Hugo

The work title for the `v0.123.0` release has been "the million pages release", introducing a new memory limit that allows for a streaming build, shifting large objects out of memory when not in use. This release is also a rewrite of the Hugo core, fixing lots of long-lived bugs and adding some other exciting improvements (see below). There are some [breaking changes](https://github.com/gohugoio/hugo/issues/11455) that have been announced for a long time. Most sites will not be affected by this, but we recommend that you test your site with the new Hugo version before you set it up to build to production. Many people have contributed to this release, but a special shoutout goes to bep and jmooring, but also to TiGR and McShelby for their help testing and reporting bugs.

A list of notable new features:

* You can now set a upper memory limit (default 25% of system memory) via the OS environment variable `HUGO_MEMORYLIMIT` (in gigabytes) allowing for much larger data/page sets and/or running on lower specced PCs. This is backed by a partitioned LRU cache used throughout Hugo. A cache that gets dynamically resized in low memory situations, allowing [Go's Garbage Collector](https://tip.golang.org/doc/gc-guide) to free the memory. Note that for regular sized Hugo sites, the performance should be about the same as before.
* New dependency tracker for partial server rebuilds. This quickly calculates the delta given a changed resource (e.g. a content file, template, JS file etc.) and supports transitive relations.
* A new document store. Previously, a little simplified, we split the document store (where we store pages and resources) in a tree per language. This worked pretty well, but the structure made some operations harder than they needed to be. We have now restructured it into one Radix tree for all languages. Internally the language is considered to be a dimension of that tree, and the tree can be viewed in all dimensions concurrently. This makes some operations re. language simpler (e.g. finding translations is just a slice range), but the idea is that it should also be relatively inexpensive to add more dimensions if needed (e.g. [role](https://github.com/gohugoio/hugo/issues/5139)). With this we also introduce a new [logical page Path](https://gohugo.io/methods/page/path/) which we will used going forward to support other content data sources.
* Add warnidf template function, see [docs](https://gohugo.io/functions/fmt/warnidf/)
* Add the `[params]` concept to front matter, see [docs](https://gohugo.io/content-management/front-matter/#params)
* Add images.Dither filter, see [docs](https://gohugo.io/functions/images/dither/)

Bug fixes

* Fix handling of build options for term pages 5ada27bf6 bep 12058
* Fix sample logic when adding content files in server afe5b6d7d bep 12054
* all: Fix typos and some URLs 168d37578 coliff
* Fix handling of draft term pages fc6aabe93 bep 12055
* commands: Fix --clock with the list command 4835f9e89 bep 11888
* Fix server panic on i18n file change 9679443c1 bep 12048
* Fix rebuild regression on non-default content language edits 68f67c9ae bep 12043
* Fix i18n rebuild regression f1491c900 bep 12039
* Fix rebuild with resources.Concat 639073e4f bep 12017
* all: Fix typos 0672b5c76 coliff
* resources/page: Fix typo e309f82ef rosano
* Fix taxonomy term with backing file regression caba6ba6e bep 12020
* Fix rebuild of changed bundled content files a65622a13 bep 12000
* Fix site.Taxonomies for taxonomies with space in name 146aedd7a bep 12001
* Misc resource fixes/improvements 287332489 bep 11974
* Fix disabled languages regression 4174a7866 bep 11959
* tpl/data: Fix GetCSV deprecation message 5dd06b413 jmooring
* Fix failing test on Windows d8f0e3071 bep
* deploy: Fix CloudFront invalidation with AWS SDK2 d8c273417 bep
* Fix build error 34d63c8d1 bep
* Fix recent regression .Resources.Get for resources with spaces in filename 80595bbe3 bep 11944
* hugofs/glob: Fix dropped test error ec22bb31a alrs

Improvements

* Handle rebuilds when resources passed to transform.Unmarshal etc. changes 5dbc29dc6 bep 12065
* Don't use the same value in .Data.Term.Title as in .Title 5bdda0bdb bep 12041
* Let standard library handle charset parameter to MIME types 43ea2cd66 datosh 10734
* Add images.Dither filter 21d9057db jmooring 8598
* markup/goldmark: Improve TOC tests f4575e5f2 jmooring
* Move the duplicate page/resource filter 0851c175a bep 12013
* Upgrade to Go 1.22 9571246bc bep 12010
* Avoid impporting deploy from config when nodeploy tag is set 0257eb50a bep 12009
* commands: Remove unused memstats flag bd0200da6 bep
* source: Remove unused Filesystem struct a80c3021b bep
* Filter dot files etc. in i18n 9df7b295b bep 11993
* commands: Revert the recent changes that allowed profiling on server rebuilds c37bf19c8 bep
* Handle resource changes when the resources is already evicted from cache 609d798e3 bep 11988 11973 11988
* all: Rename Unmormalized => Unnormalized 53f204310 bep
* hugolib: Formally deprecate .Page.NextPage .Page.PrevPage 7f8246140 jmooring
* hugio: Rename strigReadSeeker => stringReadSeeker b72f90972 bep
* resources/page: Formally deprecate .Site.LastChange 3a665ddbf jmooring
* Preserve file/dir name case when loading data 46575baa0 bep 11979
* Detect now invalid path patterns in cascade 058f230a1 bep 11977
* Handle build vs _build in front matter a66480f70 bep 11970
* resources: Optimize reading resource Content when it's already a string e33a63255 bep
* tpl/tplimpl: Update embedded instagram, twitter, and vimeo shortcodes d0788b96a jmooring 11971
* Add some more context to error 034fbef50 bep 11970
* Improve nilpointer error message 8d42a7942 bep
* hugolib: Adjust a test case f5ec75db3 bep
* hugolib: Revert deprecation of .Page.Lang 6cb3bda3d jmooring
* all: Deprecate .Page.Lang and .Page.File.Lang 963cecc12 jmooring
* config/security: Add SYSTEMDRIVE to OsEnv allowlist b6def6172 jmooring
* hugolib: Add some more details to the "paginator not supported" error 1891d5e6b bep 11949
* Run go mod tidy 156f08de3 bep
* Upgrade to deploy to use AWS SDK V2 a1c64989d frankywahl
* Improve error message when attempting to paginate from a single page template 6c3b6ba3e bep 11953
* Filter out duplicate content resource files bd66d3029 bep 11946
* output: Prevent setting Name directly in new output formats 309d61b22 bep 11947
* Create default link and image render hooks 5b7cb258e bep 11933
* Emit a warning that can be turned off when overwriting built-in .Params values afee781f0 bep 11941
* Add warnidf template function 4e84f57ef bep 9189
* Add path, kind and lang to content front matter f31a6db79 bep 11544
* all: Run gofumpt -l -w . a795acbcd bep
* testing: Simplify some integration tests 982d9513e bep
* Add the [params] concept to front matter 6dedb4efc bep 11055
* tpl/data: Deprecate data.GetJSON and data.GetCSV 292626e67 bep
* modules: Print required Hugo version for incompatible modules 60d954c78 razonyang
* hugolib: Remove unused test image 63e0a9289 bep
* navigation: Improve menu cache ce7daa615 Kandulanaveennaidu
* testing: Rename integration_test.go to PACKAGE_integration_test.go 2a0329423 bep
* Port some integration tests to new test setup 50dc327d1 bep
* all: Rework page store, add a dynacache, improve partial rebuilds, and some general spring cleaning 7285e7409 bep 11455 11455 11549 10169 10364 10482 10630 10656 10694 10918 11262 11439 11453 11457 11466 11540 11551 11556 11654 11661 11663 11664 11669 11671 11807 11808 11809 11815 11840 11853 11860 11883 11904 7388 7425 7436 7544 7882 7960 8255 8307 8863 8927 9192 9324

Dependency Updates

* build(deps): bump github.com/tdewolff/minify/v2 from 2.20.16 to 2.20.17 f54ba6f9e dependabot[bot]
* build(deps): bump github.com/evanw/esbuild from 0.20.0 to 0.20.1 4019b177e dependabot[bot]
* build(deps): bump golang.org/x/tools from 0.17.0 to 0.18.0 4a53fd56b dependabot[bot]
* build(deps): bump golang.org/x/net from 0.20.0 to 0.21.0 2d1681d91 dependabot[bot]
* build(deps): bump golang.org/x/mod from 0.14.0 to 0.15.0 301bafabe dependabot[bot]
* build(deps): bump github.com/yuin/goldmark from 1.6.0 to 1.7.0 58d7f8339 dependabot[bot]
* build(deps): bump github.com/getkin/kin-openapi from 0.122.0 to 0.123.0 54ad51e8a dependabot[bot]
* build(deps): bump github.com/tdewolff/minify/v2 from 2.20.13 to 2.20.16 bd1bcc0f9 dependabot[bot]
* build(deps): bump github.com/evanw/esbuild from 0.19.12 to 0.20.0 b332f243f dependabot[bot]
* deps: Update gocloud.dev/aws d8e1e8218 bep
* build(deps): bump github.com/aws/aws-sdk-go from 1.48.6 to 1.50.7 4d98b0ed6 dependabot[bot]
* build(deps): bump golang.org/x/image from 0.14.0 to 0.15.0 15b9976b7 dependabot[bot]

Documentation

* docs: Regen docshelper 60b176cb5 bep
* docs: Regen CLI docs 068ccde4c bep
* docs: Regenerate docshelper 7cb447ab8 bep
* docs: Make null booleans falsy in the docs helper 51615440b bep
* docs: Regen docs helper 7caa5b3e5 bep
* docs: Prepare for new sub tree fc7de7136 bep 11925

Build Setup

* markup/goldmark: Update TOC test 6f59d96bb jmooring

The big new thing in Hugo 0.122.0 is [ LaTeX or TeX typsetting](https://gohugo.io/content-management/mathematics/) directly from Markdown using standard syntax. Thanks to j2kun and jmooring for making this happen.

Bug fixes

* tpl/tplimpl: Fix incorrect lastBuildDate 87bf2b968 tastapod 11600
* tpl: fix incorrect lastBuildDate f281ef8a4 tastapod 11600

Improvements

* markup/goldmark: Support passthrough extension d0d2c6795 j2kun 10894
* parser/metadecoders: Accumulate org keywords into arrays 46f618756 augustfengd 11743
* Upgrade to Go 1.21.6 a541e3b4d bep 11892
* parser/metadecoders: Add CSV lazyQuotes option to transform.Unmarshal 912c6576b jmooring 11884

Dependency Updates

* build(deps): bump golang.org/x/tools from 0.16.0 to 0.17.0 e0021f496 dependabot[bot]
* build(deps): bump github.com/rogpeppe/go-internal from 1.11.0 to 1.12.0 d25902c0d dependabot[bot]
* build(deps): bump github.com/pelletier/go-toml/v2 from 2.1.0 to 2.1.1 2dd608378 dependabot[bot]
* build(deps): bump github.com/evanw/esbuild from 0.19.8 to 0.19.12 45f52be7f dependabot[bot]
* deps: Update github.com/tdewolff/minify/v2 v2.20.9 => v2.20.13 891534307 jtatum

Documentation

* docs: Regen docshelper 50042ee1f bep
* README: Update minimum Go version to 1.20 911bc60a7 jmooring

The main motivation behind this release is a security fix in the upstream [golang.org/x/crypto](https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d) library. We don't see how that CVE could be exploited via Hugo, but we do appreciate that many want to have a clean security report.

There's also some new features in this release:

* [AutoOrient image filter](https://gohugo.io/functions/images/autoorient/)
* [math.Rand](https://gohugo.io/functions/math/rand/)

What's Changed

* build(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 1ccd3147a dependabot[bot]
* tpl/math: Add math.Rand template function e40b9fbbc jmooring 11833
* resources/images: Create AutoOrient image filter 648d00c7d jmooring 11717
* all: Remove unused code 8adba648c bep

The only change in this release is that the release binaries are compiled with [Go 1.21.5](https://github.com/golang/go/issues?q=milestone%3AGo1.21.5+label%3ACherryPickApproved) which contains some [security fixes](https://groups.google.com/g/golang-announce/c/iLGK3x6yuNo) that are relevant for Hugo.

* Upgrade to Go 1.21.5 eb9f1eb65 bep 11786

There are some minor new features in this release, but it's mostly a release with bug fixes and dependency updates. One notable dependency update is [libweb v1.3.2](https://github.com/webmproject/libwebp/releases/tag/v1.3.2) which comes with a security fix for the Webp _decoder_ (chromium: #1479274, CVE-2023-4863). Hugo only uses the encoder (we use Go's native Webp decoder) so we're not affected by this, but we have been contacted by some corporate Hugo users who's eager to have a clean security report.

Notes

* [kin-openapi v0.122.0](https://github.com/getkin/kin-openapi#v01220) has some minor breaking API changes which, from Hugo's side of it, can be adapted by using the new `.Map` accessors if you get an error.

Bug fixes and enhancements

* github: Fix CI build on Windows 6d4b01241 bep
* Fix handling of dropped error in test 26a8ec207 alrs
* resources/resource: Fix GroupByParamDate with raw TOML dates dd6cd6268 jmooring 11563
* helpers: Fix TrimShortHTML used by markdownify and RenderString 0bde6931a jmooring 11698
* Pull in the latest code from Go's template packages (11771) 9f978d387 bep 10707 11507
* tpl: Allow using page resources on the images page parameter for `opengraph`, `schema` and `twitter_cards` templates 14d85ec13 razonyang
* hugolib: Apply titleCaseStyle to automatic section pages 171836cdf jmooring 11547
* tpl/urls: Retain query and fragment with absURL and absLangURL 9ea7103db jmooring 11772
* markup: Add Level to Heading struct 3fc42da3d jmooring 10776
* tpl/fmt: Print suppression help with erroridf d24da1712 jmooring 11506
* tpl/transform: Display Chroma highlighting errors 4583b4130 jmooring 9642
* common/para: Skip flaky test on CI e2a624dd6 bep
* watcher: Skip flaky test for now 30a18e882 bep
* tpl/transform: Add transform.XMLEscape template function b4c5df42f jmooring 3268
* tpl/tplimpl: Remove superfluous type attr on script elements 8d32ca223 jmooring 6379
* common/para: Skip flaky tests on Windows 27620daa2 bep
* navigation: Unexport menu entry methods 80d2fdbaa jmooring 11670
* markup/goldmark: Sync image render hook code with Goldmark 805cc1773 jmooring 11681

Dependency Updates

* build(deps): bump github.com/alecthomas/chroma/v2 from 2.11.1 to 2.12.0 558f3258a dependabot[bot]
* build(deps): bump github.com/tdewolff/minify/v2 from 2.20.8 to 2.20.9 507f4e356 dependabot[bot]
* build(deps): bump github.com/spf13/cast from 1.5.1 to 1.6.0 a7e721e02 dependabot[bot]
* build(deps): bump github.com/getkin/kin-openapi from 0.121.0 to 0.122.0 2627b91d3 dependabot[bot]
* build(deps): bump golang.org/x/image from 0.13.0 to 0.14.0 e536d461a dependabot[bot]
* deps: Update github.com/tdewolff/minify/v2 v2.20.7 => v2.20.8 bfc325f56 jmooring 5748
* build(deps): bump github.com/spf13/afero from 1.10.0 to 1.11.0 36a60f65d dependabot[bot]
* build(deps): bump github.com/evanw/esbuild from 0.19.7 to 0.19.8 de2fcc5e1 dependabot[bot]
* build(deps): bump google.golang.org/api from 0.151.0 to 0.152.0 9ca889ba4 dependabot[bot]
* deps: Upgrade to libwebp 1.3.2 4fb40ee87 bep 11746
* build(deps): bump github.com/aws/aws-sdk-go from 1.48.4 to 1.48.6 bc93a3613 dependabot[bot]
* build(deps): bump golang.org/x/tools from 0.15.0 to 0.16.0 3e5bc6f3b dependabot[bot]
* build(deps): bump github.com/getkin/kin-openapi from 0.120.0 to 0.121.0 7c47036f1 dependabot[bot]
* build(deps): bump github.com/bep/logg from 0.3.0 to 0.4.0 4d07e1fe8 dependabot[bot]
* deps: Upgrade to github.com/bep/simplecobra v0.4.0 1c41232e6 bep
* build(deps): bump github.com/aws/aws-sdk-go from 1.48.2 to 1.48.4 f11ca0fad dependabot[bot]
* build(deps): bump golang.org/x/tools from 0.14.0 to 0.15.0 d7a2f3f98 dependabot[bot]
* build(deps): bump github.com/gorilla/websocket from 1.5.0 to 1.5.1 ef12d169c dependabot[bot]
* build(deps): bump github.com/fatih/color from 1.15.0 to 1.16.0 a62bbfa9e dependabot[bot]
* build(deps): bump golang.org/x/net from 0.17.0 to 0.18.0 5887230b7 dependabot[bot]
* build(deps): bump github.com/evanw/esbuild from 0.19.5 to 0.19.7 a4a66b821 dependabot[bot]
* build(deps): bump github.com/alecthomas/chroma/v2 from 2.10.0 to 2.11.1 813390b5a dependabot[bot]
* build(deps): bump github.com/tdewolff/minify/v2 from 2.20.5 to 2.20.7 d528bbd6d dependabot[bot]
* build(deps): bump google.golang.org/api from 0.138.0 to 0.151.0 af7f6c8b3 dependabot[bot]
* build(deps): bump github.com/aws/aws-sdk-go from 1.45.14 to 1.48.2 (11724) e70849ea7 dependabot[bot] 11723

Documentation

* docs: Regen docshelper 255e0a971 bep
* docs: Adjust last merge from docs repository 6580cd30a jmooring
* docs: Regen docs helper 7617de86c bep

The only change in this release is that the release binaries are compiled with Go 1.21.4 which comes with a security fix for Windows that may be relevant for Hugo. See:

* https://github.com/golang/go/issues?q=milestone%3AGo1.21.4+label%3ACherryPickApproved
* Especially golang/go63715

What's Changed

* Upgrade to go 1.21.4 9315a2d2c bep 11685