Hugo

This is a release created for technical reasons, see https://github.com/gohugoio/hugo/issues/13147

It's the same as https://github.com/gohugoio/hugo/releases/tag/v0.139.4 -- go there for release archives.

This release contains a security fix. See this [Security Advisory](https://github.com/gohugoio/hugo/security/advisories/GHSA-c2xf-9v2r-r2rx) for details. Note that this is only relevant if you don't trust your content (e.g. Markdown) files.

What's Changed

* tpl/tplimpl: Escape Markdown attributes in render hooks and shortcodes 54398f8d5 jmooring
* deps: Upgrade github.com/bep/godartsass/v2 v2.3.1 => v2.3.2 b8c15f245 bep
* common/maps: Simplify TestScratchSetInMap/DeleteInMap d0dc51884 alexandear
* markup/tableofcontents: Cast Fragments.ToHTML args to int b52985900 jmooring 13107

What's Changed

* Fix server edits of resources included in shortcode/hooks c1dc35dd7 bep 13093
* commands: Fix flaw in the livereload logic dea158c88 bep
* build(deps): bump github.com/bep/godartsass/v2 from 2.3.0 to 2.3.1 7e130e34f dependabot[bot]
* build(deps): bump github.com/tetratelabs/wazero from 1.8.1 to 1.8.2 88b7868fb dependabot[bot]
* Fix some typos fc3d1cbad thirdkeyword

**Note** that this is the second patch release today. See [v0.139.1](https://github.com/gohugoio/hugo/releases/tag/v0.139.1). We had to do this release to get the Hugo Docs build running.

What's Changed

* modules: Skip empty lines in modules.txt 0ab81896d bep 13084

What's Changed

* Revert "build(deps): bump github.com/tdewolff/minify/v2 from 2.20.37 to 2.21.1" aa3dd197f bep 13082
* minifiers: Add failing test for upstream bug 5a50eee9d bep 13082
* dartsass: Fix nilpointer on Close when Dart Sass isn't installed 8d017a60f bep 13076

This release is mostly about removing code that has been deprecated for a long time. This has been shown as an `ERROR` in the build log and failed the build for at least the last 6 minor Hugo versions, in most cases much longer.

But this is also a full dependency refresh, and there are also some new stuff. For one, we added a `-O` flag to `hugo server` to open up the site in your browser after start. This is now my (bep) shortcut to start the server:

zsh
function h() {
hugo server -F -O -N -D
}


Note

* dartsass: Remove support for v1 of the protocol/binary (note) 1fd845eee bep
* Remove deprecations <= v0.122.0 (note) ad43d137d bep

Bug fixes

* dartsass: Fix error message 8d92042ab bep 13065
* Fix extra newline/paragraphs issue with .RenderShortcodes d4de780ed bep 13051
* markup/goldmark: Fix typo in error message e79ee0d51 deining

Improvements

* Make sure term is always set e917401c7 bep 13063
* dartsass: Add silenceDeprecations option 3b6eaf9b1 bep 13045
* Run go mod tidy 5e3133a7d bep
* commands: Add -O flag to server to open browser ac6962d28 bep 13040
* Preserve input type. 23d21b0d1 KN4CK3R
* server: Strip ANSI escape codes from browser error log ce9cf882a bep 13037
* parser/metadecoders: Add benchmark 8aba6dc66 bep
* Add site.Store and hugo.Store and Shortcode.Store a7df536a5 bep 13021
* markup/goldmark: Improve the raw HTML omitted warning 2b97a2a8b jmooring 13023

Dependency Updates

* build(deps): bump github.com/aws/aws-sdk-go-v2/service/cloudfront eb298144b dependabot[bot]
* build(deps): bump google.golang.org/api from 0.191.0 to 0.206.0 61e2ce2a4 dependabot[bot]
* build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.30.3 to 1.32.4 2d503f82a dependabot[bot]
* build(deps): bump github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0 3a6b2e6b1 dependabot[bot]
* deps: Upgrade github.com/bep/imagemeta v0.8.1 => v0.8.3 6bde8abaa bep
* build(deps): bump golang.org/x/tools from 0.26.0 to 0.27.0 2c54c3298 dependabot[bot]
* build(deps): bump github.com/tdewolff/minify/v2 from 2.20.37 to 2.21.1 7a2f04ee8 dependabot[bot]
* build(deps): bump github.com/fatih/color from 1.17.0 to 1.18.0 7921777da dependabot[bot]
* build(deps): bump golang.org/x/image from 0.21.0 to 0.22.0 33e964d40 dependabot[bot]
* deps: Upgrade github.com/yuin/goldmark v1.7.4 => v1.7.8 588c9019c bep 12958
* build(deps): bump golang.org/x/sync from 0.8.0 to 0.9.0 46e17053c dependabot[bot]
* build(deps): bump github.com/hairyhenderson/go-codeowners cb6580d00 dependabot[bot]

Documentation

* docs: Regen CLI docs 66dd6ecab bep
* docs: Regenerate CLI docs 58a3c91a7 bep

Build Setup

* release: Add missing withdeploy archive for arm64 Linux f7fc6ccd5 bep 13029