chore(deps): update dependency gohugoio/hugo to v0.125.5

[renovate]

This PR contains the following updates:

Package	Update	Change
gohugoio/hugo	minor	v0.124.1 -> v0.125.5

---

Release Notes

gohugoio/hugo (gohugoio/hugo)

v0.125.5

Compare Source

What's Changed

• Fix rebuilds on cascade deletes/renames 7be7f89 @​bep #​12449
• commands: Print "Webserver is ..." right before "Total ..." c8e400b @​bep #​12384
• Make sure replaced pages gets marked as stale 9dd6870 @​bep #​12436

v0.125.4

Compare Source

What Changed

• Fix rebuilds when running hugo -w 7203a95 @​bep #​12296
• tpl/tplimpl: Fix double-escaping in opengraph template fb51b69 @​jmooring #​12418
• commands: Clarify that create or install a theme are two options fe84cc2 @​Habbie
• config: Setups with only one active language can never be multihost babcb33 @​bep #​12288
• Use Apache License without modification 6b86797 @​bep #​12415
• build(deps): bump github.com/tdewolff/minify/v2 from 2.20.19 to 2.20.20 fb08439 @​dependabot[bot]

v0.125.3

Compare Source

This release fixes a security issue reported by @​ejona86 (see #​12411) that could allow XSS injection from Markdown content files if one of the internal link or image render hook templates added in Hugo 0.123.0 are enabled. You typically control and trust the content files, but according to Hugo's security model, we state that "template and configuration authors (you) are trusted, but the data you send in is not."

• markup/goldmark: Fix data race in the hugocontext wrapper 509ab08 @​bep
• tpl: Escape .Title in built-in image and link render hooks 15a4b9b @​bep
• tpl/tplimpl: Improve embedded templates 10a8448 @​jmooring #​12396
• SECURITY.md: Update link to security model 722c486 @​ejona86
• modules: Fix potential infinite loop in module collection f40f50e @​bep #​12407

v0.125.2

Compare Source

What's Changed

• Only add root sections to the section pages menu 06d2489 @​bep #​12399
• Fix partial rebuilds for SCSS fetched with GetMatch and similar Fixes #​12395 004b694 @​bep
• commands: Add gen chromastyles --lineNumbersTableStyle flag da6112f @​jmooring #​12393
• resources/images: Fix TestColorLuminance on s390x faf9fed @​bep
• commands: Provide examples for chromastyles flags 11aa893 @​jmooring #​12387

v0.125.1

Compare Source

What's Changed

• tpl: Use erroridf for remote YouTube errors 0c188fd @​bep #​12383
• build: Fix `GLIBC_2.29' not found issue bbc6888 @​bep #​12381

v0.125.0

Compare Source

Some of the notable new features in this release:

• strings.Diff template func.
• .PageInner in render hooks to get the inner page when using .RenderShortcode in a shortcode, typically used to resolve links and page resources relative to an included Page.
• Add Luminance to $image.Color, allowing for sorting by relative luminance. e197c7b @​bep #​10450

This release is built with Go 1.22.2 (#​12351) which comes with a fix for security issue CVE-2023-45288. We don't see how that could be exploited in Hugo, but we do appreciate that people want a clean security report.

Bug fixes

• Fix server rebuilds when adding a content file on Linux fa60a2f @​bep #​12362
• helpers: Fix TrimShortHTML when used with AsciiDoc content 6049ba9 @​jmooring #​12369
• github: Fix CI build 9323376 @​bep
• all: Fix duplicate words in comments bf0b140 @​grimreaper
• all: Typo fixes 17765a7 @​coliff
• hugolib: Fix regression for blank summaries 2664052 @​curegit
• Fix sectionPagesMenu for pages in root level 488b21d @​bep #​12306
• Fix resource bundling for overlapping page.md vs page.txt 983b8d5 @​bep #​12320
• Fix panic with debug.Dump with Page when running the server 38e05bd @​bep #​12309
• resources/page: Fix GoDoc comment 27414d4 @​availhang

Improvements

• Add Luminance to Color e197c7b @​bep #​10450
• Pass .RenderShortcodes' Page to render hooks as .PageInner df11327 @​bep #​12356
• github: Add a "free space" step on Ubuntu 8e50ccf @​bep
• helpers: Add BenchmarkTrimShortHTML bfc3122 @​bep
• github: Update actions 00ae8e8 @​bep
• github: Format GitHub actions files e423e56 @​bep
• hugolib: Display server address after each rebuild 09eb822 @​jmooring #​12359
• resources/page: Add taxonomies Page method a6e8439 @​jmooring #​12316
• commands: Adjust completions 38f68cd @​bep
• completion: Improve existing argument completions, add many more a67650b @​scop
• Upgrade to Go 1.22.2 2a060b3 @​bep #​12351
• babel: Run go fmt 92de862 @​bep
• babel: Close file before removing 7907935 @​testwill
• bump golang.org/x/mod from 0.16.0 to 0.17.0 02d5ec1 @​dependabot[bot]
• resources/page: Escape hash sign in permalinks 4500b0e @​sorenisanerd #​4926 #​8232 #​12342
• tpl/strings: Improve type checking 7bf1abf @​jmooring
• tpl/tplimpl: Improve youtube shortcode 8a0ea12 @​jmooring #​3694 #​9213 #​10520 #​10575 #​10576
• errors: Return error from cast.ToStringE() consistently 6f07e59 @​seiyab
• tpl/tplimpl: Improve embedded opengraph template 2da4ec5 @​jmooring #​8296 #​8698 #​8991 #​9818 #​9866 #​10647
• tpl/strings: Create strings.Diff template function 6624979 @​jmooring #​12330
• tpl/tplimpl: Optionally exclude content from sitemap 6738a3e @​jmooring #​653 #​12282
• tpl/tplimpl: Remove trailing slash from void elements 2f7df4b @​jmooring #​11867
• tpl/tplimpl: Update RSS template f0a26cf @​jmooring #​3918 #​11692
• tpl/tplimpl: Update schema template 74ce5dc @​jmooring #​7570
• resources: Use different cache key when copying resources 54a8f0c @​jmooring #​10412 #​12310
• tpl/tplimpl: Update Google Analytics template and config ebfca61 @​jmooring #​11802 #​10093
• hugolib: Conditionally suppress .Site.Author deprecation notice e191774 @​jmooring #​12297

Dependency Updates

• build(deps): bump github.com/pelletier/go-toml/v2 from 2.2.0 to 2.2.1 fe63de3 @​dependabot[bot]
• build(deps): bump google.golang.org/protobuf from 1.31.0 to 1.33.0 a18e2bc @​dependabot[bot]
• build(deps): bump golang.org/x/tools from 0.19.0 to 0.20.0 97df6be @​dependabot[bot]
• build(deps): bump golang.org/x/net from 0.23.0 to 0.24.0 e9b8bec @​dependabot[bot]
• build(deps): bump github.com/getkin/kin-openapi from 0.123.0 to 0.124.0 888cc1e @​dependabot[bot]
• build(deps): bump github.com/pelletier/go-toml/v2 from 2.1.1 to 2.2.0 060cce0 @​dependabot[bot]
• build(deps): bump github.com/yuin/goldmark from 1.7.0 to 1.7.1 5608ba1 @​dependabot[bot]
• build(deps): bump github.com/aws/aws-sdk-go-v2/service/cloudfront 2fedca6 @​dependabot[bot]
• build(deps): bump golang.org/x/net from 0.22.0 to 0.23.0 07873b7 @​dependabot[bot]

Documentation

• docs: Regen docshelper df9f2fb @​bep
• hugolib: Add an asciidoc rebuild test case 74e9129 @​bep #​12375
• markup/asciidocext: Add Level to Heading struct c837f36 @​jmooring #​12291

---

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[etsauer]

lgtm