Hugo

Latest version: v0.139.2

Safety actively analyzes 682471 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 13 of 52

0.115.1

Bug fixes

* Fix buildStats when tags and classes are disabled ceb486f9 bep 11202
* commands: Fix index out of range in hugo mod get 0ff8e13c bep 11190

Improvements

* Rework the build.writeStats struct 5afc89f2 bep 11191
* github: Build for Dragonfly in CI build 19d76ae9 bep
* Make build.writeStats a struct 11ecea61 bep 11191
* Only print the path warnings once ffd37d4f bep 11187

Dependency Updates

* build(deps): bump github.com/evanw/esbuild from 0.18.10 to 0.18.11 da98724b dependabot[bot]
* build(deps): bump github.com/alecthomas/chroma/v2 from 2.7.0 to 2.8.0 4d470bb7 dependabot[bot]

Documentation

* docs: Regen docs helper c27639b9 bep
* Update README.md b4b65245 bep

Build Setup

* snap: Explicitly set security.exec.osenv during build c1eac616 jmooring 11199
* snap: Restore security.exec.osenv whitelist 3c8256a1 jmooring 11195

0.115.0

The notable new feature in this release is that you can now have permalink configuration also for section and taxonomy pages. Thanks to Mai-Lapyst for the implementation. See the [documentation](https://gohugo.io/content-management/urls/#permalinks) for more information.

Bug fixes

* commands: Fix panic when running hugo new theme without theme name 635cc346 deining 11162
* Fix output formats and media type per language config regression 79639c98 bep 11159
* common/collections: Fix append regression to allow appending nil b74b8d64 khayyamsaleem 11180
* commands: Fix help message for hugo new theme 793e38f5 deining 11161
* Fix false path warnings with resources.PostProcess fa0e16f4 bep 7735
* tpl/tplimpl: Fix typo in global variable name e3308a0b alexandear
* Fix broken nodeploy setup 5b4bfc2d bep 11149

Improvements

* Misc permalinks adjustments 7917961d bep 9448 11184 8523
* commands: Handle hugo mod get --help 80ecb958 bep 11141
* Print help message when triggered with no flags 12646750 roshanavand
* Don't panic on invalid security whitelist regexp 7f698c89 bep 11176
* Merge branch 'master' of github.com:gohugoio/hugo bac03f40 bep
* resources/page: Allow section and taxonomy pages to have a permalink configuration cc14c6a5 Mai-Lapyst 8523
* commands: Enable format flag with hugo new site 019299b0 jmooring 11155

Dependency Updates

* build(deps): bump github.com/evanw/esbuild from 0.18.5 to 0.18.10 9b313cec dependabot[bot]
* build(deps): bump github.com/niklasfasching/go-org from 1.6.6 to 1.7.0 92f55f11 dependabot[bot]

Documentation

* Update README.md 58e09cc6 jmooring
* docs: Update permalinks documentation 12e4c4d5 jmooring 8523 10847
* Update README.md 23ed087c bep

Build Setup

* Merge branch 'release-0.114.1' a018259b bep

0.114.1

Bug fixes

* Fix broken nodeploy setup 078226dd bep 11149
* commands: Make hugo env respect --logLevel b1016d2e bep 11145

Improvements

* commands: Update Jekyll post-import output 49336bfc brianknight10 10715

Dependency Updates

* Revert "build(deps): bump gocloud.dev from 0.24.0 to 0.30.0" ae31dbdd bep
* build(deps): bump gocloud.dev from 0.24.0 to 0.30.0 94181829 dependabot[bot]
* build(deps): bump github.com/evanw/esbuild from 0.18.4 to 0.18.5 5491e554 dependabot[bot]
* deps: Update github.com/tdewolff/minify/v2 v2.12.5 => v2.12.7 bf7af904 jmooring 11132

Build Setup

* snap: Switch from Embedded Dart Sass to Dart Sass (11146) 06d228aa jmooring

0.114.0

The main new thing in this release is that we now support both major versions of the Dart Sass Embedded protocol, which means that you now can use the regular [Dart Sass](https://github.com/sass/dart-sass/releases) binary. We measured the new protocol to be [faster with high concurrency](https://github.com/bep/godartsass/pull/17):


name old time/op new time/op delta
Transpiler/SCSS-10 114µs ± 0% 145µs ± 1% +26.40% (p=0.029 n=4+4)
Transpiler/Start_and_Execute-10 25.6ms ± 2% 26.0ms ± 3% ~ (p=0.486 n=4+4)
Transpiler/SCSS_Parallel-10 89.0µs ± 2% 44.4µs ± 3% -50.12% (p=0.029 n=4+4)

name old alloc/op new alloc/op delta
Transpiler/SCSS-10 1.33kB ± 1% 1.33kB ± 0% ~ (p=1.000 n=4+4)
Transpiler/Start_and_Execute-10 22.4kB ± 1% 22.4kB ± 1% ~ (p=0.886 n=4+4)
Transpiler/SCSS_Parallel-10 1.34kB ± 3% 1.33kB ± 1% ~ (p=1.000 n=4+4)

name old allocs/op new allocs/op delta
Transpiler/SCSS-10 18.0 ± 0% 18.0 ± 0% ~ (all equal)
Transpiler/Start_and_Execute-10 144 ± 1% 150 ± 0% +4.16% (p=0.029 n=4+4)
Transpiler/SCSS_Parallel-10 18.0 ± 0% 18.0 ± 0% ~ (all equal)


We have also moved to a new log library and added some new [math functions](https://gohugo.io/functions/math/) and also revised the existing set to work better with a mix of scalars and slices.

Notes

* We have removed the flags `--log`, `--verboseLog`, added the new flag `--logLevel` and deprecated `--verbose` and `--debug` See 11088
* This release contains a security fix in the upstream Go HTML template library disallowing JavaScript inside backticks by default. See https://github.com/golang/go/issues/59234 If you really need this and are sure this isn't a security risk in your case, you can revert to the old behaviour:

toml
[security]
[security.gotemplates]
allowActionJSTmpl = true


Bug fixes

* common/loggers: Drop the bold INFO etc. prefixes 6dfbd247 bep
* all: Fix some typos 68d9d3eb deining
* all: Fix typos in function names and comments 9009c8cd alexandear
* deploy: Fix deploy defaults for non-zero flag values (e.g. maxDeletes, invalidateCDN) 12dc9a6e bep 11127
* Fix upstream Go templates bug with reversed key/value assignment ee359df1 bep 11112
* tpl/collections: Fix append when appending a slice to a slice of slices d178fe94 bep 11093
* Fix .Width and .Height for animated gifs 21d17566 bep 11079
* Fix config merge regression with root slices (e.g. disableKinds) 60a2cdf7 bep 11089
* Fix handling of aliases (e.g. hugo serve) 0541a1b5 bep 11090
* commands,config: Fix typo in log and error messages b8526f32 alexandear
* Fix indented SASS imports for Dart Sass c782ebd8 bep 11074

Improvements

* Add empty Environ when loading test config 3ab84651 bep
* loggers: Avoid using Logf for the LevelLoggerToWriter f59c3c02 bep
* tocss/dartsas: Avoid using Logf for the internal Dart Sass logging 3ca29b15 bep
* helpers: Remove superflous formatting flag in deprecation warnings fdb0b7fb bep
* common/loggers: Re-add trailing newline in logger.Printf 1b85303a bep 11130
* Replace the old log setup, with structured logging etc. 7c9fada7 bep 11124
* common/collections: Always make a copy of the input slice in Append f73c5675 bep 10458
* Re-add site.RSSLink (and deprecate it) 90b2674d bep 11110
* tpl/math: Allow variadic math functions to take slice args, add math.Product, math.Sum 2ba2271e bep 11030
* commands: Remove flags log, verboseLog, add flag logLevel, deprecate flags verbose and debug ef147f4e bep 9648 11071
* cache: Set default cache path based on $USER 258884f4 Sircular 7391
* resources: Remove failing and superflous test assertion 69f0e88a bep
* helpers: Avoid url.Parse in RelURL and AbsURL if we can ed7e2500 bep
* Adjust benchmarks 6a09e7f2 bep
* Adjust benchmark 29e5cbb6 bep
* Add BenchmarkAbsURL ded68660 bep
* helpers: Improve schema detection when creating relative URLs e1d43021 jmooring 11080
* helpers: Add a basic benchmark for RelURL 5db215d4 bep
* config: Remove unexpected _merge keys introduced in author and social maps b7dc93ca bep 11083
* Upgrade to v2 of the Dart Sass Embedded Protocol f210188d bep 11059

Dependency Updates

* Revert "build(deps): bump gocloud.dev from 0.24.0 to 0.29.0" 59300faa bep
* Revert "deps: Update github.com/tdewolff/minify/v2 v2.12.5 => v2.12.6" 49dd53a4 bep 11132
* build(deps): bump github.com/evanw/esbuild from 0.18.3 to 0.18.4 8a04d47a dependabot[bot]
* build(deps): bump github.com/evanw/esbuild from 0.18.2 to 0.18.3 aaf2e969 dependabot[bot]
* build(deps): bump golang.org/x/sync from 0.2.0 to 0.3.0 0f989d5e dependabot[bot]
* build(deps): bump google.golang.org/api from 0.123.0 to 0.127.0 732dcb84 dependabot[bot]
* build(deps): bump golang.org/x/tools from 0.9.1 to 0.9.3 944859f1 dependabot[bot]
* build(deps): bump github.com/kyokomi/emoji/v2 from 2.2.11 to 2.2.12 bb9377b5 dependabot[bot]
* build(deps): bump github.com/getkin/kin-openapi from 0.117.0 to 0.118.0 e88f1b80 dependabot[bot]
* build(deps): bump golang.org/x/net from 0.10.0 to 0.11.0 516f0cb6 dependabot[bot]
* build(deps): bump gocloud.dev from 0.24.0 to 0.29.0 7bed16c3 dependabot[bot]
* build(deps): bump golang.org/x/image from 0.7.0 to 0.8.0 e08cfc8c dependabot[bot]
* build(deps): bump github.com/magefile/mage from 1.14.0 to 1.15.0 48951956 dependabot[bot]
* build(deps): bump github.com/pelletier/go-toml/v2 from 2.0.6 to 2.0.8 91c0b0f7 dependabot[bot]
* build(deps): bump github.com/evanw/esbuild from 0.17.19 to 0.18.2 baef235d dependabot[bot]
* build(deps): bump go.uber.org/atomic from 1.10.0 to 1.11.0 254c2b32 dependabot[bot]
* build(deps): bump github.com/hairyhenderson/go-codeowners 84f71ba8 dependabot[bot]
* build(deps): bump github.com/frankban/quicktest from 1.14.4 to 1.14.5 82adc972 dependabot[bot]
* build(deps): bump github.com/mattn/go-isatty from 0.0.17 to 0.0.19 60533fdc dependabot[bot]
* build(deps): bump github.com/spf13/afero from 1.9.3 to 1.9.5 261143bb dependabot[bot]

Documentation

* docs: Regen docshelper 9f98b3e7 bep
* docs: Regen CLI docs 7241b5fd bep

Build Setup

* Revert "snap: Transition base snap from core20 to core22 (11101)" (11125) 0e794465 jmooring 11116
* snap: Transition base snap from core20 to core22 (11101) 35e9b3ed jmooring

0.113.0

This release adds TLS/HTTPS support to `hugo server` (see cf38c73f and 11064 for details) entirely backed by [mkcert](https://github.com/FiloSottile/mkcert). We still default to `http` which is recommended and good enough for 99% of the Hugo use, but there are [some situations](https://web.dev/when-to-use-local-https/) where you really need it.

We have added a new sub command and some new flags to `hugo server` to enable this:


Installs a local CA in the system root store. You only need to do this once.
hugo server trust

Generates locally-trusted certificates (if not already created) and starts the server with TLS/HTTPS enabled.
hugo server --tlsAuto


Note that we just delegate to [mkcert](https://github.com/FiloSottile/mkcert) using its default settings, so all of their documentation is relevant.

Also note that this is currently only supported for Linux, MacOS and Windows. And if you install on Linux using Snap, you will currently get an access denied error when running `hugo server trust`. A workaround for that, or if you need to use some of mkcert's advanced options, is to use mkcert directly to install the local CA:


go install filippo.io/mkcertlatest
mkcert -install


You can then start the server with `hugo server --tlsAuto`.

If you have obtained the TLS certificate and key file by other means, you can use the `--tlsCertFile` and `--tlsKeyFile` flags. When `--tlsAuto` or `--tlsCertFile` and `--tlsKeyFile` is set and no `--baseURL` is provided as a flag, the server is started with TLS and `https` as the protocol.

0.112.7

What's Changed

* Fix menuItem.URL when pageRef is not set 5e5ce00d bep 11062
* Don't inject livereload script on hugo -w a191b38a bep 11061
* markup: Fix typo in function and struct names 382c726e alexandear
* all: Replace deprecated ioutil with io and os 4c46f940 alexandear

Page 13 of 52

Links

Releases

Has known vulnerabilities

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.