{"id":9724,"name":"github.com/gohugoio/hugo","ecosystem":"go","repository_url":"https://github.com/gohugoio/hugo","issues_count":250,"created_at":"2025-06-06T22:38:27.662Z","updated_at":"2025-06-06T22:38:27.662Z","purl":"pkg:golang/github.com/gohugoio/hugo","metadata":{"id":3498593,"name":"github.com/gohugoio/hugo","ecosystem":"go","description":"","homepage":"https://github.com/gohugoio/hugo","licenses":"Apache-2.0","normalized_licenses":["Apache-2.0"],"repository_url":"https://github.com/gohugoio/hugo","keywords_array":[],"namespace":"github.com/gohugoio","versions_count":285,"first_release_published_at":"2016-12-29T17:12:41.000Z","latest_release_published_at":"2025-05-31T12:41:12.000Z","latest_release_number":"v0.147.7","last_synced_at":"2025-06-07T01:00:56.287Z","created_at":"2022-04-10T19:52:53.921Z","updated_at":"2025-06-07T01:00:56.287Z","registry_url":"https://pkg.go.dev/github.com/gohugoio/hugo","install_command":"go get github.com/gohugoio/hugo","documentation_url":"https://pkg.go.dev/github.com/gohugoio/hugo#section-documentation","metadata":{},"repo_metadata":{"uuid":"11180687","full_name":"gohugoio/hugo","owner":"gohugoio","description":"The world’s fastest framework for building websites.","archived":false,"fork":false,"pushed_at":"2023-03-20T20:18:06.000Z","size":114509,"stargazers_count":66026,"open_issues_count":722,"forks_count":7092,"subscribers_count":1069,"default_branch":"master","last_synced_at":"2023-03-21T11:53:47.774Z","etag":null,"topics":["blog-engine","cms","content-management-system","documentation-tool","go","hugo","static-site-generator"],"latest_commit_sha":null,"homepage":"https://gohugo.io","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"logo_url":null,"metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null}},"created_at":"2013-07-04T15:26:26.000Z","updated_at":"2023-03-21T10:29:27.000Z","dependencies_parsed_at":"2023-01-13T15:30:18.941Z","dependency_job_id":null,"html_url":"https://github.com/gohugoio/hugo","commit_stats":null,"repository_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gohugoio%2Fhugo","tags_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gohugoio%2Fhugo/tags","manifests_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gohugoio%2Fhugo/manifests","owner_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gohugoio","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":108921946,"host_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names"},"owner_record":{"login":"gohugoio","name":"GoHugo.io","uuid":"29385237","kind":"organization","description":"A Fast and Flexible Static Site Generator built with love in GoLang","email":null,"website":"gohugo.io","location":null,"twitter":null,"company":null,"avatar_url":"https://avatars.githubusercontent.com/u/29385237?v=4","repositories_count":29,"last_synced_at":"2023-02-19T18:02:26.532Z","metadata":{"has_sponsors_listing":false},"owner_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gohugoio"},"tags":[{"name":"v0.59.1","sha":"d5dab232c25d5b29060dbba55e843ace84eecd59","kind":"tag","published_at":"2019-10-31T15:20:53.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.59.1","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.59.1"},{"name":"v0.59.0","sha":"1dd0c69c7b18c3e504411a2fb4f1055be2532aeb","kind":"tag","published_at":"2019-10-21T09:38:50.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.59.0","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.59.0"},{"name":"v0.58.3","sha":"4aac02d49c2e2bab9f36f0caabbbd9f3cb4715cd","kind":"tag","published_at":"2019-09-19T15:28:26.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.58.3","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.58.3"},{"name":"v0.58.2","sha":"253e5fdc699fe915305c3f685843dcd45f05b3c9","kind":"tag","published_at":"2019-09-13T08:04:20.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.58.2","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.58.2"},{"name":"v0.58.1","sha":"24277b9202ff9bad575f9183213fcda97e45637a","kind":"tag","published_at":"2019-09-06T09:18:56.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.58.1","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.58.1"},{"name":"v0.58.0","sha":"64d8bf1ee9befc665222c05f62cfa310592e0705","kind":"tag","published_at":"2019-09-04T15:41:58.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.58.0","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.58.0"},{"name":"v0.57.2","sha":"a849cb2d9b5fc1c1415a96566163b1724e2ac5c1","kind":"tag","published_at":"2019-08-17T17:51:54.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.57.2","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.57.2"},{"name":"v0.57.1","sha":"58c56e9ded2e4b7f0c9ae7e02f89f3a1dcb0d3a7","kind":"tag","published_at":"2019-08-15T18:52:49.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.57.1","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.57.1"},{"name":"v0.57.0","sha":"9b00e64765884bf91f250e20e55e179961c970f2","kind":"tag","published_at":"2019-08-14T08:05:33.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.57.0","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.57.0"},{"name":"v0.56.3","sha":"f637a1eacec796bf15803c4e34ee978047bb610a","kind":"tag","published_at":"2019-07-31T12:48:33.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.56.3","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.56.3"},{"name":"v0.56.2","sha":"5f033a7fcc632a5d0a8a75d2094564f7612711ad","kind":"tag","published_at":"2019-07-30T09:05:09.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.56.2","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.56.2"},{"name":"v0.56.1","sha":"0ad218afc56eca22bdc171b13697e62c38b40854","kind":"tag","published_at":"2019-07-28T14:51:43.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.56.1","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.56.1"},{"name":"v0.56.0","sha":"45f4eb9846d05fd25d482605c508c0a8d1e04c8e","kind":"tag","published_at":"2019-07-25T16:37:58.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.56.0","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.56.0"},{"name":"v0.55.6","sha":"a5d4c82d2f4932d4734427b83b9886253acc2d94","kind":"tag","published_at":"2019-05-18T07:55:28.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.55.6","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.55.6"},{"name":"v0.55.5","sha":"a83256b9cd5c50dde1a086a48f365a1fcbc78a24","kind":"tag","published_at":"2019-05-02T13:03:34.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.55.5","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.55.5"},{"name":"v0.55.4","sha":"579004178b575b4253112fcb23eef002345028c2","kind":"tag","published_at":"2019-04-25T07:38:48.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.55.4","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.55.4"},{"name":"v0.55.3","sha":"993b84333cd75faa224d02618f312a0e96b53372","kind":"tag","published_at":"2019-04-20T14:23:12.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.55.3","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.55.3"},{"name":"v0.55.2","sha":"9d020348810e440ee82926789f8b95cd6e7458cd","kind":"tag","published_at":"2019-04-17T12:20:37.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.55.2","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.55.2"},{"name":"v0.55.1","sha":"223b3c2eecddadea38134e9dc9e225b88a7d7a6b","kind":"tag","published_at":"2019-04-12T09:56:13.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.55.1","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.55.1"},{"name":"v0.55.0","sha":"4333cc77feefcba447425857ff3f371acb286c4a","kind":"tag","published_at":"2019-04-08T16:39:45.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.55.0","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.55.0"},{"name":"v0.54.0","sha":"b1a82c61aba067952fdae2f73b826fe7d0f3fc2f","kind":"tag","published_at":"2019-02-01T09:40:32.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.54.0","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.54.0"},{"name":"v0.53","sha":"8fc339dc2529ff77e494a1c12cd1ff9fbcb880a4","kind":"tag","published_at":"2018-12-24T08:24:42.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.53","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.53"},{"name":"v0.52","sha":"9433cf5a92176b4a8005ddb5f4d524c0dc8c5c43","kind":"tag","published_at":"2018-11-28T14:06:31.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.52","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.52"},{"name":"v0.51","sha":"f3d519079371723dbd812dba3fef3695e0b41946","kind":"tag","published_at":"2018-11-07T10:09:43.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.51","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.51"},{"name":"v0.50","sha":"f5be59920461366d4481cf7536b2d2bd42a2c75e","kind":"tag","published_at":"2018-10-29T09:51:50.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.50","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.50"},{"name":"v0.49.2","sha":"42cde666638dcdddc9125ac3acf9a6817aa3ba5f","kind":"tag","published_at":"2018-10-11T09:47:57.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.49.2","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.49.2"},{"name":"v0.49.1","sha":"821adf3ae877fdddce67afcccd751d47f4589538","kind":"tag","published_at":"2018-10-10T10:36:37.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.49.1","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.49.1"},{"name":"v0.49","sha":"398996e8b05e517ea3ffa1097c24799b945123d3","kind":"tag","published_at":"2018-09-24T10:01:04.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.49","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.49"},{"name":"v0.48","sha":"456f5476cf9bf96c558448372058130fee1f9330","kind":"tag","published_at":"2018-08-29T06:33:03.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.48","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.48"},{"name":"v0.47.1","sha":"7ef5096257e5208ebc99aa94ff0654c86b1487b3","kind":"tag","published_at":"2018-08-20T08:16:49.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.47.1","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.47.1"},{"name":"v0.47","sha":"caf608d566fab4a7714b2934cc7b44bb22625e01","kind":"tag","published_at":"2018-08-17T09:15:18.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.47","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.47"},{"name":"v0.46","sha":"f14d773841c32ad48f2d2fa22e1e378d477e5c9e","kind":"tag","published_at":"2018-08-01T09:00:52.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.46","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.46"},{"name":"v0.45.1","sha":"3b18042ee679ee71c30f581754700c4959b4963b","kind":"tag","published_at":"2018-07-25T08:56:21.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.45.1","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.45.1"},{"name":"v0.45","sha":"48d7a641d029f85a3d65140b72dd9c7c7bf452b5","kind":"tag","published_at":"2018-07-22T12:09:26.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.45","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.45"},{"name":"v0.44","sha":"9f9695cf7b061afc0238e4a1948bd21dc0ef3eba","kind":"tag","published_at":"2018-07-13T06:03:09.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.44","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.44"},{"name":"v0.43","sha":"cbb7214b6c54c24193dee8a284cfcab6b4951b46","kind":"tag","published_at":"2018-07-09T10:00:04.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.43","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.43"},{"name":"v0.42.2","sha":"02aa3200307a35c086707533c08ad6bf95a0f9d5","kind":"tag","published_at":"2018-06-28T12:36:15.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.42.2","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.42.2"},{"name":"v0.42.1","sha":"4172a835e544b867f292579019d0597439e596ba","kind":"tag","published_at":"2018-06-13T10:16:33.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.42.1","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.42.1"},{"name":"v0.42","sha":"ffb609f4abe1ce41b3c96792c7e37543f5c260a7","kind":"tag","published_at":"2018-06-12T06:37:19.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.42","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.42"},{"name":"v0.41","sha":"171caf28a903cdbb5c5bfd7f89f742f1a5a40fb6","kind":"tag","published_at":"2018-05-25T16:57:18.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.41","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.41"},{"name":"v0.40.3","sha":"ecae2106b901dc1652eb5e649adecc0c83c8d2b9","kind":"tag","published_at":"2018-05-09T07:46:30.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.40.3","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.40.3"},{"name":"v0.40.2","sha":"5a9d1324d88a0ed03f6a58f8aa447761b3fd20f0","kind":"tag","published_at":"2018-04-30T06:47:41.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.40.2","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.40.2"},{"name":"v0.40.1","sha":"459935b291195862f4d1867b6d4407a327cbddbe","kind":"tag","published_at":"2018-04-25T13:20:44.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.40.1","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.40.1"},{"name":"v0.40","sha":"c7e59367d8dfd32d39e6161d59fdcc8ef16caf8b","kind":"tag","published_at":"2018-04-23T07:40:57.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.40","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.40"},{"name":"v0.39","sha":"933a16b1093fb533b5f0f7df4b8a3a94239c036a","kind":"tag","published_at":"2018-04-16T07:31:26.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.39","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.39"},{"name":"v0.38.2","sha":"712c0fdfe6e76920a96ec493e5ce6f78bcaa4b20","kind":"tag","published_at":"2018-04-09T08:17:15.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.38.2","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.38.2"},{"name":"v0.38.1","sha":"c475eab474a6ec6c12949694590913c1a0cf81f6","kind":"tag","published_at":"2018-04-05T16:35:25.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.38.1","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.38.1"},{"name":"v0.38","sha":"f7bc28c5291bda85e8d63433121dc903a6f7bf80","kind":"tag","published_at":"2018-04-02T11:03:32.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.38","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.38"},{"name":"v0.37.1","sha":"f414966b942b5aad75565bee6c644782a07f0658","kind":"tag","published_at":"2018-03-07T17:56:23.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.37.1","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.37.1"},{"name":"v0.37","sha":"956a2dce8d9fd51f6c4f827bd2ae859a6f22ac6f","kind":"tag","published_at":"2018-02-27T09:15:23.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.37","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.37"},{"name":"v0.36.1","sha":"25e88ccabe9b04c42ffb43528c86743f623fac46","kind":"tag","published_at":"2018-02-15T09:07:43.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.36.1","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.36.1"},{"name":"v0.36","sha":"18e3657a2a405b1bbfda2b49444546c0f1184853","kind":"tag","published_at":"2018-02-05T15:22:26.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.36","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.36"},{"name":"v0.35","sha":"0283db6c603d5e3b7501a8cb024ee509e8a71d61","kind":"tag","published_at":"2018-01-31T10:44:41.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.35","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.35"},{"name":"v0.34","sha":"ffd7dc396e5b04178b7c55e94ebc0da64efb05f2","kind":"tag","published_at":"2018-01-22T12:06:38.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.34","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.34"},{"name":"v0.33","sha":"c7b9347be0e53f537146d67b7af57a60cc5f6222","kind":"tag","published_at":"2018-01-18T10:13:30.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.33","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.33"},{"name":"v0.32.4","sha":"218773a82b41d4e60a5e1930e98286f93fd77468","kind":"tag","published_at":"2018-01-11T08:58:01.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.32.4","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.32.4"},{"name":"v0.32.3","sha":"0aaa38544ddb1766077f199f4234bd1b1bd2eb85","kind":"tag","published_at":"2018-01-08T11:10:08.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.32.3","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.32.3"},{"name":"v0.32.2","sha":"2cd962233fe3f1c83f0ab604467bd233e804e9db","kind":"tag","published_at":"2018-01-03T09:54:04.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.32.2","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.32.2"},{"name":"v0.32.1","sha":"fd301c3c0581ec24439155688103021a455f87c5","kind":"tag","published_at":"2018-01-02T09:07:55.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.32.1","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.32.1"},{"name":"v0.32","sha":"cb359a75c14ccfe11cf6a7333d3587cfe2a1e454","kind":"tag","published_at":"2017-12-31T09:24:45.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.32","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.32"},{"name":"v0.31.1","sha":"c1c04d74a0b2b061857350e35720c9dde99f4fac","kind":"tag","published_at":"2017-11-27T11:26:08.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.31.1","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.31.1"},{"name":"v0.31","sha":"288723a049586d9dd4cfd15ffa4e32ea31827eea","kind":"tag","published_at":"2017-11-20T10:28:21.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.31","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.31"},{"name":"v0.30.2","sha":"142ebba2c5d113d8f7ac3a5ae739d60779554a4a","kind":"tag","published_at":"2017-10-19T11:34:09.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.30.2","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.30.2"},{"name":"v0.30.1","sha":"4e07b4144f4afa3e23564fc8025c4e4fa58f5092","kind":"tag","published_at":"2017-10-19T05:41:50.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.30.1","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.30.1"},{"name":"v0.30","sha":"41180c51e128eaf85773c6a1b47236aef94f947f","kind":"tag","published_at":"2017-10-16T08:39:00.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.30","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.30"},{"name":"v0.29","sha":"524c67107aa058b314a4437858a1d41bfd6b0dc2","kind":"tag","published_at":"2017-09-26T19:23:15.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.29","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.29"},{"name":"v0.28","sha":"2a7f6dda120419fc2ea87df1eb0c3acf3b9adddd","kind":"tag","published_at":"2017-09-25T07:59:12.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.28","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.28"},{"name":"v0.27.1","sha":"5a4002bc8916600c0d28b59c83ae11e85ebcbf6e","kind":"tag","published_at":"2017-09-13T11:03:59.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.27.1","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.27.1"},{"name":"v0.27","sha":"01fdf6d26cb952487420cc276ed617a3a1ee1e1f","kind":"tag","published_at":"2017-09-11T05:32:02.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.27","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.27"},{"name":"v0.26","sha":"f090c2711cc6ddf8fedfb6c70424972682cfe534","kind":"tag","published_at":"2017-08-07T07:09:19.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.26","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.26"},{"name":"v0.25.1","sha":"bbd33dbf5d9575ab95c8e00aa97b71a600e429b6","kind":"tag","published_at":"2017-07-10T06:57:34.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.25.1","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.25.1"},{"name":"v0.25","sha":"6fb556367b91467fcc64cf0af5340b6f4053166a","kind":"tag","published_at":"2017-07-07T07:29:08.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.25","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.25"},{"name":"v0.24.1","sha":"d95c4eca3d9351edfe5075bc82a9b0ef1fed1cea","kind":"tag","published_at":"2017-06-24T08:26:30.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.24.1","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.24.1"},{"name":"v0.24","sha":"1ac4dbb900b2b8687f65c4ed13792fa114c2c3c7","kind":"tag","published_at":"2017-06-21T11:53:23.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.24","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.24"},{"name":"v0.23","sha":"12b844daf0e6e783f4d193e4d40d62451eca9386","kind":"tag","published_at":"2017-06-16T07:47:25.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.23","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.23"},{"name":"v0.22.1","sha":"714594a8b7745f347b4684ee1911b8b541a1ce4d","kind":"tag","published_at":"2017-06-13T12:17:45.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.22.1","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.22.1"},{"name":"v0.22","sha":"e797a94d975d23a04dd0089f7db2c93ba93c43fb","kind":"tag","published_at":"2017-06-12T07:02:57.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.22","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.22"},{"name":"v0.21","sha":"f63ee6567dea6efa40197dbf8cb0a65b060e5fe3","kind":"tag","published_at":"2017-05-22T13:11:22.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.21","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.21"},{"name":"v0.20.7","sha":"5e632833a6e490ddc220e0fa62263cce16296688","kind":"tag","published_at":"2017-05-03T07:38:34.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.20.7","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.20.7"},{"name":"v0.20.6","sha":"4bfb0134683bdf9a9780b5cdae7ca2a9026e01ad","kind":"tag","published_at":"2017-04-27T08:18:17.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.20.6","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.20.6"},{"name":"v0.20.5","sha":"914729199b3bd36bd242b7ed9ab9733f5efe2d80","kind":"tag","published_at":"2017-04-25T07:18:05.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.20.5","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.20.5"},{"name":"v0.20.4","sha":"b096a10fe973767c10a2715f1b9990242e5d8a00","kind":"commit","published_at":"2017-04-24T19:07:19.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.20.4","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.20.4"},{"name":"v0.20.3","sha":"37d40018810a91aeb8f2eff5f055ddc06b06f8f2","kind":"tag","published_at":"2017-04-24T11:07:47.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.20.3","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.20.3"},{"name":"v0.20.2","sha":"1726e902018f2637994704acbfa299f3f66d0354","kind":"commit","published_at":"2017-04-16T09:09:50.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.20.2","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.20.2"},{"name":"v0.20.1","sha":"8ac1fcd0ceb5d2e55e16a9caa7f6f0d646a07668","kind":"commit","published_at":"2017-04-13T14:00:30.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.20.1","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.20.1"},{"name":"v0.20","sha":"dac0d4a69d40e46f62b6915b5a6fc57cd7120298","kind":"commit","published_at":"2017-04-10T07:10:53.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.20","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.20"},{"name":"v0.19","sha":"0a99168220f0b451dd74015cb94145a9c1904310","kind":"commit","published_at":"2017-02-27T10:21:29.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.19","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.19"},{"name":"v0.18.1","sha":"dab1303c1847603f0c36719d1b865cff1001c6ac","kind":"commit","published_at":"2016-12-29T17:12:41.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.18.1","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.18.1"},{"name":"v0.18","sha":"09cc7915ed8c485870abe06ac6cfc35cb6082d6e","kind":"commit","published_at":"2016-12-19T14:38:10.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.18","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.18"},{"name":"v0.17","sha":"e1e677f6da394cc52454f5c79325677c2e11d55a","kind":"commit","published_at":"2016-10-07T14:42:05.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.17","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.17"},{"name":"v0.16","sha":"7212e51347ce5dafcca16b86f6e3e212898d1728","kind":"commit","published_at":"2016-06-06T12:37:59.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.16","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.16"},{"name":"v0.15","sha":"6faf1d01e0535695feef3be3fa8f1159f5ec7b06","kind":"commit","published_at":"2015-11-25T14:33:53.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.15","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.15"},{"name":"v0.14","sha":"6af9d6789edef483cd297978e010b40117ff1443","kind":"tag","published_at":"2015-05-25T16:02:58.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.14","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.14"},{"name":"v0.13","sha":"e43eabaceeb6bf2c329b73cb40ccee8ebed61b0a","kind":"commit","published_at":"2015-02-22T03:31:01.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.13","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.13"},{"name":"v0.12","sha":"1363128962c9354404b78cb21d42faa6133658ad","kind":"commit","published_at":"2014-09-01T14:05:05.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.12","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.12"},{"name":"v0.11","sha":"05875153bcc56e9ee25532e9afd5a575a3e95938","kind":"tag","published_at":"2014-05-29T22:46:27.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.11","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.11"},{"name":"v0.10","sha":"0447c7598b406b706999cc06fb347eb4a4e2ff5b","kind":"commit","published_at":"2014-03-01T17:16:36.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.10","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.10"},{"name":"v0.9","sha":"4f335f0c7f83daa32906e8e40c7ac225efa113de","kind":"commit","published_at":"2013-11-16T04:47:53.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.9","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.9"},{"name":"v0.8","sha":"57b206ca115bf15f0525b1d7279016cdf947f016","kind":"commit","published_at":"2013-08-03T14:29:16.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.8","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.8"},{"name":"v0.7","sha":"3ec920ac0f4348d8039e51aed9c9a8ab813a5511","kind":"commit","published_at":"2013-07-04T17:03:16.000Z","download_url":"https://codeload.github.com/gohugoio/hugo/tar.gz/v0.7","html_url":"https://github.com/gohugoio/hugo/releases/tag/v0.7"}]},"repo_metadata_updated_at":"2023-03-21T18:39:05.053Z","dependent_packages_count":232,"downloads":null,"downloads_period":null,"dependent_repos_count":210,"rankings":{"downloads":null,"dependent_repos_count":0.4394600406545421,"dependent_packages_count":0.31987025655449763,"stargazers_count":0.009275938216267004,"forks_count":0.03331358456164708,"docker_downloads_count":0.3512887569644343,"average":0.2306417153902776},"purl":"pkg:golang/github.com/gohugoio/hugo","advisories":[{"uuid":"GSA_kwCzR0hTQS1wcGY4LWhocHAtZjVoas4AA7QS","url":"https://github.com/advisories/GHSA-ppf8-hhpp-f5hj","title":"Hugo Markdown titles do not escaped in internal render hooks","description":"### Impact\n\nTitle argument in Markdown for links and images not escaped in internal render hooks. Impacted are Hugo users who have these hooks enabled and do not trust their Markdown content files.\n\n### Patches\n\nPatched in v0.125.3.\n\n### Workarounds\n\nReplace with user defined templates or disable the internal templates: https://gohugo.io/getting-started/configuration-markup/#renderhooksimageenabledefault\n\n### References\n\nhttps://github.com/gohugoio/hugo/releases/tag/v0.125.3","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2024-04-23T21:16:15.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/gohugoio/hugo/security/advisories/GHSA-ppf8-hhpp-f5hj","https://github.com/gohugoio/hugo/commit/15a4b9b33715887001f6eff30721d41c0d4cfdd1","https://github.com/gohugoio/hugo/releases/tag/v0.125.3","https://nvd.nist.gov/vuln/detail/CVE-2024-32875","https://gohugo.io/getting-started/configuration-markup/#renderhooksimageenabledefault","https://pkg.go.dev/vuln/GO-2024-2747","https://github.com/advisories/GHSA-ppf8-hhpp-f5hj"],"source_kind":"github","identifiers":["GHSA-ppf8-hhpp-f5hj","CVE-2024-32875"],"repository_url":"https://github.com/gohugoio/hugo","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"0.125.3","vulnerable_version_range":"\u003e= 0.123.0, \u003c 0.125.3"}],"ecosystem":"go","package_name":"github.com/gohugoio/hugo"}],"created_at":"2024-04-23T22:04:59.679Z","updated_at":"2024-07-19T15:24:59.000Z","epss_percentage":0.00115,"epss_percentile":0.27315},{"uuid":"GSA_kwCzR0hTQS1jMnhmLTl2MnItcjJyeM4ABCNH","url":"https://github.com/advisories/GHSA-c2xf-9v2r-r2rx","title":"Hugo does not escape some attributes in internal templates","description":"## Impact\n\nSome HTML attributes in Markdown in the internal templates listed below not escaped. Impacted are Hugo users who do not trust their Markdown content files and are using one or more of these templates.\n\n* `_default/_markup/render-link.html` from `v0.123.0`\n* `_default/_markup/render-image.html` from `v0.123.0`\n* `_default/_markup/render-table.html` from `v0.134.0`\n* `shortcodes/youtube.html` from `v0.125.0`\n\n## Patches\n\nPatched in v0.139.4.\n\n## Workarounds\n\nReplace with user defined templates or disable the internal templates: https://gohugo.io/getting-started/configuration-markup/#renderhooksimageenabledefault\n\n## References\n\n* https://github.com/gohugoio/hugo/releases/tag/v0.139.4\n* https://gohugo.io/about/security/\n\n\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2024-12-09T20:44:50.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.3,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N","references":["https://github.com/gohugoio/hugo/security/advisories/GHSA-c2xf-9v2r-r2rx","https://github.com/gohugoio/hugo/commit/54398f8d572c689f9785d59e907fd910a23401b0","https://github.com/gohugoio/hugo/releases/tag/v0.139.4","https://nvd.nist.gov/vuln/detail/CVE-2024-55601","https://gohugo.io/getting-started/configuration-markup/#renderhooksimageenabledefault","https://github.com/advisories/GHSA-c2xf-9v2r-r2rx"],"source_kind":"github","identifiers":["GHSA-c2xf-9v2r-r2rx","CVE-2024-55601"],"repository_url":"https://github.com/gohugoio/hugo","blast_radius":12.30776226208977,"packages":[{"versions":[{"first_patched_version":"0.139.4","vulnerable_version_range":"\u003e= 0.123.0, \u003c 0.139.4"}],"ecosystem":"go","package_name":"github.com/gohugoio/hugo"}],"created_at":"2024-12-09T21:07:47.953Z","updated_at":"2025-04-11T01:08:27.057Z","epss_percentage":0.00103,"epss_percentile":0.25508},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqMzQtOTg3Ni1wdmZx","url":"https://github.com/advisories/GHSA-8j34-9876-pvfq","title":"Hugo can execute a binary from the current directory on Windows","description":"## Impact\n\nHugo depends on Go's `os/exec` for certain features, e.g. for rendering of Pandoc documents if these binaries are found in the system `%PATH%` on Windows. However, if a malicious file with the same name (`exe` or `bat`) is found in the current working directory at the time of running `hugo`, the malicious command will be invoked instead of the system one.\n\nWindows users who run `hugo` inside untrusted Hugo sites are affected.\n\n## Patches\nUsers should upgrade to Hugo v0.79.1.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2021-06-23T17:28:26.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/gohugoio/hugo/security/advisories/GHSA-8j34-9876-pvfq","https://nvd.nist.gov/vuln/detail/CVE-2020-26284","https://github.com/golang/go/issues/38736","https://github.com/advisories/GHSA-8j34-9876-pvfq"],"source_kind":"github","identifiers":["GHSA-8j34-9876-pvfq","CVE-2020-26284"],"repository_url":"https://github.com/gohugoio/hugo","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"0.79.1","vulnerable_version_range":"\u003c 0.79.1"}],"ecosystem":"go","package_name":"github.com/gohugoio/hugo"}],"created_at":"2022-12-21T16:13:01.273Z","updated_at":"2023-02-01T05:05:47.000Z","epss_percentage":0.0041,"epss_percentile":0.58521}],"docker_usage_url":"https://docker.ecosyste.ms/usage/go/github.com/gohugoio/hugo","docker_dependents_count":230,"docker_downloads_count":49728047,"usage_url":"https://repos.ecosyste.ms/usage/go/github.com/gohugoio/hugo","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/go/github.com/gohugoio/hugo/dependencies","status":null,"funding_links":[],"critical":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fgohugoio%2Fhugo/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fgohugoio%2Fhugo/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fgohugoio%2Fhugo/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fgohugoio%2Fhugo/related_packages","maintainers":[],"registry":{"name":"proxy.golang.org","url":"https://proxy.golang.org","ecosystem":"go","default":true,"packages_count":1886302,"maintainers_count":0,"namespaces_count":723964,"keywords_count":98339,"github":"golang","metadata":{"funded_packages_count":39348},"icon_url":"https://github.com/golang.png","created_at":"2022-04-04T15:19:22.939Z","updated_at":"2025-06-07T05:37:05.003Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/namespaces"}},"unique_repositories_count":46,"unique_repositories_count_past_30_days":3,"recent_issues":[{"uuid":"4527436291","node_id":"PR_kwDOSjnsHc7fkpOy","number":8,"state":"closed","title":"chore(deps): bump github.com/gohugoio/hugo from 0.149.1 to 0.161.0 in the go_modules group across 1 directory","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-27T03:12:42.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-26T20:55:04.000Z","updated_at":"2026-05-27T03:12:44.000Z","time_to_close":22658,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.149.1","new_version":"0.161.0","repository_url":"https://github.com/gohugoio/hugo"}],"path":"the go_modules group across 1 directory","ecosystem":"go"},"body":"Bumps the go_modules group with 1 update in the / directory: [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo).\n\nUpdates `github.com/gohugoio/hugo` from 0.149.1 to 0.161.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.161.0\u003c/h2\u003e\n\u003cp\u003eThis release contains two security hardening fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWe now run the Node tools PostCSS, Babel and TailwindCSS, by default, with the \u003ccode\u003e--permission\u003c/code\u003e flag with the permissions defined in \u003ca href=\"https://gohugo.io/configuration/security/\"\u003esecurity.node.permissions\u003c/a\u003e. This means that you need Node \u0026gt;= 22 installed and that \u003ccode\u003ecss.TailwindCSS\u003c/code\u003e now requires that the Tailwind CSS CLI must be installed as a Node.js package. The \u003ca href=\"https://github.com/tailwindlabs/tailwindcss/releases/latest\"\u003estandalone executable\u003c/a\u003e is no longer supported\u003c/li\u003e\n\u003cli\u003eWe have made the defaults in \u003ca href=\"https://gohugo.io/configuration/security/#httpurls\"\u003esecurity.http.urls\u003c/a\u003e more restrictive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBut there are some notable new features, as well:\u003c/p\u003e\n\u003ch2\u003eNested vars support in css.Build and css.Sass\u003c/h2\u003e\n\u003cp\u003eA practical example in \u003ccode\u003ecss.Build\u003c/code\u003e would be to have something like this in \u003ccode\u003ehugo.toml\u003c/code\u003e:\u003c/p\u003e\n\u003cpre lang=\"toml\"\u003e\u003ccode\u003e[params.style]\r\n    primary    = \u0026quot;[#000000](https://github.com/gohugoio/hugo/issues/000000)\u0026quot;\r\n    background = \u0026quot;#ffffff\u0026quot;\r\n    [params.style.dark]\r\n        primary    = \u0026quot;#ffffff\u0026quot;\r\n        background = \u0026quot;[#000000](https://github.com/gohugoio/hugo/issues/000000)\u0026quot;\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eAnd in the stylesheet:\u003c/p\u003e\n\u003cpre lang=\"css\"\u003e\u003ccode\u003e@import \u0026quot;hugo:vars\u0026quot;;\r\n@import \u0026quot;hugo:vars/dark\u0026quot; (prefers-color-scheme: dark);\r\n\u003cp\u003e:root {\ncolor-scheme: light dark;\n}\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003ch2\u003eSlice-based permalinks config\u003c/h2\u003e\n\u003cp\u003eThe \u003ccode\u003epermalinks\u003c/code\u003e configuration is now much more flexible (the old setup still works). It uses the same \u003ca href=\"https://gohugo.io/configuration/cascade/#target\"\u003etarget\u003c/a\u003e matchers as in the \u003ccode\u003ecascade\u003c/code\u003e config, meaning you can now do:\u003c/p\u003e\n\u003cpre lang=\"yaml\"\u003e\u003ccode\u003epermalinks:\r\n  - target:\r\n      kind: page\r\n      path: \u0026quot;/books/**\u0026quot;\r\n    pattern: /books/:year/:slug/\r\n  - target:\r\n      kind: section\r\n      path: \u0026quot;/{books,books/**}\u0026quot;\r\n    pattern: /libros/:sections[1:]\r\n  - target:\r\n      kind: page\r\n    pattern: /other/:slug/\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe above example isn't great, but it at least shows the gist of it.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/98d396c16a07b51df06e7673d817a3880da6218d\"\u003e\u003ccode\u003e98d396c\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.161.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/d4ae662d598db81d239a291bc26336be5fec6893\"\u003e\u003ccode\u003ed4ae662\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/getkin/kin-openapi from 0.135.0 to 0.137.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/9ede5fb9e0304d3eb193b3c1a9214c735f05db21\"\u003e\u003ccode\u003e9ede5fb\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/mattn/go-isatty from 0.0.21 to 0.0.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/833a878eef4fce2bbabb05dcbb8a7e31f93aadda\"\u003e\u003ccode\u003e833a878\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/tdewolff/minify/v2 from 2.24.12 to 2.24.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/7622dd86ced9ac2ef3c15b5d0740bf9634bb60ac\"\u003e\u003ccode\u003e7622dd8\u003c/code\u003e\u003c/a\u003e css: Support nested hugo:vars/\u0026lt;name\u0026gt; imports\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/0814059bb6374bbd5861ee8da96b4a67e22acfba\"\u003e\u003ccode\u003e0814059\u003c/code\u003e\u003c/a\u003e github: Update GitHub actions versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/8920d56e951e872e1eabd08fc34f9c1350fe5da3\"\u003e\u003ccode\u003e8920d56\u003c/code\u003e\u003c/a\u003e hugolib: Do not render aliases if the page is not rendered\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/633cc772e0e8a79205b1b268bd9bfc2b0f5b1473\"\u003e\u003ccode\u003e633cc77\u003c/code\u003e\u003c/a\u003e langs/i18n: Improve default content language fallback\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/90d8bf34aea897a8a329480bde54ff1c61c0c9b3\"\u003e\u003ccode\u003e90d8bf3\u003c/code\u003e\u003c/a\u003e Replace deprecated .Site.Sites/.Page.Sites with hugo.Sites intests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/4c40c6d5ca94537a63f7449f269b9ebef84e9346\"\u003e\u003ccode\u003e4c40c6d\u003c/code\u003e\u003c/a\u003e helpers: Remove unused code\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.149.1...v0.161.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo\u0026package-manager=go_modules\u0026previous-version=0.149.1\u0026new-version=0.161.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Icehunter/dune-admin/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Icehunter/dune-admin/pull/8","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Icehunter%2Fdune-admin/issues/8","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/8/packages"},{"uuid":"4405264515","node_id":"PR_kwDOSL8Yt87ZeO-z","number":2,"state":"closed","title":"Bump github.com/gohugoio/hugo from 0.160.1 to 0.161.0 in /hack/tools in the go_modules group across 1 directory","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-03T21:16:56.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-08T09:19:36.000Z","updated_at":"2026-06-03T21:16:58.000Z","time_to_close":2289440,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.160.1","new_version":"0.161.0","repository_url":"https://github.com/gohugoio/hugo"}],"path":"/hack/tools in the go_modules group across 1 directory","ecosystem":"go"},"body":"Bumps the go_modules group with 1 update in the /hack/tools directory: [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo).\n\nUpdates `github.com/gohugoio/hugo` from 0.160.1 to 0.161.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.161.0\u003c/h2\u003e\n\u003cp\u003eThis release contains two security hardening fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWe now run the Node tools PostCSS, Babel and TailwindCSS, by default, with the \u003ccode\u003e--permission\u003c/code\u003e flag with the permissions defined in \u003ca href=\"https://gohugo.io/configuration/security/\"\u003esecurity.node.permissions\u003c/a\u003e. This means that you need Node \u0026gt;= 22 installed and that \u003ccode\u003ecss.TailwindCSS\u003c/code\u003e now requires that the Tailwind CSS CLI must be installed as a Node.js package. The \u003ca href=\"https://github.com/tailwindlabs/tailwindcss/releases/latest\"\u003estandalone executable\u003c/a\u003e is no longer supported\u003c/li\u003e\n\u003cli\u003eWe have made the defaults in \u003ca href=\"https://gohugo.io/configuration/security/#httpurls\"\u003esecurity.http.urls\u003c/a\u003e more restrictive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBut there are some notable new features, as well:\u003c/p\u003e\n\u003ch2\u003eNested vars support in css.Build and css.Sass\u003c/h2\u003e\n\u003cp\u003eA practical example in \u003ccode\u003ecss.Build\u003c/code\u003e would be to have something like this in \u003ccode\u003ehugo.toml\u003c/code\u003e:\u003c/p\u003e\n\u003cpre lang=\"toml\"\u003e\u003ccode\u003e[params.style]\r\n    primary    = \u0026quot;[#000000](https://github.com/gohugoio/hugo/issues/000000)\u0026quot;\r\n    background = \u0026quot;#ffffff\u0026quot;\r\n    [params.style.dark]\r\n        primary    = \u0026quot;#ffffff\u0026quot;\r\n        background = \u0026quot;[#000000](https://github.com/gohugoio/hugo/issues/000000)\u0026quot;\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eAnd in the stylesheet:\u003c/p\u003e\n\u003cpre lang=\"css\"\u003e\u003ccode\u003e@import \u0026quot;hugo:vars\u0026quot;;\r\n@import \u0026quot;hugo:vars/dark\u0026quot; (prefers-color-scheme: dark);\r\n\u003cp\u003e:root {\ncolor-scheme: light dark;\n}\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003ch2\u003eSlice-based permalinks config\u003c/h2\u003e\n\u003cp\u003eThe \u003ccode\u003epermalinks\u003c/code\u003e configuration is now much more flexible (the old setup still works). It uses the same \u003ca href=\"https://gohugo.io/configuration/cascade/#target\"\u003etarget\u003c/a\u003e matchers as in the \u003ccode\u003ecascade\u003c/code\u003e config, meaning you can now do:\u003c/p\u003e\n\u003cpre lang=\"yaml\"\u003e\u003ccode\u003epermalinks:\r\n  - target:\r\n      kind: page\r\n      path: \u0026quot;/books/**\u0026quot;\r\n    pattern: /books/:year/:slug/\r\n  - target:\r\n      kind: section\r\n      path: \u0026quot;/{books,books/**}\u0026quot;\r\n    pattern: /libros/:sections[1:]\r\n  - target:\r\n      kind: page\r\n    pattern: /other/:slug/\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe above example isn't great, but it at least shows the gist of it.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/98d396c16a07b51df06e7673d817a3880da6218d\"\u003e\u003ccode\u003e98d396c\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.161.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/d4ae662d598db81d239a291bc26336be5fec6893\"\u003e\u003ccode\u003ed4ae662\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/getkin/kin-openapi from 0.135.0 to 0.137.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/9ede5fb9e0304d3eb193b3c1a9214c735f05db21\"\u003e\u003ccode\u003e9ede5fb\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/mattn/go-isatty from 0.0.21 to 0.0.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/833a878eef4fce2bbabb05dcbb8a7e31f93aadda\"\u003e\u003ccode\u003e833a878\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/tdewolff/minify/v2 from 2.24.12 to 2.24.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/7622dd86ced9ac2ef3c15b5d0740bf9634bb60ac\"\u003e\u003ccode\u003e7622dd8\u003c/code\u003e\u003c/a\u003e css: Support nested hugo:vars/\u0026lt;name\u0026gt; imports\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/0814059bb6374bbd5861ee8da96b4a67e22acfba\"\u003e\u003ccode\u003e0814059\u003c/code\u003e\u003c/a\u003e github: Update GitHub actions versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/8920d56e951e872e1eabd08fc34f9c1350fe5da3\"\u003e\u003ccode\u003e8920d56\u003c/code\u003e\u003c/a\u003e hugolib: Do not render aliases if the page is not rendered\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/633cc772e0e8a79205b1b268bd9bfc2b0f5b1473\"\u003e\u003ccode\u003e633cc77\u003c/code\u003e\u003c/a\u003e langs/i18n: Improve default content language fallback\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/90d8bf34aea897a8a329480bde54ff1c61c0c9b3\"\u003e\u003ccode\u003e90d8bf3\u003c/code\u003e\u003c/a\u003e Replace deprecated .Site.Sites/.Page.Sites with hugo.Sites intests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/4c40c6d5ca94537a63f7449f269b9ebef84e9346\"\u003e\u003ccode\u003e4c40c6d\u003c/code\u003e\u003c/a\u003e helpers: Remove unused code\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.160.1...v0.161.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo\u0026package-manager=go_modules\u0026previous-version=0.160.1\u0026new-version=0.161.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/umairsiddiquie/kueue/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/umairsiddiquie/kueue/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/umairsiddiquie%2Fkueue/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"},{"uuid":"4405148964","node_id":"PR_kwDOG2kQZs7Zd2jA","number":11042,"state":"open","title":"Bump github.com/gohugoio/hugo from 0.160.1 to 0.161.0 in /hack/tools","user":"dependabot[bot]","labels":["size/L","release-note-none","ok-to-test","cncf-cla: yes","area/dependency","dependencies"],"assignees":[],"locked":false,"comments_count":11,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-08T09:00:14.000Z","updated_at":"2026-05-18T18:28:24.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.160.1","new_version":"0.161.0","repository_url":"https://github.com/gohugoio/hugo"}],"path":"/hack/tools","ecosystem":"go"},"body":"Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.160.1 to 0.161.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.161.0\u003c/h2\u003e\n\u003cp\u003eThis release contains two security hardening fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWe now run the Node tools PostCSS, Babel and TailwindCSS, by default, with the \u003ccode\u003e--permission\u003c/code\u003e flag with the permissions defined in \u003ca href=\"https://gohugo.io/configuration/security/\"\u003esecurity.node.permissions\u003c/a\u003e. This means that you need Node \u0026gt;= 22 installed and that \u003ccode\u003ecss.TailwindCSS\u003c/code\u003e now requires that the Tailwind CSS CLI must be installed as a Node.js package. The \u003ca href=\"https://github.com/tailwindlabs/tailwindcss/releases/latest\"\u003estandalone executable\u003c/a\u003e is no longer supported\u003c/li\u003e\n\u003cli\u003eWe have made the defaults in \u003ca href=\"https://gohugo.io/configuration/security/#httpurls\"\u003esecurity.http.urls\u003c/a\u003e more restrictive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBut there are some notable new features, as well:\u003c/p\u003e\n\u003ch2\u003eNested vars support in css.Build and css.Sass\u003c/h2\u003e\n\u003cp\u003eA practical example in \u003ccode\u003ecss.Build\u003c/code\u003e would be to have something like this in \u003ccode\u003ehugo.toml\u003c/code\u003e:\u003c/p\u003e\n\u003cpre lang=\"toml\"\u003e\u003ccode\u003e[params.style]\r\n    primary    = \u0026quot;[#000000](https://github.com/gohugoio/hugo/issues/000000)\u0026quot;\r\n    background = \u0026quot;#ffffff\u0026quot;\r\n    [params.style.dark]\r\n        primary    = \u0026quot;#ffffff\u0026quot;\r\n        background = \u0026quot;[#000000](https://github.com/gohugoio/hugo/issues/000000)\u0026quot;\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eAnd in the stylesheet:\u003c/p\u003e\n\u003cpre lang=\"css\"\u003e\u003ccode\u003e@import \u0026quot;hugo:vars\u0026quot;;\r\n@import \u0026quot;hugo:vars/dark\u0026quot; (prefers-color-scheme: dark);\r\n\u003cp\u003e:root {\ncolor-scheme: light dark;\n}\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003ch2\u003eSlice-based permalinks config\u003c/h2\u003e\n\u003cp\u003eThe \u003ccode\u003epermalinks\u003c/code\u003e configuration is now much more flexible (the old setup still works). It uses the same \u003ca href=\"https://gohugo.io/configuration/cascade/#target\"\u003etarget\u003c/a\u003e matchers as in the \u003ccode\u003ecascade\u003c/code\u003e config, meaning you can now do:\u003c/p\u003e\n\u003cpre lang=\"yaml\"\u003e\u003ccode\u003epermalinks:\r\n  - target:\r\n      kind: page\r\n      path: \u0026quot;/books/**\u0026quot;\r\n    pattern: /books/:year/:slug/\r\n  - target:\r\n      kind: section\r\n      path: \u0026quot;/{books,books/**}\u0026quot;\r\n    pattern: /libros/:sections[1:]\r\n  - target:\r\n      kind: page\r\n    pattern: /other/:slug/\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe above example isn't great, but it at least shows the gist of it.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/98d396c16a07b51df06e7673d817a3880da6218d\"\u003e\u003ccode\u003e98d396c\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.161.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/d4ae662d598db81d239a291bc26336be5fec6893\"\u003e\u003ccode\u003ed4ae662\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/getkin/kin-openapi from 0.135.0 to 0.137.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/9ede5fb9e0304d3eb193b3c1a9214c735f05db21\"\u003e\u003ccode\u003e9ede5fb\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/mattn/go-isatty from 0.0.21 to 0.0.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/833a878eef4fce2bbabb05dcbb8a7e31f93aadda\"\u003e\u003ccode\u003e833a878\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/tdewolff/minify/v2 from 2.24.12 to 2.24.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/7622dd86ced9ac2ef3c15b5d0740bf9634bb60ac\"\u003e\u003ccode\u003e7622dd8\u003c/code\u003e\u003c/a\u003e css: Support nested hugo:vars/\u0026lt;name\u0026gt; imports\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/0814059bb6374bbd5861ee8da96b4a67e22acfba\"\u003e\u003ccode\u003e0814059\u003c/code\u003e\u003c/a\u003e github: Update GitHub actions versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/8920d56e951e872e1eabd08fc34f9c1350fe5da3\"\u003e\u003ccode\u003e8920d56\u003c/code\u003e\u003c/a\u003e hugolib: Do not render aliases if the page is not rendered\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/633cc772e0e8a79205b1b268bd9bfc2b0f5b1473\"\u003e\u003ccode\u003e633cc77\u003c/code\u003e\u003c/a\u003e langs/i18n: Improve default content language fallback\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/90d8bf34aea897a8a329480bde54ff1c61c0c9b3\"\u003e\u003ccode\u003e90d8bf3\u003c/code\u003e\u003c/a\u003e Replace deprecated .Site.Sites/.Page.Sites with hugo.Sites intests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/4c40c6d5ca94537a63f7449f269b9ebef84e9346\"\u003e\u003ccode\u003e4c40c6d\u003c/code\u003e\u003c/a\u003e helpers: Remove unused code\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.160.1...v0.161.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/kubernetes-sigs/kueue/pull/11042","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubernetes-sigs%2Fkueue/issues/11042","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/11042/packages"},{"uuid":"4238144961","node_id":"PR_kwDOG2kQZs7RZ0On","number":10374,"state":"open","title":"Bump github.com/gohugoio/hugo from 0.159.2 to 0.160.1 in /hack/tools","user":"dependabot[bot]","labels":["lgtm","release-note-none","approved","size/M","ok-to-test","cncf-cla: yes","area/dependency","dependencies"],"assignees":["mimowo"],"locked":false,"comments_count":5,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-10T09:37:40.000Z","updated_at":"2026-04-10T09:46:30.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.159.2","new_version":"0.160.1","repository_url":"https://github.com/gohugoio/hugo"}],"path":"/hack/tools","ecosystem":"go"},"body":"Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.159.2 to 0.160.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.160.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix panic when passthrough elements are used in headings 8b00030b \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14677\"\u003e#14677\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic on edit of legacy mapped template names that's also a valid path in the new setup c4855167 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14740\"\u003e#14740\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix RenderShortcodes leaking context markers when indented 161d0d47 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/12457\"\u003e#12457\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStrip nested page context markers from standalone RenderShortcodes 45e45966 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14732\"\u003e#14732\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRename deprecated cascade._target to cascade.target in tests 58927aa1 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix auto-creation of root sections in multilingual sites ce009e3a \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14681\"\u003e#14681\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ereadme: Fix links 07558724 \u003ca href=\"https://github.com/chicks-net\"\u003e\u003ccode\u003e@​chicks-net\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.160.0\u003c/h2\u003e\n\u003cp\u003eNow you can inject \u003ca href=\"https://gohugo.io/functions/css/build/#vars\"\u003eCSS vars\u003c/a\u003e, e.g. from the configuration, into your stylesheets when building with \u003ca href=\"https://gohugo.io/functions/css/build/\"\u003ecss.Build\u003c/a\u003e. Also, now all the render hooks has a  \u003ca href=\"https://gohugo.io/render-hooks/links/#position\"\u003e.Position\u003c/a\u003e method, now also more accurate and effective.\u003c/p\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix some recently introduced Position issues 4e91e14c \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14710\"\u003e#14710\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emarkup/goldmark: Fix double-escaping of ampersands in link URLs dc9b51d2 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14715\"\u003e#14715\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etpl: Fix stray quotes from partial decorator in script context 43aad711 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14711\"\u003e#14711\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImprovements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eall: Replace NewIntegrationTestBuilder with Test/TestE/TestRunning 481baa08 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etpl/css: Support \u003ca href=\"https://github.com/import\"\u003e\u003ccode\u003e@​import\u003c/code\u003e\u003c/a\u003e \u0026quot;hugo:vars\u0026quot; for CSS custom properties in css.Build 5d09b5e3 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14699\"\u003e#14699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove and extend .Position handling in Goldmark render hooks 303e443e \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14663\"\u003e#14663\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emarkup/goldmark: Clean up test 638262ce \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependency Updates\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump github.com/magefile/mage from 1.16.1 to 1.17.1 bf6e35a7 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot]\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 0eda24e6 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot]\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/image from 0.37.0 to 0.38.0 beb57a68 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ereadme: Revise edition descriptions and installation instructions 9f1f1be0 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/d6bc8165e62b29d7d70ede01ed01d0f88de327e6\"\u003e\u003ccode\u003ed6bc816\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.160.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/8b00030b344d21635e5634698700f1d13145fead\"\u003e\u003ccode\u003e8b00030\u003c/code\u003e\u003c/a\u003e Fix panic when passthrough elements are used in headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/c48551677c2504e3f2d7fa53ee42766e0333b957\"\u003e\u003ccode\u003ec485516\u003c/code\u003e\u003c/a\u003e Fix panic on edit of legacy mapped template names that's also a valid path in...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/161d0d475773c5251ec00cc8848f1a174393155c\"\u003e\u003ccode\u003e161d0d4\u003c/code\u003e\u003c/a\u003e Fix RenderShortcodes leaking context markers when indented\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/45e4596630b1372ab02634e4536d2b5a89452e0b\"\u003e\u003ccode\u003e45e4596\u003c/code\u003e\u003c/a\u003e Strip nested page context markers from standalone RenderShortcodes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/58927aa14ae7e6679ca4533a15362fa99c61247a\"\u003e\u003ccode\u003e58927aa\u003c/code\u003e\u003c/a\u003e Rename deprecated cascade._target to cascade.target in tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/ce009e3aa9fdc0e9f8d2d209d0d4df591707a094\"\u003e\u003ccode\u003ece009e3\u003c/code\u003e\u003c/a\u003e Fix auto-creation of root sections in multilingual sites\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/0755872424182a99520ab27f54df29ba2bcccddc\"\u003e\u003ccode\u003e0755872\u003c/code\u003e\u003c/a\u003e readme: Fix links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/6b5554bac9f8de094bef2d7eb98f2ab4ede79e52\"\u003e\u003ccode\u003e6b5554b\u003c/code\u003e\u003c/a\u003e releaser: Prepare repository for 0.161.0-DEV\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/652fc5acddf94e0501f778e196a8b630566b39ad\"\u003e\u003ccode\u003e652fc5a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.160.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.159.2...v0.160.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo\u0026package-manager=go_modules\u0026previous-version=0.159.2\u0026new-version=0.160.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/kubernetes-sigs/kueue/pull/10374","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubernetes-sigs%2Fkueue/issues/10374","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/10374/packages"},{"uuid":"4227198525","node_id":"PR_kwDOMkcOX87Q6r6w","number":48,"state":"closed","title":"Chore(deps): Bump the go_modules group across 25 directories with 6 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-24T20:57:11.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-08T19:45:04.000Z","updated_at":"2026-04-24T20:57:14.000Z","time_to_close":1386727,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Chore(deps): Bump","group_name":"go_modules","update_count":6,"packages":[{"name":"github.com/go-jose/go-jose/v4","old_version":"4.1.3","new_version":"4.1.4","repository_url":"https://github.com/go-jose/go-jose"},{"name":"github.com/openfga/openfga","old_version":"1.11.3","new_version":"1.14.0","repository_url":"https://github.com/openfga/openfga"},{"name":"go.opentelemetry.io/otel/sdk","old_version":"1.40.0","new_version":"1.42.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"},{"name":"github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream","old_version":"1.7.3","new_version":"1.7.8"},{"name":"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp","old_version":"1.40.0","new_version":"1.41.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"},{"name":"github.com/gohugoio/hugo","old_version":"0.147.6","new_version":"0.159.2","repository_url":"https://github.com/gohugoio/hugo"},{"name":"github.com/go-jose/go-jose/v4","old_version":"4.1.3","new_version":"4.1.4","repository_url":"https://github.com/go-jose/go-jose"},{"name":"go.opentelemetry.io/otel/sdk","old_version":"1.40.0","new_version":"1.43.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"},{"name":"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp","old_version":"1.40.0","new_version":"1.43.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 2 updates in the / directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) and [github.com/openfga/openfga](https://github.com/openfga/openfga).\nBumps the go_modules group with 1 update in the /.citools/src/air directory: [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo).\nBumps the go_modules group with 3 updates in the /apps/advisor directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 2 updates in the /apps/alerting/historian directory: [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 2 updates in the /apps/alerting/notifications directory: [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 2 updates in the /apps/alerting/rules directory: [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 2 updates in the /apps/annotation directory: [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 2 updates in the /apps/correlations directory: [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 2 updates in the /apps/dashboard directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) and [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 3 updates in the /apps/dashvalidator directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 3 updates in the /apps/example directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 2 updates in the /apps/iam directory: [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 2 updates in the /apps/live directory: [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 2 updates in the /apps/logsdrilldown directory: [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 2 updates in the /apps/playlist directory: [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 3 updates in the /apps/plugins directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 1 update in the /apps/provisioning directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose).\nBumps the go_modules group with 3 updates in the /apps/quotas directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 3 updates in the /apps/shorturl directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 1 update in the /pkg/aggregator directory: [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 1 update in the /pkg/apimachinery directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose).\nBumps the go_modules group with 2 updates in the /pkg/apiserver directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) and [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 2 updates in the /pkg/build directory: [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 1 update in the /pkg/infra/features directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose).\nBumps the go_modules group with 3 updates in the /pkg/plugins directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\n\nUpdates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-jose/go-jose/releases\"\u003egithub.com/go-jose/go-jose/v4's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eFixes Panic in JWE decryption. See \u003ca href=\"https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8\"\u003ehttps://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ehttps://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9\"\u003e\u003ccode\u003e0e59876\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/ddffdbcec8bdadea8e02a20bdf19239878228215\"\u003e\u003ccode\u003eddffdbc\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/go-jose/go-jose/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/openfga/openfga` from 1.11.3 to 1.14.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/openfga/openfga/releases\"\u003egithub.com/openfga/openfga's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.14.0\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eopenfga_iter_query_duration_ms\u003c/code\u003e histogram metric to track storage iterator query latency across all storage backends, labeled by \u003ccode\u003esuccess\u003c/code\u003e. The metric is recorded in each backend's \u003ccode\u003efetchBuffer\u003c/code\u003e after error classification: infrastructure failures are labeled \u003ccode\u003esuccess=false\u003c/code\u003e; expected storage outcomes (\u003ccode\u003eErrNotFound\u003c/code\u003e, \u003ccode\u003eErrCollision\u003c/code\u003e, \u003ccode\u003eErrInvalidWriteInput\u003c/code\u003e) are labeled \u003ccode\u003esuccess=true\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/3030\"\u003e#3030\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eChanged the ListObjects pipeline intersection algorithm to improve intersection performance. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/3031\"\u003e#3031\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e[BREAKING]\u003c/strong\u003e The Playground now only supports the \u003ccode\u003enone\u003c/code\u003e authentication method. Running the Playground with \u003ccode\u003epreshared\u003c/code\u003e key authentication is no longer supported. The server will error and not start if it detects this combination.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe built-in OpenFGA Playground is intended for development purposes only and is deprecated. It will be removed entirely in a future release.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003e--playground-port\u003c/code\u003e flag and \u003ccode\u003eOPENFGA_PLAYGROUND_PORT\u003c/code\u003e environment variable are deprecated. Use \u003ccode\u003e--playground-addr\u003c/code\u003e (\u003ccode\u003eOPENFGA_PLAYGROUND_ADDR\u003c/code\u003e) instead to specify the full \u003ccode\u003ehost:port\u003c/code\u003e address for the Playground server. When \u003ccode\u003e--playground-addr\u003c/code\u003e is not set, the Playground binds to \u003ccode\u003e127.0.0.1\u003c/code\u003e using the port from \u003ccode\u003e--playground-port\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Write operations failing with \u003ccode\u003einvalid input syntax for type integer\u003c/code\u003e (SQLSTATE 22P02) when PostgreSQL is behind PgBouncer or a connection pooler using the simple query protocol. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/3014\"\u003e#3014\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed PostgreSQL \u003ccode\u003eHandleSQLError\u003c/code\u003e and \u003ccode\u003eGetStore\u003c/code\u003e returning a wrapped error instead of \u003ccode\u003estorage.ErrNotFound\u003c/code\u003e when no rows are found. When using pgxpool directly, \u003ccode\u003eQueryRow().Scan()\u003c/code\u003e returns \u003ccode\u003epgx.ErrNoRows\u003c/code\u003e, not \u003ccode\u003esql.ErrNoRows\u003c/code\u003e; both are now handled. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/3014\"\u003e#3014\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed the possibility of deadlocks within the ListObjects pipeline algorithm. Also added short-circuit enhancements that will reduce latency and message processing in certain scenarios. Cyclical edges now use as much memory as necessary to process deep and wide data hierarchies without the risk of a deadlock. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/3028\"\u003e#3028\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed issue where BatchCheck calls with multiple checks for the same tuple could result in improper policy enforcement. \u003ca href=\"https://github.com/openfga/openfga/security/advisories/GHSA-jwvj-g8pc-cx45\"\u003eCVE-2026-34972\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/openfga/openfga/compare/v1.13.1...v1.14.0\"\u003ehttps://github.com/openfga/openfga/compare/v1.13.1...v1.14.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.13.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security vulnerability (\u003ca href=\"https://github.com/openfga/openfga/security/advisories/GHSA-h6c8-cww8-35hf\"\u003eCVE-2026-33729\u003c/a\u003e) where Check requests with conditions and caching enabled could return incorrect cached results.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/openfga/openfga/compare/v1.13.0...v1.13.1\"\u003ehttps://github.com/openfga/openfga/compare/v1.13.0...v1.13.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.13.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAuthZen v1.0 Implementation by \u003ca href=\"https://github.com/aaguiarz\"\u003e\u003ccode\u003e@​aaguiarz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2875\"\u003eopenfga/openfga#2875\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix typos in RELEASES.md and Makefile by \u003ca href=\"https://github.com/kanywst\"\u003e\u003ccode\u003e@​kanywst\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2980\"\u003eopenfga/openfga#2980\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: capture panics in pipeline's base resolver, and return as errors. by \u003ca href=\"https://github.com/senojj\"\u003e\u003ccode\u003e@​senojj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2994\"\u003eopenfga/openfga#2994\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eobservability: aggregate message statistics for each list-objects sender into a single span by \u003ca href=\"https://github.com/senojj\"\u003e\u003ccode\u003e@​senojj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2993\"\u003eopenfga/openfga#2993\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix typos in comments by \u003ca href=\"https://github.com/archy-rock3t-cloud\"\u003e\u003ccode\u003e@​archy-rock3t-cloud\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2972\"\u003eopenfga/openfga#2972\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: Separate caches for v1 and v2 Check by \u003ca href=\"https://github.com/saad-h1\"\u003e\u003ccode\u003e@​saad-h1\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2968\"\u003eopenfga/openfga#2968\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease: update changelog for release \u003ccode\u003ev1.13.0\u003c/code\u003e by \u003ca href=\"https://github.com/poovamraj\"\u003e\u003ccode\u003e@​poovamraj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2997\"\u003eopenfga/openfga#2997\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kanywst\"\u003e\u003ccode\u003e@​kanywst\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2980\"\u003eopenfga/openfga#2980\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/openfga/openfga/compare/v1.12.1...v1.13.0\"\u003ehttps://github.com/openfga/openfga/compare/v1.12.1...v1.13.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.12.1\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe ListObjects \u0026quot;pipeline\u0026quot; algorithm ditches its custom Pipe implementation and replaces it with Go native channels. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2977\"\u003e#2977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRefactor tuple validation and manipulation functions for optimal performance. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2984\"\u003e#2984\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/openfga/openfga/blob/main/CHANGELOG.md\"\u003egithub.com/openfga/openfga's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.14.0] - 2026-04-03\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eopenfga_iter_query_duration_ms\u003c/code\u003e histogram metric to track storage iterator query latency across all storage backends, labeled by \u003ccode\u003esuccess\u003c/code\u003e. The metric is recorded in each backend's \u003ccode\u003efetchBuffer\u003c/code\u003e after error classification: infrastructure failures are labeled \u003ccode\u003esuccess=false\u003c/code\u003e; expected storage outcomes (\u003ccode\u003eErrNotFound\u003c/code\u003e, \u003ccode\u003eErrCollision\u003c/code\u003e, \u003ccode\u003eErrInvalidWriteInput\u003c/code\u003e) are labeled \u003ccode\u003esuccess=true\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/3030\"\u003e#3030\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eChanged the ListObjects pipeline intersection algorithm to improve intersection performance. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/3031\"\u003e#3031\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e[BREAKING]\u003c/strong\u003e The Playground now only supports the \u003ccode\u003enone\u003c/code\u003e authentication method. Running the Playground with \u003ccode\u003epreshared\u003c/code\u003e key authentication is no longer supported. The server will error and not start if it detects this combination.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe built-in OpenFGA Playground is intended for development purposes only and is deprecated. It will be removed entirely in a future release.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003e--playground-port\u003c/code\u003e flag and \u003ccode\u003eOPENFGA_PLAYGROUND_PORT\u003c/code\u003e environment variable are deprecated. Use \u003ccode\u003e--playground-addr\u003c/code\u003e (\u003ccode\u003eOPENFGA_PLAYGROUND_ADDR\u003c/code\u003e) instead to specify the full \u003ccode\u003ehost:port\u003c/code\u003e address for the Playground server. When \u003ccode\u003e--playground-addr\u003c/code\u003e is not set, the Playground binds to \u003ccode\u003e127.0.0.1\u003c/code\u003e using the port from \u003ccode\u003e--playground-port\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Write operations failing with \u003ccode\u003einvalid input syntax for type integer\u003c/code\u003e (SQLSTATE 22P02) when PostgreSQL is behind PgBouncer or a connection pooler using the simple query protocol. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/3014\"\u003e#3014\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed PostgreSQL \u003ccode\u003eHandleSQLError\u003c/code\u003e and \u003ccode\u003eGetStore\u003c/code\u003e returning a wrapped error instead of \u003ccode\u003estorage.ErrNotFound\u003c/code\u003e when no rows are found. When using pgxpool directly, \u003ccode\u003eQueryRow().Scan()\u003c/code\u003e returns \u003ccode\u003epgx.ErrNoRows\u003c/code\u003e, not \u003ccode\u003esql.ErrNoRows\u003c/code\u003e; both are now handled. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/3014\"\u003e#3014\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed the possibility of deadlocks within the ListObjects pipeline algorithm. Also added short-circuit enhancements that will reduce latency and message processing in certain scenarios. Cyclical edges now use as much memory as necessary to process deep and wide data hierarchies without the risk of a deadlock. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/3028\"\u003e#3028\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed issue where BatchCheck calls with multiple checks for the same tuple could result in improper policy enforcement. \u003ca href=\"https://github.com/openfga/openfga/security/advisories/GHSA-jwvj-g8pc-cx45\"\u003eCVE-2026-34972\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.13.1] - 2026-03-24\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security vulnerability (\u003ca href=\"https://github.com/openfga/openfga/security/advisories/GHSA-h6c8-cww8-35hf\"\u003eCVE-2026-33729\u003c/a\u003e) where Check requests with conditions and caching enabled could return incorrect cached results.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.13.0] - 2026-03-23\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AuthZen 1.0 experimental support. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2875\"\u003e#2875\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent recoverable panics in list objects from terminating the process. Return an error instead. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2994\"\u003e#2994\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.12.1] - 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe ListObjects \u0026quot;pipeline\u0026quot; algorithm ditches its custom Pipe implementation and replaces it with Go native channels. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2977\"\u003e#2977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRefactor tuple validation and manipulation functions for optimal performance. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2984\"\u003e#2984\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate grpc-go version to v1.79.3 and grpc-health-probe to v0.4.47. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2988\"\u003e#2988\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eOTEL_EXPORTER_OTLP_ENDPOINT\u003c/code\u003e not accepting URIs with schemes (e.g. \u003ccode\u003ehttp://host:4317\u003c/code\u003e). The scheme is now stripped before passing to the gRPC exporter, and an \u003ccode\u003ehttps://\u003c/code\u003e scheme enables TLS regardless of the \u003ccode\u003etrace.otlp.tls.enabled\u003c/code\u003e flag. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2981\"\u003e#2981\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.12.0] - 2026-03-13\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AuthZen 1.0 experimental support. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2875\"\u003e#2875\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd configuration for maximum size of received gRPC message bytes. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2952\"\u003e#2952\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eHTTP gateway's internal gRPC client now uses dynamic TLS credentials that automatically update on certificate rotation via certwatcher, preventing connection failures when certificates are rotated (e.g., by cert-manager). \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2951\"\u003e#2951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTuple validation will now fail when any unicode control characters, or null bytes are present within a tuple string. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2963\"\u003e#2963\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed swapped format arguments in \u003ccode\u003eDecodeParameterType\u003c/code\u003e error message that reported required and found generic type counts in the wrong order. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2961\"\u003e#2961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a few bugs. Two potential index out of bounds scenarios, and one cache of an invalid result. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2942\"\u003e#2942\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/40e6b410825813d1d394d7371c5ca31cad17f517\"\u003e\u003ccode\u003e40e6b41\u003c/code\u003e\u003c/a\u003e release: update changelog for release \u003ccode\u003ev1.14.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/openfga/openfga/issues/3040\"\u003e#3040\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/6b69a3b6f7aa4f3252f06bf77048bb7c8b9c7f23\"\u003e\u003ccode\u003e6b69a3b\u003c/code\u003e\u003c/a\u003e batch check cache (\u003ca href=\"https://redirect.github.com/openfga/openfga/issues/3025\"\u003e#3025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/81373f28921554ab41232af10f762180d461a776\"\u003e\u003ccode\u003e81373f2\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/1de968515cd4e0a98e809f5cc0e274d298824388\"\u003e\u003ccode\u003e1de9685\u003c/code\u003e\u003c/a\u003e feat: add stats on tuple iterator query (\u003ca href=\"https://redirect.github.com/openfga/openfga/issues/3030\"\u003e#3030\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/68e053f3237d1b3ff2a98d4683eb6b96415aee55\"\u003e\u003ccode\u003e68e053f\u003c/code\u003e\u003c/a\u003e fix: remove unnecessary non-deterministic test (\u003ca href=\"https://redirect.github.com/openfga/openfga/issues/3038\"\u003e#3038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/8373f2888c272c18d34cf3c096886671f3e73208\"\u003e\u003ccode\u003e8373f28\u003c/code\u003e\u003c/a\u003e remove unnecessary import (\u003ca href=\"https://redirect.github.com/openfga/openfga/issues/3032\"\u003e#3032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/342a78306ec83e025ee78ec7d17cdba2063d718a\"\u003e\u003ccode\u003e342a783\u003c/code\u003e\u003c/a\u003e perf: improve the intersection algorithm, reducing latency and memory use (\u003ca href=\"https://redirect.github.com/openfga/openfga/issues/3\"\u003e#3\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/c75b5f0a4c6e503b1af04c8555f52ee4e037979d\"\u003e\u003ccode\u003ec75b5f0\u003c/code\u003e\u003c/a\u003e fix: ListObjects pipeline algorithm enhancements and fix for potential deadlo...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/1a44a05316e001165b3ea0e22e71a107c785ddc5\"\u003e\u003ccode\u003e1a44a05\u003c/code\u003e\u003c/a\u003e chore: Also update openfga/helm-charts in release script (\u003ca href=\"https://redirect.github.com/openfga/openfga/issues/3010\"\u003e#3010\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/60dd7f563d36413e481cbfbd634e6549cef15588\"\u003e\u003ccode\u003e60dd7f5\u003c/code\u003e\u003c/a\u003e chore: update CICD to enforce GRPC healthprobe changes (\u003ca href=\"https://redirect.github.com/openfga/openfga/issues/2990\"\u003e#2990\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/openfga/openfga/compare/v1.11.3...v1.14.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel/sdk` from 1.40.0 to 1.42.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel/sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.43.0/0.65.0/0.19.0] 2026-04-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eIsRandom\u003c/code\u003e and \u003ccode\u003eWithRandom\u003c/code\u003e on \u003ccode\u003eTraceFlags\u003c/code\u003e, and \u003ccode\u003eIsRandom\u003c/code\u003e on \u003ccode\u003eSpanContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e for \u003ca href=\"https://www.w3.org/TR/trace-context-2/#random-trace-id-flag\"\u003eW3C Trace Context Level 2 Random Trace ID Flag\u003c/a\u003e support. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012\"\u003e#8012\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd service detection with \u003ccode\u003eWithService\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642\"\u003e#7642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eDefaultWithContext\u003c/code\u003e and \u003ccode\u003eEnvironmentWithContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to support plumbing \u003ccode\u003econtext.Context\u003c/code\u003e through default and environment detectors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051\"\u003e#8051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for per-series start time tracking for cumulative metrics in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e.\nSet \u003ccode\u003eOTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true\u003c/code\u003e to enable. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060\"\u003e#8060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eWithCardinalityLimitSelector\u003c/code\u003e for metric reader for configuring cardinality limits specific to the instrument kind. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855\"\u003e#7855\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce the \u003ccode\u003eEMPTY\u003c/code\u003e Type in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to reflect that an empty value is now a valid value, with \u003ccode\u003eINVALID\u003c/code\u003e remaining as a deprecated alias of \u003ccode\u003eEMPTY\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove slice handling in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to optimize short slice values with fixed-size fast paths. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039\"\u003e#8039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of span metric recording in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e by returning early if self-observability is not enabled. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067\"\u003e#8067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove formatting of metric data diffs in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073\"\u003e#8073\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eINVALID\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e. Use \u003ccode\u003eEMPTY\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn spec-compliant \u003ccode\u003eTraceIdRatioBased\u003c/code\u003e description. This is a breaking behavioral change, but it is necessary to\nmake the implementation \u003ca href=\"https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased\"\u003espec-compliant\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027\"\u003e#8027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a race condition in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056\"\u003e#8056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithHostID\u003c/code\u003e detector in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to use full path for \u003ccode\u003ekenv\u003c/code\u003e command on BSD. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix missing \u003ccode\u003erequest.GetBody\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to correctly handle HTTP2 GOAWAY frame. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.40.0\u003c/code\u003e package.\nThe package contains semantic conventions from the \u003ccode\u003ev1.40.0\u003c/code\u003e version of the OpenTelemetry Semantic Conventions.\nSee the \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.40.0/MIGRATION.md\"\u003emigration documentation\u003c/a\u003e for information on how to upgrade from \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.39.0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7985\"\u003e#7985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/9276201a64b623606e3eaa0d61ae8ee6d62756c0\"\u003e\u003ccode\u003e9276201\u003c/code\u003e\u003c/a\u003e Release v1.43.0 / v0.65.0 / v0.19.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8128\"\u003e#8128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/61b8c9466c4e6b17e69b622279fe9b63fb15c89a\"\u003e\u003ccode\u003e61b8c94\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8131\"\u003e#8131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/97a086e82ffe01502f4c620e9c447efa229e2a23\"\u003e\u003ccode\u003e97a086e\u003c/code\u003e\u003c/a\u003e chore(deps): update github.com/golangci/dupl digest to c99c5cf (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8122\"\u003e#8122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/5e363de517dba6db62736b2f5cdef0e0929b4cd0\"\u003e\u003ccode\u003e5e363de\u003c/code\u003e\u003c/a\u003e limit response body size for OTLP HTTP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/35214b60138eac8dec97a2d2b851d8c8471680c7\"\u003e\u003ccode\u003e35214b6\u003c/code\u003e\u003c/a\u003e Use an absolute path when calling bsd kenv (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/290024ceaf695f9cdbf29a0c6731a317d92bc361\"\u003e\u003ccode\u003e290024c\u003c/code\u003e\u003c/a\u003e fix(deps): update module google.golang.org/grpc to v1.80.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8121\"\u003e#8121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/e70658e098033d6bb5ec1b399de16bbb2642f6dc\"\u003e\u003ccode\u003ee70658e\u003c/code\u003e\u003c/a\u003e fix: support getBody in otelploghttp (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/4afe468e3b4859c949a1c1e8d92684d43d86ef8a\"\u003e\u003ccode\u003e4afe468\u003c/code\u003e\u003c/a\u003e fix(deps): update googleapis to 9d38bb4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8117\"\u003e#8117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/b9ca729776309e3c08fe700c131797a3b4d10634\"\u003e\u003ccode\u003eb9ca729\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8115\"\u003e#8115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/69472ec56cb7674d55ca2e2bcb04dea73228ab79\"\u003e\u003ccode\u003e69472ec\u003c/code\u003e\u003c/a\u003e chore(deps): update fossas/fossa-action action to v1.9.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8118\"\u003e#8118\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/compare/v1.40.0...v1.43.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream` from 1.7.3 to 1.7.8\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/e3b97d2a02cd4e27c40224f05aa1a7deba24abe2\"\u003e\u003ccode\u003ee3b97d2\u003c/code\u003e\u003c/a\u003e Release 2023-10-12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/863010ddb23c242c2a5d49d9f40094a6a49b5525\"\u003e\u003ccode\u003e863010d\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/6946ef8b9149fe75ac1b427ca2c7f57cdcb64549\"\u003e\u003ccode\u003e6946ef8\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/6d93ded4536184d38a664b4b75dadd36cbd79878\"\u003e\u003ccode\u003e6d93ded\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/bebc232e7f65b02d0b519d11e73cf925c38e716f\"\u003e\u003ccode\u003ebebc232\u003c/code\u003e\u003c/a\u003e fix: fail to load config if configured profile doesn't exist (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/2309\"\u003e#2309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/5de46742b7fb1b72d93d344ee81568800a707267\"\u003e\u003ccode\u003e5de4674\u003c/code\u003e\u003c/a\u003e fix DNS timeout error not retried (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/2300\"\u003e#2300\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/e155bb72a2ec20ec61db50fc3d4568e373fa4b63\"\u003e\u003ccode\u003ee155bb7\u003c/code\u003e\u003c/a\u003e Release 2023-10-06\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/9d342ba33937c562d215f317a37dea121ee9763d\"\u003e\u003ccode\u003e9d342ba\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/1df99141a143a38570d64a182ed972ce9e3dba65\"\u003e\u003ccode\u003e1df9914\u003c/code\u003e\u003c/a\u003e Update SDK's smithy-go dependency to v1.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/32ada3a191ac770b1b24164b667692183fc77ed9\"\u003e\u003ccode\u003e32ada3a\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/service/m2/v1.7.3...service/m2/v1.7.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` from 1.40.0 to 1.41.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.43.0/0.65.0/0.19.0] 2026-04-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eIsRandom\u003c/code\u003e and \u003ccode\u003eWithRandom\u003c/code\u003e on \u003ccode\u003eTraceFlags\u003c/code\u003e, and \u003ccode\u003eIsRandom\u003c/code\u003e on \u003ccode\u003eSpanContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e for \u003ca href=\"https://www.w3.org/TR/trace-context-2/#random-trace-id-flag\"\u003eW3C Trace Context Level 2 Random Trace ID Flag\u003c/a\u003e support. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012\"\u003e#8012\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd service detection with \u003ccode\u003eWithService\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642\"\u003e#7642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eDefaultWithContext\u003c/code\u003e and \u003ccode\u003eEnvironmentWithContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to support plumbing \u003ccode\u003econtext.Context\u003c/code\u003e through default and environment detectors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051\"\u003e#8051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for per-series start time tracking for cumulative metrics in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e.\nSet \u003ccode\u003eOTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true\u003c/code\u003e to enable. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060\"\u003e#8060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eWithCardinalityLimitSelector\u003c/code\u003e for metric reader for configuring cardinality limits specific to the instrument kind. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855\"\u003e#7855\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce the \u003ccode\u003eEMPTY\u003c/code\u003e Type in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to reflect that an empty value is now a valid value, with \u003ccode\u003eINVALID\u003c/code\u003e remaining as a deprecated alias of \u003ccode\u003eEMPTY\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove slice handling in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to optimize short slice values with fixed-size fast paths. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039\"\u003e#8039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of span metric recording in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e by returning early if self-observability is not enabled. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067\"\u003e#8067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove formatting of metric data diffs in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073\"\u003e#8073\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eINVALID\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e. Use \u003ccode\u003eEMPTY\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn spec-compliant \u003ccode\u003eTraceIdRatioBased\u003c/code\u003e description. This is a breaking behavioral change, but it is necessary to\nmake the implementation \u003ca href=\"https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased\"\u003espec-compliant\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027\"\u003e#8027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a race condition in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056\"\u003e#8056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithHostID\u003c/code\u003e detector in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to use full path for \u003ccode\u003ekenv\u003c/code\u003e command on BSD. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix missing \u003ccode\u003erequest.GetBody\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to correctly handle HTTP2 GOAWAY frame. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.40.0\u003c/code\u003e package.\nThe package contains semantic conventions from the \u003ccode\u003ev1.40.0\u003c/code\u003e version of the OpenTelemetry Semantic Conventions.\nSee the \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.40.0/MIGRATION.md\"\u003emigration documentation\u003c/a\u003e for information on how to upgrade from \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.39.0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7985\"\u003e#7985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/9276201a64b623606e3eaa0d61ae8ee6d62756c0\"\u003e\u003ccode\u003e9276201\u003c/code\u003e\u003c/a\u003e Release v1.43.0 / v0.65.0 / v0.19.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8128\"\u003e#8128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/61b8c9466c4e6b17e69b622279fe9b63fb15c89a\"\u003e\u003ccode\u003e61b8c94\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8131\"\u003e#8131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/97a086e82ffe01502f4c620e9c447efa229e2a23\"\u003e\u003ccode\u003e97a086e\u003c/code\u003e\u003c/a\u003e chore(deps): update github.com/golangci/dupl digest to c99c5cf (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8122\"\u003e#8122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/5e363de517dba6db62736b2f5cdef0e0929b4cd0\"\u003e\u003ccode\u003e5e363de\u003c/code\u003e\u003c/a\u003e limit response body size for OTLP HTTP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/35214b60138eac8dec97a2d2b851d8c8471680c7\"\u003e\u003ccode\u003e35214b6\u003c/code\u003e\u003c/a\u003e Use an absolute path when calling bsd kenv (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/290024ceaf695f9cdbf29a0c6731a317d92bc361\"\u003e\u003ccode\u003e290024c\u003c/code\u003e\u003c/a\u003e fix(deps): update module google.golang.org/grpc to v1.80.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8121\"\u003e#8121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/e70658e098033d6bb5ec1b399de16bbb2642f6dc\"\u003e\u003ccode\u003ee70658e\u003c/code\u003e\u003c/a\u003e fix: support getBody in otelploghttp (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/4afe468e3b4859c949a1c1e8d92684d43d86ef8a\"\u003e\u003ccode\u003e4afe468\u003c/code\u003e\u003c/a\u003e fix(deps): update googleapis to 9d38bb4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8117\"\u003e#8117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/b9ca729776309e3c08fe700c131797a3b4d10634\"\u003e\u003ccode\u003eb9ca729\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8115\"\u003e#8115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/69472ec56cb7674d55ca2e2bcb04dea73228ab79\"\u003e\u003ccode\u003e69472ec\u003c/code\u003e\u003c/a\u003e chore(deps): update fossas/fossa-action action to v1.9.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8118\"\u003e#8118\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/compare/v1.40.0...v1.43.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/gohugoio/hugo` from 0.147.6 to 0.159.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.159.2\u003c/h2\u003e\n\u003cp\u003eNote that the security fix below is not a potential threat if you either:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTrust your Markdown content files.\u003c/li\u003e\n\u003cli\u003eHave custom \u003ca href=\"https://gohugo.io/render-hooks/\"\u003erender hook template\u003c/a\u003e for links and images.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eEDIT IN: This release also adds release archives for non-extended-withdeploy builds.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix potential content XSS by escaping dangerous URLs in Markdown links and images 479fe6c6 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eresources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser df520e31 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14684\"\u003e#14684\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.1\u003c/h2\u003e\n\u003cp\u003eThe regression fixed in this release isn't new, but it's so subtle that we thought we'd release this sooner rather than later. For some time now, the minifier we use have stripped namespaced attributes in SVGs, which broke dynamic constructs using e.g. \u003ca href=\"https://alpinejs.dev/directives/bind\"\u003eAlpineJS' x-bind:\u003c/a\u003e namespace (library used by Hugo's \u003ca href=\"https://gohugo.io/\"\u003edocumentation site\u003c/a\u003e).\u003c/p\u003e\n\u003cp\u003eTo fix this, the upstream library has hadded a \u003ccode\u003ekeepNamespaces\u003c/code\u003e slice option. It was not possible to find a default that would make all happy, so we opted for an option that at least would make AlpineJS sites work out of the box:\u003c/p\u003e\n\u003cpre lang=\"toml\"\u003e\u003ccode\u003e [minify.tdewolff.svg]\r\n      keepNamespaces = ['', 'x-bind']\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eminifiers: Keep x-bind and blank namespace in SVG minification 42289d76 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14669\"\u003e#14669\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.0\u003c/h2\u003e\n\u003cp\u003eThis release greatly improves and simplifies management of Node.js/npm dependencies in a multi-module setup. See \u003ca href=\"https://gohugo.io/hugo-modules/nodejs-dependencies/\"\u003ethis page\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eNote\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace deprecated site.Data with hugo.Data in tests a8fca598 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated excludeFiles and includeFiles with files in tests 182b1045 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated :filename with :contentbasename in the permalinks test eb11c3d0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etpl/tplimpl: Fix Vimeo shortcode test eaf4c751 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14649\"\u003e#14649\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImprovements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ecreate: Return error instead of panic when page not found 807cae1d \u003ca href=\"https://github.com/mango766\"\u003e\u003ccode\u003e@​mango766\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14112\"\u003e#14112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommands: Preserve non-content files in convert output c4fb61d9 \u003ca href=\"https://github.com/xndvaz\"\u003e\u003ccode\u003e@​xndvaz\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/4621\"\u003e#4621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003enpm: Use workspaces to simplify \u003ccode\u003ehugo mod npm pack\u003c/code\u003e d88a29e0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/5f4646acaad89e1166aac118e118b0d28013f460\"\u003e\u003ccode\u003e5f4646a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/479fe6c654937a850b65e74551dc4e857d52898f\"\u003e\u003ccode\u003e479fe6c\u003c/code\u003e\u003c/a\u003e Fix potential content XSS by escaping dangerous URLs in links and images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/81a5cdca0788ca39574a17d444c9db29d0b19e27\"\u003e\u003ccode\u003e81a5cdc\u003c/code\u003e\u003c/a\u003e releaser: Add standard withdeploy release assets\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/df520e315087210e069050a873fb5e208659af91\"\u003e\u003ccode\u003edf520e3\u003c/code\u003e\u003c/a\u003e resources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/b55d452e46e81369a65978459a0683efa484c11b\"\u003e\u003ccode\u003eb55d452\u003c/code\u003e\u003c/a\u003e testing: Simplify line ending handling in tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/ea7eac65589a7c6e138a2dfba12615335b29bef3\"\u003e\u003ccode\u003eea7eac6\u003c/code\u003e\u003c/a\u003e readme: Update Go version to 1.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/458ebdd448492d82113b0149886f2b5f8e7b91a4\"\u003e\u003ccode\u003e458ebdd\u003c/code\u003e\u003c/a\u003e releaser: Prepare repository for 0.160.0-DEV\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/86c7d3afacab79dc53325602d77ef884b7570268\"\u003e\u003ccode\u003e86c7d3a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/42289d76f9ccac052c22b84d7024e64cfb0a683b\"\u003e\u003ccode\u003e42289d7\u003c/code\u003e\u003c/a\u003e minifiers: Keep x-bind and blank namespace in SVG minification\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/0c013c2326be1bbebba9a9f89d27072074fc6cc4\"\u003e\u003ccode\u003e0c013c2\u003c/code\u003e\u003c/a\u003e Adjust depreceated syntax in tests\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.147.6...v0.159.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-jose/go-jose/releases\"\u003egithub.com/go-jose/go-jose/v4's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eFixes Panic in JWE decryption. See \u003ca href=\"https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8\"\u003ehttps://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ehttps://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9\"\u003e\u003ccode\u003e0e59876\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/ddffdbcec8bdadea8e02a20bdf19239878228215\"\u003e\u003ccode\u003eddffdbc\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/go-jose/go-jose/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel/sdk` from 1.40.0 to 1.43.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel/sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.43.0/0.65.0/0.19.0] 2026-04-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eIsRandom\u003c/code\u003e and \u003ccode\u003eWithRandom\u003c/code\u003e on \u003ccode\u003eTraceFlags\u003c/code\u003e, and \u003ccode\u003eIsRandom\u003c/code\u003e on \u003ccode\u003eSpanContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e for \u003ca href=\"https://www.w3.org/TR/trace-context-2/#random-trace-id-flag\"\u003eW3C Trace Context Level 2 Random Trace ID Flag\u003c/a\u003e support. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012\"\u003e#8012\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd service detection with \u003ccode\u003eWithService\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642\"\u003e#7642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eDefaultWithContext\u003c/code\u003e and \u003ccode\u003eEnvironmentWithContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to support plumbing \u003ccode\u003econtext.Context\u003c/code\u003e through default and environment detectors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051\"\u003e#8051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for per-series start time tracking for cumulative metrics in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e.\nSet \u003ccode\u003eOTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true\u003c/code\u003e to enable. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060\"\u003e#8060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eWithCardinalityLimitSelector\u003c/code\u003e for metric reader for configuring cardinality limits specific to the instrument kind. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855\"\u003e#7855\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce the \u003ccode\u003eEMPTY\u003c/code\u003e Type in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to reflect that an empty value is now a valid value, with \u003ccode\u003eINVALID\u003c/code\u003e remaining as a deprecated alias of \u003ccode\u003eEMPTY\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove slice handling in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to optimize short slice values with fixed-size fast paths. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039\"\u003e#8039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of span metric recording in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e by returning early if self-observability is not enabled. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067\"\u003e#8067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove formatting of metric data diffs in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073\"\u003e#8073\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eINVALID\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e. Use \u003ccode\u003eEMPTY\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn spec-compliant \u003ccode\u003eTraceIdRatioBased\u003c/code\u003e description. This is a breaking behavioral change, but it is necessary to\nmake the implementation \u003ca href=\"https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased\"\u003espec-compliant\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027\"\u003e#8027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a race condition in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056\"\u003e#8056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithHostID\u003c/code\u003e detector in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to use full path for \u003ccode\u003ekenv\u003c/code\u003e command on BSD. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix missing \u003ccode\u003erequest.GetBody\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to correctly handle HTTP2 GOAWAY frame. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.40.0\u003c/code\u003e package.\nThe package contains semantic conventions from the \u003ccode\u003ev1.40.0\u003c/code\u003e version of the OpenTelemetry Semantic Conventions.\nSee the \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.40.0/MIGRATION.md\"\u003emigration documentation\u003c/a\u003e for information on how to upgrade from \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.39.0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7985\"\u003e#7985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/9276201a64b623606e3eaa0d61ae8ee6d62756c0\"\u003e\u003ccode\u003e9276201\u003c/code\u003e\u003c/a\u003e Release v1.43.0 / v0.65.0 / v0.19.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8128\"\u003e#8128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/61b8c9466c4e6b17e69b622279fe9b63fb15c89a\"\u003e\u003ccode\u003e61b8c94\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8131\"\u003e#8131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/97a086e82ffe01502f4c620e9c447efa229e2a23\"\u003e\u003ccode\u003e97a086e\u003c/code\u003e\u003c/a\u003e chore(deps): update github.com/golangci/dupl digest to c99c5cf (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8122\"\u003e#8122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/5e363de517dba6db62736b2f5cdef0e0929b4cd0\"\u003e\u003ccode\u003e5e363de\u003c/code\u003e\u003c/a\u003e limit response body size for OTLP HTTP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/35214b60138eac8dec97a2d2b851d8c8471680c7\"\u003e\u003ccode\u003e35214b6\u003c/code\u003e\u003c/a\u003e Use an absolute path when calling bsd kenv (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/290024ceaf695f9cdbf29a0c6731a317d92bc361\"\u003e\u003ccode\u003e290024c\u003c/code\u003e\u003c/a\u003e fix(deps): update module google.golang.org/grpc to v1.80.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8121\"\u003e#8121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/e70658e098033d6bb5ec1b399de16bbb2642f6dc\"\u003e\u003ccode\u003ee70658e\u003c/code\u003e\u003c/a\u003e fix: support getBody in otelploghttp (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/4afe468e3b4859c949a1c1e8d92684d43d86ef8a\"\u003e\u003ccode\u003e4afe468\u003c/code\u003e\u003c/a\u003e fix(deps): update googleapis to 9d38bb4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8117\"\u003e#8117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/b9ca729776309e3c08fe700c131797a3b4d10634\"\u003e\u003ccode\u003eb9ca729\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8115\"\u003e#8115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/69472ec56cb7674d55ca2e2bcb04dea73228ab79\"\u003e\u003ccode\u003e69472ec\u003c/code\u003e\u003c/a\u003e chore(deps): update fossas/fossa-action action to v1.9.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8118\"\u003e#8118\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/compare/v1.40.0...v1.43.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` from 1.40.0 to 1.43.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.43.0/0.65.0/0.19.0] 2026-04-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eIsRandom\u003c/code\u003e and \u003ccode\u003eWithRandom\u003c/code\u003e on \u003ccode\u003eTraceFlags\u003c/code\u003e, and \u003ccode\u003eIsRandom\u003c...\n\n_Description has been truncated_","html_url":"https://github.com/RalphHightower/grafana/pull/48","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/RalphHightower%2Fgrafana/issues/48","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/48/packages"},{"uuid":"4205955228","node_id":"PR_kwDONtBya87P_ulP","number":239,"state":"open","title":"build(deps): bump github.com/gohugoio/hugo from 0.101.0 to 0.159.2 in /scripts in the go_modules group across 1 directory","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-04T22:46:51.000Z","updated_at":"2026-04-04T22:46:54.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.101.0","new_version":"0.159.2","repository_url":"https://github.com/gohugoio/hugo"}],"path":"/scripts in the go_modules group across 1 directory","ecosystem":"go"},"body":"Bumps the go_modules group with 1 update in the /scripts directory: [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo).\n\nUpdates `github.com/gohugoio/hugo` from 0.101.0 to 0.159.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.159.2\u003c/h2\u003e\n\u003cp\u003eNote that the security fix below is not a potential threat if you either:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTrust your Markdown content files.\u003c/li\u003e\n\u003cli\u003eHave custom \u003ca href=\"https://gohugo.io/render-hooks/\"\u003erender hook template\u003c/a\u003e for links and images.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eEDIT IN: This release also adds release archives for non-extended-withdeploy builds.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix potential content XSS by escaping dangerous URLs in Markdown links and images 479fe6c6 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eresources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser df520e31 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14684\"\u003e#14684\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.1\u003c/h2\u003e\n\u003cp\u003eThe regression fixed in this release isn't new, but it's so subtle that we thought we'd release this sooner rather than later. For some time now, the minifier we use have stripped namespaced attributes in SVGs, which broke dynamic constructs using e.g. \u003ca href=\"https://alpinejs.dev/directives/bind\"\u003eAlpineJS' x-bind:\u003c/a\u003e namespace (library used by Hugo's \u003ca href=\"https://gohugo.io/\"\u003edocumentation site\u003c/a\u003e).\u003c/p\u003e\n\u003cp\u003eTo fix this, the upstream library has hadded a \u003ccode\u003ekeepNamespaces\u003c/code\u003e slice option. It was not possible to find a default that would make all happy, so we opted for an option that at least would make AlpineJS sites work out of the box:\u003c/p\u003e\n\u003cpre lang=\"toml\"\u003e\u003ccode\u003e [minify.tdewolff.svg]\r\n      keepNamespaces = ['', 'x-bind']\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eminifiers: Keep x-bind and blank namespace in SVG minification 42289d76 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14669\"\u003e#14669\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.0\u003c/h2\u003e\n\u003cp\u003eThis release greatly improves and simplifies management of Node.js/npm dependencies in a multi-module setup. See \u003ca href=\"https://gohugo.io/hugo-modules/nodejs-dependencies/\"\u003ethis page\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eNote\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace deprecated site.Data with hugo.Data in tests a8fca598 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated excludeFiles and includeFiles with files in tests 182b1045 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated :filename with :contentbasename in the permalinks test eb11c3d0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etpl/tplimpl: Fix Vimeo shortcode test eaf4c751 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14649\"\u003e#14649\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImprovements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ecreate: Return error instead of panic when page not found 807cae1d \u003ca href=\"https://github.com/mango766\"\u003e\u003ccode\u003e@​mango766\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14112\"\u003e#14112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommands: Preserve non-content files in convert output c4fb61d9 \u003ca href=\"https://github.com/xndvaz\"\u003e\u003ccode\u003e@​xndvaz\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/4621\"\u003e#4621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003enpm: Use workspaces to simplify \u003ccode\u003ehugo mod npm pack\u003c/code\u003e d88a29e0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/5f4646acaad89e1166aac118e118b0d28013f460\"\u003e\u003ccode\u003e5f4646a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/479fe6c654937a850b65e74551dc4e857d52898f\"\u003e\u003ccode\u003e479fe6c\u003c/code\u003e\u003c/a\u003e Fix potential content XSS by escaping dangerous URLs in links and images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/81a5cdca0788ca39574a17d444c9db29d0b19e27\"\u003e\u003ccode\u003e81a5cdc\u003c/code\u003e\u003c/a\u003e releaser: Add standard withdeploy release assets\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/df520e315087210e069050a873fb5e208659af91\"\u003e\u003ccode\u003edf520e3\u003c/code\u003e\u003c/a\u003e resources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/b55d452e46e81369a65978459a0683efa484c11b\"\u003e\u003ccode\u003eb55d452\u003c/code\u003e\u003c/a\u003e testing: Simplify line ending handling in tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/ea7eac65589a7c6e138a2dfba12615335b29bef3\"\u003e\u003ccode\u003eea7eac6\u003c/code\u003e\u003c/a\u003e readme: Update Go version to 1.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/458ebdd448492d82113b0149886f2b5f8e7b91a4\"\u003e\u003ccode\u003e458ebdd\u003c/code\u003e\u003c/a\u003e releaser: Prepare repository for 0.160.0-DEV\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/86c7d3afacab79dc53325602d77ef884b7570268\"\u003e\u003ccode\u003e86c7d3a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/42289d76f9ccac052c22b84d7024e64cfb0a683b\"\u003e\u003ccode\u003e42289d7\u003c/code\u003e\u003c/a\u003e minifiers: Keep x-bind and blank namespace in SVG minification\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/0c013c2326be1bbebba9a9f89d27072074fc6cc4\"\u003e\u003ccode\u003e0c013c2\u003c/code\u003e\u003c/a\u003e Adjust depreceated syntax in tests\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.101.0...v0.159.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo\u0026package-manager=go_modules\u0026previous-version=0.101.0\u0026new-version=0.159.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/AKJUS/prometheus-operator/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/AKJUS/prometheus-operator/pull/239","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AKJUS%2Fprometheus-operator/issues/239","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/239/packages"},{"uuid":"4202601341","node_id":"PR_kwDONHKyW87P5Aet","number":1,"state":"open","title":"chore(deps): bump github.com/gohugoio/hugo from 0.82.0 to 0.159.2 in /bertytech in the go_modules group across 1 directory","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-03T23:42:14.000Z","updated_at":"2026-04-03T23:53:00.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.82.0","new_version":"0.159.2","repository_url":"https://github.com/gohugoio/hugo"}],"path":"/bertytech in the go_modules group across 1 directory","ecosystem":"go"},"body":"Bumps the go_modules group with 1 update in the /bertytech directory: [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo).\n\nUpdates `github.com/gohugoio/hugo` from 0.82.0 to 0.159.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.159.2\u003c/h2\u003e\n\u003cp\u003eNote that the security fix below is not a potential threat if you either:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTrust your Markdown content files.\u003c/li\u003e\n\u003cli\u003eHave custom \u003ca href=\"https://gohugo.io/render-hooks/\"\u003erender hook template\u003c/a\u003e for links and images.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eEDIT IN: This release also adds release archives for non-extended-withdeploy builds.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix potential content XSS by escaping dangerous URLs in Markdown links and images 479fe6c6 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eresources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser df520e31 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14684\"\u003e#14684\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.1\u003c/h2\u003e\n\u003cp\u003eThe regression fixed in this release isn't new, but it's so subtle that we thought we'd release this sooner rather than later. For some time now, the minifier we use have stripped namespaced attributes in SVGs, which broke dynamic constructs using e.g. \u003ca href=\"https://alpinejs.dev/directives/bind\"\u003eAlpineJS' x-bind:\u003c/a\u003e namespace (library used by Hugo's \u003ca href=\"https://gohugo.io/\"\u003edocumentation site\u003c/a\u003e).\u003c/p\u003e\n\u003cp\u003eTo fix this, the upstream library has hadded a \u003ccode\u003ekeepNamespaces\u003c/code\u003e slice option. It was not possible to find a default that would make all happy, so we opted for an option that at least would make AlpineJS sites work out of the box:\u003c/p\u003e\n\u003cpre lang=\"toml\"\u003e\u003ccode\u003e [minify.tdewolff.svg]\r\n      keepNamespaces = ['', 'x-bind']\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eminifiers: Keep x-bind and blank namespace in SVG minification 42289d76 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14669\"\u003e#14669\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.0\u003c/h2\u003e\n\u003cp\u003eThis release greatly improves and simplifies management of Node.js/npm dependencies in a multi-module setup. See \u003ca href=\"https://gohugo.io/hugo-modules/nodejs-dependencies/\"\u003ethis page\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eNote\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace deprecated site.Data with hugo.Data in tests a8fca598 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated excludeFiles and includeFiles with files in tests 182b1045 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated :filename with :contentbasename in the permalinks test eb11c3d0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etpl/tplimpl: Fix Vimeo shortcode test eaf4c751 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14649\"\u003e#14649\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImprovements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ecreate: Return error instead of panic when page not found 807cae1d \u003ca href=\"https://github.com/mango766\"\u003e\u003ccode\u003e@​mango766\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14112\"\u003e#14112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommands: Preserve non-content files in convert output c4fb61d9 \u003ca href=\"https://github.com/xndvaz\"\u003e\u003ccode\u003e@​xndvaz\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/4621\"\u003e#4621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003enpm: Use workspaces to simplify \u003ccode\u003ehugo mod npm pack\u003c/code\u003e d88a29e0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/5f4646acaad89e1166aac118e118b0d28013f460\"\u003e\u003ccode\u003e5f4646a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/479fe6c654937a850b65e74551dc4e857d52898f\"\u003e\u003ccode\u003e479fe6c\u003c/code\u003e\u003c/a\u003e Fix potential content XSS by escaping dangerous URLs in links and images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/81a5cdca0788ca39574a17d444c9db29d0b19e27\"\u003e\u003ccode\u003e81a5cdc\u003c/code\u003e\u003c/a\u003e releaser: Add standard withdeploy release assets\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/df520e315087210e069050a873fb5e208659af91\"\u003e\u003ccode\u003edf520e3\u003c/code\u003e\u003c/a\u003e resources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/b55d452e46e81369a65978459a0683efa484c11b\"\u003e\u003ccode\u003eb55d452\u003c/code\u003e\u003c/a\u003e testing: Simplify line ending handling in tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/ea7eac65589a7c6e138a2dfba12615335b29bef3\"\u003e\u003ccode\u003eea7eac6\u003c/code\u003e\u003c/a\u003e readme: Update Go version to 1.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/458ebdd448492d82113b0149886f2b5f8e7b91a4\"\u003e\u003ccode\u003e458ebdd\u003c/code\u003e\u003c/a\u003e releaser: Prepare repository for 0.160.0-DEV\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/86c7d3afacab79dc53325602d77ef884b7570268\"\u003e\u003ccode\u003e86c7d3a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/42289d76f9ccac052c22b84d7024e64cfb0a683b\"\u003e\u003ccode\u003e42289d7\u003c/code\u003e\u003c/a\u003e minifiers: Keep x-bind and blank namespace in SVG minification\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/0c013c2326be1bbebba9a9f89d27072074fc6cc4\"\u003e\u003ccode\u003e0c013c2\u003c/code\u003e\u003c/a\u003e Adjust depreceated syntax in tests\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.82.0...v0.159.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo\u0026package-manager=go_modules\u0026previous-version=0.82.0\u0026new-version=0.159.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/loveyou001/www.berty.tech/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/loveyou001/www.berty.tech/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/loveyou001%2Fwww.berty.tech/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"4202600348","node_id":"PR_kwDOMkcOX87P5ARJ","number":45,"state":"closed","title":"Chore(deps): Bump the go_modules group across 14 directories with 3 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-08T19:30:36.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-03T23:41:53.000Z","updated_at":"2026-04-08T19:30:39.000Z","time_to_close":416923,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Chore(deps): Bump","group_name":"go_modules","update_count":3,"packages":[{"name":"github.com/go-jose/go-jose/v4","old_version":"4.1.3","new_version":"4.1.4","repository_url":"https://github.com/go-jose/go-jose"},{"name":"github.com/openfga/openfga","old_version":"1.11.3","new_version":"1.13.1","repository_url":"https://github.com/openfga/openfga"},{"name":"github.com/gohugoio/hugo","old_version":"0.147.6","new_version":"0.159.2","repository_url":"https://github.com/gohugoio/hugo"},{"name":"github.com/go-jose/go-jose/v4","old_version":"4.1.3","new_version":"4.1.4","repository_url":"https://github.com/go-jose/go-jose"},{"name":"github.com/go-jose/go-jose/v4","old_version":"4.1.3","new_version":"4.1.4","repository_url":"https://github.com/go-jose/go-jose"},{"name":"github.com/go-jose/go-jose/v4","old_version":"4.1.3","new_version":"4.1.4","repository_url":"https://github.com/go-jose/go-jose"},{"name":"github.com/go-jose/go-jose/v4","old_version":"4.1.3","new_version":"4.1.4","repository_url":"https://github.com/go-jose/go-jose"},{"name":"github.com/go-jose/go-jose/v4","old_version":"4.1.3","new_version":"4.1.4","repository_url":"https://github.com/go-jose/go-jose"},{"name":"github.com/go-jose/go-jose/v4","old_version":"4.1.3","new_version":"4.1.4","repository_url":"https://github.com/go-jose/go-jose"},{"name":"github.com/go-jose/go-jose/v4","old_version":"4.1.3","new_version":"4.1.4","repository_url":"https://github.com/go-jose/go-jose"},{"name":"github.com/go-jose/go-jose/v4","old_version":"4.1.3","new_version":"4.1.4","repository_url":"https://github.com/go-jose/go-jose"},{"name":"github.com/go-jose/go-jose/v4","old_version":"4.1.3","new_version":"4.1.4","repository_url":"https://github.com/go-jose/go-jose"},{"name":"github.com/go-jose/go-jose/v4","old_version":"4.1.3","new_version":"4.1.4","repository_url":"https://github.com/go-jose/go-jose"},{"name":"github.com/go-jose/go-jose/v4","old_version":"4.1.3","new_version":"4.1.4","repository_url":"https://github.com/go-jose/go-jose"},{"name":"github.com/go-jose/go-jose/v4","old_version":"4.1.3","new_version":"4.1.4","repository_url":"https://github.com/go-jose/go-jose"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 2 updates in the / directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) and [github.com/openfga/openfga](https://github.com/openfga/openfga).\nBumps the go_modules group with 1 update in the /.citools/src/air directory: [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo).\nBumps the go_modules group with 1 update in the /apps/advisor directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose).\nBumps the go_modules group with 1 update in the /apps/dashboard directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose).\nBumps the go_modules group with 1 update in the /apps/dashvalidator directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose).\nBumps the go_modules group with 1 update in the /apps/example directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose).\nBumps the go_modules group with 1 update in the /apps/plugins directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose).\nBumps the go_modules group with 1 update in the /apps/provisioning directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose).\nBumps the go_modules group with 1 update in the /apps/quotas directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose).\nBumps the go_modules group with 1 update in the /apps/shorturl directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose).\nBumps the go_modules group with 1 update in the /pkg/apimachinery directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose).\nBumps the go_modules group with 1 update in the /pkg/apiserver directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose).\nBumps the go_modules group with 1 update in the /pkg/infra/features directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose).\nBumps the go_modules group with 1 update in the /pkg/plugins directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose).\n\nUpdates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9\"\u003e\u003ccode\u003e0e59876\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/ddffdbcec8bdadea8e02a20bdf19239878228215\"\u003e\u003ccode\u003eddffdbc\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/go-jose/go-jose/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/openfga/openfga` from 1.11.3 to 1.13.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/openfga/openfga/releases\"\u003egithub.com/openfga/openfga's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.13.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security vulnerability (\u003ca href=\"https://github.com/openfga/openfga/security/advisories/GHSA-h6c8-cww8-35hf\"\u003eCVE-2026-33729\u003c/a\u003e) where Check requests with conditions and caching enabled could return incorrect cached results.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/openfga/openfga/compare/v1.13.0...v1.13.1\"\u003ehttps://github.com/openfga/openfga/compare/v1.13.0...v1.13.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.13.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAuthZen v1.0 Implementation by \u003ca href=\"https://github.com/aaguiarz\"\u003e\u003ccode\u003e@​aaguiarz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2875\"\u003eopenfga/openfga#2875\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix typos in RELEASES.md and Makefile by \u003ca href=\"https://github.com/kanywst\"\u003e\u003ccode\u003e@​kanywst\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2980\"\u003eopenfga/openfga#2980\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: capture panics in pipeline's base resolver, and return as errors. by \u003ca href=\"https://github.com/senojj\"\u003e\u003ccode\u003e@​senojj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2994\"\u003eopenfga/openfga#2994\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eobservability: aggregate message statistics for each list-objects sender into a single span by \u003ca href=\"https://github.com/senojj\"\u003e\u003ccode\u003e@​senojj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2993\"\u003eopenfga/openfga#2993\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix typos in comments by \u003ca href=\"https://github.com/archy-rock3t-cloud\"\u003e\u003ccode\u003e@​archy-rock3t-cloud\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2972\"\u003eopenfga/openfga#2972\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: Separate caches for v1 and v2 Check by \u003ca href=\"https://github.com/saad-h1\"\u003e\u003ccode\u003e@​saad-h1\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2968\"\u003eopenfga/openfga#2968\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease: update changelog for release \u003ccode\u003ev1.13.0\u003c/code\u003e by \u003ca href=\"https://github.com/poovamraj\"\u003e\u003ccode\u003e@​poovamraj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2997\"\u003eopenfga/openfga#2997\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kanywst\"\u003e\u003ccode\u003e@​kanywst\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2980\"\u003eopenfga/openfga#2980\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/openfga/openfga/compare/v1.12.1...v1.13.0\"\u003ehttps://github.com/openfga/openfga/compare/v1.12.1...v1.13.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.12.1\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe ListObjects \u0026quot;pipeline\u0026quot; algorithm ditches its custom Pipe implementation and replaces it with Go native channels. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2977\"\u003e#2977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRefactor tuple validation and manipulation functions for optimal performance. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2984\"\u003e#2984\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate grpc-go version to v1.79.3 and grpc-health-probe to v0.4.47. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2988\"\u003e#2988\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eOTEL_EXPORTER_OTLP_ENDPOINT\u003c/code\u003e not accepting URIs with schemes (e.g. \u003ccode\u003ehttp://host:4317\u003c/code\u003e). The scheme is now stripped before passing to the gRPC exporter, and an \u003ccode\u003ehttps://\u003c/code\u003e scheme enables TLS regardless of the \u003ccode\u003etrace.otlp.tls.enabled\u003c/code\u003e flag. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2981\"\u003e#2981\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/openfga/openfga/compare/v1.12.0...v1.12.1\"\u003ehttps://github.com/openfga/openfga/compare/v1.12.0...v1.12.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.12.0\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd configuration for maximum size of received gRPC message bytes. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2952\"\u003e#2952\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eHTTP gateway's internal gRPC client now uses dynamic TLS credentials that automatically update on certificate rotation via certwatcher, preventing connection failures when certificates are rotated (e.g., by cert-manager). \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2951\"\u003e#2951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTuple validation will now fail when any unicode control characters, or null bytes are present within a tuple string. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2963\"\u003e#2963\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed swapped format arguments in \u003ccode\u003eDecodeParameterType\u003c/code\u003e error message that reported required and found generic type counts in the wrong order. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2961\"\u003e#2961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a few bugs. Two potential index out of bounds scenarios, and one cache of an invalid result. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2942\"\u003e#2942\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a race condition in check reducers causing non-deterministic nested handler execution due to canceled parent context. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2947\"\u003e#2947\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue where \u003ccode\u003ecache_item_count\u003c/code\u003e was incrementing on overwrites, causing the metric to steadily drift upward. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2950\"\u003e#2950\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSet \u003ccode\u003epipeline_list_objects\u003c/code\u003e enabled by default in experimentals so that setting new experimental values does not disable it. This is required so that a user may pass in a custom featureflag client where \u003ccode\u003epipeline_list_objects\u003c/code\u003e can be disabled on a per store basis. To disable the ListObjects pipeline algorithm entirely, set \u003ccode\u003elistObjects-pipeline-enabled\u003c/code\u003e to \u003ccode\u003efalse\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2957\"\u003e#2957\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/openfga/openfga/blob/main/CHANGELOG.md\"\u003egithub.com/openfga/openfga's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.13.1] - 2026-03-24\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security vulnerability (\u003ca href=\"https://github.com/openfga/openfga/security/advisories/GHSA-h6c8-cww8-35hf\"\u003eCVE-2026-33729\u003c/a\u003e) where Check requests with conditions and caching enabled could return incorrect cached results.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.13.0] - 2026-03-23\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AuthZen 1.0 experimental support. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2875\"\u003e#2875\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent recoverable panics in list objects from terminating the process. Return an error instead. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2994\"\u003e#2994\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.12.1] - 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe ListObjects \u0026quot;pipeline\u0026quot; algorithm ditches its custom Pipe implementation and replaces it with Go native channels. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2977\"\u003e#2977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRefactor tuple validation and manipulation functions for optimal performance. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2984\"\u003e#2984\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate grpc-go version to v1.79.3 and grpc-health-probe to v0.4.47. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2988\"\u003e#2988\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eOTEL_EXPORTER_OTLP_ENDPOINT\u003c/code\u003e not accepting URIs with schemes (e.g. \u003ccode\u003ehttp://host:4317\u003c/code\u003e). The scheme is now stripped before passing to the gRPC exporter, and an \u003ccode\u003ehttps://\u003c/code\u003e scheme enables TLS regardless of the \u003ccode\u003etrace.otlp.tls.enabled\u003c/code\u003e flag. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2981\"\u003e#2981\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.12.0] - 2026-03-13\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AuthZen 1.0 experimental support. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2875\"\u003e#2875\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd configuration for maximum size of received gRPC message bytes. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2952\"\u003e#2952\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eHTTP gateway's internal gRPC client now uses dynamic TLS credentials that automatically update on certificate rotation via certwatcher, preventing connection failures when certificates are rotated (e.g., by cert-manager). \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2951\"\u003e#2951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTuple validation will now fail when any unicode control characters, or null bytes are present within a tuple string. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2963\"\u003e#2963\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed swapped format arguments in \u003ccode\u003eDecodeParameterType\u003c/code\u003e error message that reported required and found generic type counts in the wrong order. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2961\"\u003e#2961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a few bugs. Two potential index out of bounds scenarios, and one cache of an invalid result. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2942\"\u003e#2942\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a race condition in check reducers causing non-deterministic nested handler execution due to canceled parent context. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2947\"\u003e#2947\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue where \u003ccode\u003ecache_item_count\u003c/code\u003e was incrementing on overwrites, causing the metric to steadily drift upward. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2950\"\u003e#2950\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSet \u003ccode\u003epipeline_list_objects\u003c/code\u003e enabled by default in experimentals so that setting new experimental values does not disable it. This is required so that a user may pass in a custom featureflag client where \u003ccode\u003epipeline_list_objects\u003c/code\u003e can be disabled on a per store basis. To disable the ListObjects pipeline algorithm entirely, set \u003ccode\u003elistObjects-pipeline-enabled\u003c/code\u003e to \u003ccode\u003efalse\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2957\"\u003e#2957\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate toolchain go version to 1.26.1 to be latest. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2975\"\u003e#2975\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate toolchain go version to 1.25.8 to address std lib vulnerabilities \u003ca href=\"https://pkg.go.dev/vuln/GO-2026-4603\"\u003eGO-2026-4603\u003c/a\u003e and \u003ca href=\"https://pkg.go.dev/vuln/GO-2026-4601\"\u003eGO-2026-4601\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2971\"\u003e#2971\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.11.6] - 2026-02-23\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSet ListObjects pipeline as the default enabled algorithm, can be disabled by setting the \u003ccode\u003elistObjects-pipeline-enabled\u003c/code\u003e to \u003ccode\u003efalse\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2921\"\u003e#2921\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate \u003ccode\u003egrpc.DialContext\u003c/code\u003e to \u003ccode\u003egrpc.NewClient\u003c/code\u003e for grpc-gateway client \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2714\"\u003e#2714\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ca href=\"https://github.com/grpc-ecosystem/grpc-health-probe\"\u003e\u003ccode\u003egrpc-health-probe\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/grpc-ecosystem/grpc-health-probe/releases/tag/v0.4.45\"\u003ev0.4.45\u003c/a\u003e to address nvd.nist.gov/vuln/detail/CVE-2025-68121 affecting \u003ccode\u003egrpc_health_probe\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/cbb16abf8cd582012540f6d40be34b133d90ce7b\"\u003e\u003ccode\u003ecbb16ab\u003c/code\u003e\u003c/a\u003e release: update changelog for release \u003ccode\u003ev1.13.1\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/openfga/openfga/issues/3002\"\u003e#3002\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/049b50ccd2cc7e163bd897f3d17a7b859ad146f8\"\u003e\u003ccode\u003e049b50c\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/db79b31003f887741f9897ef0f24101b0861d23a\"\u003e\u003ccode\u003edb79b31\u003c/code\u003e\u003c/a\u003e release: update changelog for release \u003ccode\u003ev1.13.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/openfga/openfga/issues/2997\"\u003e#2997\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/052a6e7aa6b0e13633b2aaf4cd201d16d65cf384\"\u003e\u003ccode\u003e052a6e7\u003c/code\u003e\u003c/a\u003e refactor: Separate caches for v1 and v2 Check (\u003ca href=\"https://redirect.github.com/openfga/openfga/issues/2968\"\u003e#2968\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/d91d9c82c8ac414778102248affd8815100418f7\"\u003e\u003ccode\u003ed91d9c8\u003c/code\u003e\u003c/a\u003e docs: fix typos in comments (\u003ca href=\"https://redirect.github.com/openfga/openfga/issues/2972\"\u003e#2972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/172ff593f491808f6d280cf5ff2646304b044a5c\"\u003e\u003ccode\u003e172ff59\u003c/code\u003e\u003c/a\u003e observability: aggregate message statistics for each list-objects sender into...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/e538a8883bbe99157186236019956c9535690597\"\u003e\u003ccode\u003ee538a88\u003c/code\u003e\u003c/a\u003e fix: capture panics in pipeline's base resolver, and return as errors. (\u003ca href=\"https://redirect.github.com/openfga/openfga/issues/2994\"\u003e#2994\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/4600682aab4347a42605792f694c0944f36d462e\"\u003e\u003ccode\u003e4600682\u003c/code\u003e\u003c/a\u003e docs: fix typos in RELEASES.md and Makefile (\u003ca href=\"https://redirect.github.com/openfga/openfga/issues/2980\"\u003e#2980\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/ff2040ab015783a72cafa0c0f515baf9f1f46d2f\"\u003e\u003ccode\u003eff2040a\u003c/code\u003e\u003c/a\u003e AuthZen v1.0 Implementation (\u003ca href=\"https://redirect.github.com/openfga/openfga/issues/2875\"\u003e#2875\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/8f0feeecce828644e13500f9b78c7832bfb2cece\"\u003e\u003ccode\u003e8f0feee\u003c/code\u003e\u003c/a\u003e release: update changelog for release \u003ccode\u003ev1.12.1\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/openfga/openfga/issues/2992\"\u003e#2992\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/openfga/openfga/compare/v1.11.3...v1.13.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/gohugoio/hugo` from 0.147.6 to 0.159.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.159.2\u003c/h2\u003e\n\u003cp\u003eNote that the security fix below is not a potential threat if you either:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTrust your Markdown content files.\u003c/li\u003e\n\u003cli\u003eHave custom \u003ca href=\"https://gohugo.io/render-hooks/\"\u003erender hook template\u003c/a\u003e for links and images.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eEDIT IN: This release also adds release archives for non-extended-withdeploy builds.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix potential content XSS by escaping dangerous URLs in Markdown links and images 479fe6c6 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eresources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser df520e31 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14684\"\u003e#14684\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.1\u003c/h2\u003e\n\u003cp\u003eThe regression fixed in this release isn't new, but it's so subtle that we thought we'd release this sooner rather than later. For some time now, the minifier we use have stripped namespaced attributes in SVGs, which broke dynamic constructs using e.g. \u003ca href=\"https://alpinejs.dev/directives/bind\"\u003eAlpineJS' x-bind:\u003c/a\u003e namespace (library used by Hugo's \u003ca href=\"https://gohugo.io/\"\u003edocumentation site\u003c/a\u003e).\u003c/p\u003e\n\u003cp\u003eTo fix this, the upstream library has hadded a \u003ccode\u003ekeepNamespaces\u003c/code\u003e slice option. It was not possible to find a default that would make all happy, so we opted for an option that at least would make AlpineJS sites work out of the box:\u003c/p\u003e\n\u003cpre lang=\"toml\"\u003e\u003ccode\u003e [minify.tdewolff.svg]\r\n      keepNamespaces = ['', 'x-bind']\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eminifiers: Keep x-bind and blank namespace in SVG minification 42289d76 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14669\"\u003e#14669\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.0\u003c/h2\u003e\n\u003cp\u003eThis release greatly improves and simplifies management of Node.js/npm dependencies in a multi-module setup. See \u003ca href=\"https://gohugo.io/hugo-modules/nodejs-dependencies/\"\u003ethis page\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eNote\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace deprecated site.Data with hugo.Data in tests a8fca598 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated excludeFiles and includeFiles with files in tests 182b1045 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated :filename with :contentbasename in the permalinks test eb11c3d0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etpl/tplimpl: Fix Vimeo shortcode test eaf4c751 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14649\"\u003e#14649\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImprovements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ecreate: Return error instead of panic when page not found 807cae1d \u003ca href=\"https://github.com/mango766\"\u003e\u003ccode\u003e@​mango766\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14112\"\u003e#14112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommands: Preserve non-content files in convert output c4fb61d9 \u003ca href=\"https://github.com/xndvaz\"\u003e\u003ccode\u003e@​xndvaz\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/4621\"\u003e#4621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003enpm: Use workspaces to simplify \u003ccode\u003ehugo mod npm pack\u003c/code\u003e d88a29e0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/5f4646acaad89e1166aac118e118b0d28013f460\"\u003e\u003ccode\u003e5f4646a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/479fe6c654937a850b65e74551dc4e857d52898f\"\u003e\u003ccode\u003e479fe6c\u003c/code\u003e\u003c/a\u003e Fix potential content XSS by escaping dangerous URLs in links and images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/81a5cdca0788ca39574a17d444c9db29d0b19e27\"\u003e\u003ccode\u003e81a5cdc\u003c/code\u003e\u003c/a\u003e releaser: Add standard withdeploy release assets\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/df520e315087210e069050a873fb5e208659af91\"\u003e\u003ccode\u003edf520e3\u003c/code\u003e\u003c/a\u003e resources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/b55d452e46e81369a65978459a0683efa484c11b\"\u003e\u003ccode\u003eb55d452\u003c/code\u003e\u003c/a\u003e testing: Simplify line ending handling in tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/ea7eac65589a7c6e138a2dfba12615335b29bef3\"\u003e\u003ccode\u003eea7eac6\u003c/code\u003e\u003c/a\u003e readme: Update Go version to 1.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/458ebdd448492d82113b0149886f2b5f8e7b91a4\"\u003e\u003ccode\u003e458ebdd\u003c/code\u003e\u003c/a\u003e releaser: Prepare repository for 0.160.0-DEV\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/86c7d3afacab79dc53325602d77ef884b7570268\"\u003e\u003ccode\u003e86c7d3a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/42289d76f9ccac052c22b84d7024e64cfb0a683b\"\u003e\u003ccode\u003e42289d7\u003c/code\u003e\u003c/a\u003e minifiers: Keep x-bind and blank namespace in SVG minification\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/0c013c2326be1bbebba9a9f89d27072074fc6cc4\"\u003e\u003ccode\u003e0c013c2\u003c/code\u003e\u003c/a\u003e Adjust depreceated syntax in tests\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.147.6...v0.159.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9\"\u003e\u003ccode\u003e0e59876\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/ddffdbcec8bdadea8e02a20bdf19239878228215\"\u003e\u003ccode\u003eddffdbc\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/go-jose/go-jose/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9\"\u003e\u003ccode\u003e0e59876\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/ddffdbcec8bdadea8e02a20bdf19239878228215\"\u003e\u003ccode\u003eddffdbc\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/go-jose/go-jose/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9\"\u003e\u003ccode\u003e0e59876\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/ddffdbcec8bdadea8e02a20bdf19239878228215\"\u003e\u003ccode\u003eddffdbc\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/go-jose/go-jose/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9\"\u003e\u003ccode\u003e0e59876\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/ddffdbcec8bdadea8e02a20bdf19239878228215\"\u003e\u003ccode\u003eddffdbc\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/go-jose/go-jose/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9\"\u003e\u003ccode\u003e0e59876\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/ddffdbcec8bdadea8e02a20bdf19239878228215\"\u003e\u003ccode\u003eddffdbc\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/go-jose/go-jose/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9\"\u003e\u003ccode\u003e0e59876\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/ddffdbcec8bdadea8e02a20bdf19239878228215\"\u003e\u003ccode\u003eddffdbc\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/go-jose/go-jose/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9\"\u003e\u003ccode\u003e0e59876\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/ddffdbcec8bdadea8e02a20bdf19239878228215\"\u003e\u003ccode\u003eddffdbc\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/go-jose/go-jose/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9\"\u003e\u003ccode\u003e0e59876\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/ddffdbcec8bdadea8e02a20bdf19239878228215\"\u003e\u003ccode\u003eddffdbc\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/go-jose/go-jose/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9\"\u003e\u003ccode\u003e0e59876\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/ddffdbcec8bdadea8e02a20bdf19239878228215\"\u003e\u003ccode\u003eddffdbc\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/go-jose/go-jose/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9\"\u003e\u003ccode\u003e0e59876\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/ddffdbcec8bdadea8e02a20bdf19239878228215\"\u003e\u003ccode\u003eddffdbc\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/go-jose/go-jose/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9\"\u003e\u003ccode\u003e0e59876\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/ddffdbcec8bdadea8e02a20bdf19239878228215\"\u003e\u003ccode\u003eddffdbc\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/go-jose/go-jose/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9\"\u003e\u003ccode\u003e0e59876\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/ddffdbcec8bdadea8e02a20bdf19239878228215\"\u003e\u003ccode\u003eddffdbc\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/go-jose/go-jose/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/RalphHightower/grafana/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/RalphHightower/grafana/pull/45","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/RalphHightower%2Fgrafana/issues/45","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/45/packages"},{"uuid":"4202596951","node_id":"PR_kwDOAOaSqs7P4_mX","number":70,"state":"closed","title":"chore(deps): bump github.com/gohugoio/hugo from 0.149.1 to 0.159.2 in /service","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-04T17:03:52.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-03T23:40:36.000Z","updated_at":"2026-04-04T17:03:55.000Z","time_to_close":62596,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.149.1","new_version":"0.159.2","repository_url":"https://github.com/gohugoio/hugo"}],"path":"/service","ecosystem":"go"},"body":"Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.149.1 to 0.159.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.159.2\u003c/h2\u003e\n\u003cp\u003eNote that the security fix below is not a potential threat if you either:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTrust your Markdown content files.\u003c/li\u003e\n\u003cli\u003eHave custom \u003ca href=\"https://gohugo.io/render-hooks/\"\u003erender hook template\u003c/a\u003e for links and images.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eEDIT IN: This release also adds release archives for non-extended-withdeploy builds.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix potential content XSS by escaping dangerous URLs in Markdown links and images 479fe6c6 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eresources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser df520e31 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14684\"\u003e#14684\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.1\u003c/h2\u003e\n\u003cp\u003eThe regression fixed in this release isn't new, but it's so subtle that we thought we'd release this sooner rather than later. For some time now, the minifier we use have stripped namespaced attributes in SVGs, which broke dynamic constructs using e.g. \u003ca href=\"https://alpinejs.dev/directives/bind\"\u003eAlpineJS' x-bind:\u003c/a\u003e namespace (library used by Hugo's \u003ca href=\"https://gohugo.io/\"\u003edocumentation site\u003c/a\u003e).\u003c/p\u003e\n\u003cp\u003eTo fix this, the upstream library has hadded a \u003ccode\u003ekeepNamespaces\u003c/code\u003e slice option. It was not possible to find a default that would make all happy, so we opted for an option that at least would make AlpineJS sites work out of the box:\u003c/p\u003e\n\u003cpre lang=\"toml\"\u003e\u003ccode\u003e [minify.tdewolff.svg]\r\n      keepNamespaces = ['', 'x-bind']\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eminifiers: Keep x-bind and blank namespace in SVG minification 42289d76 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14669\"\u003e#14669\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.0\u003c/h2\u003e\n\u003cp\u003eThis release greatly improves and simplifies management of Node.js/npm dependencies in a multi-module setup. See \u003ca href=\"https://gohugo.io/hugo-modules/nodejs-dependencies/\"\u003ethis page\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eNote\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace deprecated site.Data with hugo.Data in tests a8fca598 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated excludeFiles and includeFiles with files in tests 182b1045 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated :filename with :contentbasename in the permalinks test eb11c3d0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etpl/tplimpl: Fix Vimeo shortcode test eaf4c751 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14649\"\u003e#14649\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImprovements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ecreate: Return error instead of panic when page not found 807cae1d \u003ca href=\"https://github.com/mango766\"\u003e\u003ccode\u003e@​mango766\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14112\"\u003e#14112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommands: Preserve non-content files in convert output c4fb61d9 \u003ca href=\"https://github.com/xndvaz\"\u003e\u003ccode\u003e@​xndvaz\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/4621\"\u003e#4621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003enpm: Use workspaces to simplify \u003ccode\u003ehugo mod npm pack\u003c/code\u003e d88a29e0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/5f4646acaad89e1166aac118e118b0d28013f460\"\u003e\u003ccode\u003e5f4646a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/479fe6c654937a850b65e74551dc4e857d52898f\"\u003e\u003ccode\u003e479fe6c\u003c/code\u003e\u003c/a\u003e Fix potential content XSS by escaping dangerous URLs in links and images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/81a5cdca0788ca39574a17d444c9db29d0b19e27\"\u003e\u003ccode\u003e81a5cdc\u003c/code\u003e\u003c/a\u003e releaser: Add standard withdeploy release assets\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/df520e315087210e069050a873fb5e208659af91\"\u003e\u003ccode\u003edf520e3\u003c/code\u003e\u003c/a\u003e resources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/b55d452e46e81369a65978459a0683efa484c11b\"\u003e\u003ccode\u003eb55d452\u003c/code\u003e\u003c/a\u003e testing: Simplify line ending handling in tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/ea7eac65589a7c6e138a2dfba12615335b29bef3\"\u003e\u003ccode\u003eea7eac6\u003c/code\u003e\u003c/a\u003e readme: Update Go version to 1.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/458ebdd448492d82113b0149886f2b5f8e7b91a4\"\u003e\u003ccode\u003e458ebdd\u003c/code\u003e\u003c/a\u003e releaser: Prepare repository for 0.160.0-DEV\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/86c7d3afacab79dc53325602d77ef884b7570268\"\u003e\u003ccode\u003e86c7d3a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/42289d76f9ccac052c22b84d7024e64cfb0a683b\"\u003e\u003ccode\u003e42289d7\u003c/code\u003e\u003c/a\u003e minifiers: Keep x-bind and blank namespace in SVG minification\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/0c013c2326be1bbebba9a9f89d27072074fc6cc4\"\u003e\u003ccode\u003e0c013c2\u003c/code\u003e\u003c/a\u003e Adjust depreceated syntax in tests\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.149.1...v0.159.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo\u0026package-manager=go_modules\u0026previous-version=0.149.1\u0026new-version=0.159.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/jamesread/Japella/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/jamesread/Japella/pull/70","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jamesread%2FJapella/issues/70","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/70/packages"},{"uuid":"4202596030","node_id":"PR_kwDOEeATuM7P4_dn","number":5851,"state":"open","title":"build(deps): bump github.com/gohugoio/hugo from 0.149.1 to 0.159.2","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-03T23:40:22.000Z","updated_at":"2026-04-04T00:02:47.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.149.1","new_version":"0.159.2","repository_url":"https://github.com/gohugoio/hugo"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.149.1 to 0.159.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.159.2\u003c/h2\u003e\n\u003cp\u003eNote that the security fix below is not a potential threat if you either:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTrust your Markdown content files.\u003c/li\u003e\n\u003cli\u003eHave custom \u003ca href=\"https://gohugo.io/render-hooks/\"\u003erender hook template\u003c/a\u003e for links and images.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eEDIT IN: This release also adds release archives for non-extended-withdeploy builds.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix potential content XSS by escaping dangerous URLs in Markdown links and images 479fe6c6 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eresources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser df520e31 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14684\"\u003e#14684\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.1\u003c/h2\u003e\n\u003cp\u003eThe regression fixed in this release isn't new, but it's so subtle that we thought we'd release this sooner rather than later. For some time now, the minifier we use have stripped namespaced attributes in SVGs, which broke dynamic constructs using e.g. \u003ca href=\"https://alpinejs.dev/directives/bind\"\u003eAlpineJS' x-bind:\u003c/a\u003e namespace (library used by Hugo's \u003ca href=\"https://gohugo.io/\"\u003edocumentation site\u003c/a\u003e).\u003c/p\u003e\n\u003cp\u003eTo fix this, the upstream library has hadded a \u003ccode\u003ekeepNamespaces\u003c/code\u003e slice option. It was not possible to find a default that would make all happy, so we opted for an option that at least would make AlpineJS sites work out of the box:\u003c/p\u003e\n\u003cpre lang=\"toml\"\u003e\u003ccode\u003e [minify.tdewolff.svg]\r\n      keepNamespaces = ['', 'x-bind']\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eminifiers: Keep x-bind and blank namespace in SVG minification 42289d76 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14669\"\u003e#14669\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.0\u003c/h2\u003e\n\u003cp\u003eThis release greatly improves and simplifies management of Node.js/npm dependencies in a multi-module setup. See \u003ca href=\"https://gohugo.io/hugo-modules/nodejs-dependencies/\"\u003ethis page\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eNote\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace deprecated site.Data with hugo.Data in tests a8fca598 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated excludeFiles and includeFiles with files in tests 182b1045 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated :filename with :contentbasename in the permalinks test eb11c3d0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etpl/tplimpl: Fix Vimeo shortcode test eaf4c751 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14649\"\u003e#14649\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImprovements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ecreate: Return error instead of panic when page not found 807cae1d \u003ca href=\"https://github.com/mango766\"\u003e\u003ccode\u003e@​mango766\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14112\"\u003e#14112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommands: Preserve non-content files in convert output c4fb61d9 \u003ca href=\"https://github.com/xndvaz\"\u003e\u003ccode\u003e@​xndvaz\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/4621\"\u003e#4621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003enpm: Use workspaces to simplify \u003ccode\u003ehugo mod npm pack\u003c/code\u003e d88a29e0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/5f4646acaad89e1166aac118e118b0d28013f460\"\u003e\u003ccode\u003e5f4646a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/479fe6c654937a850b65e74551dc4e857d52898f\"\u003e\u003ccode\u003e479fe6c\u003c/code\u003e\u003c/a\u003e Fix potential content XSS by escaping dangerous URLs in links and images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/81a5cdca0788ca39574a17d444c9db29d0b19e27\"\u003e\u003ccode\u003e81a5cdc\u003c/code\u003e\u003c/a\u003e releaser: Add standard withdeploy release assets\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/df520e315087210e069050a873fb5e208659af91\"\u003e\u003ccode\u003edf520e3\u003c/code\u003e\u003c/a\u003e resources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/b55d452e46e81369a65978459a0683efa484c11b\"\u003e\u003ccode\u003eb55d452\u003c/code\u003e\u003c/a\u003e testing: Simplify line ending handling in tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/ea7eac65589a7c6e138a2dfba12615335b29bef3\"\u003e\u003ccode\u003eea7eac6\u003c/code\u003e\u003c/a\u003e readme: Update Go version to 1.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/458ebdd448492d82113b0149886f2b5f8e7b91a4\"\u003e\u003ccode\u003e458ebdd\u003c/code\u003e\u003c/a\u003e releaser: Prepare repository for 0.160.0-DEV\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/86c7d3afacab79dc53325602d77ef884b7570268\"\u003e\u003ccode\u003e86c7d3a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/42289d76f9ccac052c22b84d7024e64cfb0a683b\"\u003e\u003ccode\u003e42289d7\u003c/code\u003e\u003c/a\u003e minifiers: Keep x-bind and blank namespace in SVG minification\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/0c013c2326be1bbebba9a9f89d27072074fc6cc4\"\u003e\u003ccode\u003e0c013c2\u003c/code\u003e\u003c/a\u003e Adjust depreceated syntax in tests\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.149.1...v0.159.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo\u0026package-manager=go_modules\u0026previous-version=0.149.1\u0026new-version=0.159.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/dev-hato/hato-atama/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/dev-hato/hato-atama/pull/5851","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/dev-hato%2Fhato-atama/issues/5851","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5851/packages"},{"uuid":"4202595654","node_id":"PR_kwDOBW-qF87P4_Y1","number":51,"state":"closed","title":"Bump github.com/gohugoio/hugo from 0.149.1 to 0.159.2","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-08T10:53:31.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-03T23:40:15.000Z","updated_at":"2026-05-08T10:53:33.000Z","time_to_close":2977996,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.149.1","new_version":"0.159.2","repository_url":"https://github.com/gohugoio/hugo"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.149.1 to 0.159.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.159.2\u003c/h2\u003e\n\u003cp\u003eNote that the security fix below is not a potential threat if you either:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTrust your Markdown content files.\u003c/li\u003e\n\u003cli\u003eHave custom \u003ca href=\"https://gohugo.io/render-hooks/\"\u003erender hook template\u003c/a\u003e for links and images.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eEDIT IN: This release also adds release archives for non-extended-withdeploy builds.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix potential content XSS by escaping dangerous URLs in Markdown links and images 479fe6c6 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eresources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser df520e31 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14684\"\u003e#14684\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.1\u003c/h2\u003e\n\u003cp\u003eThe regression fixed in this release isn't new, but it's so subtle that we thought we'd release this sooner rather than later. For some time now, the minifier we use have stripped namespaced attributes in SVGs, which broke dynamic constructs using e.g. \u003ca href=\"https://alpinejs.dev/directives/bind\"\u003eAlpineJS' x-bind:\u003c/a\u003e namespace (library used by Hugo's \u003ca href=\"https://gohugo.io/\"\u003edocumentation site\u003c/a\u003e).\u003c/p\u003e\n\u003cp\u003eTo fix this, the upstream library has hadded a \u003ccode\u003ekeepNamespaces\u003c/code\u003e slice option. It was not possible to find a default that would make all happy, so we opted for an option that at least would make AlpineJS sites work out of the box:\u003c/p\u003e\n\u003cpre lang=\"toml\"\u003e\u003ccode\u003e [minify.tdewolff.svg]\r\n      keepNamespaces = ['', 'x-bind']\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eminifiers: Keep x-bind and blank namespace in SVG minification 42289d76 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14669\"\u003e#14669\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.0\u003c/h2\u003e\n\u003cp\u003eThis release greatly improves and simplifies management of Node.js/npm dependencies in a multi-module setup. See \u003ca href=\"https://gohugo.io/hugo-modules/nodejs-dependencies/\"\u003ethis page\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eNote\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace deprecated site.Data with hugo.Data in tests a8fca598 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated excludeFiles and includeFiles with files in tests 182b1045 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated :filename with :contentbasename in the permalinks test eb11c3d0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etpl/tplimpl: Fix Vimeo shortcode test eaf4c751 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14649\"\u003e#14649\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImprovements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ecreate: Return error instead of panic when page not found 807cae1d \u003ca href=\"https://github.com/mango766\"\u003e\u003ccode\u003e@​mango766\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14112\"\u003e#14112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommands: Preserve non-content files in convert output c4fb61d9 \u003ca href=\"https://github.com/xndvaz\"\u003e\u003ccode\u003e@​xndvaz\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/4621\"\u003e#4621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003enpm: Use workspaces to simplify \u003ccode\u003ehugo mod npm pack\u003c/code\u003e d88a29e0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/5f4646acaad89e1166aac118e118b0d28013f460\"\u003e\u003ccode\u003e5f4646a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/479fe6c654937a850b65e74551dc4e857d52898f\"\u003e\u003ccode\u003e479fe6c\u003c/code\u003e\u003c/a\u003e Fix potential content XSS by escaping dangerous URLs in links and images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/81a5cdca0788ca39574a17d444c9db29d0b19e27\"\u003e\u003ccode\u003e81a5cdc\u003c/code\u003e\u003c/a\u003e releaser: Add standard withdeploy release assets\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/df520e315087210e069050a873fb5e208659af91\"\u003e\u003ccode\u003edf520e3\u003c/code\u003e\u003c/a\u003e resources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/b55d452e46e81369a65978459a0683efa484c11b\"\u003e\u003ccode\u003eb55d452\u003c/code\u003e\u003c/a\u003e testing: Simplify line ending handling in tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/ea7eac65589a7c6e138a2dfba12615335b29bef3\"\u003e\u003ccode\u003eea7eac6\u003c/code\u003e\u003c/a\u003e readme: Update Go version to 1.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/458ebdd448492d82113b0149886f2b5f8e7b91a4\"\u003e\u003ccode\u003e458ebdd\u003c/code\u003e\u003c/a\u003e releaser: Prepare repository for 0.160.0-DEV\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/86c7d3afacab79dc53325602d77ef884b7570268\"\u003e\u003ccode\u003e86c7d3a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/42289d76f9ccac052c22b84d7024e64cfb0a683b\"\u003e\u003ccode\u003e42289d7\u003c/code\u003e\u003c/a\u003e minifiers: Keep x-bind and blank namespace in SVG minification\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/0c013c2326be1bbebba9a9f89d27072074fc6cc4\"\u003e\u003ccode\u003e0c013c2\u003c/code\u003e\u003c/a\u003e Adjust depreceated syntax in tests\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.149.1...v0.159.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo\u0026package-manager=go_modules\u0026previous-version=0.149.1\u0026new-version=0.159.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/spwg/personal-website/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/spwg/personal-website/pull/51","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/spwg%2Fpersonal-website/issues/51","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/51/packages"},{"uuid":"4202595596","node_id":"PR_kwDORtLVes7P4_YK","number":28,"state":"closed","title":"Bump github.com/gohugoio/hugo from 0.149.1 to 0.159.2 in /apps/api in the go_modules group across 1 directory","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-17T00:15:12.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-03T23:40:14.000Z","updated_at":"2026-05-17T00:15:14.000Z","time_to_close":3717298,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.149.1","new_version":"0.159.2","repository_url":"https://github.com/gohugoio/hugo"}],"path":"/apps/api in the go_modules group across 1 directory","ecosystem":"go"},"body":"Bumps the go_modules group with 1 update in the /apps/api directory: [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo).\n\nUpdates `github.com/gohugoio/hugo` from 0.149.1 to 0.159.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.159.2\u003c/h2\u003e\n\u003cp\u003eNote that the security fix below is not a potential threat if you either:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTrust your Markdown content files.\u003c/li\u003e\n\u003cli\u003eHave custom \u003ca href=\"https://gohugo.io/render-hooks/\"\u003erender hook template\u003c/a\u003e for links and images.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eEDIT IN: This release also adds release archives for non-extended-withdeploy builds.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix potential content XSS by escaping dangerous URLs in Markdown links and images 479fe6c6 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eresources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser df520e31 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14684\"\u003e#14684\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.1\u003c/h2\u003e\n\u003cp\u003eThe regression fixed in this release isn't new, but it's so subtle that we thought we'd release this sooner rather than later. For some time now, the minifier we use have stripped namespaced attributes in SVGs, which broke dynamic constructs using e.g. \u003ca href=\"https://alpinejs.dev/directives/bind\"\u003eAlpineJS' x-bind:\u003c/a\u003e namespace (library used by Hugo's \u003ca href=\"https://gohugo.io/\"\u003edocumentation site\u003c/a\u003e).\u003c/p\u003e\n\u003cp\u003eTo fix this, the upstream library has hadded a \u003ccode\u003ekeepNamespaces\u003c/code\u003e slice option. It was not possible to find a default that would make all happy, so we opted for an option that at least would make AlpineJS sites work out of the box:\u003c/p\u003e\n\u003cpre lang=\"toml\"\u003e\u003ccode\u003e [minify.tdewolff.svg]\r\n      keepNamespaces = ['', 'x-bind']\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eminifiers: Keep x-bind and blank namespace in SVG minification 42289d76 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14669\"\u003e#14669\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.0\u003c/h2\u003e\n\u003cp\u003eThis release greatly improves and simplifies management of Node.js/npm dependencies in a multi-module setup. See \u003ca href=\"https://gohugo.io/hugo-modules/nodejs-dependencies/\"\u003ethis page\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eNote\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace deprecated site.Data with hugo.Data in tests a8fca598 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated excludeFiles and includeFiles with files in tests 182b1045 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated :filename with :contentbasename in the permalinks test eb11c3d0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etpl/tplimpl: Fix Vimeo shortcode test eaf4c751 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14649\"\u003e#14649\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImprovements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ecreate: Return error instead of panic when page not found 807cae1d \u003ca href=\"https://github.com/mango766\"\u003e\u003ccode\u003e@​mango766\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14112\"\u003e#14112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommands: Preserve non-content files in convert output c4fb61d9 \u003ca href=\"https://github.com/xndvaz\"\u003e\u003ccode\u003e@​xndvaz\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/4621\"\u003e#4621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003enpm: Use workspaces to simplify \u003ccode\u003ehugo mod npm pack\u003c/code\u003e d88a29e0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/5f4646acaad89e1166aac118e118b0d28013f460\"\u003e\u003ccode\u003e5f4646a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/479fe6c654937a850b65e74551dc4e857d52898f\"\u003e\u003ccode\u003e479fe6c\u003c/code\u003e\u003c/a\u003e Fix potential content XSS by escaping dangerous URLs in links and images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/81a5cdca0788ca39574a17d444c9db29d0b19e27\"\u003e\u003ccode\u003e81a5cdc\u003c/code\u003e\u003c/a\u003e releaser: Add standard withdeploy release assets\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/df520e315087210e069050a873fb5e208659af91\"\u003e\u003ccode\u003edf520e3\u003c/code\u003e\u003c/a\u003e resources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/b55d452e46e81369a65978459a0683efa484c11b\"\u003e\u003ccode\u003eb55d452\u003c/code\u003e\u003c/a\u003e testing: Simplify line ending handling in tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/ea7eac65589a7c6e138a2dfba12615335b29bef3\"\u003e\u003ccode\u003eea7eac6\u003c/code\u003e\u003c/a\u003e readme: Update Go version to 1.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/458ebdd448492d82113b0149886f2b5f8e7b91a4\"\u003e\u003ccode\u003e458ebdd\u003c/code\u003e\u003c/a\u003e releaser: Prepare repository for 0.160.0-DEV\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/86c7d3afacab79dc53325602d77ef884b7570268\"\u003e\u003ccode\u003e86c7d3a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/42289d76f9ccac052c22b84d7024e64cfb0a683b\"\u003e\u003ccode\u003e42289d7\u003c/code\u003e\u003c/a\u003e minifiers: Keep x-bind and blank namespace in SVG minification\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/0c013c2326be1bbebba9a9f89d27072074fc6cc4\"\u003e\u003ccode\u003e0c013c2\u003c/code\u003e\u003c/a\u003e Adjust depreceated syntax in tests\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.149.1...v0.159.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/harusame0616/jukubox/pull/28","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/harusame0616%2Fjukubox/issues/28","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/28/packages"},{"uuid":"4202594697","node_id":"PR_kwDOKyCLLs7P4_O9","number":25,"state":"open","title":"chore(deps): bump github.com/gohugoio/hugo from 0.139.4 to 0.159.2","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-03T23:40:03.000Z","updated_at":"2026-04-03T23:40:55.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.139.4","new_version":"0.159.2","repository_url":"https://github.com/gohugoio/hugo"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.139.4 to 0.159.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.159.2\u003c/h2\u003e\n\u003cp\u003eNote that the security fix below is not a potential threat if you either:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTrust your Markdown content files.\u003c/li\u003e\n\u003cli\u003eHave custom \u003ca href=\"https://gohugo.io/render-hooks/\"\u003erender hook template\u003c/a\u003e for links and images.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eEDIT IN: This release also adds release archives for non-extended-withdeploy builds.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix potential content XSS by escaping dangerous URLs in Markdown links and images 479fe6c6 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eresources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser df520e31 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14684\"\u003e#14684\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.1\u003c/h2\u003e\n\u003cp\u003eThe regression fixed in this release isn't new, but it's so subtle that we thought we'd release this sooner rather than later. For some time now, the minifier we use have stripped namespaced attributes in SVGs, which broke dynamic constructs using e.g. \u003ca href=\"https://alpinejs.dev/directives/bind\"\u003eAlpineJS' x-bind:\u003c/a\u003e namespace (library used by Hugo's \u003ca href=\"https://gohugo.io/\"\u003edocumentation site\u003c/a\u003e).\u003c/p\u003e\n\u003cp\u003eTo fix this, the upstream library has hadded a \u003ccode\u003ekeepNamespaces\u003c/code\u003e slice option. It was not possible to find a default that would make all happy, so we opted for an option that at least would make AlpineJS sites work out of the box:\u003c/p\u003e\n\u003cpre lang=\"toml\"\u003e\u003ccode\u003e [minify.tdewolff.svg]\r\n      keepNamespaces = ['', 'x-bind']\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eminifiers: Keep x-bind and blank namespace in SVG minification 42289d76 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14669\"\u003e#14669\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.0\u003c/h2\u003e\n\u003cp\u003eThis release greatly improves and simplifies management of Node.js/npm dependencies in a multi-module setup. See \u003ca href=\"https://gohugo.io/hugo-modules/nodejs-dependencies/\"\u003ethis page\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eNote\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace deprecated site.Data with hugo.Data in tests a8fca598 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated excludeFiles and includeFiles with files in tests 182b1045 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated :filename with :contentbasename in the permalinks test eb11c3d0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etpl/tplimpl: Fix Vimeo shortcode test eaf4c751 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14649\"\u003e#14649\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImprovements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ecreate: Return error instead of panic when page not found 807cae1d \u003ca href=\"https://github.com/mango766\"\u003e\u003ccode\u003e@​mango766\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14112\"\u003e#14112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommands: Preserve non-content files in convert output c4fb61d9 \u003ca href=\"https://github.com/xndvaz\"\u003e\u003ccode\u003e@​xndvaz\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/4621\"\u003e#4621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003enpm: Use workspaces to simplify \u003ccode\u003ehugo mod npm pack\u003c/code\u003e d88a29e0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/5f4646acaad89e1166aac118e118b0d28013f460\"\u003e\u003ccode\u003e5f4646a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/479fe6c654937a850b65e74551dc4e857d52898f\"\u003e\u003ccode\u003e479fe6c\u003c/code\u003e\u003c/a\u003e Fix potential content XSS by escaping dangerous URLs in links and images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/81a5cdca0788ca39574a17d444c9db29d0b19e27\"\u003e\u003ccode\u003e81a5cdc\u003c/code\u003e\u003c/a\u003e releaser: Add standard withdeploy release assets\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/df520e315087210e069050a873fb5e208659af91\"\u003e\u003ccode\u003edf520e3\u003c/code\u003e\u003c/a\u003e resources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/b55d452e46e81369a65978459a0683efa484c11b\"\u003e\u003ccode\u003eb55d452\u003c/code\u003e\u003c/a\u003e testing: Simplify line ending handling in tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/ea7eac65589a7c6e138a2dfba12615335b29bef3\"\u003e\u003ccode\u003eea7eac6\u003c/code\u003e\u003c/a\u003e readme: Update Go version to 1.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/458ebdd448492d82113b0149886f2b5f8e7b91a4\"\u003e\u003ccode\u003e458ebdd\u003c/code\u003e\u003c/a\u003e releaser: Prepare repository for 0.160.0-DEV\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/86c7d3afacab79dc53325602d77ef884b7570268\"\u003e\u003ccode\u003e86c7d3a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/42289d76f9ccac052c22b84d7024e64cfb0a683b\"\u003e\u003ccode\u003e42289d7\u003c/code\u003e\u003c/a\u003e minifiers: Keep x-bind and blank namespace in SVG minification\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/0c013c2326be1bbebba9a9f89d27072074fc6cc4\"\u003e\u003ccode\u003e0c013c2\u003c/code\u003e\u003c/a\u003e Adjust depreceated syntax in tests\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.139.4...v0.159.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo\u0026package-manager=go_modules\u0026previous-version=0.139.4\u0026new-version=0.159.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/jonesrussell/gimbal/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/jonesrussell/gimbal/pull/25","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jonesrussell%2Fgimbal/issues/25","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/25/packages"},{"uuid":"4170021597","node_id":"PR_kwDOGkVX1s7Ol0Xp","number":23785,"state":"closed","title":"chore: bump github.com/gohugoio/hugo from 0.158.0 to 0.159.1","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-02T07:51:41.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-30T11:39:46.000Z","updated_at":"2026-04-02T07:51:42.000Z","time_to_close":245515,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.158.0","new_version":"0.159.1","repository_url":"https://github.com/gohugoio/hugo"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.158.0 to 0.159.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.159.1\u003c/h2\u003e\n\u003cp\u003eThe regression fixed in this release isn't new, but it's so subtle that we thought we'd release this sooner rather than later. For some time now, the minifier we use have stripped namespaced attributes in SVGs, which broke dynamic constructs using e.g. \u003ca href=\"https://alpinejs.dev/directives/bind\"\u003eAlpineJS' x-bind:\u003c/a\u003e namespace (library used by Hugo's \u003ca href=\"https://gohugo.io/\"\u003edocumentation site\u003c/a\u003e).\u003c/p\u003e\n\u003cp\u003eTo fix this, the upstream library has hadded a \u003ccode\u003ekeepNamespaces\u003c/code\u003e slice option. It was not possible to find a default that would make all happy, so we opted for an option that at least would make AlpineJS sites work out of the box:\u003c/p\u003e\n\u003cpre lang=\"toml\"\u003e\u003ccode\u003e [minify.tdewolff.svg]\r\n      keepNamespaces = ['', 'x-bind']\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eminifiers: Keep x-bind and blank namespace in SVG minification 42289d76 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14669\"\u003e#14669\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.0\u003c/h2\u003e\n\u003cp\u003eThis release greatly improves and simplifies management of Node.js/npm dependencies in a multi-module setup. See \u003ca href=\"https://gohugo.io/hugo-modules/nodejs-dependencies/\"\u003ethis page\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eNote\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace deprecated site.Data with hugo.Data in tests a8fca598 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated excludeFiles and includeFiles with files in tests 182b1045 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated :filename with :contentbasename in the permalinks test eb11c3d0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etpl/tplimpl: Fix Vimeo shortcode test eaf4c751 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14649\"\u003e#14649\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImprovements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ecreate: Return error instead of panic when page not found 807cae1d \u003ca href=\"https://github.com/mango766\"\u003e\u003ccode\u003e@​mango766\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14112\"\u003e#14112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommands: Preserve non-content files in convert output c4fb61d9 \u003ca href=\"https://github.com/xndvaz\"\u003e\u003ccode\u003e@​xndvaz\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/4621\"\u003e#4621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003enpm: Use workspaces to simplify \u003ccode\u003ehugo mod npm pack\u003c/code\u003e d88a29e0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommands: Close cpu profile file when StartCPUProfile fails 9dd9c760 \u003ca href=\"https://github.com/buley\"\u003e\u003ccode\u003e@​buley\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the AI Watchdog workflow for now 3315a86d \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove 'bep' from PR user logins skip list 38244842 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etpl/tplimpl: Comment out the Vimeo simple shortcode tests 7813c5c8 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14649\"\u003e#14649\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependency Updates\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump github.com/olekukonko/tablewriter from 1.1.3 to 1.1.4 (\u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14641\"\u003e#14641\u003c/a\u003e) 3ff9b7f8 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot]\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/yuin/goldmark from 1.7.16 to 1.7.17 be93ccd3 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot]\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/magefile/mage from 1.15.0 to 1.16.1 2669bca6 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot]\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/image from 0.36.0 to 0.37.0 753d447f \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot]\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.3 4f39d724 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: Update docs.yaml d2043cfa \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/86c7d3afacab79dc53325602d77ef884b7570268\"\u003e\u003ccode\u003e86c7d3a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/42289d76f9ccac052c22b84d7024e64cfb0a683b\"\u003e\u003ccode\u003e42289d7\u003c/code\u003e\u003c/a\u003e minifiers: Keep x-bind and blank namespace in SVG minification\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/0c013c2326be1bbebba9a9f89d27072074fc6cc4\"\u003e\u003ccode\u003e0c013c2\u003c/code\u003e\u003c/a\u003e Adjust depreceated syntax in tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/bd071d78a55002bb14f5fdf1d47269632d7b4be1\"\u003e\u003ccode\u003ebd071d7\u003c/code\u003e\u003c/a\u003e releaser: Prepare repository for 0.160.0-DEV\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/2ed7d193cfdfcf11808fb2a921a9429423b0ebe9\"\u003e\u003ccode\u003e2ed7d19\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/d2043cfae59468ba2e33d3d3d70a1d45bb2c081b\"\u003e\u003ccode\u003ed2043cf\u003c/code\u003e\u003c/a\u003e docs: Update docs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/5997b71db6dc87af01926a8512f58b4e82e67651\"\u003e\u003ccode\u003e5997b71\u003c/code\u003e\u003c/a\u003e Merge commit 'e7afabb927a79b179ae57013fd5f49e32829671e'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/e7afabb927a79b179ae57013fd5f49e32829671e\"\u003e\u003ccode\u003ee7afabb\u003c/code\u003e\u003c/a\u003e Squashed 'docs/' changes from 80dd7b067..0755fb534\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/4f3c39890e53ff4bf66cfe4df95426708f50bfa2\"\u003e\u003ccode\u003e4f3c398\u003c/code\u003e\u003c/a\u003e commands: Update docs linke to Node.js docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/807cae1df11cc83edadcdad29ed762870b5d48fa\"\u003e\u003ccode\u003e807cae1\u003c/code\u003e\u003c/a\u003e create: Return error instead of panic when page not found\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.158.0...v0.159.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo\u0026package-manager=go_modules\u0026previous-version=0.158.0\u0026new-version=0.159.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/coder/coder/pull/23785","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/coder%2Fcoder/issues/23785","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/23785/packages"},{"uuid":"4000107370","node_id":"PR_kwDOG2kQZs7GxvqA","number":9563,"state":"closed","title":"Bump github.com/gohugoio/hugo from 0.155.3 to 0.157.0 in /hack/tools","user":"dependabot[bot]","labels":["size/L","release-note-none","ok-to-test","cncf-cla: yes","area/dependency","dependencies"],"assignees":[],"locked":false,"comments_count":7,"pull_request":true,"closed_at":"2026-03-02T07:50:03.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-27T09:39:24.000Z","updated_at":"2026-03-02T07:50:11.000Z","time_to_close":252639,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.155.3","new_version":"0.157.0","repository_url":"https://github.com/gohugoio/hugo"}],"path":"/hack/tools","ecosystem":"go"},"body":"Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.155.3 to 0.157.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.157.0\u003c/h2\u003e\n\u003cp\u003eThe notable new feature is \u003ca href=\"https://gohugo.io/methods/page/gitinfo/\"\u003eGitInfo support for Hugo Modules\u003c/a\u003e. See \u003ca href=\"https://github.com/bep/hugo-testing-git-versions\"\u003ethis repo\u003c/a\u003e for a runnable demo where multiple versions of the same content is mounted into different versions.\u003c/p\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix menu pageRef resolution in multidimensional setups 3dff7c8c \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14566\"\u003e#14566\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Regen and fix the imaging docshelper output 8e28668b \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14562\"\u003e#14562\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ehugolib: Fix automatic section pages not replaced by sites.complements a18bec11 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14540\"\u003e#14540\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImprovements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle GitInfo for modules where Origin is not set when running go list d98cd4ae \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14564\"\u003e#14564\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommands: Update link to highlighting style examples 68059972 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14556\"\u003e#14556\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd AVIF, HEIF and HEIC partial support (only metadata for now) 49bfb107 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14549\"\u003e#14549\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eresources/images: Adjust WebP processing defaults b7203bbb \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Page.GitInfo support for content from Git modules dfece5b6 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14431\"\u003e#14431\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/5533\"\u003e#5533\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd per-request timeout option to \u003ccode\u003eresources.GetRemote\u003c/code\u003e 2d691c7e \u003ca href=\"https://github.com/vanbroup\"\u003e\u003ccode\u003e@​vanbroup\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate AI Watchdog action version in workflow b96d58a1 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003econfig: Skip taxonomy entries with empty keys or values 65b4287c \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14550\"\u003e#14550\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd guideline for brevity in code and comments cc338a9d \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emodules: Include JSON error info from go mod download in error messages 3850881f \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14543\"\u003e#14543\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependency Updates\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump github.com/tdewolff/minify/v2 from 2.24.8 to 2.24.9 9869e71a \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot]\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/bep/imagemeta from 0.14.0 to 0.15.0 8f47fe8c \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.156.0\u003c/h2\u003e\n\u003cp\u003eThis release brings significant speedups of \u003ca href=\"https://gohugo.io/functions/collections/where/#article\"\u003ecollections.Where\u003c/a\u003e and \u003ca href=\"https://gohugo.io/functions/collections/sort/#article\"\u003ecollections.Sort\u003c/a\u003e – but this is mostly a \u0026quot;spring cleaning\u0026quot; release, to make the API cleaner and simpler to understand/document.\u003c/p\u003e\n\u003ch2\u003eDeprecated\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSite.AllPages is Deprecated\u003c/li\u003e\n\u003cli\u003eSite.BuildDrafts is Deprecated\u003c/li\u003e\n\u003cli\u003eSite.Languages is Deprecated\u003c/li\u003e\n\u003cli\u003eSite.Data is deprecated, use  hugo.Data\u003c/li\u003e\n\u003cli\u003ePage.Sites and Site.Sites is Deprecated, use hugo.Sites\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee \u003ca href=\"https://discourse.gohugo.io/t/deprecations-in-v0-156-0/56732\"\u003ethis topic\u003c/a\u003e for more info.\u003c/p\u003e\n\u003ch2\u003eRemoved\u003c/h2\u003e\n\u003cp\u003eThese have all been deprecated at least since \u003ccode\u003ev0.136.0\u003c/code\u003e and any usage have been logged as an error for a long time:\u003c/p\u003e\n\u003cp\u003eTemplate functions\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003edata.GetCSV / getCSV (use resources.GetRemote)\u003c/li\u003e\n\u003cli\u003edata.GetJSON / getJSON (use resources.GetRemote)\u003c/li\u003e\n\u003cli\u003ecrypto.FNV32a (use hash.FNV32a)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/7747abbb316b03c8f353fd3be62d5011fa883ee6\"\u003e\u003ccode\u003e7747abb\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.157.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/3dff7c8c7a04a413437f2f09e3a1252ae6f1be92\"\u003e\u003ccode\u003e3dff7c8\u003c/code\u003e\u003c/a\u003e Fix menu pageRef resolution in multidimensional setups\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/d98cd4aecf25b9df78d811759ea6135b0c7610f1\"\u003e\u003ccode\u003ed98cd4a\u003c/code\u003e\u003c/a\u003e Handle GitInfo for modules where Origin is not set when running go list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/68059972e8789258447e31ca23641c79598d66be\"\u003e\u003ccode\u003e6805997\u003c/code\u003e\u003c/a\u003e commands: Update link to highlighting style examples\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/8e28668b091f219031b50df3eb021b8e0f6e640b\"\u003e\u003ccode\u003e8e28668\u003c/code\u003e\u003c/a\u003e docs: Regen and fix the imaging docshelper output\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/a3ea9cd18fc79fbae9f1ce0fc5242268d122e5f7\"\u003e\u003ccode\u003ea3ea9cd\u003c/code\u003e\u003c/a\u003e Merge commit '0c2fa2460f485e0eca564dcccf36d34538374922'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/0c2fa2460f485e0eca564dcccf36d34538374922\"\u003e\u003ccode\u003e0c2fa24\u003c/code\u003e\u003c/a\u003e Squashed 'docs/' changes from 42914c50e..80dd7b067\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/49bfb1070be5aaa2a98fecc95560346ba3d71281\"\u003e\u003ccode\u003e49bfb10\u003c/code\u003e\u003c/a\u003e Add AVIF, HEIF and HEIC partial support (only metadata for now)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/b7203bbb3a8d7d6b0e808f7d7284b7a373a9b4f6\"\u003e\u003ccode\u003eb7203bb\u003c/code\u003e\u003c/a\u003e resources/images: Adjust WebP processing defaults\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/dfece5b6747c384323d313a0d5364690e37e7386\"\u003e\u003ccode\u003edfece5b\u003c/code\u003e\u003c/a\u003e Add Page.GitInfo support for content from Git modules\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.155.3...v0.157.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo\u0026package-manager=go_modules\u0026previous-version=0.155.3\u0026new-version=0.157.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/kubernetes-sigs/kueue/pull/9563","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubernetes-sigs%2Fkueue/issues/9563","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9563/packages"},{"uuid":"3971918201","node_id":"PR_kwDOQsQDDc7FVb5k","number":81,"state":"closed","title":"chore: bump github.com/gohugoio/hugo from 0.152.2 to 0.156.0","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-28T12:03:53.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-21T12:04:37.000Z","updated_at":"2026-02-28T12:03:54.000Z","time_to_close":604756,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.152.2","new_version":"0.156.0","repository_url":"https://github.com/gohugoio/hugo"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.152.2 to 0.156.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.156.0\u003c/h2\u003e\n\u003cp\u003eThis release brings significant speedups of \u003ca href=\"https://gohugo.io/functions/collections/where/#article\"\u003ecollections.Where\u003c/a\u003e and \u003ca href=\"https://gohugo.io/functions/collections/sort/#article\"\u003ecollections.Sort\u003c/a\u003e – but this is mostly a \u0026quot;spring cleaning\u0026quot; release, to make the API cleaner and simpler to understand/document.\u003c/p\u003e\n\u003ch2\u003eDeprecated\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSite.AllPages is Deprecated\u003c/li\u003e\n\u003cli\u003eSite.BuildDrafts is Deprecated\u003c/li\u003e\n\u003cli\u003eSite.Languages is Deprecated\u003c/li\u003e\n\u003cli\u003eSite.Data is deprecated, use  hugo.Data\u003c/li\u003e\n\u003cli\u003ePage.Sites and Site.Sites is Deprecated, use hugo.Sites\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee \u003ca href=\"https://discourse.gohugo.io/t/deprecations-in-v0-156-0/56732\"\u003ethis topic\u003c/a\u003e for more info.\u003c/p\u003e\n\u003ch2\u003eRemoved\u003c/h2\u003e\n\u003cp\u003eThese have all been deprecated at least since \u003ccode\u003ev0.136.0\u003c/code\u003e and any usage have been logged as an error for a long time:\u003c/p\u003e\n\u003cp\u003eTemplate functions\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003edata.GetCSV / getCSV (use resources.GetRemote)\u003c/li\u003e\n\u003cli\u003edata.GetJSON / getJSON (use resources.GetRemote)\u003c/li\u003e\n\u003cli\u003ecrypto.FNV32a (use hash.FNV32a)\u003c/li\u003e\n\u003cli\u003eresources.Babel (use js.Babel)\u003c/li\u003e\n\u003cli\u003eresources.PostCSS (use css.PostCSS)\u003c/li\u003e\n\u003cli\u003eresources.ToCSS (use css.Sass)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePage methods:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e.Page.NextPage (use .Page.Next)\u003c/li\u003e\n\u003cli\u003e.Page.PrevPage (use .Page.Prev)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePaginator:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e.Paginator.PageSize (use .Paginator.PagerSize)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSite methods:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e.Site.LastChange (use .Site.Lastmod)\u003c/li\u003e\n\u003cli\u003e.Site.Author (use .Site.Params.Author)\u003c/li\u003e\n\u003cli\u003e.Site.Authors (use .Site.Params.Authors)\u003c/li\u003e\n\u003cli\u003e.Site.Social (use .Site.Params.Social)\u003c/li\u003e\n\u003cli\u003e.Site.IsMultiLingual (use hugo.IsMultilingual)\u003c/li\u003e\n\u003cli\u003e.Sites.First (use .Sites.Default)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSite config:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003epaginate (use pagination.pagerSize)\u003c/li\u003e\n\u003cli\u003epaginatePath (use pagination.path)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFile caches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003egetjson cache\u003c/li\u003e\n\u003cli\u003egetcsv cache\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNotes\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/9d914726dee87b0e8e3d7890d660221bde372eec\"\u003e\u003ccode\u003e9d91472\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.156.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/86aa62524f8bc36a04c8e0c0f76d1fd952585509\"\u003e\u003ccode\u003e86aa625\u003c/code\u003e\u003c/a\u003e hugolib: Move site.Data to hugo.Data, deprecate Site.AllPages/BuildDrafts/Lan...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/d8ec0eeeaf2ff078565fddbbab5565a65b86346c\"\u003e\u003ccode\u003ed8ec0ee\u003c/code\u003e\u003c/a\u003e build(deps): bump google.golang.org/api from 0.255.0 to 0.267.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/4148eded9c5f90036c47d241faac73e1d0c6ee70\"\u003e\u003ccode\u003e4148ede\u003c/code\u003e\u003c/a\u003e hugolib: Add Page.Sites to Site.Sites deprecation notice\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/bba2aed3527e5c6086244c0ab76192b35b6ffa73\"\u003e\u003ccode\u003ebba2aed\u003c/code\u003e\u003c/a\u003e hugolib: Simplify sites collection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/29b8e17d29ad38621cf6c7c104309bcedf5c20c5\"\u003e\u003ccode\u003e29b8e17\u003c/code\u003e\u003c/a\u003e hugolib: Adjust hugo.Sites.Default\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/3c823408ee51bbfbad847d4b9f926ba813097185\"\u003e\u003ccode\u003e3c82340\u003c/code\u003e\u003c/a\u003e Move common/hugo/HugoInfo to resources/page\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/3f9d0ad2b6045849cbafe133cb9fb82ed5f5ee06\"\u003e\u003ccode\u003e3f9d0ad\u003c/code\u003e\u003c/a\u003e commands: Fix --panicOnWarning flag having no effect with module version warn...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/ab62320d6bceece0faa7029f8bd79d546d0f64be\"\u003e\u003ccode\u003eab62320\u003c/code\u003e\u003c/a\u003e hugolib: Add hugo.Sites and .Site.IsDefault(), modify .Site.Sites\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/21be4afd49767eb63e3a2304b4c10816c86f799d\"\u003e\u003ccode\u003e21be4af\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/bep/textandbinarywriter\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.152.2...v0.156.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo\u0026package-manager=go_modules\u0026previous-version=0.152.2\u0026new-version=0.156.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Ahmadjamil888/pipeline-ai/pull/81","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ahmadjamil888%2Fpipeline-ai/issues/81","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/81/packages"},{"uuid":"3961829905","node_id":"PR_kwDOEaQ_AM7E0jkg","number":526,"state":"closed","title":"Bump github.com/gohugoio/hugo from 0.110.0 to 0.156.0 in /scripts/PyHugo/go","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-26T03:26:41.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-19T09:23:06.000Z","updated_at":"2026-02-26T03:26:50.000Z","time_to_close":583415,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.110.0","new_version":"0.156.0","repository_url":"https://github.com/gohugoio/hugo"}],"path":"/scripts/PyHugo/go","ecosystem":"go"},"body":"Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.110.0 to 0.156.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.156.0\u003c/h2\u003e\n\u003cp\u003eThis release brings significant speedups of \u003ca href=\"https://gohugo.io/functions/collections/where/#article\"\u003ecollections.Where\u003c/a\u003e and \u003ca href=\"https://gohugo.io/functions/collections/sort/#article\"\u003ecollections.Sort\u003c/a\u003e – but this is mostly a \u0026quot;spring cleaning\u0026quot; release, to make the API cleaner and simpler to understand/document.\u003c/p\u003e\n\u003ch2\u003eDeprecated\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSite.AllPages is Deprecated\u003c/li\u003e\n\u003cli\u003eSite.BuildDrafts is Deprecated\u003c/li\u003e\n\u003cli\u003eSite.Languages is Deprecated\u003c/li\u003e\n\u003cli\u003eSite.Data is deprecated, use  hugo.Data\u003c/li\u003e\n\u003cli\u003ePage.Sites and Site.Sites is Deprecated, use hugo.Sites\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee \u003ca href=\"https://discourse.gohugo.io/t/deprecations-in-v0-156-0/56732\"\u003ethis topic\u003c/a\u003e for more info.\u003c/p\u003e\n\u003ch2\u003eRemoved\u003c/h2\u003e\n\u003cp\u003eThese have all been deprecated at least since \u003ccode\u003ev0.136.0\u003c/code\u003e and any usage have been logged as an error for a long time:\u003c/p\u003e\n\u003cp\u003eTemplate functions\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003edata.GetCSV / getCSV (use resources.GetRemote)\u003c/li\u003e\n\u003cli\u003edata.GetJSON / getJSON (use resources.GetRemote)\u003c/li\u003e\n\u003cli\u003ecrypto.FNV32a (use hash.FNV32a)\u003c/li\u003e\n\u003cli\u003eresources.Babel (use js.Babel)\u003c/li\u003e\n\u003cli\u003eresources.PostCSS (use css.PostCSS)\u003c/li\u003e\n\u003cli\u003eresources.ToCSS (use css.Sass)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePage methods:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e.Page.NextPage (use .Page.Next)\u003c/li\u003e\n\u003cli\u003e.Page.PrevPage (use .Page.Prev)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePaginator:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e.Paginator.PageSize (use .Paginator.PagerSize)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSite methods:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e.Site.LastChange (use .Site.Lastmod)\u003c/li\u003e\n\u003cli\u003e.Site.Author (use .Site.Params.Author)\u003c/li\u003e\n\u003cli\u003e.Site.Authors (use .Site.Params.Authors)\u003c/li\u003e\n\u003cli\u003e.Site.Social (use .Site.Params.Social)\u003c/li\u003e\n\u003cli\u003e.Site.IsMultiLingual (use hugo.IsMultilingual)\u003c/li\u003e\n\u003cli\u003e.Sites.First (use .Sites.Default)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSite config:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003epaginate (use pagination.pagerSize)\u003c/li\u003e\n\u003cli\u003epaginatePath (use pagination.path)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFile caches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003egetjson cache\u003c/li\u003e\n\u003cli\u003egetcsv cache\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNotes\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/9d914726dee87b0e8e3d7890d660221bde372eec\"\u003e\u003ccode\u003e9d91472\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.156.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/86aa62524f8bc36a04c8e0c0f76d1fd952585509\"\u003e\u003ccode\u003e86aa625\u003c/code\u003e\u003c/a\u003e hugolib: Move site.Data to hugo.Data, deprecate Site.AllPages/BuildDrafts/Lan...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/d8ec0eeeaf2ff078565fddbbab5565a65b86346c\"\u003e\u003ccode\u003ed8ec0ee\u003c/code\u003e\u003c/a\u003e build(deps): bump google.golang.org/api from 0.255.0 to 0.267.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/4148eded9c5f90036c47d241faac73e1d0c6ee70\"\u003e\u003ccode\u003e4148ede\u003c/code\u003e\u003c/a\u003e hugolib: Add Page.Sites to Site.Sites deprecation notice\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/bba2aed3527e5c6086244c0ab76192b35b6ffa73\"\u003e\u003ccode\u003ebba2aed\u003c/code\u003e\u003c/a\u003e hugolib: Simplify sites collection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/29b8e17d29ad38621cf6c7c104309bcedf5c20c5\"\u003e\u003ccode\u003e29b8e17\u003c/code\u003e\u003c/a\u003e hugolib: Adjust hugo.Sites.Default\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/3c823408ee51bbfbad847d4b9f926ba813097185\"\u003e\u003ccode\u003e3c82340\u003c/code\u003e\u003c/a\u003e Move common/hugo/HugoInfo to resources/page\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/3f9d0ad2b6045849cbafe133cb9fb82ed5f5ee06\"\u003e\u003ccode\u003e3f9d0ad\u003c/code\u003e\u003c/a\u003e commands: Fix --panicOnWarning flag having no effect with module version warn...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/ab62320d6bceece0faa7029f8bd79d546d0f64be\"\u003e\u003ccode\u003eab62320\u003c/code\u003e\u003c/a\u003e hugolib: Add hugo.Sites and .Site.IsDefault(), modify .Site.Sites\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/21be4afd49767eb63e3a2304b4c10816c86f799d\"\u003e\u003ccode\u003e21be4af\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/bep/textandbinarywriter\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.110.0...v0.156.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo\u0026package-manager=go_modules\u0026previous-version=0.110.0\u0026new-version=0.156.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/cmahnke/projektemacher-base/pull/526","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/cmahnke%2Fprojektemacher-base/issues/526","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/526/packages"},{"uuid":"3936264019","node_id":"PR_kwDOG2kQZs7Dgl6_","number":9216,"state":"open","title":"Bump github.com/gohugoio/hugo from 0.155.2 to 0.155.3 in /hack/tools","user":"dependabot[bot]","labels":["lgtm","release-note-none","ok-to-test","cncf-cla: yes","area/dependency","size/S","dependencies"],"assignees":["mbobrovskyi"],"locked":false,"comments_count":6,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-13T09:39:36.000Z","updated_at":"2026-02-13T09:42:52.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.155.2","new_version":"0.155.3","repository_url":"https://github.com/gohugoio/hugo"}],"path":"/hack/tools","ecosystem":"go"},"body":"Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.155.2 to 0.155.3.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.155.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ehugolib: Don't render default site redirect for non-primary isHTML output formats 6ac7d081 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14482\"\u003e#14482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eserver: Fix stuck server global error logging 24eb84f8 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14469\"\u003e#14469\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/evanw/esbuild from 0.27.2 to 0.27.3 95a36782 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot]\u003c/li\u003e\n\u003cli\u003eserver: Fix panic when the server browser error handler tried to use a config in a state of flux 9045797d \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14470\"\u003e#14470\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/8a858213b73907e823e2be2b5640a0ce4c04d295\"\u003e\u003ccode\u003e8a85821\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.155.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/6ac7d081d199325c098ac68281aeb6f8df97be52\"\u003e\u003ccode\u003e6ac7d08\u003c/code\u003e\u003c/a\u003e hugolib: Don't render default site redirect for non-primary isHTML output for...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/24eb84f8681bc86a40c2b737969fb9b8292f26b7\"\u003e\u003ccode\u003e24eb84f\u003c/code\u003e\u003c/a\u003e server: Fix stuck server global error logging\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/95a36782458e9b305d7d54c6d9feda264a5a5882\"\u003e\u003ccode\u003e95a3678\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/evanw/esbuild from 0.27.2 to 0.27.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/9045797d5f24d4c0f04f4f8ec9e15c9722100f2f\"\u003e\u003ccode\u003e9045797\u003c/code\u003e\u003c/a\u003e server: Fix panic when the server browser error handler tried to use a config...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/73641aeca107c26f53e9a0f76a141cdb43faf277\"\u003e\u003ccode\u003e73641ae\u003c/code\u003e\u003c/a\u003e releaser: Prepare repository for 0.156.0-DEV\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.155.2...v0.155.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo\u0026package-manager=go_modules\u0026previous-version=0.155.2\u0026new-version=0.155.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/kubernetes-sigs/kueue/pull/9216","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubernetes-sigs%2Fkueue/issues/9216","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9216/packages"},{"uuid":"3916368380","node_id":"PR_kwDOMrdwEc7Ce2PU","number":773,"state":"closed","title":"chore: bump github.com/gohugoio/hugo from 0.131.0 to 0.155.3","user":"dependabot[bot]","labels":["stale","dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-21T02:33:33.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-09T13:23:11.000Z","updated_at":"2026-02-21T02:33:42.000Z","time_to_close":997822,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.131.0","new_version":"0.155.3","repository_url":"https://github.com/gohugoio/hugo"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.131.0 to 0.155.3.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.155.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ehugolib: Don't render default site redirect for non-primary isHTML output formats 6ac7d081 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14482\"\u003e#14482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eserver: Fix stuck server global error logging 24eb84f8 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14469\"\u003e#14469\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/evanw/esbuild from 0.27.2 to 0.27.3 95a36782 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot]\u003c/li\u003e\n\u003cli\u003eserver: Fix panic when the server browser error handler tried to use a config in a state of flux 9045797d \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14470\"\u003e#14470\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.155.2\u003c/h2\u003e\n\u003cp\u003eNote that the bug fix below is for the two new dimensions introduced in \u003ccode\u003ev0.153.0\u003c/code\u003e (version and role), multiple languages worked fine.  Also, changes to the first version and role also worked, which had me head-scratching for a while. Oh, well, enjoy.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix template change detection for multi-version sites 0f1c7d12 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14461\"\u003e#14461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eresources/image: Add some image decode/encode debug logging 6bd2bde9 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14337\"\u003e#14337\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14460\"\u003e#14460\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.155.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix image DecodeConfig regression of WebP images from file cache b5d43cdc \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14453\"\u003e#14453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eresources/images: Fix WebP useSharpYuv being ignored b1e1eede \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14449\"\u003e#14449\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etpl/tplimpl: Remove failing Twitter tests f522a728 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.155.0\u003c/h2\u003e\n\u003cp\u003eSome notable new things in this release are:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements to how \u003ca href=\"https://gohugo.io/methods/site/version/#article\"\u003eversions\u003c/a\u003e are handled: We now support version (and also for the other dimension) range queries (e.g. \u003ccode\u003e\u0026gt;= v1.0.0\u003c/code\u003e), and we now cache Go module version queries, which makes mounting multiple versions of the same GitHub repo with different version much more practical and enjoyable, se    \u003ca href=\"https://github.com/bep/hugo-testing-git-versions/blob/main/hugo.toml\"\u003ethis site and config\u003c/a\u003e for an annotated example.\u003c/li\u003e\n\u003cli\u003eWe finally have XMP and IPTC image metadata support, in addition to EXIF, see \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/13146\"\u003e#13146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePage \u003ccode\u003ealiases\u003c/code\u003e now works in multidimensional sites (e.g. multiple languages), and it is now much easier to create e.g. Netlify \u003ccode\u003e_redirects\u003c/code\u003e files that works in such setups.\u003c/li\u003e\n\u003cli\u003eThere are several performance related WebP improvements in this release.\u003c/li\u003e\n\u003cli\u003eAlso, image processing in general (e.g. resize operations) should be considerably more effective.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBreaking change\u003c/h2\u003e\n\u003cp\u003ePrior to v0.155.0, alias paths beginning with a slash (\u003ccode\u003e/\u003c/code\u003e) were treated as \u003ca href=\"https://gohugo.io/quick-reference/glossary/#server-relative\"\u003eserver-relative\u003c/a\u003e. In v0.155.0 and later, they are now \u003ca href=\"https://gohugo.io/quick-reference/glossary/#site-relative\"\u003esite-relative\u003c/a\u003e. This change only affects multilingual single-host projects that used alias paths beginning with a slash (\u003ccode\u003e/\u003c/code\u003e) to cross language boundaries. See \u003ca href=\"https://discourse.gohugo.io/t/alias-paths-in-v0-155-0-and-later/56674\"\u003edetails\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eNote\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake Page.Aliases more useful in multidimensional setups (note) ee91c707 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14402\"\u003e#14402\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/8a858213b73907e823e2be2b5640a0ce4c04d295\"\u003e\u003ccode\u003e8a85821\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.155.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/6ac7d081d199325c098ac68281aeb6f8df97be52\"\u003e\u003ccode\u003e6ac7d08\u003c/code\u003e\u003c/a\u003e hugolib: Don't render default site redirect for non-primary isHTML output for...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/24eb84f8681bc86a40c2b737969fb9b8292f26b7\"\u003e\u003ccode\u003e24eb84f\u003c/code\u003e\u003c/a\u003e server: Fix stuck server global error logging\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/95a36782458e9b305d7d54c6d9feda264a5a5882\"\u003e\u003ccode\u003e95a3678\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/evanw/esbuild from 0.27.2 to 0.27.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/9045797d5f24d4c0f04f4f8ec9e15c9722100f2f\"\u003e\u003ccode\u003e9045797\u003c/code\u003e\u003c/a\u003e server: Fix panic when the server browser error handler tried to use a config...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/73641aeca107c26f53e9a0f76a141cdb43faf277\"\u003e\u003ccode\u003e73641ae\u003c/code\u003e\u003c/a\u003e releaser: Prepare repository for 0.156.0-DEV\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/d8c0dfccf72ab43db2b2bca1483a61c8660021d9\"\u003e\u003ccode\u003ed8c0dfc\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.155.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/6bd2bde9d3c71525ae085d9cef18ea8a5f96e51c\"\u003e\u003ccode\u003e6bd2bde\u003c/code\u003e\u003c/a\u003e resources/image: Add some image decode/encode debug logging\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/0f1c7d12000f7db7f1f45366c2dc4355b1511d5f\"\u003e\u003ccode\u003e0f1c7d1\u003c/code\u003e\u003c/a\u003e Fix template change detection for multi-version sites\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/10352335e04c4779e101b6d40202dd90a170dda0\"\u003e\u003ccode\u003e1035233\u003c/code\u003e\u003c/a\u003e releaser: Prepare repository for 0.156.0-DEV\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.131.0...v0.155.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo\u0026package-manager=go_modules\u0026previous-version=0.131.0\u0026new-version=0.155.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/kehanzhang/athens-coder/pull/773","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kehanzhang%2Fathens-coder/issues/773","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/773/packages"},{"uuid":"3916357336","node_id":"PR_kwDOLmBl1M7Cez2x","number":855,"state":"closed","title":"chore: bump github.com/gohugoio/hugo from 0.124.0 to 0.155.3","user":"dependabot[bot]","labels":["stale","dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-21T01:19:59.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-09T13:20:46.000Z","updated_at":"2026-02-21T01:20:08.000Z","time_to_close":993553,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.124.0","new_version":"0.155.3","repository_url":"https://github.com/gohugoio/hugo"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.124.0 to 0.155.3.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.155.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ehugolib: Don't render default site redirect for non-primary isHTML output formats 6ac7d081 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14482\"\u003e#14482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eserver: Fix stuck server global error logging 24eb84f8 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14469\"\u003e#14469\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/evanw/esbuild from 0.27.2 to 0.27.3 95a36782 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot]\u003c/li\u003e\n\u003cli\u003eserver: Fix panic when the server browser error handler tried to use a config in a state of flux 9045797d \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14470\"\u003e#14470\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.155.2\u003c/h2\u003e\n\u003cp\u003eNote that the bug fix below is for the two new dimensions introduced in \u003ccode\u003ev0.153.0\u003c/code\u003e (version and role), multiple languages worked fine.  Also, changes to the first version and role also worked, which had me head-scratching for a while. Oh, well, enjoy.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix template change detection for multi-version sites 0f1c7d12 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14461\"\u003e#14461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eresources/image: Add some image decode/encode debug logging 6bd2bde9 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14337\"\u003e#14337\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14460\"\u003e#14460\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.155.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix image DecodeConfig regression of WebP images from file cache b5d43cdc \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14453\"\u003e#14453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eresources/images: Fix WebP useSharpYuv being ignored b1e1eede \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14449\"\u003e#14449\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etpl/tplimpl: Remove failing Twitter tests f522a728 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.155.0\u003c/h2\u003e\n\u003cp\u003eSome notable new things in this release are:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements to how \u003ca href=\"https://gohugo.io/methods/site/version/#article\"\u003eversions\u003c/a\u003e are handled: We now support version (and also for the other dimension) range queries (e.g. \u003ccode\u003e\u0026gt;= v1.0.0\u003c/code\u003e), and we now cache Go module version queries, which makes mounting multiple versions of the same GitHub repo with different version much more practical and enjoyable, se    \u003ca href=\"https://github.com/bep/hugo-testing-git-versions/blob/main/hugo.toml\"\u003ethis site and config\u003c/a\u003e for an annotated example.\u003c/li\u003e\n\u003cli\u003eWe finally have XMP and IPTC image metadata support, in addition to EXIF, see \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/13146\"\u003e#13146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePage \u003ccode\u003ealiases\u003c/code\u003e now works in multidimensional sites (e.g. multiple languages), and it is now much easier to create e.g. Netlify \u003ccode\u003e_redirects\u003c/code\u003e files that works in such setups.\u003c/li\u003e\n\u003cli\u003eThere are several performance related WebP improvements in this release.\u003c/li\u003e\n\u003cli\u003eAlso, image processing in general (e.g. resize operations) should be considerably more effective.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBreaking change\u003c/h2\u003e\n\u003cp\u003ePrior to v0.155.0, alias paths beginning with a slash (\u003ccode\u003e/\u003c/code\u003e) were treated as \u003ca href=\"https://gohugo.io/quick-reference/glossary/#server-relative\"\u003eserver-relative\u003c/a\u003e. In v0.155.0 and later, they are now \u003ca href=\"https://gohugo.io/quick-reference/glossary/#site-relative\"\u003esite-relative\u003c/a\u003e. This change only affects multilingual single-host projects that used alias paths beginning with a slash (\u003ccode\u003e/\u003c/code\u003e) to cross language boundaries. See \u003ca href=\"https://discourse.gohugo.io/t/alias-paths-in-v0-155-0-and-later/56674\"\u003edetails\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eNote\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake Page.Aliases more useful in multidimensional setups (note) ee91c707 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14402\"\u003e#14402\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/8a858213b73907e823e2be2b5640a0ce4c04d295\"\u003e\u003ccode\u003e8a85821\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.155.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/6ac7d081d199325c098ac68281aeb6f8df97be52\"\u003e\u003ccode\u003e6ac7d08\u003c/code\u003e\u003c/a\u003e hugolib: Don't render default site redirect for non-primary isHTML output for...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/24eb84f8681bc86a40c2b737969fb9b8292f26b7\"\u003e\u003ccode\u003e24eb84f\u003c/code\u003e\u003c/a\u003e server: Fix stuck server global error logging\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/95a36782458e9b305d7d54c6d9feda264a5a5882\"\u003e\u003ccode\u003e95a3678\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/evanw/esbuild from 0.27.2 to 0.27.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/9045797d5f24d4c0f04f4f8ec9e15c9722100f2f\"\u003e\u003ccode\u003e9045797\u003c/code\u003e\u003c/a\u003e server: Fix panic when the server browser error handler tried to use a config...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/73641aeca107c26f53e9a0f76a141cdb43faf277\"\u003e\u003ccode\u003e73641ae\u003c/code\u003e\u003c/a\u003e releaser: Prepare repository for 0.156.0-DEV\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/d8c0dfccf72ab43db2b2bca1483a61c8660021d9\"\u003e\u003ccode\u003ed8c0dfc\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.155.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/6bd2bde9d3c71525ae085d9cef18ea8a5f96e51c\"\u003e\u003ccode\u003e6bd2bde\u003c/code\u003e\u003c/a\u003e resources/image: Add some image decode/encode debug logging\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/0f1c7d12000f7db7f1f45366c2dc4355b1511d5f\"\u003e\u003ccode\u003e0f1c7d1\u003c/code\u003e\u003c/a\u003e Fix template change detection for multi-version sites\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/10352335e04c4779e101b6d40202dd90a170dda0\"\u003e\u003ccode\u003e1035233\u003c/code\u003e\u003c/a\u003e releaser: Prepare repository for 0.156.0-DEV\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.124.0...v0.155.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo\u0026package-manager=go_modules\u0026previous-version=0.124.0\u0026new-version=0.155.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Txim0520/https-github.com-coder-coder/pull/855","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Txim0520%2Fhttps-github.com-coder-coder/issues/855","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/855/packages"}],"issue_packages":[{"old_version":"0.149.1","new_version":"0.161.0","update_type":"minor","path":"the go_modules group across 1 directory","pr_created_at":"2026-05-26T20:55:04.000Z","version_change":"0.149.1 → 0.161.0","issue":{"uuid":"4527436291","node_id":"PR_kwDOSjnsHc7fkpOy","number":8,"state":"closed","title":"chore(deps): bump github.com/gohugoio/hugo from 0.149.1 to 0.161.0 in the go_modules group across 1 directory","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-27T03:12:42.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-26T20:55:04.000Z","updated_at":"2026-05-27T03:12:44.000Z","time_to_close":22658,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.149.1","new_version":"0.161.0","repository_url":"https://github.com/gohugoio/hugo"}],"path":"the go_modules group across 1 directory","ecosystem":"go"},"body":"Bumps the go_modules group with 1 update in the / directory: [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo).\n\nUpdates `github.com/gohugoio/hugo` from 0.149.1 to 0.161.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.161.0\u003c/h2\u003e\n\u003cp\u003eThis release contains two security hardening fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWe now run the Node tools PostCSS, Babel and TailwindCSS, by default, with the \u003ccode\u003e--permission\u003c/code\u003e flag with the permissions defined in \u003ca href=\"https://gohugo.io/configuration/security/\"\u003esecurity.node.permissions\u003c/a\u003e. This means that you need Node \u0026gt;= 22 installed and that \u003ccode\u003ecss.TailwindCSS\u003c/code\u003e now requires that the Tailwind CSS CLI must be installed as a Node.js package. The \u003ca href=\"https://github.com/tailwindlabs/tailwindcss/releases/latest\"\u003estandalone executable\u003c/a\u003e is no longer supported\u003c/li\u003e\n\u003cli\u003eWe have made the defaults in \u003ca href=\"https://gohugo.io/configuration/security/#httpurls\"\u003esecurity.http.urls\u003c/a\u003e more restrictive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBut there are some notable new features, as well:\u003c/p\u003e\n\u003ch2\u003eNested vars support in css.Build and css.Sass\u003c/h2\u003e\n\u003cp\u003eA practical example in \u003ccode\u003ecss.Build\u003c/code\u003e would be to have something like this in \u003ccode\u003ehugo.toml\u003c/code\u003e:\u003c/p\u003e\n\u003cpre lang=\"toml\"\u003e\u003ccode\u003e[params.style]\r\n    primary    = \u0026quot;[#000000](https://github.com/gohugoio/hugo/issues/000000)\u0026quot;\r\n    background = \u0026quot;#ffffff\u0026quot;\r\n    [params.style.dark]\r\n        primary    = \u0026quot;#ffffff\u0026quot;\r\n        background = \u0026quot;[#000000](https://github.com/gohugoio/hugo/issues/000000)\u0026quot;\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eAnd in the stylesheet:\u003c/p\u003e\n\u003cpre lang=\"css\"\u003e\u003ccode\u003e@import \u0026quot;hugo:vars\u0026quot;;\r\n@import \u0026quot;hugo:vars/dark\u0026quot; (prefers-color-scheme: dark);\r\n\u003cp\u003e:root {\ncolor-scheme: light dark;\n}\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003ch2\u003eSlice-based permalinks config\u003c/h2\u003e\n\u003cp\u003eThe \u003ccode\u003epermalinks\u003c/code\u003e configuration is now much more flexible (the old setup still works). It uses the same \u003ca href=\"https://gohugo.io/configuration/cascade/#target\"\u003etarget\u003c/a\u003e matchers as in the \u003ccode\u003ecascade\u003c/code\u003e config, meaning you can now do:\u003c/p\u003e\n\u003cpre lang=\"yaml\"\u003e\u003ccode\u003epermalinks:\r\n  - target:\r\n      kind: page\r\n      path: \u0026quot;/books/**\u0026quot;\r\n    pattern: /books/:year/:slug/\r\n  - target:\r\n      kind: section\r\n      path: \u0026quot;/{books,books/**}\u0026quot;\r\n    pattern: /libros/:sections[1:]\r\n  - target:\r\n      kind: page\r\n    pattern: /other/:slug/\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe above example isn't great, but it at least shows the gist of it.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/98d396c16a07b51df06e7673d817a3880da6218d\"\u003e\u003ccode\u003e98d396c\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.161.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/d4ae662d598db81d239a291bc26336be5fec6893\"\u003e\u003ccode\u003ed4ae662\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/getkin/kin-openapi from 0.135.0 to 0.137.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/9ede5fb9e0304d3eb193b3c1a9214c735f05db21\"\u003e\u003ccode\u003e9ede5fb\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/mattn/go-isatty from 0.0.21 to 0.0.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/833a878eef4fce2bbabb05dcbb8a7e31f93aadda\"\u003e\u003ccode\u003e833a878\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/tdewolff/minify/v2 from 2.24.12 to 2.24.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/7622dd86ced9ac2ef3c15b5d0740bf9634bb60ac\"\u003e\u003ccode\u003e7622dd8\u003c/code\u003e\u003c/a\u003e css: Support nested hugo:vars/\u0026lt;name\u0026gt; imports\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/0814059bb6374bbd5861ee8da96b4a67e22acfba\"\u003e\u003ccode\u003e0814059\u003c/code\u003e\u003c/a\u003e github: Update GitHub actions versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/8920d56e951e872e1eabd08fc34f9c1350fe5da3\"\u003e\u003ccode\u003e8920d56\u003c/code\u003e\u003c/a\u003e hugolib: Do not render aliases if the page is not rendered\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/633cc772e0e8a79205b1b268bd9bfc2b0f5b1473\"\u003e\u003ccode\u003e633cc77\u003c/code\u003e\u003c/a\u003e langs/i18n: Improve default content language fallback\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/90d8bf34aea897a8a329480bde54ff1c61c0c9b3\"\u003e\u003ccode\u003e90d8bf3\u003c/code\u003e\u003c/a\u003e Replace deprecated .Site.Sites/.Page.Sites with hugo.Sites intests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/4c40c6d5ca94537a63f7449f269b9ebef84e9346\"\u003e\u003ccode\u003e4c40c6d\u003c/code\u003e\u003c/a\u003e helpers: Remove unused code\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.149.1...v0.161.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo\u0026package-manager=go_modules\u0026previous-version=0.149.1\u0026new-version=0.161.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Icehunter/dune-admin/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Icehunter/dune-admin/pull/8","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Icehunter%2Fdune-admin/issues/8","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/8/packages"}},{"old_version":"0.160.1","new_version":"0.161.0","update_type":"minor","path":"/hack/tools in the go_modules group across 1 directory","pr_created_at":"2026-05-08T09:19:36.000Z","version_change":"0.160.1 → 0.161.0","issue":{"uuid":"4405264515","node_id":"PR_kwDOSL8Yt87ZeO-z","number":2,"state":"closed","title":"Bump github.com/gohugoio/hugo from 0.160.1 to 0.161.0 in /hack/tools in the go_modules group across 1 directory","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-03T21:16:56.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-08T09:19:36.000Z","updated_at":"2026-06-03T21:16:58.000Z","time_to_close":2289440,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.160.1","new_version":"0.161.0","repository_url":"https://github.com/gohugoio/hugo"}],"path":"/hack/tools in the go_modules group across 1 directory","ecosystem":"go"},"body":"Bumps the go_modules group with 1 update in the /hack/tools directory: [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo).\n\nUpdates `github.com/gohugoio/hugo` from 0.160.1 to 0.161.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.161.0\u003c/h2\u003e\n\u003cp\u003eThis release contains two security hardening fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWe now run the Node tools PostCSS, Babel and TailwindCSS, by default, with the \u003ccode\u003e--permission\u003c/code\u003e flag with the permissions defined in \u003ca href=\"https://gohugo.io/configuration/security/\"\u003esecurity.node.permissions\u003c/a\u003e. This means that you need Node \u0026gt;= 22 installed and that \u003ccode\u003ecss.TailwindCSS\u003c/code\u003e now requires that the Tailwind CSS CLI must be installed as a Node.js package. The \u003ca href=\"https://github.com/tailwindlabs/tailwindcss/releases/latest\"\u003estandalone executable\u003c/a\u003e is no longer supported\u003c/li\u003e\n\u003cli\u003eWe have made the defaults in \u003ca href=\"https://gohugo.io/configuration/security/#httpurls\"\u003esecurity.http.urls\u003c/a\u003e more restrictive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBut there are some notable new features, as well:\u003c/p\u003e\n\u003ch2\u003eNested vars support in css.Build and css.Sass\u003c/h2\u003e\n\u003cp\u003eA practical example in \u003ccode\u003ecss.Build\u003c/code\u003e would be to have something like this in \u003ccode\u003ehugo.toml\u003c/code\u003e:\u003c/p\u003e\n\u003cpre lang=\"toml\"\u003e\u003ccode\u003e[params.style]\r\n    primary    = \u0026quot;[#000000](https://github.com/gohugoio/hugo/issues/000000)\u0026quot;\r\n    background = \u0026quot;#ffffff\u0026quot;\r\n    [params.style.dark]\r\n        primary    = \u0026quot;#ffffff\u0026quot;\r\n        background = \u0026quot;[#000000](https://github.com/gohugoio/hugo/issues/000000)\u0026quot;\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eAnd in the stylesheet:\u003c/p\u003e\n\u003cpre lang=\"css\"\u003e\u003ccode\u003e@import \u0026quot;hugo:vars\u0026quot;;\r\n@import \u0026quot;hugo:vars/dark\u0026quot; (prefers-color-scheme: dark);\r\n\u003cp\u003e:root {\ncolor-scheme: light dark;\n}\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003ch2\u003eSlice-based permalinks config\u003c/h2\u003e\n\u003cp\u003eThe \u003ccode\u003epermalinks\u003c/code\u003e configuration is now much more flexible (the old setup still works). It uses the same \u003ca href=\"https://gohugo.io/configuration/cascade/#target\"\u003etarget\u003c/a\u003e matchers as in the \u003ccode\u003ecascade\u003c/code\u003e config, meaning you can now do:\u003c/p\u003e\n\u003cpre lang=\"yaml\"\u003e\u003ccode\u003epermalinks:\r\n  - target:\r\n      kind: page\r\n      path: \u0026quot;/books/**\u0026quot;\r\n    pattern: /books/:year/:slug/\r\n  - target:\r\n      kind: section\r\n      path: \u0026quot;/{books,books/**}\u0026quot;\r\n    pattern: /libros/:sections[1:]\r\n  - target:\r\n      kind: page\r\n    pattern: /other/:slug/\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe above example isn't great, but it at least shows the gist of it.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/98d396c16a07b51df06e7673d817a3880da6218d\"\u003e\u003ccode\u003e98d396c\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.161.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/d4ae662d598db81d239a291bc26336be5fec6893\"\u003e\u003ccode\u003ed4ae662\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/getkin/kin-openapi from 0.135.0 to 0.137.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/9ede5fb9e0304d3eb193b3c1a9214c735f05db21\"\u003e\u003ccode\u003e9ede5fb\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/mattn/go-isatty from 0.0.21 to 0.0.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/833a878eef4fce2bbabb05dcbb8a7e31f93aadda\"\u003e\u003ccode\u003e833a878\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/tdewolff/minify/v2 from 2.24.12 to 2.24.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/7622dd86ced9ac2ef3c15b5d0740bf9634bb60ac\"\u003e\u003ccode\u003e7622dd8\u003c/code\u003e\u003c/a\u003e css: Support nested hugo:vars/\u0026lt;name\u0026gt; imports\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/0814059bb6374bbd5861ee8da96b4a67e22acfba\"\u003e\u003ccode\u003e0814059\u003c/code\u003e\u003c/a\u003e github: Update GitHub actions versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/8920d56e951e872e1eabd08fc34f9c1350fe5da3\"\u003e\u003ccode\u003e8920d56\u003c/code\u003e\u003c/a\u003e hugolib: Do not render aliases if the page is not rendered\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/633cc772e0e8a79205b1b268bd9bfc2b0f5b1473\"\u003e\u003ccode\u003e633cc77\u003c/code\u003e\u003c/a\u003e langs/i18n: Improve default content language fallback\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/90d8bf34aea897a8a329480bde54ff1c61c0c9b3\"\u003e\u003ccode\u003e90d8bf3\u003c/code\u003e\u003c/a\u003e Replace deprecated .Site.Sites/.Page.Sites with hugo.Sites intests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/4c40c6d5ca94537a63f7449f269b9ebef84e9346\"\u003e\u003ccode\u003e4c40c6d\u003c/code\u003e\u003c/a\u003e helpers: Remove unused code\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.160.1...v0.161.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo\u0026package-manager=go_modules\u0026previous-version=0.160.1\u0026new-version=0.161.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/umairsiddiquie/kueue/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/umairsiddiquie/kueue/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/umairsiddiquie%2Fkueue/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"}},{"old_version":"0.160.1","new_version":"0.161.0","update_type":"minor","path":"/hack/tools","pr_created_at":"2026-05-08T09:00:14.000Z","version_change":"0.160.1 → 0.161.0","issue":{"uuid":"4405148964","node_id":"PR_kwDOG2kQZs7Zd2jA","number":11042,"state":"open","title":"Bump github.com/gohugoio/hugo from 0.160.1 to 0.161.0 in /hack/tools","user":"dependabot[bot]","labels":["size/L","release-note-none","ok-to-test","cncf-cla: yes","area/dependency","dependencies"],"assignees":[],"locked":false,"comments_count":11,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-08T09:00:14.000Z","updated_at":"2026-05-18T18:28:24.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.160.1","new_version":"0.161.0","repository_url":"https://github.com/gohugoio/hugo"}],"path":"/hack/tools","ecosystem":"go"},"body":"Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.160.1 to 0.161.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.161.0\u003c/h2\u003e\n\u003cp\u003eThis release contains two security hardening fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWe now run the Node tools PostCSS, Babel and TailwindCSS, by default, with the \u003ccode\u003e--permission\u003c/code\u003e flag with the permissions defined in \u003ca href=\"https://gohugo.io/configuration/security/\"\u003esecurity.node.permissions\u003c/a\u003e. This means that you need Node \u0026gt;= 22 installed and that \u003ccode\u003ecss.TailwindCSS\u003c/code\u003e now requires that the Tailwind CSS CLI must be installed as a Node.js package. The \u003ca href=\"https://github.com/tailwindlabs/tailwindcss/releases/latest\"\u003estandalone executable\u003c/a\u003e is no longer supported\u003c/li\u003e\n\u003cli\u003eWe have made the defaults in \u003ca href=\"https://gohugo.io/configuration/security/#httpurls\"\u003esecurity.http.urls\u003c/a\u003e more restrictive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBut there are some notable new features, as well:\u003c/p\u003e\n\u003ch2\u003eNested vars support in css.Build and css.Sass\u003c/h2\u003e\n\u003cp\u003eA practical example in \u003ccode\u003ecss.Build\u003c/code\u003e would be to have something like this in \u003ccode\u003ehugo.toml\u003c/code\u003e:\u003c/p\u003e\n\u003cpre lang=\"toml\"\u003e\u003ccode\u003e[params.style]\r\n    primary    = \u0026quot;[#000000](https://github.com/gohugoio/hugo/issues/000000)\u0026quot;\r\n    background = \u0026quot;#ffffff\u0026quot;\r\n    [params.style.dark]\r\n        primary    = \u0026quot;#ffffff\u0026quot;\r\n        background = \u0026quot;[#000000](https://github.com/gohugoio/hugo/issues/000000)\u0026quot;\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eAnd in the stylesheet:\u003c/p\u003e\n\u003cpre lang=\"css\"\u003e\u003ccode\u003e@import \u0026quot;hugo:vars\u0026quot;;\r\n@import \u0026quot;hugo:vars/dark\u0026quot; (prefers-color-scheme: dark);\r\n\u003cp\u003e:root {\ncolor-scheme: light dark;\n}\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003ch2\u003eSlice-based permalinks config\u003c/h2\u003e\n\u003cp\u003eThe \u003ccode\u003epermalinks\u003c/code\u003e configuration is now much more flexible (the old setup still works). It uses the same \u003ca href=\"https://gohugo.io/configuration/cascade/#target\"\u003etarget\u003c/a\u003e matchers as in the \u003ccode\u003ecascade\u003c/code\u003e config, meaning you can now do:\u003c/p\u003e\n\u003cpre lang=\"yaml\"\u003e\u003ccode\u003epermalinks:\r\n  - target:\r\n      kind: page\r\n      path: \u0026quot;/books/**\u0026quot;\r\n    pattern: /books/:year/:slug/\r\n  - target:\r\n      kind: section\r\n      path: \u0026quot;/{books,books/**}\u0026quot;\r\n    pattern: /libros/:sections[1:]\r\n  - target:\r\n      kind: page\r\n    pattern: /other/:slug/\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe above example isn't great, but it at least shows the gist of it.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/98d396c16a07b51df06e7673d817a3880da6218d\"\u003e\u003ccode\u003e98d396c\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.161.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/d4ae662d598db81d239a291bc26336be5fec6893\"\u003e\u003ccode\u003ed4ae662\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/getkin/kin-openapi from 0.135.0 to 0.137.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/9ede5fb9e0304d3eb193b3c1a9214c735f05db21\"\u003e\u003ccode\u003e9ede5fb\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/mattn/go-isatty from 0.0.21 to 0.0.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/833a878eef4fce2bbabb05dcbb8a7e31f93aadda\"\u003e\u003ccode\u003e833a878\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/tdewolff/minify/v2 from 2.24.12 to 2.24.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/7622dd86ced9ac2ef3c15b5d0740bf9634bb60ac\"\u003e\u003ccode\u003e7622dd8\u003c/code\u003e\u003c/a\u003e css: Support nested hugo:vars/\u0026lt;name\u0026gt; imports\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/0814059bb6374bbd5861ee8da96b4a67e22acfba\"\u003e\u003ccode\u003e0814059\u003c/code\u003e\u003c/a\u003e github: Update GitHub actions versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/8920d56e951e872e1eabd08fc34f9c1350fe5da3\"\u003e\u003ccode\u003e8920d56\u003c/code\u003e\u003c/a\u003e hugolib: Do not render aliases if the page is not rendered\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/633cc772e0e8a79205b1b268bd9bfc2b0f5b1473\"\u003e\u003ccode\u003e633cc77\u003c/code\u003e\u003c/a\u003e langs/i18n: Improve default content language fallback\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/90d8bf34aea897a8a329480bde54ff1c61c0c9b3\"\u003e\u003ccode\u003e90d8bf3\u003c/code\u003e\u003c/a\u003e Replace deprecated .Site.Sites/.Page.Sites with hugo.Sites intests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/4c40c6d5ca94537a63f7449f269b9ebef84e9346\"\u003e\u003ccode\u003e4c40c6d\u003c/code\u003e\u003c/a\u003e helpers: Remove unused code\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.160.1...v0.161.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/kubernetes-sigs/kueue/pull/11042","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubernetes-sigs%2Fkueue/issues/11042","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/11042/packages"}},{"old_version":"0.159.2","new_version":"0.160.1","update_type":"minor","path":"/hack/tools","pr_created_at":"2026-04-10T09:37:40.000Z","version_change":"0.159.2 → 0.160.1","issue":{"uuid":"4238144961","node_id":"PR_kwDOG2kQZs7RZ0On","number":10374,"state":"open","title":"Bump github.com/gohugoio/hugo from 0.159.2 to 0.160.1 in /hack/tools","user":"dependabot[bot]","labels":["lgtm","release-note-none","approved","size/M","ok-to-test","cncf-cla: yes","area/dependency","dependencies"],"assignees":["mimowo"],"locked":false,"comments_count":5,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-10T09:37:40.000Z","updated_at":"2026-04-10T09:46:30.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.159.2","new_version":"0.160.1","repository_url":"https://github.com/gohugoio/hugo"}],"path":"/hack/tools","ecosystem":"go"},"body":"Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.159.2 to 0.160.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.160.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix panic when passthrough elements are used in headings 8b00030b \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14677\"\u003e#14677\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic on edit of legacy mapped template names that's also a valid path in the new setup c4855167 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14740\"\u003e#14740\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix RenderShortcodes leaking context markers when indented 161d0d47 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/12457\"\u003e#12457\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStrip nested page context markers from standalone RenderShortcodes 45e45966 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14732\"\u003e#14732\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRename deprecated cascade._target to cascade.target in tests 58927aa1 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix auto-creation of root sections in multilingual sites ce009e3a \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14681\"\u003e#14681\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ereadme: Fix links 07558724 \u003ca href=\"https://github.com/chicks-net\"\u003e\u003ccode\u003e@​chicks-net\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.160.0\u003c/h2\u003e\n\u003cp\u003eNow you can inject \u003ca href=\"https://gohugo.io/functions/css/build/#vars\"\u003eCSS vars\u003c/a\u003e, e.g. from the configuration, into your stylesheets when building with \u003ca href=\"https://gohugo.io/functions/css/build/\"\u003ecss.Build\u003c/a\u003e. Also, now all the render hooks has a  \u003ca href=\"https://gohugo.io/render-hooks/links/#position\"\u003e.Position\u003c/a\u003e method, now also more accurate and effective.\u003c/p\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix some recently introduced Position issues 4e91e14c \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14710\"\u003e#14710\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emarkup/goldmark: Fix double-escaping of ampersands in link URLs dc9b51d2 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14715\"\u003e#14715\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etpl: Fix stray quotes from partial decorator in script context 43aad711 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14711\"\u003e#14711\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImprovements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eall: Replace NewIntegrationTestBuilder with Test/TestE/TestRunning 481baa08 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etpl/css: Support \u003ca href=\"https://github.com/import\"\u003e\u003ccode\u003e@​import\u003c/code\u003e\u003c/a\u003e \u0026quot;hugo:vars\u0026quot; for CSS custom properties in css.Build 5d09b5e3 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14699\"\u003e#14699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove and extend .Position handling in Goldmark render hooks 303e443e \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14663\"\u003e#14663\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emarkup/goldmark: Clean up test 638262ce \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependency Updates\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump github.com/magefile/mage from 1.16.1 to 1.17.1 bf6e35a7 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot]\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 0eda24e6 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot]\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/image from 0.37.0 to 0.38.0 beb57a68 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ereadme: Revise edition descriptions and installation instructions 9f1f1be0 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/d6bc8165e62b29d7d70ede01ed01d0f88de327e6\"\u003e\u003ccode\u003ed6bc816\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.160.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/8b00030b344d21635e5634698700f1d13145fead\"\u003e\u003ccode\u003e8b00030\u003c/code\u003e\u003c/a\u003e Fix panic when passthrough elements are used in headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/c48551677c2504e3f2d7fa53ee42766e0333b957\"\u003e\u003ccode\u003ec485516\u003c/code\u003e\u003c/a\u003e Fix panic on edit of legacy mapped template names that's also a valid path in...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/161d0d475773c5251ec00cc8848f1a174393155c\"\u003e\u003ccode\u003e161d0d4\u003c/code\u003e\u003c/a\u003e Fix RenderShortcodes leaking context markers when indented\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/45e4596630b1372ab02634e4536d2b5a89452e0b\"\u003e\u003ccode\u003e45e4596\u003c/code\u003e\u003c/a\u003e Strip nested page context markers from standalone RenderShortcodes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/58927aa14ae7e6679ca4533a15362fa99c61247a\"\u003e\u003ccode\u003e58927aa\u003c/code\u003e\u003c/a\u003e Rename deprecated cascade._target to cascade.target in tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/ce009e3aa9fdc0e9f8d2d209d0d4df591707a094\"\u003e\u003ccode\u003ece009e3\u003c/code\u003e\u003c/a\u003e Fix auto-creation of root sections in multilingual sites\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/0755872424182a99520ab27f54df29ba2bcccddc\"\u003e\u003ccode\u003e0755872\u003c/code\u003e\u003c/a\u003e readme: Fix links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/6b5554bac9f8de094bef2d7eb98f2ab4ede79e52\"\u003e\u003ccode\u003e6b5554b\u003c/code\u003e\u003c/a\u003e releaser: Prepare repository for 0.161.0-DEV\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/652fc5acddf94e0501f778e196a8b630566b39ad\"\u003e\u003ccode\u003e652fc5a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.160.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.159.2...v0.160.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo\u0026package-manager=go_modules\u0026previous-version=0.159.2\u0026new-version=0.160.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/kubernetes-sigs/kueue/pull/10374","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubernetes-sigs%2Fkueue/issues/10374","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/10374/packages"}},{"old_version":"0.147.6","new_version":"0.159.2","update_type":"minor","path":null,"pr_created_at":"2026-04-08T19:45:04.000Z","version_change":"0.147.6 → 0.159.2","issue":{"uuid":"4227198525","node_id":"PR_kwDOMkcOX87Q6r6w","number":48,"state":"closed","title":"Chore(deps): Bump the go_modules group across 25 directories with 6 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-24T20:57:11.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-08T19:45:04.000Z","updated_at":"2026-04-24T20:57:14.000Z","time_to_close":1386727,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Chore(deps): Bump","group_name":"go_modules","update_count":6,"packages":[{"name":"github.com/go-jose/go-jose/v4","old_version":"4.1.3","new_version":"4.1.4","repository_url":"https://github.com/go-jose/go-jose"},{"name":"github.com/openfga/openfga","old_version":"1.11.3","new_version":"1.14.0","repository_url":"https://github.com/openfga/openfga"},{"name":"go.opentelemetry.io/otel/sdk","old_version":"1.40.0","new_version":"1.42.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"},{"name":"github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream","old_version":"1.7.3","new_version":"1.7.8"},{"name":"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp","old_version":"1.40.0","new_version":"1.41.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"},{"name":"github.com/gohugoio/hugo","old_version":"0.147.6","new_version":"0.159.2","repository_url":"https://github.com/gohugoio/hugo"},{"name":"github.com/go-jose/go-jose/v4","old_version":"4.1.3","new_version":"4.1.4","repository_url":"https://github.com/go-jose/go-jose"},{"name":"go.opentelemetry.io/otel/sdk","old_version":"1.40.0","new_version":"1.43.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"},{"name":"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp","old_version":"1.40.0","new_version":"1.43.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 2 updates in the / directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) and [github.com/openfga/openfga](https://github.com/openfga/openfga).\nBumps the go_modules group with 1 update in the /.citools/src/air directory: [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo).\nBumps the go_modules group with 3 updates in the /apps/advisor directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 2 updates in the /apps/alerting/historian directory: [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 2 updates in the /apps/alerting/notifications directory: [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 2 updates in the /apps/alerting/rules directory: [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 2 updates in the /apps/annotation directory: [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 2 updates in the /apps/correlations directory: [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 2 updates in the /apps/dashboard directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) and [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 3 updates in the /apps/dashvalidator directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 3 updates in the /apps/example directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 2 updates in the /apps/iam directory: [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 2 updates in the /apps/live directory: [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 2 updates in the /apps/logsdrilldown directory: [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 2 updates in the /apps/playlist directory: [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 3 updates in the /apps/plugins directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 1 update in the /apps/provisioning directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose).\nBumps the go_modules group with 3 updates in the /apps/quotas directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 3 updates in the /apps/shorturl directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 1 update in the /pkg/aggregator directory: [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 1 update in the /pkg/apimachinery directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose).\nBumps the go_modules group with 2 updates in the /pkg/apiserver directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) and [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 2 updates in the /pkg/build directory: [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 1 update in the /pkg/infra/features directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose).\nBumps the go_modules group with 3 updates in the /pkg/plugins directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go).\n\nUpdates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-jose/go-jose/releases\"\u003egithub.com/go-jose/go-jose/v4's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eFixes Panic in JWE decryption. See \u003ca href=\"https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8\"\u003ehttps://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ehttps://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9\"\u003e\u003ccode\u003e0e59876\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/ddffdbcec8bdadea8e02a20bdf19239878228215\"\u003e\u003ccode\u003eddffdbc\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/go-jose/go-jose/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/openfga/openfga` from 1.11.3 to 1.14.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/openfga/openfga/releases\"\u003egithub.com/openfga/openfga's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.14.0\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eopenfga_iter_query_duration_ms\u003c/code\u003e histogram metric to track storage iterator query latency across all storage backends, labeled by \u003ccode\u003esuccess\u003c/code\u003e. The metric is recorded in each backend's \u003ccode\u003efetchBuffer\u003c/code\u003e after error classification: infrastructure failures are labeled \u003ccode\u003esuccess=false\u003c/code\u003e; expected storage outcomes (\u003ccode\u003eErrNotFound\u003c/code\u003e, \u003ccode\u003eErrCollision\u003c/code\u003e, \u003ccode\u003eErrInvalidWriteInput\u003c/code\u003e) are labeled \u003ccode\u003esuccess=true\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/3030\"\u003e#3030\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eChanged the ListObjects pipeline intersection algorithm to improve intersection performance. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/3031\"\u003e#3031\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e[BREAKING]\u003c/strong\u003e The Playground now only supports the \u003ccode\u003enone\u003c/code\u003e authentication method. Running the Playground with \u003ccode\u003epreshared\u003c/code\u003e key authentication is no longer supported. The server will error and not start if it detects this combination.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe built-in OpenFGA Playground is intended for development purposes only and is deprecated. It will be removed entirely in a future release.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003e--playground-port\u003c/code\u003e flag and \u003ccode\u003eOPENFGA_PLAYGROUND_PORT\u003c/code\u003e environment variable are deprecated. Use \u003ccode\u003e--playground-addr\u003c/code\u003e (\u003ccode\u003eOPENFGA_PLAYGROUND_ADDR\u003c/code\u003e) instead to specify the full \u003ccode\u003ehost:port\u003c/code\u003e address for the Playground server. When \u003ccode\u003e--playground-addr\u003c/code\u003e is not set, the Playground binds to \u003ccode\u003e127.0.0.1\u003c/code\u003e using the port from \u003ccode\u003e--playground-port\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Write operations failing with \u003ccode\u003einvalid input syntax for type integer\u003c/code\u003e (SQLSTATE 22P02) when PostgreSQL is behind PgBouncer or a connection pooler using the simple query protocol. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/3014\"\u003e#3014\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed PostgreSQL \u003ccode\u003eHandleSQLError\u003c/code\u003e and \u003ccode\u003eGetStore\u003c/code\u003e returning a wrapped error instead of \u003ccode\u003estorage.ErrNotFound\u003c/code\u003e when no rows are found. When using pgxpool directly, \u003ccode\u003eQueryRow().Scan()\u003c/code\u003e returns \u003ccode\u003epgx.ErrNoRows\u003c/code\u003e, not \u003ccode\u003esql.ErrNoRows\u003c/code\u003e; both are now handled. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/3014\"\u003e#3014\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed the possibility of deadlocks within the ListObjects pipeline algorithm. Also added short-circuit enhancements that will reduce latency and message processing in certain scenarios. Cyclical edges now use as much memory as necessary to process deep and wide data hierarchies without the risk of a deadlock. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/3028\"\u003e#3028\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed issue where BatchCheck calls with multiple checks for the same tuple could result in improper policy enforcement. \u003ca href=\"https://github.com/openfga/openfga/security/advisories/GHSA-jwvj-g8pc-cx45\"\u003eCVE-2026-34972\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/openfga/openfga/compare/v1.13.1...v1.14.0\"\u003ehttps://github.com/openfga/openfga/compare/v1.13.1...v1.14.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.13.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security vulnerability (\u003ca href=\"https://github.com/openfga/openfga/security/advisories/GHSA-h6c8-cww8-35hf\"\u003eCVE-2026-33729\u003c/a\u003e) where Check requests with conditions and caching enabled could return incorrect cached results.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/openfga/openfga/compare/v1.13.0...v1.13.1\"\u003ehttps://github.com/openfga/openfga/compare/v1.13.0...v1.13.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.13.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAuthZen v1.0 Implementation by \u003ca href=\"https://github.com/aaguiarz\"\u003e\u003ccode\u003e@​aaguiarz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2875\"\u003eopenfga/openfga#2875\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix typos in RELEASES.md and Makefile by \u003ca href=\"https://github.com/kanywst\"\u003e\u003ccode\u003e@​kanywst\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2980\"\u003eopenfga/openfga#2980\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: capture panics in pipeline's base resolver, and return as errors. by \u003ca href=\"https://github.com/senojj\"\u003e\u003ccode\u003e@​senojj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2994\"\u003eopenfga/openfga#2994\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eobservability: aggregate message statistics for each list-objects sender into a single span by \u003ca href=\"https://github.com/senojj\"\u003e\u003ccode\u003e@​senojj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2993\"\u003eopenfga/openfga#2993\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix typos in comments by \u003ca href=\"https://github.com/archy-rock3t-cloud\"\u003e\u003ccode\u003e@​archy-rock3t-cloud\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2972\"\u003eopenfga/openfga#2972\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: Separate caches for v1 and v2 Check by \u003ca href=\"https://github.com/saad-h1\"\u003e\u003ccode\u003e@​saad-h1\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2968\"\u003eopenfga/openfga#2968\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease: update changelog for release \u003ccode\u003ev1.13.0\u003c/code\u003e by \u003ca href=\"https://github.com/poovamraj\"\u003e\u003ccode\u003e@​poovamraj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2997\"\u003eopenfga/openfga#2997\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kanywst\"\u003e\u003ccode\u003e@​kanywst\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2980\"\u003eopenfga/openfga#2980\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/openfga/openfga/compare/v1.12.1...v1.13.0\"\u003ehttps://github.com/openfga/openfga/compare/v1.12.1...v1.13.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.12.1\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe ListObjects \u0026quot;pipeline\u0026quot; algorithm ditches its custom Pipe implementation and replaces it with Go native channels. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2977\"\u003e#2977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRefactor tuple validation and manipulation functions for optimal performance. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2984\"\u003e#2984\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/openfga/openfga/blob/main/CHANGELOG.md\"\u003egithub.com/openfga/openfga's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.14.0] - 2026-04-03\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eopenfga_iter_query_duration_ms\u003c/code\u003e histogram metric to track storage iterator query latency across all storage backends, labeled by \u003ccode\u003esuccess\u003c/code\u003e. The metric is recorded in each backend's \u003ccode\u003efetchBuffer\u003c/code\u003e after error classification: infrastructure failures are labeled \u003ccode\u003esuccess=false\u003c/code\u003e; expected storage outcomes (\u003ccode\u003eErrNotFound\u003c/code\u003e, \u003ccode\u003eErrCollision\u003c/code\u003e, \u003ccode\u003eErrInvalidWriteInput\u003c/code\u003e) are labeled \u003ccode\u003esuccess=true\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/3030\"\u003e#3030\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eChanged the ListObjects pipeline intersection algorithm to improve intersection performance. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/3031\"\u003e#3031\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e[BREAKING]\u003c/strong\u003e The Playground now only supports the \u003ccode\u003enone\u003c/code\u003e authentication method. Running the Playground with \u003ccode\u003epreshared\u003c/code\u003e key authentication is no longer supported. The server will error and not start if it detects this combination.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe built-in OpenFGA Playground is intended for development purposes only and is deprecated. It will be removed entirely in a future release.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003e--playground-port\u003c/code\u003e flag and \u003ccode\u003eOPENFGA_PLAYGROUND_PORT\u003c/code\u003e environment variable are deprecated. Use \u003ccode\u003e--playground-addr\u003c/code\u003e (\u003ccode\u003eOPENFGA_PLAYGROUND_ADDR\u003c/code\u003e) instead to specify the full \u003ccode\u003ehost:port\u003c/code\u003e address for the Playground server. When \u003ccode\u003e--playground-addr\u003c/code\u003e is not set, the Playground binds to \u003ccode\u003e127.0.0.1\u003c/code\u003e using the port from \u003ccode\u003e--playground-port\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Write operations failing with \u003ccode\u003einvalid input syntax for type integer\u003c/code\u003e (SQLSTATE 22P02) when PostgreSQL is behind PgBouncer or a connection pooler using the simple query protocol. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/3014\"\u003e#3014\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed PostgreSQL \u003ccode\u003eHandleSQLError\u003c/code\u003e and \u003ccode\u003eGetStore\u003c/code\u003e returning a wrapped error instead of \u003ccode\u003estorage.ErrNotFound\u003c/code\u003e when no rows are found. When using pgxpool directly, \u003ccode\u003eQueryRow().Scan()\u003c/code\u003e returns \u003ccode\u003epgx.ErrNoRows\u003c/code\u003e, not \u003ccode\u003esql.ErrNoRows\u003c/code\u003e; both are now handled. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/3014\"\u003e#3014\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed the possibility of deadlocks within the ListObjects pipeline algorithm. Also added short-circuit enhancements that will reduce latency and message processing in certain scenarios. Cyclical edges now use as much memory as necessary to process deep and wide data hierarchies without the risk of a deadlock. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/3028\"\u003e#3028\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed issue where BatchCheck calls with multiple checks for the same tuple could result in improper policy enforcement. \u003ca href=\"https://github.com/openfga/openfga/security/advisories/GHSA-jwvj-g8pc-cx45\"\u003eCVE-2026-34972\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.13.1] - 2026-03-24\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security vulnerability (\u003ca href=\"https://github.com/openfga/openfga/security/advisories/GHSA-h6c8-cww8-35hf\"\u003eCVE-2026-33729\u003c/a\u003e) where Check requests with conditions and caching enabled could return incorrect cached results.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.13.0] - 2026-03-23\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AuthZen 1.0 experimental support. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2875\"\u003e#2875\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent recoverable panics in list objects from terminating the process. Return an error instead. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2994\"\u003e#2994\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.12.1] - 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe ListObjects \u0026quot;pipeline\u0026quot; algorithm ditches its custom Pipe implementation and replaces it with Go native channels. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2977\"\u003e#2977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRefactor tuple validation and manipulation functions for optimal performance. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2984\"\u003e#2984\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate grpc-go version to v1.79.3 and grpc-health-probe to v0.4.47. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2988\"\u003e#2988\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eOTEL_EXPORTER_OTLP_ENDPOINT\u003c/code\u003e not accepting URIs with schemes (e.g. \u003ccode\u003ehttp://host:4317\u003c/code\u003e). The scheme is now stripped before passing to the gRPC exporter, and an \u003ccode\u003ehttps://\u003c/code\u003e scheme enables TLS regardless of the \u003ccode\u003etrace.otlp.tls.enabled\u003c/code\u003e flag. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2981\"\u003e#2981\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.12.0] - 2026-03-13\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AuthZen 1.0 experimental support. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2875\"\u003e#2875\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd configuration for maximum size of received gRPC message bytes. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2952\"\u003e#2952\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eHTTP gateway's internal gRPC client now uses dynamic TLS credentials that automatically update on certificate rotation via certwatcher, preventing connection failures when certificates are rotated (e.g., by cert-manager). \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2951\"\u003e#2951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTuple validation will now fail when any unicode control characters, or null bytes are present within a tuple string. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2963\"\u003e#2963\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed swapped format arguments in \u003ccode\u003eDecodeParameterType\u003c/code\u003e error message that reported required and found generic type counts in the wrong order. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2961\"\u003e#2961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a few bugs. Two potential index out of bounds scenarios, and one cache of an invalid result. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2942\"\u003e#2942\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/40e6b410825813d1d394d7371c5ca31cad17f517\"\u003e\u003ccode\u003e40e6b41\u003c/code\u003e\u003c/a\u003e release: update changelog for release \u003ccode\u003ev1.14.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/openfga/openfga/issues/3040\"\u003e#3040\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/6b69a3b6f7aa4f3252f06bf77048bb7c8b9c7f23\"\u003e\u003ccode\u003e6b69a3b\u003c/code\u003e\u003c/a\u003e batch check cache (\u003ca href=\"https://redirect.github.com/openfga/openfga/issues/3025\"\u003e#3025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/81373f28921554ab41232af10f762180d461a776\"\u003e\u003ccode\u003e81373f2\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/1de968515cd4e0a98e809f5cc0e274d298824388\"\u003e\u003ccode\u003e1de9685\u003c/code\u003e\u003c/a\u003e feat: add stats on tuple iterator query (\u003ca href=\"https://redirect.github.com/openfga/openfga/issues/3030\"\u003e#3030\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/68e053f3237d1b3ff2a98d4683eb6b96415aee55\"\u003e\u003ccode\u003e68e053f\u003c/code\u003e\u003c/a\u003e fix: remove unnecessary non-deterministic test (\u003ca href=\"https://redirect.github.com/openfga/openfga/issues/3038\"\u003e#3038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/8373f2888c272c18d34cf3c096886671f3e73208\"\u003e\u003ccode\u003e8373f28\u003c/code\u003e\u003c/a\u003e remove unnecessary import (\u003ca href=\"https://redirect.github.com/openfga/openfga/issues/3032\"\u003e#3032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/342a78306ec83e025ee78ec7d17cdba2063d718a\"\u003e\u003ccode\u003e342a783\u003c/code\u003e\u003c/a\u003e perf: improve the intersection algorithm, reducing latency and memory use (\u003ca href=\"https://redirect.github.com/openfga/openfga/issues/3\"\u003e#3\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/c75b5f0a4c6e503b1af04c8555f52ee4e037979d\"\u003e\u003ccode\u003ec75b5f0\u003c/code\u003e\u003c/a\u003e fix: ListObjects pipeline algorithm enhancements and fix for potential deadlo...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/1a44a05316e001165b3ea0e22e71a107c785ddc5\"\u003e\u003ccode\u003e1a44a05\u003c/code\u003e\u003c/a\u003e chore: Also update openfga/helm-charts in release script (\u003ca href=\"https://redirect.github.com/openfga/openfga/issues/3010\"\u003e#3010\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/60dd7f563d36413e481cbfbd634e6549cef15588\"\u003e\u003ccode\u003e60dd7f5\u003c/code\u003e\u003c/a\u003e chore: update CICD to enforce GRPC healthprobe changes (\u003ca href=\"https://redirect.github.com/openfga/openfga/issues/2990\"\u003e#2990\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/openfga/openfga/compare/v1.11.3...v1.14.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel/sdk` from 1.40.0 to 1.42.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel/sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.43.0/0.65.0/0.19.0] 2026-04-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eIsRandom\u003c/code\u003e and \u003ccode\u003eWithRandom\u003c/code\u003e on \u003ccode\u003eTraceFlags\u003c/code\u003e, and \u003ccode\u003eIsRandom\u003c/code\u003e on \u003ccode\u003eSpanContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e for \u003ca href=\"https://www.w3.org/TR/trace-context-2/#random-trace-id-flag\"\u003eW3C Trace Context Level 2 Random Trace ID Flag\u003c/a\u003e support. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012\"\u003e#8012\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd service detection with \u003ccode\u003eWithService\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642\"\u003e#7642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eDefaultWithContext\u003c/code\u003e and \u003ccode\u003eEnvironmentWithContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to support plumbing \u003ccode\u003econtext.Context\u003c/code\u003e through default and environment detectors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051\"\u003e#8051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for per-series start time tracking for cumulative metrics in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e.\nSet \u003ccode\u003eOTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true\u003c/code\u003e to enable. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060\"\u003e#8060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eWithCardinalityLimitSelector\u003c/code\u003e for metric reader for configuring cardinality limits specific to the instrument kind. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855\"\u003e#7855\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce the \u003ccode\u003eEMPTY\u003c/code\u003e Type in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to reflect that an empty value is now a valid value, with \u003ccode\u003eINVALID\u003c/code\u003e remaining as a deprecated alias of \u003ccode\u003eEMPTY\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove slice handling in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to optimize short slice values with fixed-size fast paths. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039\"\u003e#8039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of span metric recording in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e by returning early if self-observability is not enabled. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067\"\u003e#8067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove formatting of metric data diffs in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073\"\u003e#8073\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eINVALID\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e. Use \u003ccode\u003eEMPTY\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn spec-compliant \u003ccode\u003eTraceIdRatioBased\u003c/code\u003e description. This is a breaking behavioral change, but it is necessary to\nmake the implementation \u003ca href=\"https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased\"\u003espec-compliant\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027\"\u003e#8027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a race condition in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056\"\u003e#8056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithHostID\u003c/code\u003e detector in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to use full path for \u003ccode\u003ekenv\u003c/code\u003e command on BSD. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix missing \u003ccode\u003erequest.GetBody\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to correctly handle HTTP2 GOAWAY frame. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.40.0\u003c/code\u003e package.\nThe package contains semantic conventions from the \u003ccode\u003ev1.40.0\u003c/code\u003e version of the OpenTelemetry Semantic Conventions.\nSee the \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.40.0/MIGRATION.md\"\u003emigration documentation\u003c/a\u003e for information on how to upgrade from \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.39.0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7985\"\u003e#7985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/9276201a64b623606e3eaa0d61ae8ee6d62756c0\"\u003e\u003ccode\u003e9276201\u003c/code\u003e\u003c/a\u003e Release v1.43.0 / v0.65.0 / v0.19.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8128\"\u003e#8128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/61b8c9466c4e6b17e69b622279fe9b63fb15c89a\"\u003e\u003ccode\u003e61b8c94\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8131\"\u003e#8131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/97a086e82ffe01502f4c620e9c447efa229e2a23\"\u003e\u003ccode\u003e97a086e\u003c/code\u003e\u003c/a\u003e chore(deps): update github.com/golangci/dupl digest to c99c5cf (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8122\"\u003e#8122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/5e363de517dba6db62736b2f5cdef0e0929b4cd0\"\u003e\u003ccode\u003e5e363de\u003c/code\u003e\u003c/a\u003e limit response body size for OTLP HTTP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/35214b60138eac8dec97a2d2b851d8c8471680c7\"\u003e\u003ccode\u003e35214b6\u003c/code\u003e\u003c/a\u003e Use an absolute path when calling bsd kenv (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/290024ceaf695f9cdbf29a0c6731a317d92bc361\"\u003e\u003ccode\u003e290024c\u003c/code\u003e\u003c/a\u003e fix(deps): update module google.golang.org/grpc to v1.80.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8121\"\u003e#8121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/e70658e098033d6bb5ec1b399de16bbb2642f6dc\"\u003e\u003ccode\u003ee70658e\u003c/code\u003e\u003c/a\u003e fix: support getBody in otelploghttp (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/4afe468e3b4859c949a1c1e8d92684d43d86ef8a\"\u003e\u003ccode\u003e4afe468\u003c/code\u003e\u003c/a\u003e fix(deps): update googleapis to 9d38bb4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8117\"\u003e#8117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/b9ca729776309e3c08fe700c131797a3b4d10634\"\u003e\u003ccode\u003eb9ca729\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8115\"\u003e#8115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/69472ec56cb7674d55ca2e2bcb04dea73228ab79\"\u003e\u003ccode\u003e69472ec\u003c/code\u003e\u003c/a\u003e chore(deps): update fossas/fossa-action action to v1.9.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8118\"\u003e#8118\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/compare/v1.40.0...v1.43.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream` from 1.7.3 to 1.7.8\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/e3b97d2a02cd4e27c40224f05aa1a7deba24abe2\"\u003e\u003ccode\u003ee3b97d2\u003c/code\u003e\u003c/a\u003e Release 2023-10-12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/863010ddb23c242c2a5d49d9f40094a6a49b5525\"\u003e\u003ccode\u003e863010d\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/6946ef8b9149fe75ac1b427ca2c7f57cdcb64549\"\u003e\u003ccode\u003e6946ef8\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/6d93ded4536184d38a664b4b75dadd36cbd79878\"\u003e\u003ccode\u003e6d93ded\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/bebc232e7f65b02d0b519d11e73cf925c38e716f\"\u003e\u003ccode\u003ebebc232\u003c/code\u003e\u003c/a\u003e fix: fail to load config if configured profile doesn't exist (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/2309\"\u003e#2309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/5de46742b7fb1b72d93d344ee81568800a707267\"\u003e\u003ccode\u003e5de4674\u003c/code\u003e\u003c/a\u003e fix DNS timeout error not retried (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/2300\"\u003e#2300\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/e155bb72a2ec20ec61db50fc3d4568e373fa4b63\"\u003e\u003ccode\u003ee155bb7\u003c/code\u003e\u003c/a\u003e Release 2023-10-06\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/9d342ba33937c562d215f317a37dea121ee9763d\"\u003e\u003ccode\u003e9d342ba\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/1df99141a143a38570d64a182ed972ce9e3dba65\"\u003e\u003ccode\u003e1df9914\u003c/code\u003e\u003c/a\u003e Update SDK's smithy-go dependency to v1.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/32ada3a191ac770b1b24164b667692183fc77ed9\"\u003e\u003ccode\u003e32ada3a\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/service/m2/v1.7.3...service/m2/v1.7.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` from 1.40.0 to 1.41.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.43.0/0.65.0/0.19.0] 2026-04-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eIsRandom\u003c/code\u003e and \u003ccode\u003eWithRandom\u003c/code\u003e on \u003ccode\u003eTraceFlags\u003c/code\u003e, and \u003ccode\u003eIsRandom\u003c/code\u003e on \u003ccode\u003eSpanContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e for \u003ca href=\"https://www.w3.org/TR/trace-context-2/#random-trace-id-flag\"\u003eW3C Trace Context Level 2 Random Trace ID Flag\u003c/a\u003e support. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012\"\u003e#8012\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd service detection with \u003ccode\u003eWithService\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642\"\u003e#7642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eDefaultWithContext\u003c/code\u003e and \u003ccode\u003eEnvironmentWithContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to support plumbing \u003ccode\u003econtext.Context\u003c/code\u003e through default and environment detectors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051\"\u003e#8051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for per-series start time tracking for cumulative metrics in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e.\nSet \u003ccode\u003eOTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true\u003c/code\u003e to enable. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060\"\u003e#8060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eWithCardinalityLimitSelector\u003c/code\u003e for metric reader for configuring cardinality limits specific to the instrument kind. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855\"\u003e#7855\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce the \u003ccode\u003eEMPTY\u003c/code\u003e Type in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to reflect that an empty value is now a valid value, with \u003ccode\u003eINVALID\u003c/code\u003e remaining as a deprecated alias of \u003ccode\u003eEMPTY\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove slice handling in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to optimize short slice values with fixed-size fast paths. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039\"\u003e#8039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of span metric recording in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e by returning early if self-observability is not enabled. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067\"\u003e#8067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove formatting of metric data diffs in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073\"\u003e#8073\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eINVALID\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e. Use \u003ccode\u003eEMPTY\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn spec-compliant \u003ccode\u003eTraceIdRatioBased\u003c/code\u003e description. This is a breaking behavioral change, but it is necessary to\nmake the implementation \u003ca href=\"https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased\"\u003espec-compliant\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027\"\u003e#8027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a race condition in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056\"\u003e#8056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithHostID\u003c/code\u003e detector in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to use full path for \u003ccode\u003ekenv\u003c/code\u003e command on BSD. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix missing \u003ccode\u003erequest.GetBody\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to correctly handle HTTP2 GOAWAY frame. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.40.0\u003c/code\u003e package.\nThe package contains semantic conventions from the \u003ccode\u003ev1.40.0\u003c/code\u003e version of the OpenTelemetry Semantic Conventions.\nSee the \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.40.0/MIGRATION.md\"\u003emigration documentation\u003c/a\u003e for information on how to upgrade from \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.39.0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7985\"\u003e#7985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/9276201a64b623606e3eaa0d61ae8ee6d62756c0\"\u003e\u003ccode\u003e9276201\u003c/code\u003e\u003c/a\u003e Release v1.43.0 / v0.65.0 / v0.19.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8128\"\u003e#8128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/61b8c9466c4e6b17e69b622279fe9b63fb15c89a\"\u003e\u003ccode\u003e61b8c94\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8131\"\u003e#8131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/97a086e82ffe01502f4c620e9c447efa229e2a23\"\u003e\u003ccode\u003e97a086e\u003c/code\u003e\u003c/a\u003e chore(deps): update github.com/golangci/dupl digest to c99c5cf (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8122\"\u003e#8122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/5e363de517dba6db62736b2f5cdef0e0929b4cd0\"\u003e\u003ccode\u003e5e363de\u003c/code\u003e\u003c/a\u003e limit response body size for OTLP HTTP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/35214b60138eac8dec97a2d2b851d8c8471680c7\"\u003e\u003ccode\u003e35214b6\u003c/code\u003e\u003c/a\u003e Use an absolute path when calling bsd kenv (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/290024ceaf695f9cdbf29a0c6731a317d92bc361\"\u003e\u003ccode\u003e290024c\u003c/code\u003e\u003c/a\u003e fix(deps): update module google.golang.org/grpc to v1.80.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8121\"\u003e#8121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/e70658e098033d6bb5ec1b399de16bbb2642f6dc\"\u003e\u003ccode\u003ee70658e\u003c/code\u003e\u003c/a\u003e fix: support getBody in otelploghttp (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/4afe468e3b4859c949a1c1e8d92684d43d86ef8a\"\u003e\u003ccode\u003e4afe468\u003c/code\u003e\u003c/a\u003e fix(deps): update googleapis to 9d38bb4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8117\"\u003e#8117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/b9ca729776309e3c08fe700c131797a3b4d10634\"\u003e\u003ccode\u003eb9ca729\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8115\"\u003e#8115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/69472ec56cb7674d55ca2e2bcb04dea73228ab79\"\u003e\u003ccode\u003e69472ec\u003c/code\u003e\u003c/a\u003e chore(deps): update fossas/fossa-action action to v1.9.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8118\"\u003e#8118\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/compare/v1.40.0...v1.43.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/gohugoio/hugo` from 0.147.6 to 0.159.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.159.2\u003c/h2\u003e\n\u003cp\u003eNote that the security fix below is not a potential threat if you either:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTrust your Markdown content files.\u003c/li\u003e\n\u003cli\u003eHave custom \u003ca href=\"https://gohugo.io/render-hooks/\"\u003erender hook template\u003c/a\u003e for links and images.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eEDIT IN: This release also adds release archives for non-extended-withdeploy builds.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix potential content XSS by escaping dangerous URLs in Markdown links and images 479fe6c6 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eresources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser df520e31 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14684\"\u003e#14684\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.1\u003c/h2\u003e\n\u003cp\u003eThe regression fixed in this release isn't new, but it's so subtle that we thought we'd release this sooner rather than later. For some time now, the minifier we use have stripped namespaced attributes in SVGs, which broke dynamic constructs using e.g. \u003ca href=\"https://alpinejs.dev/directives/bind\"\u003eAlpineJS' x-bind:\u003c/a\u003e namespace (library used by Hugo's \u003ca href=\"https://gohugo.io/\"\u003edocumentation site\u003c/a\u003e).\u003c/p\u003e\n\u003cp\u003eTo fix this, the upstream library has hadded a \u003ccode\u003ekeepNamespaces\u003c/code\u003e slice option. It was not possible to find a default that would make all happy, so we opted for an option that at least would make AlpineJS sites work out of the box:\u003c/p\u003e\n\u003cpre lang=\"toml\"\u003e\u003ccode\u003e [minify.tdewolff.svg]\r\n      keepNamespaces = ['', 'x-bind']\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eminifiers: Keep x-bind and blank namespace in SVG minification 42289d76 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14669\"\u003e#14669\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.0\u003c/h2\u003e\n\u003cp\u003eThis release greatly improves and simplifies management of Node.js/npm dependencies in a multi-module setup. See \u003ca href=\"https://gohugo.io/hugo-modules/nodejs-dependencies/\"\u003ethis page\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eNote\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace deprecated site.Data with hugo.Data in tests a8fca598 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated excludeFiles and includeFiles with files in tests 182b1045 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated :filename with :contentbasename in the permalinks test eb11c3d0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etpl/tplimpl: Fix Vimeo shortcode test eaf4c751 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14649\"\u003e#14649\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImprovements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ecreate: Return error instead of panic when page not found 807cae1d \u003ca href=\"https://github.com/mango766\"\u003e\u003ccode\u003e@​mango766\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14112\"\u003e#14112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommands: Preserve non-content files in convert output c4fb61d9 \u003ca href=\"https://github.com/xndvaz\"\u003e\u003ccode\u003e@​xndvaz\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/4621\"\u003e#4621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003enpm: Use workspaces to simplify \u003ccode\u003ehugo mod npm pack\u003c/code\u003e d88a29e0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/5f4646acaad89e1166aac118e118b0d28013f460\"\u003e\u003ccode\u003e5f4646a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/479fe6c654937a850b65e74551dc4e857d52898f\"\u003e\u003ccode\u003e479fe6c\u003c/code\u003e\u003c/a\u003e Fix potential content XSS by escaping dangerous URLs in links and images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/81a5cdca0788ca39574a17d444c9db29d0b19e27\"\u003e\u003ccode\u003e81a5cdc\u003c/code\u003e\u003c/a\u003e releaser: Add standard withdeploy release assets\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/df520e315087210e069050a873fb5e208659af91\"\u003e\u003ccode\u003edf520e3\u003c/code\u003e\u003c/a\u003e resources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/b55d452e46e81369a65978459a0683efa484c11b\"\u003e\u003ccode\u003eb55d452\u003c/code\u003e\u003c/a\u003e testing: Simplify line ending handling in tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/ea7eac65589a7c6e138a2dfba12615335b29bef3\"\u003e\u003ccode\u003eea7eac6\u003c/code\u003e\u003c/a\u003e readme: Update Go version to 1.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/458ebdd448492d82113b0149886f2b5f8e7b91a4\"\u003e\u003ccode\u003e458ebdd\u003c/code\u003e\u003c/a\u003e releaser: Prepare repository for 0.160.0-DEV\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/86c7d3afacab79dc53325602d77ef884b7570268\"\u003e\u003ccode\u003e86c7d3a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/42289d76f9ccac052c22b84d7024e64cfb0a683b\"\u003e\u003ccode\u003e42289d7\u003c/code\u003e\u003c/a\u003e minifiers: Keep x-bind and blank namespace in SVG minification\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/0c013c2326be1bbebba9a9f89d27072074fc6cc4\"\u003e\u003ccode\u003e0c013c2\u003c/code\u003e\u003c/a\u003e Adjust depreceated syntax in tests\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.147.6...v0.159.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-jose/go-jose/releases\"\u003egithub.com/go-jose/go-jose/v4's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eFixes Panic in JWE decryption. See \u003ca href=\"https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8\"\u003ehttps://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ehttps://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9\"\u003e\u003ccode\u003e0e59876\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/ddffdbcec8bdadea8e02a20bdf19239878228215\"\u003e\u003ccode\u003eddffdbc\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/go-jose/go-jose/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel/sdk` from 1.40.0 to 1.43.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel/sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.43.0/0.65.0/0.19.0] 2026-04-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eIsRandom\u003c/code\u003e and \u003ccode\u003eWithRandom\u003c/code\u003e on \u003ccode\u003eTraceFlags\u003c/code\u003e, and \u003ccode\u003eIsRandom\u003c/code\u003e on \u003ccode\u003eSpanContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e for \u003ca href=\"https://www.w3.org/TR/trace-context-2/#random-trace-id-flag\"\u003eW3C Trace Context Level 2 Random Trace ID Flag\u003c/a\u003e support. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012\"\u003e#8012\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd service detection with \u003ccode\u003eWithService\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642\"\u003e#7642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eDefaultWithContext\u003c/code\u003e and \u003ccode\u003eEnvironmentWithContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to support plumbing \u003ccode\u003econtext.Context\u003c/code\u003e through default and environment detectors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051\"\u003e#8051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for per-series start time tracking for cumulative metrics in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e.\nSet \u003ccode\u003eOTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true\u003c/code\u003e to enable. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060\"\u003e#8060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eWithCardinalityLimitSelector\u003c/code\u003e for metric reader for configuring cardinality limits specific to the instrument kind. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855\"\u003e#7855\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce the \u003ccode\u003eEMPTY\u003c/code\u003e Type in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to reflect that an empty value is now a valid value, with \u003ccode\u003eINVALID\u003c/code\u003e remaining as a deprecated alias of \u003ccode\u003eEMPTY\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove slice handling in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to optimize short slice values with fixed-size fast paths. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039\"\u003e#8039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of span metric recording in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e by returning early if self-observability is not enabled. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067\"\u003e#8067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove formatting of metric data diffs in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073\"\u003e#8073\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eINVALID\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e. Use \u003ccode\u003eEMPTY\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn spec-compliant \u003ccode\u003eTraceIdRatioBased\u003c/code\u003e description. This is a breaking behavioral change, but it is necessary to\nmake the implementation \u003ca href=\"https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased\"\u003espec-compliant\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027\"\u003e#8027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a race condition in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056\"\u003e#8056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithHostID\u003c/code\u003e detector in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to use full path for \u003ccode\u003ekenv\u003c/code\u003e command on BSD. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix missing \u003ccode\u003erequest.GetBody\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to correctly handle HTTP2 GOAWAY frame. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.40.0\u003c/code\u003e package.\nThe package contains semantic conventions from the \u003ccode\u003ev1.40.0\u003c/code\u003e version of the OpenTelemetry Semantic Conventions.\nSee the \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.40.0/MIGRATION.md\"\u003emigration documentation\u003c/a\u003e for information on how to upgrade from \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.39.0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7985\"\u003e#7985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/9276201a64b623606e3eaa0d61ae8ee6d62756c0\"\u003e\u003ccode\u003e9276201\u003c/code\u003e\u003c/a\u003e Release v1.43.0 / v0.65.0 / v0.19.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8128\"\u003e#8128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/61b8c9466c4e6b17e69b622279fe9b63fb15c89a\"\u003e\u003ccode\u003e61b8c94\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8131\"\u003e#8131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/97a086e82ffe01502f4c620e9c447efa229e2a23\"\u003e\u003ccode\u003e97a086e\u003c/code\u003e\u003c/a\u003e chore(deps): update github.com/golangci/dupl digest to c99c5cf (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8122\"\u003e#8122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/5e363de517dba6db62736b2f5cdef0e0929b4cd0\"\u003e\u003ccode\u003e5e363de\u003c/code\u003e\u003c/a\u003e limit response body size for OTLP HTTP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/35214b60138eac8dec97a2d2b851d8c8471680c7\"\u003e\u003ccode\u003e35214b6\u003c/code\u003e\u003c/a\u003e Use an absolute path when calling bsd kenv (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/290024ceaf695f9cdbf29a0c6731a317d92bc361\"\u003e\u003ccode\u003e290024c\u003c/code\u003e\u003c/a\u003e fix(deps): update module google.golang.org/grpc to v1.80.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8121\"\u003e#8121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/e70658e098033d6bb5ec1b399de16bbb2642f6dc\"\u003e\u003ccode\u003ee70658e\u003c/code\u003e\u003c/a\u003e fix: support getBody in otelploghttp (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/4afe468e3b4859c949a1c1e8d92684d43d86ef8a\"\u003e\u003ccode\u003e4afe468\u003c/code\u003e\u003c/a\u003e fix(deps): update googleapis to 9d38bb4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8117\"\u003e#8117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/b9ca729776309e3c08fe700c131797a3b4d10634\"\u003e\u003ccode\u003eb9ca729\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8115\"\u003e#8115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/69472ec56cb7674d55ca2e2bcb04dea73228ab79\"\u003e\u003ccode\u003e69472ec\u003c/code\u003e\u003c/a\u003e chore(deps): update fossas/fossa-action action to v1.9.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8118\"\u003e#8118\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/compare/v1.40.0...v1.43.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` from 1.40.0 to 1.43.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.43.0/0.65.0/0.19.0] 2026-04-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eIsRandom\u003c/code\u003e and \u003ccode\u003eWithRandom\u003c/code\u003e on \u003ccode\u003eTraceFlags\u003c/code\u003e, and \u003ccode\u003eIsRandom\u003c...\n\n_Description has been truncated_","html_url":"https://github.com/RalphHightower/grafana/pull/48","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/RalphHightower%2Fgrafana/issues/48","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/48/packages"}},{"old_version":"0.101.0","new_version":"0.159.2","update_type":"minor","path":"/scripts in the go_modules group across 1 directory","pr_created_at":"2026-04-04T22:46:51.000Z","version_change":"0.101.0 → 0.159.2","issue":{"uuid":"4205955228","node_id":"PR_kwDONtBya87P_ulP","number":239,"state":"open","title":"build(deps): bump github.com/gohugoio/hugo from 0.101.0 to 0.159.2 in /scripts in the go_modules group across 1 directory","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-04T22:46:51.000Z","updated_at":"2026-04-04T22:46:54.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.101.0","new_version":"0.159.2","repository_url":"https://github.com/gohugoio/hugo"}],"path":"/scripts in the go_modules group across 1 directory","ecosystem":"go"},"body":"Bumps the go_modules group with 1 update in the /scripts directory: [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo).\n\nUpdates `github.com/gohugoio/hugo` from 0.101.0 to 0.159.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.159.2\u003c/h2\u003e\n\u003cp\u003eNote that the security fix below is not a potential threat if you either:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTrust your Markdown content files.\u003c/li\u003e\n\u003cli\u003eHave custom \u003ca href=\"https://gohugo.io/render-hooks/\"\u003erender hook template\u003c/a\u003e for links and images.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eEDIT IN: This release also adds release archives for non-extended-withdeploy builds.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix potential content XSS by escaping dangerous URLs in Markdown links and images 479fe6c6 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eresources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser df520e31 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14684\"\u003e#14684\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.1\u003c/h2\u003e\n\u003cp\u003eThe regression fixed in this release isn't new, but it's so subtle that we thought we'd release this sooner rather than later. For some time now, the minifier we use have stripped namespaced attributes in SVGs, which broke dynamic constructs using e.g. \u003ca href=\"https://alpinejs.dev/directives/bind\"\u003eAlpineJS' x-bind:\u003c/a\u003e namespace (library used by Hugo's \u003ca href=\"https://gohugo.io/\"\u003edocumentation site\u003c/a\u003e).\u003c/p\u003e\n\u003cp\u003eTo fix this, the upstream library has hadded a \u003ccode\u003ekeepNamespaces\u003c/code\u003e slice option. It was not possible to find a default that would make all happy, so we opted for an option that at least would make AlpineJS sites work out of the box:\u003c/p\u003e\n\u003cpre lang=\"toml\"\u003e\u003ccode\u003e [minify.tdewolff.svg]\r\n      keepNamespaces = ['', 'x-bind']\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eminifiers: Keep x-bind and blank namespace in SVG minification 42289d76 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14669\"\u003e#14669\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.0\u003c/h2\u003e\n\u003cp\u003eThis release greatly improves and simplifies management of Node.js/npm dependencies in a multi-module setup. See \u003ca href=\"https://gohugo.io/hugo-modules/nodejs-dependencies/\"\u003ethis page\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eNote\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace deprecated site.Data with hugo.Data in tests a8fca598 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated excludeFiles and includeFiles with files in tests 182b1045 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated :filename with :contentbasename in the permalinks test eb11c3d0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etpl/tplimpl: Fix Vimeo shortcode test eaf4c751 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14649\"\u003e#14649\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImprovements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ecreate: Return error instead of panic when page not found 807cae1d \u003ca href=\"https://github.com/mango766\"\u003e\u003ccode\u003e@​mango766\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14112\"\u003e#14112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommands: Preserve non-content files in convert output c4fb61d9 \u003ca href=\"https://github.com/xndvaz\"\u003e\u003ccode\u003e@​xndvaz\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/4621\"\u003e#4621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003enpm: Use workspaces to simplify \u003ccode\u003ehugo mod npm pack\u003c/code\u003e d88a29e0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/5f4646acaad89e1166aac118e118b0d28013f460\"\u003e\u003ccode\u003e5f4646a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/479fe6c654937a850b65e74551dc4e857d52898f\"\u003e\u003ccode\u003e479fe6c\u003c/code\u003e\u003c/a\u003e Fix potential content XSS by escaping dangerous URLs in links and images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/81a5cdca0788ca39574a17d444c9db29d0b19e27\"\u003e\u003ccode\u003e81a5cdc\u003c/code\u003e\u003c/a\u003e releaser: Add standard withdeploy release assets\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/df520e315087210e069050a873fb5e208659af91\"\u003e\u003ccode\u003edf520e3\u003c/code\u003e\u003c/a\u003e resources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/b55d452e46e81369a65978459a0683efa484c11b\"\u003e\u003ccode\u003eb55d452\u003c/code\u003e\u003c/a\u003e testing: Simplify line ending handling in tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/ea7eac65589a7c6e138a2dfba12615335b29bef3\"\u003e\u003ccode\u003eea7eac6\u003c/code\u003e\u003c/a\u003e readme: Update Go version to 1.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/458ebdd448492d82113b0149886f2b5f8e7b91a4\"\u003e\u003ccode\u003e458ebdd\u003c/code\u003e\u003c/a\u003e releaser: Prepare repository for 0.160.0-DEV\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/86c7d3afacab79dc53325602d77ef884b7570268\"\u003e\u003ccode\u003e86c7d3a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/42289d76f9ccac052c22b84d7024e64cfb0a683b\"\u003e\u003ccode\u003e42289d7\u003c/code\u003e\u003c/a\u003e minifiers: Keep x-bind and blank namespace in SVG minification\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/0c013c2326be1bbebba9a9f89d27072074fc6cc4\"\u003e\u003ccode\u003e0c013c2\u003c/code\u003e\u003c/a\u003e Adjust depreceated syntax in tests\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.101.0...v0.159.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo\u0026package-manager=go_modules\u0026previous-version=0.101.0\u0026new-version=0.159.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/AKJUS/prometheus-operator/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/AKJUS/prometheus-operator/pull/239","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AKJUS%2Fprometheus-operator/issues/239","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/239/packages"}},{"old_version":"0.82.0","new_version":"0.159.2","update_type":"minor","path":"/bertytech in the go_modules group across 1 directory","pr_created_at":"2026-04-03T23:42:14.000Z","version_change":"0.82.0 → 0.159.2","issue":{"uuid":"4202601341","node_id":"PR_kwDONHKyW87P5Aet","number":1,"state":"open","title":"chore(deps): bump github.com/gohugoio/hugo from 0.82.0 to 0.159.2 in /bertytech in the go_modules group across 1 directory","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-03T23:42:14.000Z","updated_at":"2026-04-03T23:53:00.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.82.0","new_version":"0.159.2","repository_url":"https://github.com/gohugoio/hugo"}],"path":"/bertytech in the go_modules group across 1 directory","ecosystem":"go"},"body":"Bumps the go_modules group with 1 update in the /bertytech directory: [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo).\n\nUpdates `github.com/gohugoio/hugo` from 0.82.0 to 0.159.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.159.2\u003c/h2\u003e\n\u003cp\u003eNote that the security fix below is not a potential threat if you either:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTrust your Markdown content files.\u003c/li\u003e\n\u003cli\u003eHave custom \u003ca href=\"https://gohugo.io/render-hooks/\"\u003erender hook template\u003c/a\u003e for links and images.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eEDIT IN: This release also adds release archives for non-extended-withdeploy builds.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix potential content XSS by escaping dangerous URLs in Markdown links and images 479fe6c6 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eresources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser df520e31 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14684\"\u003e#14684\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.1\u003c/h2\u003e\n\u003cp\u003eThe regression fixed in this release isn't new, but it's so subtle that we thought we'd release this sooner rather than later. For some time now, the minifier we use have stripped namespaced attributes in SVGs, which broke dynamic constructs using e.g. \u003ca href=\"https://alpinejs.dev/directives/bind\"\u003eAlpineJS' x-bind:\u003c/a\u003e namespace (library used by Hugo's \u003ca href=\"https://gohugo.io/\"\u003edocumentation site\u003c/a\u003e).\u003c/p\u003e\n\u003cp\u003eTo fix this, the upstream library has hadded a \u003ccode\u003ekeepNamespaces\u003c/code\u003e slice option. It was not possible to find a default that would make all happy, so we opted for an option that at least would make AlpineJS sites work out of the box:\u003c/p\u003e\n\u003cpre lang=\"toml\"\u003e\u003ccode\u003e [minify.tdewolff.svg]\r\n      keepNamespaces = ['', 'x-bind']\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eminifiers: Keep x-bind and blank namespace in SVG minification 42289d76 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14669\"\u003e#14669\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.0\u003c/h2\u003e\n\u003cp\u003eThis release greatly improves and simplifies management of Node.js/npm dependencies in a multi-module setup. See \u003ca href=\"https://gohugo.io/hugo-modules/nodejs-dependencies/\"\u003ethis page\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eNote\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace deprecated site.Data with hugo.Data in tests a8fca598 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated excludeFiles and includeFiles with files in tests 182b1045 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated :filename with :contentbasename in the permalinks test eb11c3d0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etpl/tplimpl: Fix Vimeo shortcode test eaf4c751 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14649\"\u003e#14649\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImprovements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ecreate: Return error instead of panic when page not found 807cae1d \u003ca href=\"https://github.com/mango766\"\u003e\u003ccode\u003e@​mango766\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14112\"\u003e#14112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommands: Preserve non-content files in convert output c4fb61d9 \u003ca href=\"https://github.com/xndvaz\"\u003e\u003ccode\u003e@​xndvaz\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/4621\"\u003e#4621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003enpm: Use workspaces to simplify \u003ccode\u003ehugo mod npm pack\u003c/code\u003e d88a29e0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/5f4646acaad89e1166aac118e118b0d28013f460\"\u003e\u003ccode\u003e5f4646a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/479fe6c654937a850b65e74551dc4e857d52898f\"\u003e\u003ccode\u003e479fe6c\u003c/code\u003e\u003c/a\u003e Fix potential content XSS by escaping dangerous URLs in links and images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/81a5cdca0788ca39574a17d444c9db29d0b19e27\"\u003e\u003ccode\u003e81a5cdc\u003c/code\u003e\u003c/a\u003e releaser: Add standard withdeploy release assets\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/df520e315087210e069050a873fb5e208659af91\"\u003e\u003ccode\u003edf520e3\u003c/code\u003e\u003c/a\u003e resources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/b55d452e46e81369a65978459a0683efa484c11b\"\u003e\u003ccode\u003eb55d452\u003c/code\u003e\u003c/a\u003e testing: Simplify line ending handling in tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/ea7eac65589a7c6e138a2dfba12615335b29bef3\"\u003e\u003ccode\u003eea7eac6\u003c/code\u003e\u003c/a\u003e readme: Update Go version to 1.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/458ebdd448492d82113b0149886f2b5f8e7b91a4\"\u003e\u003ccode\u003e458ebdd\u003c/code\u003e\u003c/a\u003e releaser: Prepare repository for 0.160.0-DEV\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/86c7d3afacab79dc53325602d77ef884b7570268\"\u003e\u003ccode\u003e86c7d3a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/42289d76f9ccac052c22b84d7024e64cfb0a683b\"\u003e\u003ccode\u003e42289d7\u003c/code\u003e\u003c/a\u003e minifiers: Keep x-bind and blank namespace in SVG minification\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/0c013c2326be1bbebba9a9f89d27072074fc6cc4\"\u003e\u003ccode\u003e0c013c2\u003c/code\u003e\u003c/a\u003e Adjust depreceated syntax in tests\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.82.0...v0.159.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo\u0026package-manager=go_modules\u0026previous-version=0.82.0\u0026new-version=0.159.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/loveyou001/www.berty.tech/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/loveyou001/www.berty.tech/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/loveyou001%2Fwww.berty.tech/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"0.147.6","new_version":"0.159.2","update_type":"minor","path":null,"pr_created_at":"2026-04-03T23:41:53.000Z","version_change":"0.147.6 → 0.159.2","issue":{"uuid":"4202600348","node_id":"PR_kwDOMkcOX87P5ARJ","number":45,"state":"closed","title":"Chore(deps): Bump the go_modules group across 14 directories with 3 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-08T19:30:36.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-03T23:41:53.000Z","updated_at":"2026-04-08T19:30:39.000Z","time_to_close":416923,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Chore(deps): Bump","group_name":"go_modules","update_count":3,"packages":[{"name":"github.com/go-jose/go-jose/v4","old_version":"4.1.3","new_version":"4.1.4","repository_url":"https://github.com/go-jose/go-jose"},{"name":"github.com/openfga/openfga","old_version":"1.11.3","new_version":"1.13.1","repository_url":"https://github.com/openfga/openfga"},{"name":"github.com/gohugoio/hugo","old_version":"0.147.6","new_version":"0.159.2","repository_url":"https://github.com/gohugoio/hugo"},{"name":"github.com/go-jose/go-jose/v4","old_version":"4.1.3","new_version":"4.1.4","repository_url":"https://github.com/go-jose/go-jose"},{"name":"github.com/go-jose/go-jose/v4","old_version":"4.1.3","new_version":"4.1.4","repository_url":"https://github.com/go-jose/go-jose"},{"name":"github.com/go-jose/go-jose/v4","old_version":"4.1.3","new_version":"4.1.4","repository_url":"https://github.com/go-jose/go-jose"},{"name":"github.com/go-jose/go-jose/v4","old_version":"4.1.3","new_version":"4.1.4","repository_url":"https://github.com/go-jose/go-jose"},{"name":"github.com/go-jose/go-jose/v4","old_version":"4.1.3","new_version":"4.1.4","repository_url":"https://github.com/go-jose/go-jose"},{"name":"github.com/go-jose/go-jose/v4","old_version":"4.1.3","new_version":"4.1.4","repository_url":"https://github.com/go-jose/go-jose"},{"name":"github.com/go-jose/go-jose/v4","old_version":"4.1.3","new_version":"4.1.4","repository_url":"https://github.com/go-jose/go-jose"},{"name":"github.com/go-jose/go-jose/v4","old_version":"4.1.3","new_version":"4.1.4","repository_url":"https://github.com/go-jose/go-jose"},{"name":"github.com/go-jose/go-jose/v4","old_version":"4.1.3","new_version":"4.1.4","repository_url":"https://github.com/go-jose/go-jose"},{"name":"github.com/go-jose/go-jose/v4","old_version":"4.1.3","new_version":"4.1.4","repository_url":"https://github.com/go-jose/go-jose"},{"name":"github.com/go-jose/go-jose/v4","old_version":"4.1.3","new_version":"4.1.4","repository_url":"https://github.com/go-jose/go-jose"},{"name":"github.com/go-jose/go-jose/v4","old_version":"4.1.3","new_version":"4.1.4","repository_url":"https://github.com/go-jose/go-jose"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 2 updates in the / directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) and [github.com/openfga/openfga](https://github.com/openfga/openfga).\nBumps the go_modules group with 1 update in the /.citools/src/air directory: [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo).\nBumps the go_modules group with 1 update in the /apps/advisor directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose).\nBumps the go_modules group with 1 update in the /apps/dashboard directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose).\nBumps the go_modules group with 1 update in the /apps/dashvalidator directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose).\nBumps the go_modules group with 1 update in the /apps/example directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose).\nBumps the go_modules group with 1 update in the /apps/plugins directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose).\nBumps the go_modules group with 1 update in the /apps/provisioning directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose).\nBumps the go_modules group with 1 update in the /apps/quotas directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose).\nBumps the go_modules group with 1 update in the /apps/shorturl directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose).\nBumps the go_modules group with 1 update in the /pkg/apimachinery directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose).\nBumps the go_modules group with 1 update in the /pkg/apiserver directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose).\nBumps the go_modules group with 1 update in the /pkg/infra/features directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose).\nBumps the go_modules group with 1 update in the /pkg/plugins directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose).\n\nUpdates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9\"\u003e\u003ccode\u003e0e59876\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/ddffdbcec8bdadea8e02a20bdf19239878228215\"\u003e\u003ccode\u003eddffdbc\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/go-jose/go-jose/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/openfga/openfga` from 1.11.3 to 1.13.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/openfga/openfga/releases\"\u003egithub.com/openfga/openfga's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.13.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security vulnerability (\u003ca href=\"https://github.com/openfga/openfga/security/advisories/GHSA-h6c8-cww8-35hf\"\u003eCVE-2026-33729\u003c/a\u003e) where Check requests with conditions and caching enabled could return incorrect cached results.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/openfga/openfga/compare/v1.13.0...v1.13.1\"\u003ehttps://github.com/openfga/openfga/compare/v1.13.0...v1.13.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.13.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAuthZen v1.0 Implementation by \u003ca href=\"https://github.com/aaguiarz\"\u003e\u003ccode\u003e@​aaguiarz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2875\"\u003eopenfga/openfga#2875\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix typos in RELEASES.md and Makefile by \u003ca href=\"https://github.com/kanywst\"\u003e\u003ccode\u003e@​kanywst\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2980\"\u003eopenfga/openfga#2980\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: capture panics in pipeline's base resolver, and return as errors. by \u003ca href=\"https://github.com/senojj\"\u003e\u003ccode\u003e@​senojj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2994\"\u003eopenfga/openfga#2994\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eobservability: aggregate message statistics for each list-objects sender into a single span by \u003ca href=\"https://github.com/senojj\"\u003e\u003ccode\u003e@​senojj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2993\"\u003eopenfga/openfga#2993\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix typos in comments by \u003ca href=\"https://github.com/archy-rock3t-cloud\"\u003e\u003ccode\u003e@​archy-rock3t-cloud\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2972\"\u003eopenfga/openfga#2972\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: Separate caches for v1 and v2 Check by \u003ca href=\"https://github.com/saad-h1\"\u003e\u003ccode\u003e@​saad-h1\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2968\"\u003eopenfga/openfga#2968\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease: update changelog for release \u003ccode\u003ev1.13.0\u003c/code\u003e by \u003ca href=\"https://github.com/poovamraj\"\u003e\u003ccode\u003e@​poovamraj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2997\"\u003eopenfga/openfga#2997\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kanywst\"\u003e\u003ccode\u003e@​kanywst\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2980\"\u003eopenfga/openfga#2980\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/openfga/openfga/compare/v1.12.1...v1.13.0\"\u003ehttps://github.com/openfga/openfga/compare/v1.12.1...v1.13.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.12.1\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe ListObjects \u0026quot;pipeline\u0026quot; algorithm ditches its custom Pipe implementation and replaces it with Go native channels. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2977\"\u003e#2977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRefactor tuple validation and manipulation functions for optimal performance. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2984\"\u003e#2984\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate grpc-go version to v1.79.3 and grpc-health-probe to v0.4.47. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2988\"\u003e#2988\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eOTEL_EXPORTER_OTLP_ENDPOINT\u003c/code\u003e not accepting URIs with schemes (e.g. \u003ccode\u003ehttp://host:4317\u003c/code\u003e). The scheme is now stripped before passing to the gRPC exporter, and an \u003ccode\u003ehttps://\u003c/code\u003e scheme enables TLS regardless of the \u003ccode\u003etrace.otlp.tls.enabled\u003c/code\u003e flag. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2981\"\u003e#2981\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/openfga/openfga/compare/v1.12.0...v1.12.1\"\u003ehttps://github.com/openfga/openfga/compare/v1.12.0...v1.12.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.12.0\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd configuration for maximum size of received gRPC message bytes. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2952\"\u003e#2952\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eHTTP gateway's internal gRPC client now uses dynamic TLS credentials that automatically update on certificate rotation via certwatcher, preventing connection failures when certificates are rotated (e.g., by cert-manager). \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2951\"\u003e#2951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTuple validation will now fail when any unicode control characters, or null bytes are present within a tuple string. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2963\"\u003e#2963\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed swapped format arguments in \u003ccode\u003eDecodeParameterType\u003c/code\u003e error message that reported required and found generic type counts in the wrong order. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2961\"\u003e#2961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a few bugs. Two potential index out of bounds scenarios, and one cache of an invalid result. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2942\"\u003e#2942\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a race condition in check reducers causing non-deterministic nested handler execution due to canceled parent context. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2947\"\u003e#2947\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue where \u003ccode\u003ecache_item_count\u003c/code\u003e was incrementing on overwrites, causing the metric to steadily drift upward. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2950\"\u003e#2950\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSet \u003ccode\u003epipeline_list_objects\u003c/code\u003e enabled by default in experimentals so that setting new experimental values does not disable it. This is required so that a user may pass in a custom featureflag client where \u003ccode\u003epipeline_list_objects\u003c/code\u003e can be disabled on a per store basis. To disable the ListObjects pipeline algorithm entirely, set \u003ccode\u003elistObjects-pipeline-enabled\u003c/code\u003e to \u003ccode\u003efalse\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2957\"\u003e#2957\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/openfga/openfga/blob/main/CHANGELOG.md\"\u003egithub.com/openfga/openfga's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.13.1] - 2026-03-24\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security vulnerability (\u003ca href=\"https://github.com/openfga/openfga/security/advisories/GHSA-h6c8-cww8-35hf\"\u003eCVE-2026-33729\u003c/a\u003e) where Check requests with conditions and caching enabled could return incorrect cached results.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.13.0] - 2026-03-23\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AuthZen 1.0 experimental support. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2875\"\u003e#2875\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent recoverable panics in list objects from terminating the process. Return an error instead. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2994\"\u003e#2994\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.12.1] - 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe ListObjects \u0026quot;pipeline\u0026quot; algorithm ditches its custom Pipe implementation and replaces it with Go native channels. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2977\"\u003e#2977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRefactor tuple validation and manipulation functions for optimal performance. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2984\"\u003e#2984\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate grpc-go version to v1.79.3 and grpc-health-probe to v0.4.47. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2988\"\u003e#2988\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eOTEL_EXPORTER_OTLP_ENDPOINT\u003c/code\u003e not accepting URIs with schemes (e.g. \u003ccode\u003ehttp://host:4317\u003c/code\u003e). The scheme is now stripped before passing to the gRPC exporter, and an \u003ccode\u003ehttps://\u003c/code\u003e scheme enables TLS regardless of the \u003ccode\u003etrace.otlp.tls.enabled\u003c/code\u003e flag. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2981\"\u003e#2981\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.12.0] - 2026-03-13\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AuthZen 1.0 experimental support. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2875\"\u003e#2875\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd configuration for maximum size of received gRPC message bytes. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2952\"\u003e#2952\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eHTTP gateway's internal gRPC client now uses dynamic TLS credentials that automatically update on certificate rotation via certwatcher, preventing connection failures when certificates are rotated (e.g., by cert-manager). \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2951\"\u003e#2951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTuple validation will now fail when any unicode control characters, or null bytes are present within a tuple string. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2963\"\u003e#2963\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed swapped format arguments in \u003ccode\u003eDecodeParameterType\u003c/code\u003e error message that reported required and found generic type counts in the wrong order. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2961\"\u003e#2961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a few bugs. Two potential index out of bounds scenarios, and one cache of an invalid result. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2942\"\u003e#2942\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a race condition in check reducers causing non-deterministic nested handler execution due to canceled parent context. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2947\"\u003e#2947\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue where \u003ccode\u003ecache_item_count\u003c/code\u003e was incrementing on overwrites, causing the metric to steadily drift upward. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2950\"\u003e#2950\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSet \u003ccode\u003epipeline_list_objects\u003c/code\u003e enabled by default in experimentals so that setting new experimental values does not disable it. This is required so that a user may pass in a custom featureflag client where \u003ccode\u003epipeline_list_objects\u003c/code\u003e can be disabled on a per store basis. To disable the ListObjects pipeline algorithm entirely, set \u003ccode\u003elistObjects-pipeline-enabled\u003c/code\u003e to \u003ccode\u003efalse\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2957\"\u003e#2957\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate toolchain go version to 1.26.1 to be latest. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2975\"\u003e#2975\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate toolchain go version to 1.25.8 to address std lib vulnerabilities \u003ca href=\"https://pkg.go.dev/vuln/GO-2026-4603\"\u003eGO-2026-4603\u003c/a\u003e and \u003ca href=\"https://pkg.go.dev/vuln/GO-2026-4601\"\u003eGO-2026-4601\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2971\"\u003e#2971\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.11.6] - 2026-02-23\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSet ListObjects pipeline as the default enabled algorithm, can be disabled by setting the \u003ccode\u003elistObjects-pipeline-enabled\u003c/code\u003e to \u003ccode\u003efalse\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2921\"\u003e#2921\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate \u003ccode\u003egrpc.DialContext\u003c/code\u003e to \u003ccode\u003egrpc.NewClient\u003c/code\u003e for grpc-gateway client \u003ca href=\"https://redirect.github.com/openfga/openfga/pull/2714\"\u003e#2714\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ca href=\"https://github.com/grpc-ecosystem/grpc-health-probe\"\u003e\u003ccode\u003egrpc-health-probe\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/grpc-ecosystem/grpc-health-probe/releases/tag/v0.4.45\"\u003ev0.4.45\u003c/a\u003e to address nvd.nist.gov/vuln/detail/CVE-2025-68121 affecting \u003ccode\u003egrpc_health_probe\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/cbb16abf8cd582012540f6d40be34b133d90ce7b\"\u003e\u003ccode\u003ecbb16ab\u003c/code\u003e\u003c/a\u003e release: update changelog for release \u003ccode\u003ev1.13.1\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/openfga/openfga/issues/3002\"\u003e#3002\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/049b50ccd2cc7e163bd897f3d17a7b859ad146f8\"\u003e\u003ccode\u003e049b50c\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/db79b31003f887741f9897ef0f24101b0861d23a\"\u003e\u003ccode\u003edb79b31\u003c/code\u003e\u003c/a\u003e release: update changelog for release \u003ccode\u003ev1.13.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/openfga/openfga/issues/2997\"\u003e#2997\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/052a6e7aa6b0e13633b2aaf4cd201d16d65cf384\"\u003e\u003ccode\u003e052a6e7\u003c/code\u003e\u003c/a\u003e refactor: Separate caches for v1 and v2 Check (\u003ca href=\"https://redirect.github.com/openfga/openfga/issues/2968\"\u003e#2968\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/d91d9c82c8ac414778102248affd8815100418f7\"\u003e\u003ccode\u003ed91d9c8\u003c/code\u003e\u003c/a\u003e docs: fix typos in comments (\u003ca href=\"https://redirect.github.com/openfga/openfga/issues/2972\"\u003e#2972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/172ff593f491808f6d280cf5ff2646304b044a5c\"\u003e\u003ccode\u003e172ff59\u003c/code\u003e\u003c/a\u003e observability: aggregate message statistics for each list-objects sender into...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/e538a8883bbe99157186236019956c9535690597\"\u003e\u003ccode\u003ee538a88\u003c/code\u003e\u003c/a\u003e fix: capture panics in pipeline's base resolver, and return as errors. (\u003ca href=\"https://redirect.github.com/openfga/openfga/issues/2994\"\u003e#2994\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/4600682aab4347a42605792f694c0944f36d462e\"\u003e\u003ccode\u003e4600682\u003c/code\u003e\u003c/a\u003e docs: fix typos in RELEASES.md and Makefile (\u003ca href=\"https://redirect.github.com/openfga/openfga/issues/2980\"\u003e#2980\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/ff2040ab015783a72cafa0c0f515baf9f1f46d2f\"\u003e\u003ccode\u003eff2040a\u003c/code\u003e\u003c/a\u003e AuthZen v1.0 Implementation (\u003ca href=\"https://redirect.github.com/openfga/openfga/issues/2875\"\u003e#2875\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openfga/openfga/commit/8f0feeecce828644e13500f9b78c7832bfb2cece\"\u003e\u003ccode\u003e8f0feee\u003c/code\u003e\u003c/a\u003e release: update changelog for release \u003ccode\u003ev1.12.1\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/openfga/openfga/issues/2992\"\u003e#2992\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/openfga/openfga/compare/v1.11.3...v1.13.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/gohugoio/hugo` from 0.147.6 to 0.159.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.159.2\u003c/h2\u003e\n\u003cp\u003eNote that the security fix below is not a potential threat if you either:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTrust your Markdown content files.\u003c/li\u003e\n\u003cli\u003eHave custom \u003ca href=\"https://gohugo.io/render-hooks/\"\u003erender hook template\u003c/a\u003e for links and images.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eEDIT IN: This release also adds release archives for non-extended-withdeploy builds.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix potential content XSS by escaping dangerous URLs in Markdown links and images 479fe6c6 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eresources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser df520e31 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14684\"\u003e#14684\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.1\u003c/h2\u003e\n\u003cp\u003eThe regression fixed in this release isn't new, but it's so subtle that we thought we'd release this sooner rather than later. For some time now, the minifier we use have stripped namespaced attributes in SVGs, which broke dynamic constructs using e.g. \u003ca href=\"https://alpinejs.dev/directives/bind\"\u003eAlpineJS' x-bind:\u003c/a\u003e namespace (library used by Hugo's \u003ca href=\"https://gohugo.io/\"\u003edocumentation site\u003c/a\u003e).\u003c/p\u003e\n\u003cp\u003eTo fix this, the upstream library has hadded a \u003ccode\u003ekeepNamespaces\u003c/code\u003e slice option. It was not possible to find a default that would make all happy, so we opted for an option that at least would make AlpineJS sites work out of the box:\u003c/p\u003e\n\u003cpre lang=\"toml\"\u003e\u003ccode\u003e [minify.tdewolff.svg]\r\n      keepNamespaces = ['', 'x-bind']\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eminifiers: Keep x-bind and blank namespace in SVG minification 42289d76 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14669\"\u003e#14669\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.0\u003c/h2\u003e\n\u003cp\u003eThis release greatly improves and simplifies management of Node.js/npm dependencies in a multi-module setup. See \u003ca href=\"https://gohugo.io/hugo-modules/nodejs-dependencies/\"\u003ethis page\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eNote\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace deprecated site.Data with hugo.Data in tests a8fca598 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated excludeFiles and includeFiles with files in tests 182b1045 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated :filename with :contentbasename in the permalinks test eb11c3d0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etpl/tplimpl: Fix Vimeo shortcode test eaf4c751 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14649\"\u003e#14649\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImprovements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ecreate: Return error instead of panic when page not found 807cae1d \u003ca href=\"https://github.com/mango766\"\u003e\u003ccode\u003e@​mango766\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14112\"\u003e#14112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommands: Preserve non-content files in convert output c4fb61d9 \u003ca href=\"https://github.com/xndvaz\"\u003e\u003ccode\u003e@​xndvaz\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/4621\"\u003e#4621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003enpm: Use workspaces to simplify \u003ccode\u003ehugo mod npm pack\u003c/code\u003e d88a29e0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/5f4646acaad89e1166aac118e118b0d28013f460\"\u003e\u003ccode\u003e5f4646a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/479fe6c654937a850b65e74551dc4e857d52898f\"\u003e\u003ccode\u003e479fe6c\u003c/code\u003e\u003c/a\u003e Fix potential content XSS by escaping dangerous URLs in links and images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/81a5cdca0788ca39574a17d444c9db29d0b19e27\"\u003e\u003ccode\u003e81a5cdc\u003c/code\u003e\u003c/a\u003e releaser: Add standard withdeploy release assets\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/df520e315087210e069050a873fb5e208659af91\"\u003e\u003ccode\u003edf520e3\u003c/code\u003e\u003c/a\u003e resources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/b55d452e46e81369a65978459a0683efa484c11b\"\u003e\u003ccode\u003eb55d452\u003c/code\u003e\u003c/a\u003e testing: Simplify line ending handling in tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/ea7eac65589a7c6e138a2dfba12615335b29bef3\"\u003e\u003ccode\u003eea7eac6\u003c/code\u003e\u003c/a\u003e readme: Update Go version to 1.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/458ebdd448492d82113b0149886f2b5f8e7b91a4\"\u003e\u003ccode\u003e458ebdd\u003c/code\u003e\u003c/a\u003e releaser: Prepare repository for 0.160.0-DEV\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/86c7d3afacab79dc53325602d77ef884b7570268\"\u003e\u003ccode\u003e86c7d3a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/42289d76f9ccac052c22b84d7024e64cfb0a683b\"\u003e\u003ccode\u003e42289d7\u003c/code\u003e\u003c/a\u003e minifiers: Keep x-bind and blank namespace in SVG minification\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/0c013c2326be1bbebba9a9f89d27072074fc6cc4\"\u003e\u003ccode\u003e0c013c2\u003c/code\u003e\u003c/a\u003e Adjust depreceated syntax in tests\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.147.6...v0.159.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9\"\u003e\u003ccode\u003e0e59876\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/ddffdbcec8bdadea8e02a20bdf19239878228215\"\u003e\u003ccode\u003eddffdbc\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/go-jose/go-jose/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9\"\u003e\u003ccode\u003e0e59876\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/ddffdbcec8bdadea8e02a20bdf19239878228215\"\u003e\u003ccode\u003eddffdbc\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/go-jose/go-jose/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9\"\u003e\u003ccode\u003e0e59876\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/ddffdbcec8bdadea8e02a20bdf19239878228215\"\u003e\u003ccode\u003eddffdbc\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/go-jose/go-jose/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9\"\u003e\u003ccode\u003e0e59876\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/ddffdbcec8bdadea8e02a20bdf19239878228215\"\u003e\u003ccode\u003eddffdbc\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/go-jose/go-jose/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9\"\u003e\u003ccode\u003e0e59876\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/ddffdbcec8bdadea8e02a20bdf19239878228215\"\u003e\u003ccode\u003eddffdbc\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/go-jose/go-jose/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9\"\u003e\u003ccode\u003e0e59876\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/ddffdbcec8bdadea8e02a20bdf19239878228215\"\u003e\u003ccode\u003eddffdbc\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/go-jose/go-jose/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9\"\u003e\u003ccode\u003e0e59876\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/ddffdbcec8bdadea8e02a20bdf19239878228215\"\u003e\u003ccode\u003eddffdbc\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/go-jose/go-jose/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9\"\u003e\u003ccode\u003e0e59876\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/ddffdbcec8bdadea8e02a20bdf19239878228215\"\u003e\u003ccode\u003eddffdbc\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/go-jose/go-jose/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9\"\u003e\u003ccode\u003e0e59876\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/ddffdbcec8bdadea8e02a20bdf19239878228215\"\u003e\u003ccode\u003eddffdbc\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/go-jose/go-jose/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9\"\u003e\u003ccode\u003e0e59876\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/ddffdbcec8bdadea8e02a20bdf19239878228215\"\u003e\u003ccode\u003eddffdbc\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/go-jose/go-jose/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9\"\u003e\u003ccode\u003e0e59876\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/ddffdbcec8bdadea8e02a20bdf19239878228215\"\u003e\u003ccode\u003eddffdbc\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/go-jose/go-jose/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9\"\u003e\u003ccode\u003e0e59876\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/ddffdbcec8bdadea8e02a20bdf19239878228215\"\u003e\u003ccode\u003eddffdbc\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/go-jose/go-jose/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/RalphHightower/grafana/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/RalphHightower/grafana/pull/45","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/RalphHightower%2Fgrafana/issues/45","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/45/packages"}},{"old_version":"0.149.1","new_version":"0.159.2","update_type":"minor","path":"/service","pr_created_at":"2026-04-03T23:40:36.000Z","version_change":"0.149.1 → 0.159.2","issue":{"uuid":"4202596951","node_id":"PR_kwDOAOaSqs7P4_mX","number":70,"state":"closed","title":"chore(deps): bump github.com/gohugoio/hugo from 0.149.1 to 0.159.2 in /service","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-04T17:03:52.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-03T23:40:36.000Z","updated_at":"2026-04-04T17:03:55.000Z","time_to_close":62596,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.149.1","new_version":"0.159.2","repository_url":"https://github.com/gohugoio/hugo"}],"path":"/service","ecosystem":"go"},"body":"Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.149.1 to 0.159.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.159.2\u003c/h2\u003e\n\u003cp\u003eNote that the security fix below is not a potential threat if you either:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTrust your Markdown content files.\u003c/li\u003e\n\u003cli\u003eHave custom \u003ca href=\"https://gohugo.io/render-hooks/\"\u003erender hook template\u003c/a\u003e for links and images.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eEDIT IN: This release also adds release archives for non-extended-withdeploy builds.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix potential content XSS by escaping dangerous URLs in Markdown links and images 479fe6c6 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eresources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser df520e31 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14684\"\u003e#14684\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.1\u003c/h2\u003e\n\u003cp\u003eThe regression fixed in this release isn't new, but it's so subtle that we thought we'd release this sooner rather than later. For some time now, the minifier we use have stripped namespaced attributes in SVGs, which broke dynamic constructs using e.g. \u003ca href=\"https://alpinejs.dev/directives/bind\"\u003eAlpineJS' x-bind:\u003c/a\u003e namespace (library used by Hugo's \u003ca href=\"https://gohugo.io/\"\u003edocumentation site\u003c/a\u003e).\u003c/p\u003e\n\u003cp\u003eTo fix this, the upstream library has hadded a \u003ccode\u003ekeepNamespaces\u003c/code\u003e slice option. It was not possible to find a default that would make all happy, so we opted for an option that at least would make AlpineJS sites work out of the box:\u003c/p\u003e\n\u003cpre lang=\"toml\"\u003e\u003ccode\u003e [minify.tdewolff.svg]\r\n      keepNamespaces = ['', 'x-bind']\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eminifiers: Keep x-bind and blank namespace in SVG minification 42289d76 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14669\"\u003e#14669\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.0\u003c/h2\u003e\n\u003cp\u003eThis release greatly improves and simplifies management of Node.js/npm dependencies in a multi-module setup. See \u003ca href=\"https://gohugo.io/hugo-modules/nodejs-dependencies/\"\u003ethis page\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eNote\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace deprecated site.Data with hugo.Data in tests a8fca598 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated excludeFiles and includeFiles with files in tests 182b1045 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated :filename with :contentbasename in the permalinks test eb11c3d0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etpl/tplimpl: Fix Vimeo shortcode test eaf4c751 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14649\"\u003e#14649\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImprovements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ecreate: Return error instead of panic when page not found 807cae1d \u003ca href=\"https://github.com/mango766\"\u003e\u003ccode\u003e@​mango766\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14112\"\u003e#14112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommands: Preserve non-content files in convert output c4fb61d9 \u003ca href=\"https://github.com/xndvaz\"\u003e\u003ccode\u003e@​xndvaz\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/4621\"\u003e#4621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003enpm: Use workspaces to simplify \u003ccode\u003ehugo mod npm pack\u003c/code\u003e d88a29e0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/5f4646acaad89e1166aac118e118b0d28013f460\"\u003e\u003ccode\u003e5f4646a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/479fe6c654937a850b65e74551dc4e857d52898f\"\u003e\u003ccode\u003e479fe6c\u003c/code\u003e\u003c/a\u003e Fix potential content XSS by escaping dangerous URLs in links and images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/81a5cdca0788ca39574a17d444c9db29d0b19e27\"\u003e\u003ccode\u003e81a5cdc\u003c/code\u003e\u003c/a\u003e releaser: Add standard withdeploy release assets\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/df520e315087210e069050a873fb5e208659af91\"\u003e\u003ccode\u003edf520e3\u003c/code\u003e\u003c/a\u003e resources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/b55d452e46e81369a65978459a0683efa484c11b\"\u003e\u003ccode\u003eb55d452\u003c/code\u003e\u003c/a\u003e testing: Simplify line ending handling in tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/ea7eac65589a7c6e138a2dfba12615335b29bef3\"\u003e\u003ccode\u003eea7eac6\u003c/code\u003e\u003c/a\u003e readme: Update Go version to 1.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/458ebdd448492d82113b0149886f2b5f8e7b91a4\"\u003e\u003ccode\u003e458ebdd\u003c/code\u003e\u003c/a\u003e releaser: Prepare repository for 0.160.0-DEV\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/86c7d3afacab79dc53325602d77ef884b7570268\"\u003e\u003ccode\u003e86c7d3a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/42289d76f9ccac052c22b84d7024e64cfb0a683b\"\u003e\u003ccode\u003e42289d7\u003c/code\u003e\u003c/a\u003e minifiers: Keep x-bind and blank namespace in SVG minification\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/0c013c2326be1bbebba9a9f89d27072074fc6cc4\"\u003e\u003ccode\u003e0c013c2\u003c/code\u003e\u003c/a\u003e Adjust depreceated syntax in tests\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.149.1...v0.159.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo\u0026package-manager=go_modules\u0026previous-version=0.149.1\u0026new-version=0.159.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/jamesread/Japella/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/jamesread/Japella/pull/70","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jamesread%2FJapella/issues/70","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/70/packages"}},{"old_version":"0.149.1","new_version":"0.159.2","update_type":"minor","path":null,"pr_created_at":"2026-04-03T23:40:22.000Z","version_change":"0.149.1 → 0.159.2","issue":{"uuid":"4202596030","node_id":"PR_kwDOEeATuM7P4_dn","number":5851,"state":"open","title":"build(deps): bump github.com/gohugoio/hugo from 0.149.1 to 0.159.2","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-03T23:40:22.000Z","updated_at":"2026-04-04T00:02:47.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.149.1","new_version":"0.159.2","repository_url":"https://github.com/gohugoio/hugo"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.149.1 to 0.159.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.159.2\u003c/h2\u003e\n\u003cp\u003eNote that the security fix below is not a potential threat if you either:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTrust your Markdown content files.\u003c/li\u003e\n\u003cli\u003eHave custom \u003ca href=\"https://gohugo.io/render-hooks/\"\u003erender hook template\u003c/a\u003e for links and images.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eEDIT IN: This release also adds release archives for non-extended-withdeploy builds.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix potential content XSS by escaping dangerous URLs in Markdown links and images 479fe6c6 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eresources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser df520e31 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14684\"\u003e#14684\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.1\u003c/h2\u003e\n\u003cp\u003eThe regression fixed in this release isn't new, but it's so subtle that we thought we'd release this sooner rather than later. For some time now, the minifier we use have stripped namespaced attributes in SVGs, which broke dynamic constructs using e.g. \u003ca href=\"https://alpinejs.dev/directives/bind\"\u003eAlpineJS' x-bind:\u003c/a\u003e namespace (library used by Hugo's \u003ca href=\"https://gohugo.io/\"\u003edocumentation site\u003c/a\u003e).\u003c/p\u003e\n\u003cp\u003eTo fix this, the upstream library has hadded a \u003ccode\u003ekeepNamespaces\u003c/code\u003e slice option. It was not possible to find a default that would make all happy, so we opted for an option that at least would make AlpineJS sites work out of the box:\u003c/p\u003e\n\u003cpre lang=\"toml\"\u003e\u003ccode\u003e [minify.tdewolff.svg]\r\n      keepNamespaces = ['', 'x-bind']\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eminifiers: Keep x-bind and blank namespace in SVG minification 42289d76 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14669\"\u003e#14669\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.0\u003c/h2\u003e\n\u003cp\u003eThis release greatly improves and simplifies management of Node.js/npm dependencies in a multi-module setup. See \u003ca href=\"https://gohugo.io/hugo-modules/nodejs-dependencies/\"\u003ethis page\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eNote\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace deprecated site.Data with hugo.Data in tests a8fca598 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated excludeFiles and includeFiles with files in tests 182b1045 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated :filename with :contentbasename in the permalinks test eb11c3d0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etpl/tplimpl: Fix Vimeo shortcode test eaf4c751 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14649\"\u003e#14649\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImprovements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ecreate: Return error instead of panic when page not found 807cae1d \u003ca href=\"https://github.com/mango766\"\u003e\u003ccode\u003e@​mango766\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14112\"\u003e#14112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommands: Preserve non-content files in convert output c4fb61d9 \u003ca href=\"https://github.com/xndvaz\"\u003e\u003ccode\u003e@​xndvaz\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/4621\"\u003e#4621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003enpm: Use workspaces to simplify \u003ccode\u003ehugo mod npm pack\u003c/code\u003e d88a29e0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/5f4646acaad89e1166aac118e118b0d28013f460\"\u003e\u003ccode\u003e5f4646a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/479fe6c654937a850b65e74551dc4e857d52898f\"\u003e\u003ccode\u003e479fe6c\u003c/code\u003e\u003c/a\u003e Fix potential content XSS by escaping dangerous URLs in links and images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/81a5cdca0788ca39574a17d444c9db29d0b19e27\"\u003e\u003ccode\u003e81a5cdc\u003c/code\u003e\u003c/a\u003e releaser: Add standard withdeploy release assets\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/df520e315087210e069050a873fb5e208659af91\"\u003e\u003ccode\u003edf520e3\u003c/code\u003e\u003c/a\u003e resources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/b55d452e46e81369a65978459a0683efa484c11b\"\u003e\u003ccode\u003eb55d452\u003c/code\u003e\u003c/a\u003e testing: Simplify line ending handling in tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/ea7eac65589a7c6e138a2dfba12615335b29bef3\"\u003e\u003ccode\u003eea7eac6\u003c/code\u003e\u003c/a\u003e readme: Update Go version to 1.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/458ebdd448492d82113b0149886f2b5f8e7b91a4\"\u003e\u003ccode\u003e458ebdd\u003c/code\u003e\u003c/a\u003e releaser: Prepare repository for 0.160.0-DEV\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/86c7d3afacab79dc53325602d77ef884b7570268\"\u003e\u003ccode\u003e86c7d3a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/42289d76f9ccac052c22b84d7024e64cfb0a683b\"\u003e\u003ccode\u003e42289d7\u003c/code\u003e\u003c/a\u003e minifiers: Keep x-bind and blank namespace in SVG minification\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/0c013c2326be1bbebba9a9f89d27072074fc6cc4\"\u003e\u003ccode\u003e0c013c2\u003c/code\u003e\u003c/a\u003e Adjust depreceated syntax in tests\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.149.1...v0.159.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo\u0026package-manager=go_modules\u0026previous-version=0.149.1\u0026new-version=0.159.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/dev-hato/hato-atama/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/dev-hato/hato-atama/pull/5851","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/dev-hato%2Fhato-atama/issues/5851","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5851/packages"}},{"old_version":"0.149.1","new_version":"0.159.2","update_type":"minor","path":null,"pr_created_at":"2026-04-03T23:40:15.000Z","version_change":"0.149.1 → 0.159.2","issue":{"uuid":"4202595654","node_id":"PR_kwDOBW-qF87P4_Y1","number":51,"state":"closed","title":"Bump github.com/gohugoio/hugo from 0.149.1 to 0.159.2","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-08T10:53:31.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-03T23:40:15.000Z","updated_at":"2026-05-08T10:53:33.000Z","time_to_close":2977996,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.149.1","new_version":"0.159.2","repository_url":"https://github.com/gohugoio/hugo"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.149.1 to 0.159.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.159.2\u003c/h2\u003e\n\u003cp\u003eNote that the security fix below is not a potential threat if you either:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTrust your Markdown content files.\u003c/li\u003e\n\u003cli\u003eHave custom \u003ca href=\"https://gohugo.io/render-hooks/\"\u003erender hook template\u003c/a\u003e for links and images.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eEDIT IN: This release also adds release archives for non-extended-withdeploy builds.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix potential content XSS by escaping dangerous URLs in Markdown links and images 479fe6c6 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eresources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser df520e31 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14684\"\u003e#14684\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.1\u003c/h2\u003e\n\u003cp\u003eThe regression fixed in this release isn't new, but it's so subtle that we thought we'd release this sooner rather than later. For some time now, the minifier we use have stripped namespaced attributes in SVGs, which broke dynamic constructs using e.g. \u003ca href=\"https://alpinejs.dev/directives/bind\"\u003eAlpineJS' x-bind:\u003c/a\u003e namespace (library used by Hugo's \u003ca href=\"https://gohugo.io/\"\u003edocumentation site\u003c/a\u003e).\u003c/p\u003e\n\u003cp\u003eTo fix this, the upstream library has hadded a \u003ccode\u003ekeepNamespaces\u003c/code\u003e slice option. It was not possible to find a default that would make all happy, so we opted for an option that at least would make AlpineJS sites work out of the box:\u003c/p\u003e\n\u003cpre lang=\"toml\"\u003e\u003ccode\u003e [minify.tdewolff.svg]\r\n      keepNamespaces = ['', 'x-bind']\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eminifiers: Keep x-bind and blank namespace in SVG minification 42289d76 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14669\"\u003e#14669\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.0\u003c/h2\u003e\n\u003cp\u003eThis release greatly improves and simplifies management of Node.js/npm dependencies in a multi-module setup. See \u003ca href=\"https://gohugo.io/hugo-modules/nodejs-dependencies/\"\u003ethis page\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eNote\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace deprecated site.Data with hugo.Data in tests a8fca598 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated excludeFiles and includeFiles with files in tests 182b1045 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated :filename with :contentbasename in the permalinks test eb11c3d0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etpl/tplimpl: Fix Vimeo shortcode test eaf4c751 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14649\"\u003e#14649\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImprovements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ecreate: Return error instead of panic when page not found 807cae1d \u003ca href=\"https://github.com/mango766\"\u003e\u003ccode\u003e@​mango766\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14112\"\u003e#14112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommands: Preserve non-content files in convert output c4fb61d9 \u003ca href=\"https://github.com/xndvaz\"\u003e\u003ccode\u003e@​xndvaz\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/4621\"\u003e#4621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003enpm: Use workspaces to simplify \u003ccode\u003ehugo mod npm pack\u003c/code\u003e d88a29e0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/5f4646acaad89e1166aac118e118b0d28013f460\"\u003e\u003ccode\u003e5f4646a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/479fe6c654937a850b65e74551dc4e857d52898f\"\u003e\u003ccode\u003e479fe6c\u003c/code\u003e\u003c/a\u003e Fix potential content XSS by escaping dangerous URLs in links and images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/81a5cdca0788ca39574a17d444c9db29d0b19e27\"\u003e\u003ccode\u003e81a5cdc\u003c/code\u003e\u003c/a\u003e releaser: Add standard withdeploy release assets\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/df520e315087210e069050a873fb5e208659af91\"\u003e\u003ccode\u003edf520e3\u003c/code\u003e\u003c/a\u003e resources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/b55d452e46e81369a65978459a0683efa484c11b\"\u003e\u003ccode\u003eb55d452\u003c/code\u003e\u003c/a\u003e testing: Simplify line ending handling in tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/ea7eac65589a7c6e138a2dfba12615335b29bef3\"\u003e\u003ccode\u003eea7eac6\u003c/code\u003e\u003c/a\u003e readme: Update Go version to 1.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/458ebdd448492d82113b0149886f2b5f8e7b91a4\"\u003e\u003ccode\u003e458ebdd\u003c/code\u003e\u003c/a\u003e releaser: Prepare repository for 0.160.0-DEV\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/86c7d3afacab79dc53325602d77ef884b7570268\"\u003e\u003ccode\u003e86c7d3a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/42289d76f9ccac052c22b84d7024e64cfb0a683b\"\u003e\u003ccode\u003e42289d7\u003c/code\u003e\u003c/a\u003e minifiers: Keep x-bind and blank namespace in SVG minification\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/0c013c2326be1bbebba9a9f89d27072074fc6cc4\"\u003e\u003ccode\u003e0c013c2\u003c/code\u003e\u003c/a\u003e Adjust depreceated syntax in tests\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.149.1...v0.159.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo\u0026package-manager=go_modules\u0026previous-version=0.149.1\u0026new-version=0.159.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/spwg/personal-website/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/spwg/personal-website/pull/51","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/spwg%2Fpersonal-website/issues/51","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/51/packages"}},{"old_version":"0.149.1","new_version":"0.159.2","update_type":"minor","path":"/apps/api in the go_modules group across 1 directory","pr_created_at":"2026-04-03T23:40:14.000Z","version_change":"0.149.1 → 0.159.2","issue":{"uuid":"4202595596","node_id":"PR_kwDORtLVes7P4_YK","number":28,"state":"closed","title":"Bump github.com/gohugoio/hugo from 0.149.1 to 0.159.2 in /apps/api in the go_modules group across 1 directory","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-17T00:15:12.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-03T23:40:14.000Z","updated_at":"2026-05-17T00:15:14.000Z","time_to_close":3717298,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.149.1","new_version":"0.159.2","repository_url":"https://github.com/gohugoio/hugo"}],"path":"/apps/api in the go_modules group across 1 directory","ecosystem":"go"},"body":"Bumps the go_modules group with 1 update in the /apps/api directory: [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo).\n\nUpdates `github.com/gohugoio/hugo` from 0.149.1 to 0.159.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.159.2\u003c/h2\u003e\n\u003cp\u003eNote that the security fix below is not a potential threat if you either:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTrust your Markdown content files.\u003c/li\u003e\n\u003cli\u003eHave custom \u003ca href=\"https://gohugo.io/render-hooks/\"\u003erender hook template\u003c/a\u003e for links and images.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eEDIT IN: This release also adds release archives for non-extended-withdeploy builds.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix potential content XSS by escaping dangerous URLs in Markdown links and images 479fe6c6 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eresources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser df520e31 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14684\"\u003e#14684\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.1\u003c/h2\u003e\n\u003cp\u003eThe regression fixed in this release isn't new, but it's so subtle that we thought we'd release this sooner rather than later. For some time now, the minifier we use have stripped namespaced attributes in SVGs, which broke dynamic constructs using e.g. \u003ca href=\"https://alpinejs.dev/directives/bind\"\u003eAlpineJS' x-bind:\u003c/a\u003e namespace (library used by Hugo's \u003ca href=\"https://gohugo.io/\"\u003edocumentation site\u003c/a\u003e).\u003c/p\u003e\n\u003cp\u003eTo fix this, the upstream library has hadded a \u003ccode\u003ekeepNamespaces\u003c/code\u003e slice option. It was not possible to find a default that would make all happy, so we opted for an option that at least would make AlpineJS sites work out of the box:\u003c/p\u003e\n\u003cpre lang=\"toml\"\u003e\u003ccode\u003e [minify.tdewolff.svg]\r\n      keepNamespaces = ['', 'x-bind']\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eminifiers: Keep x-bind and blank namespace in SVG minification 42289d76 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14669\"\u003e#14669\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.0\u003c/h2\u003e\n\u003cp\u003eThis release greatly improves and simplifies management of Node.js/npm dependencies in a multi-module setup. See \u003ca href=\"https://gohugo.io/hugo-modules/nodejs-dependencies/\"\u003ethis page\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eNote\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace deprecated site.Data with hugo.Data in tests a8fca598 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated excludeFiles and includeFiles with files in tests 182b1045 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated :filename with :contentbasename in the permalinks test eb11c3d0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etpl/tplimpl: Fix Vimeo shortcode test eaf4c751 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14649\"\u003e#14649\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImprovements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ecreate: Return error instead of panic when page not found 807cae1d \u003ca href=\"https://github.com/mango766\"\u003e\u003ccode\u003e@​mango766\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14112\"\u003e#14112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommands: Preserve non-content files in convert output c4fb61d9 \u003ca href=\"https://github.com/xndvaz\"\u003e\u003ccode\u003e@​xndvaz\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/4621\"\u003e#4621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003enpm: Use workspaces to simplify \u003ccode\u003ehugo mod npm pack\u003c/code\u003e d88a29e0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/5f4646acaad89e1166aac118e118b0d28013f460\"\u003e\u003ccode\u003e5f4646a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/479fe6c654937a850b65e74551dc4e857d52898f\"\u003e\u003ccode\u003e479fe6c\u003c/code\u003e\u003c/a\u003e Fix potential content XSS by escaping dangerous URLs in links and images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/81a5cdca0788ca39574a17d444c9db29d0b19e27\"\u003e\u003ccode\u003e81a5cdc\u003c/code\u003e\u003c/a\u003e releaser: Add standard withdeploy release assets\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/df520e315087210e069050a873fb5e208659af91\"\u003e\u003ccode\u003edf520e3\u003c/code\u003e\u003c/a\u003e resources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/b55d452e46e81369a65978459a0683efa484c11b\"\u003e\u003ccode\u003eb55d452\u003c/code\u003e\u003c/a\u003e testing: Simplify line ending handling in tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/ea7eac65589a7c6e138a2dfba12615335b29bef3\"\u003e\u003ccode\u003eea7eac6\u003c/code\u003e\u003c/a\u003e readme: Update Go version to 1.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/458ebdd448492d82113b0149886f2b5f8e7b91a4\"\u003e\u003ccode\u003e458ebdd\u003c/code\u003e\u003c/a\u003e releaser: Prepare repository for 0.160.0-DEV\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/86c7d3afacab79dc53325602d77ef884b7570268\"\u003e\u003ccode\u003e86c7d3a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/42289d76f9ccac052c22b84d7024e64cfb0a683b\"\u003e\u003ccode\u003e42289d7\u003c/code\u003e\u003c/a\u003e minifiers: Keep x-bind and blank namespace in SVG minification\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/0c013c2326be1bbebba9a9f89d27072074fc6cc4\"\u003e\u003ccode\u003e0c013c2\u003c/code\u003e\u003c/a\u003e Adjust depreceated syntax in tests\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.149.1...v0.159.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/harusame0616/jukubox/pull/28","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/harusame0616%2Fjukubox/issues/28","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/28/packages"}},{"old_version":"0.139.4","new_version":"0.159.2","update_type":"minor","path":null,"pr_created_at":"2026-04-03T23:40:03.000Z","version_change":"0.139.4 → 0.159.2","issue":{"uuid":"4202594697","node_id":"PR_kwDOKyCLLs7P4_O9","number":25,"state":"open","title":"chore(deps): bump github.com/gohugoio/hugo from 0.139.4 to 0.159.2","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-03T23:40:03.000Z","updated_at":"2026-04-03T23:40:55.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.139.4","new_version":"0.159.2","repository_url":"https://github.com/gohugoio/hugo"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.139.4 to 0.159.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.159.2\u003c/h2\u003e\n\u003cp\u003eNote that the security fix below is not a potential threat if you either:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTrust your Markdown content files.\u003c/li\u003e\n\u003cli\u003eHave custom \u003ca href=\"https://gohugo.io/render-hooks/\"\u003erender hook template\u003c/a\u003e for links and images.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eEDIT IN: This release also adds release archives for non-extended-withdeploy builds.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix potential content XSS by escaping dangerous URLs in Markdown links and images 479fe6c6 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eresources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser df520e31 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14684\"\u003e#14684\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.1\u003c/h2\u003e\n\u003cp\u003eThe regression fixed in this release isn't new, but it's so subtle that we thought we'd release this sooner rather than later. For some time now, the minifier we use have stripped namespaced attributes in SVGs, which broke dynamic constructs using e.g. \u003ca href=\"https://alpinejs.dev/directives/bind\"\u003eAlpineJS' x-bind:\u003c/a\u003e namespace (library used by Hugo's \u003ca href=\"https://gohugo.io/\"\u003edocumentation site\u003c/a\u003e).\u003c/p\u003e\n\u003cp\u003eTo fix this, the upstream library has hadded a \u003ccode\u003ekeepNamespaces\u003c/code\u003e slice option. It was not possible to find a default that would make all happy, so we opted for an option that at least would make AlpineJS sites work out of the box:\u003c/p\u003e\n\u003cpre lang=\"toml\"\u003e\u003ccode\u003e [minify.tdewolff.svg]\r\n      keepNamespaces = ['', 'x-bind']\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eminifiers: Keep x-bind and blank namespace in SVG minification 42289d76 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14669\"\u003e#14669\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.0\u003c/h2\u003e\n\u003cp\u003eThis release greatly improves and simplifies management of Node.js/npm dependencies in a multi-module setup. See \u003ca href=\"https://gohugo.io/hugo-modules/nodejs-dependencies/\"\u003ethis page\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eNote\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace deprecated site.Data with hugo.Data in tests a8fca598 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated excludeFiles and includeFiles with files in tests 182b1045 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated :filename with :contentbasename in the permalinks test eb11c3d0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etpl/tplimpl: Fix Vimeo shortcode test eaf4c751 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14649\"\u003e#14649\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImprovements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ecreate: Return error instead of panic when page not found 807cae1d \u003ca href=\"https://github.com/mango766\"\u003e\u003ccode\u003e@​mango766\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14112\"\u003e#14112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommands: Preserve non-content files in convert output c4fb61d9 \u003ca href=\"https://github.com/xndvaz\"\u003e\u003ccode\u003e@​xndvaz\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/4621\"\u003e#4621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003enpm: Use workspaces to simplify \u003ccode\u003ehugo mod npm pack\u003c/code\u003e d88a29e0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/5f4646acaad89e1166aac118e118b0d28013f460\"\u003e\u003ccode\u003e5f4646a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/479fe6c654937a850b65e74551dc4e857d52898f\"\u003e\u003ccode\u003e479fe6c\u003c/code\u003e\u003c/a\u003e Fix potential content XSS by escaping dangerous URLs in links and images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/81a5cdca0788ca39574a17d444c9db29d0b19e27\"\u003e\u003ccode\u003e81a5cdc\u003c/code\u003e\u003c/a\u003e releaser: Add standard withdeploy release assets\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/df520e315087210e069050a873fb5e208659af91\"\u003e\u003ccode\u003edf520e3\u003c/code\u003e\u003c/a\u003e resources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/b55d452e46e81369a65978459a0683efa484c11b\"\u003e\u003ccode\u003eb55d452\u003c/code\u003e\u003c/a\u003e testing: Simplify line ending handling in tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/ea7eac65589a7c6e138a2dfba12615335b29bef3\"\u003e\u003ccode\u003eea7eac6\u003c/code\u003e\u003c/a\u003e readme: Update Go version to 1.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/458ebdd448492d82113b0149886f2b5f8e7b91a4\"\u003e\u003ccode\u003e458ebdd\u003c/code\u003e\u003c/a\u003e releaser: Prepare repository for 0.160.0-DEV\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/86c7d3afacab79dc53325602d77ef884b7570268\"\u003e\u003ccode\u003e86c7d3a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/42289d76f9ccac052c22b84d7024e64cfb0a683b\"\u003e\u003ccode\u003e42289d7\u003c/code\u003e\u003c/a\u003e minifiers: Keep x-bind and blank namespace in SVG minification\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/0c013c2326be1bbebba9a9f89d27072074fc6cc4\"\u003e\u003ccode\u003e0c013c2\u003c/code\u003e\u003c/a\u003e Adjust depreceated syntax in tests\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.139.4...v0.159.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo\u0026package-manager=go_modules\u0026previous-version=0.139.4\u0026new-version=0.159.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/jonesrussell/gimbal/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/jonesrussell/gimbal/pull/25","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jonesrussell%2Fgimbal/issues/25","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/25/packages"}},{"old_version":"0.158.0","new_version":"0.159.1","update_type":"minor","path":null,"pr_created_at":"2026-03-30T11:39:46.000Z","version_change":"0.158.0 → 0.159.1","issue":{"uuid":"4170021597","node_id":"PR_kwDOGkVX1s7Ol0Xp","number":23785,"state":"closed","title":"chore: bump github.com/gohugoio/hugo from 0.158.0 to 0.159.1","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-02T07:51:41.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-30T11:39:46.000Z","updated_at":"2026-04-02T07:51:42.000Z","time_to_close":245515,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.158.0","new_version":"0.159.1","repository_url":"https://github.com/gohugoio/hugo"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.158.0 to 0.159.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.159.1\u003c/h2\u003e\n\u003cp\u003eThe regression fixed in this release isn't new, but it's so subtle that we thought we'd release this sooner rather than later. For some time now, the minifier we use have stripped namespaced attributes in SVGs, which broke dynamic constructs using e.g. \u003ca href=\"https://alpinejs.dev/directives/bind\"\u003eAlpineJS' x-bind:\u003c/a\u003e namespace (library used by Hugo's \u003ca href=\"https://gohugo.io/\"\u003edocumentation site\u003c/a\u003e).\u003c/p\u003e\n\u003cp\u003eTo fix this, the upstream library has hadded a \u003ccode\u003ekeepNamespaces\u003c/code\u003e slice option. It was not possible to find a default that would make all happy, so we opted for an option that at least would make AlpineJS sites work out of the box:\u003c/p\u003e\n\u003cpre lang=\"toml\"\u003e\u003ccode\u003e [minify.tdewolff.svg]\r\n      keepNamespaces = ['', 'x-bind']\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eminifiers: Keep x-bind and blank namespace in SVG minification 42289d76 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14669\"\u003e#14669\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.159.0\u003c/h2\u003e\n\u003cp\u003eThis release greatly improves and simplifies management of Node.js/npm dependencies in a multi-module setup. See \u003ca href=\"https://gohugo.io/hugo-modules/nodejs-dependencies/\"\u003ethis page\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003eNote\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace deprecated site.Data with hugo.Data in tests a8fca598 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated excludeFiles and includeFiles with files in tests 182b1045 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace deprecated :filename with :contentbasename in the permalinks test eb11c3d0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etpl/tplimpl: Fix Vimeo shortcode test eaf4c751 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14649\"\u003e#14649\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImprovements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ecreate: Return error instead of panic when page not found 807cae1d \u003ca href=\"https://github.com/mango766\"\u003e\u003ccode\u003e@​mango766\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14112\"\u003e#14112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommands: Preserve non-content files in convert output c4fb61d9 \u003ca href=\"https://github.com/xndvaz\"\u003e\u003ccode\u003e@​xndvaz\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/4621\"\u003e#4621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003enpm: Use workspaces to simplify \u003ccode\u003ehugo mod npm pack\u003c/code\u003e d88a29e0 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommands: Close cpu profile file when StartCPUProfile fails 9dd9c760 \u003ca href=\"https://github.com/buley\"\u003e\u003ccode\u003e@​buley\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the AI Watchdog workflow for now 3315a86d \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove 'bep' from PR user logins skip list 38244842 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etpl/tplimpl: Comment out the Vimeo simple shortcode tests 7813c5c8 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14649\"\u003e#14649\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependency Updates\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump github.com/olekukonko/tablewriter from 1.1.3 to 1.1.4 (\u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14641\"\u003e#14641\u003c/a\u003e) 3ff9b7f8 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot]\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/yuin/goldmark from 1.7.16 to 1.7.17 be93ccd3 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot]\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/magefile/mage from 1.15.0 to 1.16.1 2669bca6 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot]\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/image from 0.36.0 to 0.37.0 753d447f \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot]\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.3 4f39d724 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: Update docs.yaml d2043cfa \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/86c7d3afacab79dc53325602d77ef884b7570268\"\u003e\u003ccode\u003e86c7d3a\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/42289d76f9ccac052c22b84d7024e64cfb0a683b\"\u003e\u003ccode\u003e42289d7\u003c/code\u003e\u003c/a\u003e minifiers: Keep x-bind and blank namespace in SVG minification\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/0c013c2326be1bbebba9a9f89d27072074fc6cc4\"\u003e\u003ccode\u003e0c013c2\u003c/code\u003e\u003c/a\u003e Adjust depreceated syntax in tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/bd071d78a55002bb14f5fdf1d47269632d7b4be1\"\u003e\u003ccode\u003ebd071d7\u003c/code\u003e\u003c/a\u003e releaser: Prepare repository for 0.160.0-DEV\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/2ed7d193cfdfcf11808fb2a921a9429423b0ebe9\"\u003e\u003ccode\u003e2ed7d19\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.159.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/d2043cfae59468ba2e33d3d3d70a1d45bb2c081b\"\u003e\u003ccode\u003ed2043cf\u003c/code\u003e\u003c/a\u003e docs: Update docs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/5997b71db6dc87af01926a8512f58b4e82e67651\"\u003e\u003ccode\u003e5997b71\u003c/code\u003e\u003c/a\u003e Merge commit 'e7afabb927a79b179ae57013fd5f49e32829671e'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/e7afabb927a79b179ae57013fd5f49e32829671e\"\u003e\u003ccode\u003ee7afabb\u003c/code\u003e\u003c/a\u003e Squashed 'docs/' changes from 80dd7b067..0755fb534\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/4f3c39890e53ff4bf66cfe4df95426708f50bfa2\"\u003e\u003ccode\u003e4f3c398\u003c/code\u003e\u003c/a\u003e commands: Update docs linke to Node.js docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/807cae1df11cc83edadcdad29ed762870b5d48fa\"\u003e\u003ccode\u003e807cae1\u003c/code\u003e\u003c/a\u003e create: Return error instead of panic when page not found\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.158.0...v0.159.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo\u0026package-manager=go_modules\u0026previous-version=0.158.0\u0026new-version=0.159.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/coder/coder/pull/23785","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/coder%2Fcoder/issues/23785","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/23785/packages"}},{"old_version":"0.155.3","new_version":"0.157.0","update_type":"minor","path":"/hack/tools","pr_created_at":"2026-02-27T09:39:24.000Z","version_change":"0.155.3 → 0.157.0","issue":{"uuid":"4000107370","node_id":"PR_kwDOG2kQZs7GxvqA","number":9563,"state":"closed","title":"Bump github.com/gohugoio/hugo from 0.155.3 to 0.157.0 in /hack/tools","user":"dependabot[bot]","labels":["size/L","release-note-none","ok-to-test","cncf-cla: yes","area/dependency","dependencies"],"assignees":[],"locked":false,"comments_count":7,"pull_request":true,"closed_at":"2026-03-02T07:50:03.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-27T09:39:24.000Z","updated_at":"2026-03-02T07:50:11.000Z","time_to_close":252639,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.155.3","new_version":"0.157.0","repository_url":"https://github.com/gohugoio/hugo"}],"path":"/hack/tools","ecosystem":"go"},"body":"Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.155.3 to 0.157.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.157.0\u003c/h2\u003e\n\u003cp\u003eThe notable new feature is \u003ca href=\"https://gohugo.io/methods/page/gitinfo/\"\u003eGitInfo support for Hugo Modules\u003c/a\u003e. See \u003ca href=\"https://github.com/bep/hugo-testing-git-versions\"\u003ethis repo\u003c/a\u003e for a runnable demo where multiple versions of the same content is mounted into different versions.\u003c/p\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix menu pageRef resolution in multidimensional setups 3dff7c8c \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14566\"\u003e#14566\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Regen and fix the imaging docshelper output 8e28668b \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14562\"\u003e#14562\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ehugolib: Fix automatic section pages not replaced by sites.complements a18bec11 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14540\"\u003e#14540\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImprovements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle GitInfo for modules where Origin is not set when running go list d98cd4ae \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14564\"\u003e#14564\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommands: Update link to highlighting style examples 68059972 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14556\"\u003e#14556\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd AVIF, HEIF and HEIC partial support (only metadata for now) 49bfb107 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14549\"\u003e#14549\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eresources/images: Adjust WebP processing defaults b7203bbb \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Page.GitInfo support for content from Git modules dfece5b6 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14431\"\u003e#14431\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/5533\"\u003e#5533\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd per-request timeout option to \u003ccode\u003eresources.GetRemote\u003c/code\u003e 2d691c7e \u003ca href=\"https://github.com/vanbroup\"\u003e\u003ccode\u003e@​vanbroup\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate AI Watchdog action version in workflow b96d58a1 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003econfig: Skip taxonomy entries with empty keys or values 65b4287c \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14550\"\u003e#14550\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd guideline for brevity in code and comments cc338a9d \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emodules: Include JSON error info from go mod download in error messages 3850881f \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14543\"\u003e#14543\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependency Updates\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump github.com/tdewolff/minify/v2 from 2.24.8 to 2.24.9 9869e71a \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot]\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/bep/imagemeta from 0.14.0 to 0.15.0 8f47fe8c \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.156.0\u003c/h2\u003e\n\u003cp\u003eThis release brings significant speedups of \u003ca href=\"https://gohugo.io/functions/collections/where/#article\"\u003ecollections.Where\u003c/a\u003e and \u003ca href=\"https://gohugo.io/functions/collections/sort/#article\"\u003ecollections.Sort\u003c/a\u003e – but this is mostly a \u0026quot;spring cleaning\u0026quot; release, to make the API cleaner and simpler to understand/document.\u003c/p\u003e\n\u003ch2\u003eDeprecated\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSite.AllPages is Deprecated\u003c/li\u003e\n\u003cli\u003eSite.BuildDrafts is Deprecated\u003c/li\u003e\n\u003cli\u003eSite.Languages is Deprecated\u003c/li\u003e\n\u003cli\u003eSite.Data is deprecated, use  hugo.Data\u003c/li\u003e\n\u003cli\u003ePage.Sites and Site.Sites is Deprecated, use hugo.Sites\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee \u003ca href=\"https://discourse.gohugo.io/t/deprecations-in-v0-156-0/56732\"\u003ethis topic\u003c/a\u003e for more info.\u003c/p\u003e\n\u003ch2\u003eRemoved\u003c/h2\u003e\n\u003cp\u003eThese have all been deprecated at least since \u003ccode\u003ev0.136.0\u003c/code\u003e and any usage have been logged as an error for a long time:\u003c/p\u003e\n\u003cp\u003eTemplate functions\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003edata.GetCSV / getCSV (use resources.GetRemote)\u003c/li\u003e\n\u003cli\u003edata.GetJSON / getJSON (use resources.GetRemote)\u003c/li\u003e\n\u003cli\u003ecrypto.FNV32a (use hash.FNV32a)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/7747abbb316b03c8f353fd3be62d5011fa883ee6\"\u003e\u003ccode\u003e7747abb\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.157.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/3dff7c8c7a04a413437f2f09e3a1252ae6f1be92\"\u003e\u003ccode\u003e3dff7c8\u003c/code\u003e\u003c/a\u003e Fix menu pageRef resolution in multidimensional setups\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/d98cd4aecf25b9df78d811759ea6135b0c7610f1\"\u003e\u003ccode\u003ed98cd4a\u003c/code\u003e\u003c/a\u003e Handle GitInfo for modules where Origin is not set when running go list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/68059972e8789258447e31ca23641c79598d66be\"\u003e\u003ccode\u003e6805997\u003c/code\u003e\u003c/a\u003e commands: Update link to highlighting style examples\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/8e28668b091f219031b50df3eb021b8e0f6e640b\"\u003e\u003ccode\u003e8e28668\u003c/code\u003e\u003c/a\u003e docs: Regen and fix the imaging docshelper output\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/a3ea9cd18fc79fbae9f1ce0fc5242268d122e5f7\"\u003e\u003ccode\u003ea3ea9cd\u003c/code\u003e\u003c/a\u003e Merge commit '0c2fa2460f485e0eca564dcccf36d34538374922'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/0c2fa2460f485e0eca564dcccf36d34538374922\"\u003e\u003ccode\u003e0c2fa24\u003c/code\u003e\u003c/a\u003e Squashed 'docs/' changes from 42914c50e..80dd7b067\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/49bfb1070be5aaa2a98fecc95560346ba3d71281\"\u003e\u003ccode\u003e49bfb10\u003c/code\u003e\u003c/a\u003e Add AVIF, HEIF and HEIC partial support (only metadata for now)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/b7203bbb3a8d7d6b0e808f7d7284b7a373a9b4f6\"\u003e\u003ccode\u003eb7203bb\u003c/code\u003e\u003c/a\u003e resources/images: Adjust WebP processing defaults\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/dfece5b6747c384323d313a0d5364690e37e7386\"\u003e\u003ccode\u003edfece5b\u003c/code\u003e\u003c/a\u003e Add Page.GitInfo support for content from Git modules\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.155.3...v0.157.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo\u0026package-manager=go_modules\u0026previous-version=0.155.3\u0026new-version=0.157.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/kubernetes-sigs/kueue/pull/9563","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubernetes-sigs%2Fkueue/issues/9563","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9563/packages"}},{"old_version":"0.152.2","new_version":"0.156.0","update_type":"minor","path":null,"pr_created_at":"2026-02-21T12:04:37.000Z","version_change":"0.152.2 → 0.156.0","issue":{"uuid":"3971918201","node_id":"PR_kwDOQsQDDc7FVb5k","number":81,"state":"closed","title":"chore: bump github.com/gohugoio/hugo from 0.152.2 to 0.156.0","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-28T12:03:53.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-21T12:04:37.000Z","updated_at":"2026-02-28T12:03:54.000Z","time_to_close":604756,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.152.2","new_version":"0.156.0","repository_url":"https://github.com/gohugoio/hugo"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.152.2 to 0.156.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.156.0\u003c/h2\u003e\n\u003cp\u003eThis release brings significant speedups of \u003ca href=\"https://gohugo.io/functions/collections/where/#article\"\u003ecollections.Where\u003c/a\u003e and \u003ca href=\"https://gohugo.io/functions/collections/sort/#article\"\u003ecollections.Sort\u003c/a\u003e – but this is mostly a \u0026quot;spring cleaning\u0026quot; release, to make the API cleaner and simpler to understand/document.\u003c/p\u003e\n\u003ch2\u003eDeprecated\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSite.AllPages is Deprecated\u003c/li\u003e\n\u003cli\u003eSite.BuildDrafts is Deprecated\u003c/li\u003e\n\u003cli\u003eSite.Languages is Deprecated\u003c/li\u003e\n\u003cli\u003eSite.Data is deprecated, use  hugo.Data\u003c/li\u003e\n\u003cli\u003ePage.Sites and Site.Sites is Deprecated, use hugo.Sites\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee \u003ca href=\"https://discourse.gohugo.io/t/deprecations-in-v0-156-0/56732\"\u003ethis topic\u003c/a\u003e for more info.\u003c/p\u003e\n\u003ch2\u003eRemoved\u003c/h2\u003e\n\u003cp\u003eThese have all been deprecated at least since \u003ccode\u003ev0.136.0\u003c/code\u003e and any usage have been logged as an error for a long time:\u003c/p\u003e\n\u003cp\u003eTemplate functions\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003edata.GetCSV / getCSV (use resources.GetRemote)\u003c/li\u003e\n\u003cli\u003edata.GetJSON / getJSON (use resources.GetRemote)\u003c/li\u003e\n\u003cli\u003ecrypto.FNV32a (use hash.FNV32a)\u003c/li\u003e\n\u003cli\u003eresources.Babel (use js.Babel)\u003c/li\u003e\n\u003cli\u003eresources.PostCSS (use css.PostCSS)\u003c/li\u003e\n\u003cli\u003eresources.ToCSS (use css.Sass)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePage methods:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e.Page.NextPage (use .Page.Next)\u003c/li\u003e\n\u003cli\u003e.Page.PrevPage (use .Page.Prev)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePaginator:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e.Paginator.PageSize (use .Paginator.PagerSize)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSite methods:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e.Site.LastChange (use .Site.Lastmod)\u003c/li\u003e\n\u003cli\u003e.Site.Author (use .Site.Params.Author)\u003c/li\u003e\n\u003cli\u003e.Site.Authors (use .Site.Params.Authors)\u003c/li\u003e\n\u003cli\u003e.Site.Social (use .Site.Params.Social)\u003c/li\u003e\n\u003cli\u003e.Site.IsMultiLingual (use hugo.IsMultilingual)\u003c/li\u003e\n\u003cli\u003e.Sites.First (use .Sites.Default)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSite config:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003epaginate (use pagination.pagerSize)\u003c/li\u003e\n\u003cli\u003epaginatePath (use pagination.path)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFile caches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003egetjson cache\u003c/li\u003e\n\u003cli\u003egetcsv cache\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNotes\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/9d914726dee87b0e8e3d7890d660221bde372eec\"\u003e\u003ccode\u003e9d91472\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.156.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/86aa62524f8bc36a04c8e0c0f76d1fd952585509\"\u003e\u003ccode\u003e86aa625\u003c/code\u003e\u003c/a\u003e hugolib: Move site.Data to hugo.Data, deprecate Site.AllPages/BuildDrafts/Lan...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/d8ec0eeeaf2ff078565fddbbab5565a65b86346c\"\u003e\u003ccode\u003ed8ec0ee\u003c/code\u003e\u003c/a\u003e build(deps): bump google.golang.org/api from 0.255.0 to 0.267.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/4148eded9c5f90036c47d241faac73e1d0c6ee70\"\u003e\u003ccode\u003e4148ede\u003c/code\u003e\u003c/a\u003e hugolib: Add Page.Sites to Site.Sites deprecation notice\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/bba2aed3527e5c6086244c0ab76192b35b6ffa73\"\u003e\u003ccode\u003ebba2aed\u003c/code\u003e\u003c/a\u003e hugolib: Simplify sites collection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/29b8e17d29ad38621cf6c7c104309bcedf5c20c5\"\u003e\u003ccode\u003e29b8e17\u003c/code\u003e\u003c/a\u003e hugolib: Adjust hugo.Sites.Default\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/3c823408ee51bbfbad847d4b9f926ba813097185\"\u003e\u003ccode\u003e3c82340\u003c/code\u003e\u003c/a\u003e Move common/hugo/HugoInfo to resources/page\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/3f9d0ad2b6045849cbafe133cb9fb82ed5f5ee06\"\u003e\u003ccode\u003e3f9d0ad\u003c/code\u003e\u003c/a\u003e commands: Fix --panicOnWarning flag having no effect with module version warn...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/ab62320d6bceece0faa7029f8bd79d546d0f64be\"\u003e\u003ccode\u003eab62320\u003c/code\u003e\u003c/a\u003e hugolib: Add hugo.Sites and .Site.IsDefault(), modify .Site.Sites\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/21be4afd49767eb63e3a2304b4c10816c86f799d\"\u003e\u003ccode\u003e21be4af\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/bep/textandbinarywriter\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.152.2...v0.156.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo\u0026package-manager=go_modules\u0026previous-version=0.152.2\u0026new-version=0.156.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Ahmadjamil888/pipeline-ai/pull/81","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ahmadjamil888%2Fpipeline-ai/issues/81","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/81/packages"}},{"old_version":"0.110.0","new_version":"0.156.0","update_type":"minor","path":"/scripts/PyHugo/go","pr_created_at":"2026-02-19T09:23:06.000Z","version_change":"0.110.0 → 0.156.0","issue":{"uuid":"3961829905","node_id":"PR_kwDOEaQ_AM7E0jkg","number":526,"state":"closed","title":"Bump github.com/gohugoio/hugo from 0.110.0 to 0.156.0 in /scripts/PyHugo/go","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-26T03:26:41.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-19T09:23:06.000Z","updated_at":"2026-02-26T03:26:50.000Z","time_to_close":583415,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.110.0","new_version":"0.156.0","repository_url":"https://github.com/gohugoio/hugo"}],"path":"/scripts/PyHugo/go","ecosystem":"go"},"body":"Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.110.0 to 0.156.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.156.0\u003c/h2\u003e\n\u003cp\u003eThis release brings significant speedups of \u003ca href=\"https://gohugo.io/functions/collections/where/#article\"\u003ecollections.Where\u003c/a\u003e and \u003ca href=\"https://gohugo.io/functions/collections/sort/#article\"\u003ecollections.Sort\u003c/a\u003e – but this is mostly a \u0026quot;spring cleaning\u0026quot; release, to make the API cleaner and simpler to understand/document.\u003c/p\u003e\n\u003ch2\u003eDeprecated\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSite.AllPages is Deprecated\u003c/li\u003e\n\u003cli\u003eSite.BuildDrafts is Deprecated\u003c/li\u003e\n\u003cli\u003eSite.Languages is Deprecated\u003c/li\u003e\n\u003cli\u003eSite.Data is deprecated, use  hugo.Data\u003c/li\u003e\n\u003cli\u003ePage.Sites and Site.Sites is Deprecated, use hugo.Sites\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee \u003ca href=\"https://discourse.gohugo.io/t/deprecations-in-v0-156-0/56732\"\u003ethis topic\u003c/a\u003e for more info.\u003c/p\u003e\n\u003ch2\u003eRemoved\u003c/h2\u003e\n\u003cp\u003eThese have all been deprecated at least since \u003ccode\u003ev0.136.0\u003c/code\u003e and any usage have been logged as an error for a long time:\u003c/p\u003e\n\u003cp\u003eTemplate functions\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003edata.GetCSV / getCSV (use resources.GetRemote)\u003c/li\u003e\n\u003cli\u003edata.GetJSON / getJSON (use resources.GetRemote)\u003c/li\u003e\n\u003cli\u003ecrypto.FNV32a (use hash.FNV32a)\u003c/li\u003e\n\u003cli\u003eresources.Babel (use js.Babel)\u003c/li\u003e\n\u003cli\u003eresources.PostCSS (use css.PostCSS)\u003c/li\u003e\n\u003cli\u003eresources.ToCSS (use css.Sass)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePage methods:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e.Page.NextPage (use .Page.Next)\u003c/li\u003e\n\u003cli\u003e.Page.PrevPage (use .Page.Prev)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePaginator:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e.Paginator.PageSize (use .Paginator.PagerSize)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSite methods:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e.Site.LastChange (use .Site.Lastmod)\u003c/li\u003e\n\u003cli\u003e.Site.Author (use .Site.Params.Author)\u003c/li\u003e\n\u003cli\u003e.Site.Authors (use .Site.Params.Authors)\u003c/li\u003e\n\u003cli\u003e.Site.Social (use .Site.Params.Social)\u003c/li\u003e\n\u003cli\u003e.Site.IsMultiLingual (use hugo.IsMultilingual)\u003c/li\u003e\n\u003cli\u003e.Sites.First (use .Sites.Default)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSite config:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003epaginate (use pagination.pagerSize)\u003c/li\u003e\n\u003cli\u003epaginatePath (use pagination.path)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFile caches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003egetjson cache\u003c/li\u003e\n\u003cli\u003egetcsv cache\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNotes\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/9d914726dee87b0e8e3d7890d660221bde372eec\"\u003e\u003ccode\u003e9d91472\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.156.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/86aa62524f8bc36a04c8e0c0f76d1fd952585509\"\u003e\u003ccode\u003e86aa625\u003c/code\u003e\u003c/a\u003e hugolib: Move site.Data to hugo.Data, deprecate Site.AllPages/BuildDrafts/Lan...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/d8ec0eeeaf2ff078565fddbbab5565a65b86346c\"\u003e\u003ccode\u003ed8ec0ee\u003c/code\u003e\u003c/a\u003e build(deps): bump google.golang.org/api from 0.255.0 to 0.267.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/4148eded9c5f90036c47d241faac73e1d0c6ee70\"\u003e\u003ccode\u003e4148ede\u003c/code\u003e\u003c/a\u003e hugolib: Add Page.Sites to Site.Sites deprecation notice\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/bba2aed3527e5c6086244c0ab76192b35b6ffa73\"\u003e\u003ccode\u003ebba2aed\u003c/code\u003e\u003c/a\u003e hugolib: Simplify sites collection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/29b8e17d29ad38621cf6c7c104309bcedf5c20c5\"\u003e\u003ccode\u003e29b8e17\u003c/code\u003e\u003c/a\u003e hugolib: Adjust hugo.Sites.Default\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/3c823408ee51bbfbad847d4b9f926ba813097185\"\u003e\u003ccode\u003e3c82340\u003c/code\u003e\u003c/a\u003e Move common/hugo/HugoInfo to resources/page\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/3f9d0ad2b6045849cbafe133cb9fb82ed5f5ee06\"\u003e\u003ccode\u003e3f9d0ad\u003c/code\u003e\u003c/a\u003e commands: Fix --panicOnWarning flag having no effect with module version warn...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/ab62320d6bceece0faa7029f8bd79d546d0f64be\"\u003e\u003ccode\u003eab62320\u003c/code\u003e\u003c/a\u003e hugolib: Add hugo.Sites and .Site.IsDefault(), modify .Site.Sites\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/21be4afd49767eb63e3a2304b4c10816c86f799d\"\u003e\u003ccode\u003e21be4af\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/bep/textandbinarywriter\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.110.0...v0.156.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo\u0026package-manager=go_modules\u0026previous-version=0.110.0\u0026new-version=0.156.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/cmahnke/projektemacher-base/pull/526","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/cmahnke%2Fprojektemacher-base/issues/526","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/526/packages"}},{"old_version":"0.155.2","new_version":"0.155.3","update_type":"patch","path":"/hack/tools","pr_created_at":"2026-02-13T09:39:36.000Z","version_change":"0.155.2 → 0.155.3","issue":{"uuid":"3936264019","node_id":"PR_kwDOG2kQZs7Dgl6_","number":9216,"state":"open","title":"Bump github.com/gohugoio/hugo from 0.155.2 to 0.155.3 in /hack/tools","user":"dependabot[bot]","labels":["lgtm","release-note-none","ok-to-test","cncf-cla: yes","area/dependency","size/S","dependencies"],"assignees":["mbobrovskyi"],"locked":false,"comments_count":6,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-13T09:39:36.000Z","updated_at":"2026-02-13T09:42:52.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.155.2","new_version":"0.155.3","repository_url":"https://github.com/gohugoio/hugo"}],"path":"/hack/tools","ecosystem":"go"},"body":"Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.155.2 to 0.155.3.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.155.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ehugolib: Don't render default site redirect for non-primary isHTML output formats 6ac7d081 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14482\"\u003e#14482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eserver: Fix stuck server global error logging 24eb84f8 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14469\"\u003e#14469\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/evanw/esbuild from 0.27.2 to 0.27.3 95a36782 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot]\u003c/li\u003e\n\u003cli\u003eserver: Fix panic when the server browser error handler tried to use a config in a state of flux 9045797d \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14470\"\u003e#14470\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/8a858213b73907e823e2be2b5640a0ce4c04d295\"\u003e\u003ccode\u003e8a85821\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.155.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/6ac7d081d199325c098ac68281aeb6f8df97be52\"\u003e\u003ccode\u003e6ac7d08\u003c/code\u003e\u003c/a\u003e hugolib: Don't render default site redirect for non-primary isHTML output for...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/24eb84f8681bc86a40c2b737969fb9b8292f26b7\"\u003e\u003ccode\u003e24eb84f\u003c/code\u003e\u003c/a\u003e server: Fix stuck server global error logging\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/95a36782458e9b305d7d54c6d9feda264a5a5882\"\u003e\u003ccode\u003e95a3678\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/evanw/esbuild from 0.27.2 to 0.27.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/9045797d5f24d4c0f04f4f8ec9e15c9722100f2f\"\u003e\u003ccode\u003e9045797\u003c/code\u003e\u003c/a\u003e server: Fix panic when the server browser error handler tried to use a config...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/73641aeca107c26f53e9a0f76a141cdb43faf277\"\u003e\u003ccode\u003e73641ae\u003c/code\u003e\u003c/a\u003e releaser: Prepare repository for 0.156.0-DEV\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.155.2...v0.155.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo\u0026package-manager=go_modules\u0026previous-version=0.155.2\u0026new-version=0.155.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/kubernetes-sigs/kueue/pull/9216","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubernetes-sigs%2Fkueue/issues/9216","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9216/packages"}},{"old_version":"0.131.0","new_version":"0.155.3","update_type":"minor","path":null,"pr_created_at":"2026-02-09T13:23:11.000Z","version_change":"0.131.0 → 0.155.3","issue":{"uuid":"3916368380","node_id":"PR_kwDOMrdwEc7Ce2PU","number":773,"state":"closed","title":"chore: bump github.com/gohugoio/hugo from 0.131.0 to 0.155.3","user":"dependabot[bot]","labels":["stale","dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-21T02:33:33.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-09T13:23:11.000Z","updated_at":"2026-02-21T02:33:42.000Z","time_to_close":997822,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.131.0","new_version":"0.155.3","repository_url":"https://github.com/gohugoio/hugo"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.131.0 to 0.155.3.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.155.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ehugolib: Don't render default site redirect for non-primary isHTML output formats 6ac7d081 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14482\"\u003e#14482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eserver: Fix stuck server global error logging 24eb84f8 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14469\"\u003e#14469\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/evanw/esbuild from 0.27.2 to 0.27.3 95a36782 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot]\u003c/li\u003e\n\u003cli\u003eserver: Fix panic when the server browser error handler tried to use a config in a state of flux 9045797d \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14470\"\u003e#14470\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.155.2\u003c/h2\u003e\n\u003cp\u003eNote that the bug fix below is for the two new dimensions introduced in \u003ccode\u003ev0.153.0\u003c/code\u003e (version and role), multiple languages worked fine.  Also, changes to the first version and role also worked, which had me head-scratching for a while. Oh, well, enjoy.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix template change detection for multi-version sites 0f1c7d12 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14461\"\u003e#14461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eresources/image: Add some image decode/encode debug logging 6bd2bde9 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14337\"\u003e#14337\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14460\"\u003e#14460\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.155.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix image DecodeConfig regression of WebP images from file cache b5d43cdc \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14453\"\u003e#14453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eresources/images: Fix WebP useSharpYuv being ignored b1e1eede \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14449\"\u003e#14449\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etpl/tplimpl: Remove failing Twitter tests f522a728 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.155.0\u003c/h2\u003e\n\u003cp\u003eSome notable new things in this release are:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements to how \u003ca href=\"https://gohugo.io/methods/site/version/#article\"\u003eversions\u003c/a\u003e are handled: We now support version (and also for the other dimension) range queries (e.g. \u003ccode\u003e\u0026gt;= v1.0.0\u003c/code\u003e), and we now cache Go module version queries, which makes mounting multiple versions of the same GitHub repo with different version much more practical and enjoyable, se    \u003ca href=\"https://github.com/bep/hugo-testing-git-versions/blob/main/hugo.toml\"\u003ethis site and config\u003c/a\u003e for an annotated example.\u003c/li\u003e\n\u003cli\u003eWe finally have XMP and IPTC image metadata support, in addition to EXIF, see \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/13146\"\u003e#13146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePage \u003ccode\u003ealiases\u003c/code\u003e now works in multidimensional sites (e.g. multiple languages), and it is now much easier to create e.g. Netlify \u003ccode\u003e_redirects\u003c/code\u003e files that works in such setups.\u003c/li\u003e\n\u003cli\u003eThere are several performance related WebP improvements in this release.\u003c/li\u003e\n\u003cli\u003eAlso, image processing in general (e.g. resize operations) should be considerably more effective.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBreaking change\u003c/h2\u003e\n\u003cp\u003ePrior to v0.155.0, alias paths beginning with a slash (\u003ccode\u003e/\u003c/code\u003e) were treated as \u003ca href=\"https://gohugo.io/quick-reference/glossary/#server-relative\"\u003eserver-relative\u003c/a\u003e. In v0.155.0 and later, they are now \u003ca href=\"https://gohugo.io/quick-reference/glossary/#site-relative\"\u003esite-relative\u003c/a\u003e. This change only affects multilingual single-host projects that used alias paths beginning with a slash (\u003ccode\u003e/\u003c/code\u003e) to cross language boundaries. See \u003ca href=\"https://discourse.gohugo.io/t/alias-paths-in-v0-155-0-and-later/56674\"\u003edetails\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eNote\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake Page.Aliases more useful in multidimensional setups (note) ee91c707 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14402\"\u003e#14402\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/8a858213b73907e823e2be2b5640a0ce4c04d295\"\u003e\u003ccode\u003e8a85821\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.155.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/6ac7d081d199325c098ac68281aeb6f8df97be52\"\u003e\u003ccode\u003e6ac7d08\u003c/code\u003e\u003c/a\u003e hugolib: Don't render default site redirect for non-primary isHTML output for...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/24eb84f8681bc86a40c2b737969fb9b8292f26b7\"\u003e\u003ccode\u003e24eb84f\u003c/code\u003e\u003c/a\u003e server: Fix stuck server global error logging\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/95a36782458e9b305d7d54c6d9feda264a5a5882\"\u003e\u003ccode\u003e95a3678\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/evanw/esbuild from 0.27.2 to 0.27.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/9045797d5f24d4c0f04f4f8ec9e15c9722100f2f\"\u003e\u003ccode\u003e9045797\u003c/code\u003e\u003c/a\u003e server: Fix panic when the server browser error handler tried to use a config...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/73641aeca107c26f53e9a0f76a141cdb43faf277\"\u003e\u003ccode\u003e73641ae\u003c/code\u003e\u003c/a\u003e releaser: Prepare repository for 0.156.0-DEV\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/d8c0dfccf72ab43db2b2bca1483a61c8660021d9\"\u003e\u003ccode\u003ed8c0dfc\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.155.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/6bd2bde9d3c71525ae085d9cef18ea8a5f96e51c\"\u003e\u003ccode\u003e6bd2bde\u003c/code\u003e\u003c/a\u003e resources/image: Add some image decode/encode debug logging\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/0f1c7d12000f7db7f1f45366c2dc4355b1511d5f\"\u003e\u003ccode\u003e0f1c7d1\u003c/code\u003e\u003c/a\u003e Fix template change detection for multi-version sites\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/10352335e04c4779e101b6d40202dd90a170dda0\"\u003e\u003ccode\u003e1035233\u003c/code\u003e\u003c/a\u003e releaser: Prepare repository for 0.156.0-DEV\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.131.0...v0.155.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo\u0026package-manager=go_modules\u0026previous-version=0.131.0\u0026new-version=0.155.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/kehanzhang/athens-coder/pull/773","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kehanzhang%2Fathens-coder/issues/773","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/773/packages"}},{"old_version":"0.124.0","new_version":"0.155.3","update_type":"minor","path":null,"pr_created_at":"2026-02-09T13:20:46.000Z","version_change":"0.124.0 → 0.155.3","issue":{"uuid":"3916357336","node_id":"PR_kwDOLmBl1M7Cez2x","number":855,"state":"closed","title":"chore: bump github.com/gohugoio/hugo from 0.124.0 to 0.155.3","user":"dependabot[bot]","labels":["stale","dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-21T01:19:59.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-09T13:20:46.000Z","updated_at":"2026-02-21T01:20:08.000Z","time_to_close":993553,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore","packages":[{"name":"github.com/gohugoio/hugo","old_version":"0.124.0","new_version":"0.155.3","repository_url":"https://github.com/gohugoio/hugo"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.124.0 to 0.155.3.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gohugoio/hugo/releases\"\u003egithub.com/gohugoio/hugo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.155.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ehugolib: Don't render default site redirect for non-primary isHTML output formats 6ac7d081 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14482\"\u003e#14482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eserver: Fix stuck server global error logging 24eb84f8 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14469\"\u003e#14469\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/evanw/esbuild from 0.27.2 to 0.27.3 95a36782 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot]\u003c/li\u003e\n\u003cli\u003eserver: Fix panic when the server browser error handler tried to use a config in a state of flux 9045797d \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14470\"\u003e#14470\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.155.2\u003c/h2\u003e\n\u003cp\u003eNote that the bug fix below is for the two new dimensions introduced in \u003ccode\u003ev0.153.0\u003c/code\u003e (version and role), multiple languages worked fine.  Also, changes to the first version and role also worked, which had me head-scratching for a while. Oh, well, enjoy.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix template change detection for multi-version sites 0f1c7d12 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14461\"\u003e#14461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eresources/image: Add some image decode/encode debug logging 6bd2bde9 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14337\"\u003e#14337\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14460\"\u003e#14460\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.155.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix image DecodeConfig regression of WebP images from file cache b5d43cdc \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14453\"\u003e#14453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eresources/images: Fix WebP useSharpYuv being ignored b1e1eede \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14449\"\u003e#14449\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etpl/tplimpl: Remove failing Twitter tests f522a728 \u003ca href=\"https://github.com/jmooring\"\u003e\u003ccode\u003e@​jmooring\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.155.0\u003c/h2\u003e\n\u003cp\u003eSome notable new things in this release are:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements to how \u003ca href=\"https://gohugo.io/methods/site/version/#article\"\u003eversions\u003c/a\u003e are handled: We now support version (and also for the other dimension) range queries (e.g. \u003ccode\u003e\u0026gt;= v1.0.0\u003c/code\u003e), and we now cache Go module version queries, which makes mounting multiple versions of the same GitHub repo with different version much more practical and enjoyable, se    \u003ca href=\"https://github.com/bep/hugo-testing-git-versions/blob/main/hugo.toml\"\u003ethis site and config\u003c/a\u003e for an annotated example.\u003c/li\u003e\n\u003cli\u003eWe finally have XMP and IPTC image metadata support, in addition to EXIF, see \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/13146\"\u003e#13146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePage \u003ccode\u003ealiases\u003c/code\u003e now works in multidimensional sites (e.g. multiple languages), and it is now much easier to create e.g. Netlify \u003ccode\u003e_redirects\u003c/code\u003e files that works in such setups.\u003c/li\u003e\n\u003cli\u003eThere are several performance related WebP improvements in this release.\u003c/li\u003e\n\u003cli\u003eAlso, image processing in general (e.g. resize operations) should be considerably more effective.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBreaking change\u003c/h2\u003e\n\u003cp\u003ePrior to v0.155.0, alias paths beginning with a slash (\u003ccode\u003e/\u003c/code\u003e) were treated as \u003ca href=\"https://gohugo.io/quick-reference/glossary/#server-relative\"\u003eserver-relative\u003c/a\u003e. In v0.155.0 and later, they are now \u003ca href=\"https://gohugo.io/quick-reference/glossary/#site-relative\"\u003esite-relative\u003c/a\u003e. This change only affects multilingual single-host projects that used alias paths beginning with a slash (\u003ccode\u003e/\u003c/code\u003e) to cross language boundaries. See \u003ca href=\"https://discourse.gohugo.io/t/alias-paths-in-v0-155-0-and-later/56674\"\u003edetails\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eNote\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake Page.Aliases more useful in multidimensional setups (note) ee91c707 \u003ca href=\"https://github.com/bep\"\u003e\u003ccode\u003e@​bep\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/gohugoio/hugo/issues/14402\"\u003e#14402\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/8a858213b73907e823e2be2b5640a0ce4c04d295\"\u003e\u003ccode\u003e8a85821\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.155.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/6ac7d081d199325c098ac68281aeb6f8df97be52\"\u003e\u003ccode\u003e6ac7d08\u003c/code\u003e\u003c/a\u003e hugolib: Don't render default site redirect for non-primary isHTML output for...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/24eb84f8681bc86a40c2b737969fb9b8292f26b7\"\u003e\u003ccode\u003e24eb84f\u003c/code\u003e\u003c/a\u003e server: Fix stuck server global error logging\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/95a36782458e9b305d7d54c6d9feda264a5a5882\"\u003e\u003ccode\u003e95a3678\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/evanw/esbuild from 0.27.2 to 0.27.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/9045797d5f24d4c0f04f4f8ec9e15c9722100f2f\"\u003e\u003ccode\u003e9045797\u003c/code\u003e\u003c/a\u003e server: Fix panic when the server browser error handler tried to use a config...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/73641aeca107c26f53e9a0f76a141cdb43faf277\"\u003e\u003ccode\u003e73641ae\u003c/code\u003e\u003c/a\u003e releaser: Prepare repository for 0.156.0-DEV\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/d8c0dfccf72ab43db2b2bca1483a61c8660021d9\"\u003e\u003ccode\u003ed8c0dfc\u003c/code\u003e\u003c/a\u003e releaser: Bump versions for release of 0.155.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/6bd2bde9d3c71525ae085d9cef18ea8a5f96e51c\"\u003e\u003ccode\u003e6bd2bde\u003c/code\u003e\u003c/a\u003e resources/image: Add some image decode/encode debug logging\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/0f1c7d12000f7db7f1f45366c2dc4355b1511d5f\"\u003e\u003ccode\u003e0f1c7d1\u003c/code\u003e\u003c/a\u003e Fix template change detection for multi-version sites\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gohugoio/hugo/commit/10352335e04c4779e101b6d40202dd90a170dda0\"\u003e\u003ccode\u003e1035233\u003c/code\u003e\u003c/a\u003e releaser: Prepare repository for 0.156.0-DEV\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gohugoio/hugo/compare/v0.124.0...v0.155.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo\u0026package-manager=go_modules\u0026previous-version=0.124.0\u0026new-version=0.155.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Txim0520/https-github.com-coder-coder/pull/855","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Txim0520%2Fhttps-github.com-coder-coder/issues/855","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/855/packages"}}]}