ci(deps): update gohugoio/hugo action to v0.121.2

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
gohugoio/hugo	action	minor	v0.118.2 -> v0.121.2

---

Release Notes

gohugoio/hugo (gohugoio/hugo)

v0.121.2

Compare Source

The main motivation behind this release is a security fix in the upstream golang.org/x/crypto library. We don't see how that CVE could be exploited via Hugo, but we do appreciate that many want to have a clean security report.

There's also some new features in this release:

• AutoOrient image filter
• math.Rand

What's Changed

• build(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 1ccd314 @​dependabot[bot]
• tpl/math: Add math.Rand template function e40b9fb @​jmooring #​11833
• resources/images: Create AutoOrient image filter 648d00c @​jmooring #​11717
• all: Remove unused code 8adba64 @​bep

v0.121.1

Compare Source

The only change in this release is that the release binaries are compiled with Go 1.21.5 which contains some security fixes that are relevant for Hugo.

• Upgrade to Go 1.21.5 eb9f1eb @​bep #​11786

v0.121.0

Compare Source

There are some minor new features in this release, but it's mostly a release with bug fixes and dependency updates. One notable dependency update is libweb v1.3.2 which comes with a security fix for the Webp decoder (chromium: #​1479274, CVE-2023-4863). Hugo only uses the encoder (we use Go's native Webp decoder) so we're not affected by this, but we have been contacted by some corporate Hugo users who's eager to have a clean security report.

Notes

• kin-openapi v0.122.0 has some minor breaking API changes which, from Hugo's side of it, can be adapted by using the new .Map accessors if you get an error.

Bug fixes and enhancements

• github: Fix CI build on Windows 6d4b012 @​bep
• Fix handling of dropped error in test 26a8ec2 @​alrs
• resources/resource: Fix GroupByParamDate with raw TOML dates dd6cd62 @​jmooring #​11563
• helpers: Fix TrimShortHTML used by markdownify and RenderString 0bde693 @​jmooring #​11698
• Pull in the latest code from Go's template packages (#​11771) 9f978d3 @​bep #​10707 #​11507
• tpl: Allow using page resources on the images page parameter for opengraph, schema and twitter_cards templates 14d85ec @​razonyang
• hugolib: Apply titleCaseStyle to automatic section pages 171836c @​jmooring #​11547
• tpl/urls: Retain query and fragment with absURL and absLangURL 9ea7103 @​jmooring #​11772
• markup: Add Level to Heading struct 3fc42da @​jmooring #​10776
• tpl/fmt: Print suppression help with erroridf d24da17 @​jmooring #​11506
• tpl/transform: Display Chroma highlighting errors 4583b41 @​jmooring #​9642
• common/para: Skip flaky test on CI e2a624d @​bep
• watcher: Skip flaky test for now 30a18e8 @​bep
• tpl/transform: Add transform.XMLEscape template function b4c5df4 @​jmooring #​3268
• tpl/tplimpl: Remove superfluous type attr on script elements 8d32ca2 @​jmooring #​6379
• common/para: Skip flaky tests on Windows 27620da @​bep
• navigation: Unexport menu entry methods 80d2fdb @​jmooring #​11670
• markup/goldmark: Sync image render hook code with Goldmark 805cc17 @​jmooring #​11681

Dependency Updates

• build(deps): bump github.com/alecthomas/chroma/v2 from 2.11.1 to 2.12.0 558f325 @​dependabot[bot]
• build(deps): bump github.com/tdewolff/minify/v2 from 2.20.8 to 2.20.9 507f4e3 @​dependabot[bot]
• build(deps): bump github.com/spf13/cast from 1.5.1 to 1.6.0 a7e721e @​dependabot[bot]
• build(deps): bump github.com/getkin/kin-openapi from 0.121.0 to 0.122.0 2627b91 @​dependabot[bot]
• build(deps): bump golang.org/x/image from 0.13.0 to 0.14.0 e536d46 @​dependabot[bot]
• deps: Update github.com/tdewolff/minify/v2 v2.20.7 => v2.20.8 bfc325f @​jmooring #​5748
• build(deps): bump github.com/spf13/afero from 1.10.0 to 1.11.0 36a60f6 @​dependabot[bot]
• build(deps): bump github.com/evanw/esbuild from 0.19.7 to 0.19.8 de2fcc5 @​dependabot[bot]
• build(deps): bump google.golang.org/api from 0.151.0 to 0.152.0 9ca889b @​dependabot[bot]
• deps: Upgrade to libwebp 1.3.2 4fb40ee @​bep #​11746
• build(deps): bump github.com/aws/aws-sdk-go from 1.48.4 to 1.48.6 bc93a36 @​dependabot[bot]
• build(deps): bump golang.org/x/tools from 0.15.0 to 0.16.0 3e5bc6f @​dependabot[bot]
• build(deps): bump github.com/getkin/kin-openapi from 0.120.0 to 0.121.0 7c47036 @​dependabot[bot]
• build(deps): bump github.com/bep/logg from 0.3.0 to 0.4.0 4d07e1f @​dependabot[bot]
• deps: Upgrade to github.com/bep/simplecobra v0.4.0 1c41232 @​bep
• build(deps): bump github.com/aws/aws-sdk-go from 1.48.2 to 1.48.4 f11ca0f @​dependabot[bot]
• build(deps): bump golang.org/x/tools from 0.14.0 to 0.15.0 d7a2f3f @​dependabot[bot]
• build(deps): bump github.com/gorilla/websocket from 1.5.0 to 1.5.1 ef12d16 @​dependabot[bot]
• build(deps): bump github.com/fatih/color from 1.15.0 to 1.16.0 a62bbfa @​dependabot[bot]
• build(deps): bump golang.org/x/net from 0.17.0 to 0.18.0 5887230 @​dependabot[bot]
• build(deps): bump github.com/evanw/esbuild from 0.19.5 to 0.19.7 a4a66b8 @​dependabot[bot]
• build(deps): bump github.com/alecthomas/chroma/v2 from 2.10.0 to 2.11.1 813390b @​dependabot[bot]
• build(deps): bump github.com/tdewolff/minify/v2 from 2.20.5 to 2.20.7 d528bbd @​dependabot[bot]
• build(deps): bump google.golang.org/api from 0.138.0 to 0.151.0 af7f6c8 @​dependabot[bot]
• build(deps): bump github.com/aws/aws-sdk-go from 1.45.14 to 1.48.2 (#​11724) e70849e @​dependabot[bot] #​11723

Documentation

• docs: Regen docshelper 255e0a9 @​bep
• docs: Adjust last merge from docs repository 6580cd3 @​jmooring
• docs: Regen docs helper 7617de8 @​bep

v0.120.4

Compare Source

The only change in this release is that the release binaries are compiled with Go 1.21.4 which comes with a security fix for Windows that may be relevant for Hugo. See:

• https://github.com/golang/go/issues?q=milestone%3AGo1.21.4+label%3ACherryPickApproved
• Especially golang/go#63715

What's Changed

• Upgrade to go 1.21.4 9315a2d @​bep #​11685

v0.120.3

Compare Source

What's Changed

• tpl/tplimpl: Fix deprecation logic in embedded templates cb98e90 @​jmooring #​11658
• Remove some old and unused deprecation code 5fa97ee @​bep
• Add a field prefix to the deprecated log statements 4d38f47 @​bep
• Avoid double printing INFO deprecation messages 80f793c @​bep #​11645
• build(deps): bump github.com/tdewolff/parse/v2 from 2.7.1 to 2.7.3 a9079d7 @​dependabot[bot]
• build(deps): bump github.com/tdewolff/minify/v2 from 2.20.1 to 2.20.5 4914b7f @​dependabot[bot]

v0.120.2

Compare Source

What's Changed

• Fix deprecation printing on info level ab21433 @​bep #​11638
• tpl/tplimpl: Fix deprecation logic in RSS template 23fcfb7 @​jmooring #​11639

v0.120.1

Compare Source

What's Changed

• deps: Update github.com/tdewolff/minify/v2 v2.20.0 => v2.20.1 2bedcf3 @​jmooring #​11633

v0.120.0

Compare Source

This is a full dependency refresh and a couple of new cool features:

A new Padding image filter, and a new debug.Timer template func. The new debug.Timer is useful for finding performance bottle necks in templates:

{{ $timer := debug.Timer "slowTemplate" }}
// ...
{{ $timer.Stop }}

If you then run hugo --logLevel info you should see timer info logged at the end of the build. You can have as many timers as you want and if you don't stop them, they will be stopped at the end of build.

Hugo now also builds release binaries for Solaris now that a long-living issue in the upstream ƒsnotify library has been fixed, thanks to @​nshalman.

Notes

• The enableEmoji flag now only works for Markdown content. This is unfortunate, but the old solution has some known issues and it was too hard to make it work properly as a general thing across all formats. See #​11598
• site.DisqusShortname is deprecated 2eca1b3
• site.GoogleAnalytics is deprecated a692278
• site.Author is deprecated d4016dd
• site.Social is deprecated 4910312

Also, we have changed the string type for some of the fields and methods:

• .Fragments.ToHTML now returns template.HTML
• $resource.Data.Integrity now returns a string and not a template.HTMLAttr
• delimit now returns a string and not a template.HTML See #​10876 #​11502.
• the URL functions now returns a string, see #​11536
• The paginator Pager now returns a string.
• site.BaseURL now returns a string.

The above should both solve some issues and make the above types more useful and easer to reason about. But if you use the delimit function to process HTML and see some unexpected escaping after this release, e.g.:

{{ $s := slice "<i>foo</i>" }}
{{ delimit $s "," }}

Then you need to mark the type with safeHTML:

{{ $s := slice "<i>foo</i>" }}
{{ delimit $s "," | safeHTML }}

Bug fixes

• create/skeletons: Fix menu template acf01bf @​jmooring #​11519
• Fix so hugo get -u updates transitively de4e466 @​razonyang
• tpl/tplimpl: Fix dropped error 6251626 @​alrs
• tpl/collections: Fix and deprecate echoParams 75f56b4 @​jmooring #​11498

Improvements

• Add Solaris build 7f8ab74 @​bep #​3500
• Make site.BaseURL and $pager.URL a string b6a7568 @​bep
• commands/new: Remove format flag from new content cmd 27b22cd @​jmooring #​11462
• hugolib: Display correct markup identifier in error message a2488b1 @​jmooring #​11538
• livereloadinject: Save some allocations 8f60c0c @​bep
• livereloadinject: Use more robust injection method 9dc6080 @​DominoPivot
• tpl/urls: Return strings from URL functions a349aaf @​jmooring #​11511
• transform/livereloadinject: Add benchmark b8fbd4a @​bep
• Revert "modules: Throttle the "downloading modules …" log entries" 28d8446 @​bep
• Revert "modules: Adjust the log throttle logic a little" eb5fd31 @​bep
• resources/images: Create padding image filter 3ed28e4 @​jmooring #​11599
• markup/goldmark: Update the CJK extension to allow specifying line break styles db14238 @​henry0312
• modules: Adjust the log throttle logic a little 3f64b5a @​bep
• modules: Throttle the "downloading modules …" log entries 6690409 @​bep
• tpl/collections: Make delimit return a string e54139c @​bep #​10876 #​11502
• Revise the deprecation logging 71fd79a @​bep
• Remove rest of the now unused emoji code c4a530f @​bep #​11598
• markdown: Pass emoji codes to yuin/goldmark-emoji 272484f @​jmooring #​7332 #​11587 #​11598
• watcher/filenotify: Remove redundant duplicated comments c23a0c4 @​alexandear
• tpl/debug: Add average and median to timer output 46bdc03 @​bep
• tpl/debug: Add debug.Timer 5160c7e @​bep #​11580
• Add some convenient integration test helpers fd38171 @​bep
• hugolib: Deprecate .Site.DisqusShortname 2eca1b3 @​jmooring
• hugolib: Deprecate .Site.GoogleAnalytics a692278 @​jmooring
• tpl/tplimpl: Deprecate .Site.Author usage in RSS template d4016dd @​jmooring
• tpl/tplimpl: Deprecate .Site.Social usage with internal templates 4910312 @​jmooring
• markup/tableofcontents: Return template.HTML from .Fragments.ToHTML 1b5f78b @​jmooring #​11545
• commands: Update message displayed when running CLI from GUI 5993afa @​jmooring #​11525
• common/hugo: Add hugo.IsServer and hugo.IsDevelopment d1b4458 @​jmooring #​11510
• all: Format files with gofmt 274852b @​alexandear
• magefile: Update isGoLatest to check for Go 1.21 37a2d5e @​abdullah-alaadine
• resources/integrity: Return string instead of template.HTMLAttr 4c95389 @​jmooring #​11513
• tpl/lang: Formally deprecate lang.NumFmt 46da0b7 @​jmooring

Dependency Updates

• build(deps): bump github.com/fsnotify/fsnotify from 1.6.0 to 1.7.0 59bcc09 @​dependabot[bot]
• build(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0 e26ba75 @​dependabot[bot]
• build(deps): bump github.com/alecthomas/chroma/v2 from 2.9.1 to 2.10.0 bcf07fa @​dependabot[bot]
• build(deps): bump golang.org/x/tools from 0.13.0 to 0.14.0 e2b2092 @​dependabot[bot]
• build(deps): bump github.com/tdewolff/minify/v2 from 2.12.9 to 2.20.0 f4df7b8 @​dependabot[bot]
• build(deps): bump github.com/mattn/go-isatty from 0.0.19 to 0.0.20 3d9bd40 @​dependabot[bot]
• build(deps): bump golang.org/x/image from 0.12.0 to 0.13.0 5f5e55a @​dependabot[bot]
• build(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 8c61fd2 @​dependabot[bot]
• build(deps): bump github.com/evanw/esbuild from 0.19.3 to 0.19.5 d3145e4 @​dependabot[bot]
• build(deps): bump github.com/spf13/afero from 1.9.5 to 1.10.0 743a1da @​dependabot[bot]
• build(deps): bump github.com/bep/logg from 0.2.0 to 0.3.0 123901b @​dependabot[bot]
• deps: Update github.com/tdewolff/minify/v2 v2.12.7 => v2.12.9 d5d0f42 @​jmooring #​11533

Documentation

• docs: Regen docshelper 29b6e13 @​bep
• docs: Regenerate docshelper d3d4ab4 @​bep
• Update README.md 3af8bde @​bep

v0.119.0

Compare Source

This version is built with Go 1.21.1 which contains some relevant security fixes for the html/template package, see Issue 62196 and Issue 62197. This is the main reason Hugo 0.119.0 is released sooner rather than later. But this release also comes with a dependency refresh and some useful image processing improvements:

• A new general-purpose Process method and filter.
• A new Opacity filter.

Process support all of the existing scaling operations, but it can also be used do simple format conversions (e.g. from JPG to PNG). A before/after example:

{{ $watermark := resources.Get "logo.jpg" | images.Filter  
       (images.GaussianBlur 6) 
       (images.Opacity 0.5) 
}}
{{ $watermark = $watermark.Resize (printf "%dx%d png" $watermark.Width $watermark.Height )

There are some issues with the above:

1. The source image does not support transparency, so the transparency pixels will be filled with the configured background colour.
2. The image will be decoded and encoded twice with a potential loss in quality.
3. It's clumsy.

With Hugo 0.119.0 the above can be written as:

{{ $watermark := resources.Get "logo.jpg" | images.Filter  
       (images.GaussianBlur 6) 
       (images.Opacity 0.5) 
       (images.Process "png") 
}}

Bug fixes

• Fix tests for Go 1.21.1 79a17d9 @​bep #​11450
• Fix recently broken benchmark 18ce854 @​bep

Improvements

• common: Remove unused constants 6b65b2f @​alexandear
• Add images.Process filter 6a246d1 @​bep #​8439
• Add $image.Process ef0e714 @​bep #​11483
• google_analytics_async.html: Add deprecation warning c32094a @​carlmjohnson
• Add images.Opacity filter f9b3c0f @​bep #​11471
• Upgrade to Go 1.21.1 1e9b87f @​bep #​11474 #​11414
• create/skeletons: Improve viewport meta tag f916315 @​jmooring
• commands/gen: Remove default highlight style 75c0f88 @​jmooring #​11445
• Adjust baseline benchmarks 69f5bad @​bep
• commands: Print language code after web server address info 525bed9 @​ilmari-lauhakangas

Dependency Updates

• build(deps): bump golang.org/x/tools from 0.12.0 to 0.13.0 a262fd4 @​dependabot[bot]
• build(deps): bump github.com/alecthomas/chroma/v2 from 2.8.0 to 2.9.1 f0d3245 @​dependabot[bot]
• build(deps): bump github.com/evanw/esbuild from 0.19.2 to 0.19.3 e8bc8e6 @​dependabot[bot]
• build(deps): bump github.com/aws/aws-sdk-go from 1.44.314 to 1.45.14 11fcda9 @​dependabot[bot]
• build(deps): bump github.com/getkin/kin-openapi from 0.118.0 to 0.120.0 f31375d @​dependabot[bot]
• build(deps): bump golang.org/x/image from 0.11.0 to 0.12.0 6415b59 @​dependabot[bot]

Documentation

• docs: Even more about images.Process a9d19db @​bep
• docs: More about images.Process 12d7131 @​bep
• docs: Regen docshelper 1768684 @​bep
• commands: Update CLI docs with the important -u flag in hugo mod get 275c0ac @​bep

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.