unused interface 6bd328c @​bep

Dependency Updates

• build(deps): bump golang.org/x/image from 0.26.0 to 0.27.0 7525963 @​dependabot[bot]
• build(deps): bump golang.org/x/text from 0.24.0 to 0.25.0 0df9f35 @​dependabot[bot]
• build(deps): bump github.com/spf13/cast from 1.7.1 to 1.8.0 302e6a7 @​dependabot[bot]
• build(deps): bump github.com/alecthomas/chroma/v2 from 2.17.2 to 2.18.0 202fe0d @​dependabot[bot]
• deps: Upgrade github.com/olekukonko/tablewriter v0.0.5 => v1.0.7 13e1617 @​bep

v0.147.6

Compare Source

What's Changed

• Improve warning message on superfluous prefix when using function 'partials.Include' e57dcd3 @​deining
• Fix recent regression with cascading of params to content adapters eaf5ace @​bep #​13743
• Fix it so e.g. de in layouts/_shortcodes/de.html is not interpreted as a language code 9ad26b6 @​bep #​13740
• commands: Make sure the browser gets refreshed on changes when --disableFastRender is set f471936 @​bep #​13727
• tpl/transform: Expose the KaTeX strict option 013c8cf @​jmooring #​13729

v0.147.5

Compare Source

We have gotten some requests about updating the minifier library we use, so here you go @​myitcv and others. I'm probably going to regret doing that particular upgrade on a Thursday, but so be it.

What's Changed

• Fix live reload when editing inline partials 0c7b1a3 @​bep #​13723
• build(deps): bump github.com/tdewolff/minify/v2 from 2.20.37 to 2.23.5 970b887 @​dependabot[bot]

v0.147.4

Compare Source

What's Changed

• Fix it so css.TailwindCSS inlineImports options isn't always enabled a03a245 @​bep #​13719
• tpl: Add a test case 5a81a3a @​bep #​13699
• tpl: Narrow down the usage of plain text shortcodes when rendering HTML 6131782 @​bep #​13698
• tpl: Fix theme overrides when theme has old layout setup (e.g. _default) 6142bc7 @​bep #​13715

v0.147.3

Compare Source

Mostly bug fixes here, but also a new template func to get a really big number. You can read about why that is useful in the documentation.

• tpl/tplimpl: Change calls to simple versions of embedded shortcodes 8142699 @​jmooring #​13700
• config: Fix env override of slices bc98e7a @​bep #​13707
• Fix/implement cascade for content adapters c745a3e @​bep #​13692
• commands: Fix description of new theme commands 9d1d8c8 @​jmooring #​13701
• tpl/tplimpl: Fix vimeo shortcode test to accommodate API changes 84d7a10 @​jmooring #​13687
• tpl/math: Add MaxInt64 function 325a0db @​jmooring #​13693

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.