chore(deps): update dependency gohugoio/hugo to v0.91.0 #28

Merged
xoxys merged 1 commits from renovate/gohugoio-hugo-0.x into main 2021-12-21 09:06:12 +01:00
Member

This PR contains the following updates:

Package Update Change
gohugoio/hugo minor v0.90.1 -> v0.91.0

Release Notes

gohugoio/hugo

v0.91.0

Compare Source

Hugo 0.91.0 is mostly on the boring and technical side. See the list of changes below, but especially note the fix that allows passing falsy arguments to partials with the return keyword (5758c37 #​7528), thanks to @​ptgott.

Notes

This release contains some changes that may break your build:

Use resources.GetRemote to fetch remote resources

In Hugo 0.90 we added remote support to resources.Get. In hindsight it was not a great idea use the same method for both, as a poll from many Hugo users showed. See Issue #​9285 for more details. This release introduces resources.GetRemote which you need to use for remote resources. The example we showed in the release notes for 0.90.0 will now look like:

{{ $font := resources.GetRemote "https://github.com/google/fonts/raw/main/apache/roboto/static/Roboto-Black.ttf" }}
{{ $img := resources.GetRemote "https://gohugo.io/images/gohugoio-card-1.png" }}
{{ $img = $img | images.Filter (images.Text 
                        "Rocks!!!" 
                        (dict 
                            "color" "#E6B405" 
                            "size" 100
                            "lineSpacing" 8 
                            "x" 400 "y" 320
                            "font" $font))
                     
}}

If you want to fetch any resource not having to consider where it lives, you can use a construct similar to the below:

{{ resource := "" }}
{{ if (urls.Parse $url).IsAbs }}
 {{ $resource = resources.GetRemote $url }}
{{ else }}
 {{ $resource = resources.Get $url }}
{{ end }}
New Security Configuration

This release also adds some new security hardening measures for the Hugo build runtime in the form of a new security configuration. There are some rarely used features in Hugo that would be good to have disabled by default. One example would be the "external helpers".

For asciidoctor and some others we use Go's os/exec package to start a new process. These are a predefined set of binary names, all loaded from PATH and with a predefined set of arguments. Still, if you don't use asciidoctor in your project, you might as well have it turned off.

You can configure this in the new security configuration section. The defaults are configured to create a minimal amount of site breakage, but if that do happen, you will get clear instructions in the console about what to do.

The default configuration is listed below. Note that almost all of these options are regular expression whitelists (a string or a slice); the value none will block all.

[security]
  enableInlineShortcodes = false
  [security.exec]
    allow = ['^dart-sass-embedded$', '^go$', '^npx$', '^postcss$']
    osEnv = ['(?i)^(PATH|PATHEXT|APPDATA|TMP|TEMP|TERM)$']

  [security.funcs]
    getenv = ['^HUGO_']

  [security.http]
    methods = ['(?i)GET|POST']
    urls = ['.*']

You can read more about it in Hugo's Security Model

Numbers

This release represents 23 contributions by 5 contributors to the main Hugo code base.@​bep leads the Hugo development with a significant amount of contributions, but also a big shoutout to @​jmooring, @​ptgott, and @​jansorg for their ongoing contributions.
And thanks to @​digitalcraftsman for his ongoing work on keeping the themes site in pristine condition.

Many have also been busy writing and fixing the documentation in hugoDocs,
which has received 18 contributions by 2 contributors.

Hugo now has:

Changes


Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [gohugoio/hugo](https://github.com/gohugoio/hugo) | minor | `v0.90.1` -> `v0.91.0` | --- ### Release Notes <details> <summary>gohugoio/hugo</summary> ### [`v0.91.0`](https://github.com/gohugoio/hugo/releases/v0.91.0) [Compare Source](https://github.com/gohugoio/hugo/compare/v0.90.1...v0.91.0) Hugo `0.91.0` is mostly on the boring and technical side. See the list of changes below, but especially note the fix that allows passing *falsy* arguments to partials with the `return` keyword ([`5758c37`](https://github.com/gohugoio/hugo/commit/5758c370) [#&#8203;7528](https://github.com/gohugoio/hugo/issues/7528)), thanks to [@&#8203;ptgott](https://github.com/ptgott). ##### Notes This release contains some changes that may break your build: ##### Use resources.GetRemote to fetch remote resources In Hugo 0.90 we added remote support to `resources.Get`. In hindsight it was not a great idea use the same method for both, as a poll from many Hugo users showed. See Issue [#&#8203;9285](https://github.com/gohugoio/hugo/issues/9285) for more details. This release introduces `resources.GetRemote` which you need to use for remote resources. The example we showed in the release notes for `0.90.0` will now look like: ```htmlbars {{ $font := resources.GetRemote "https://github.com/google/fonts/raw/main/apache/roboto/static/Roboto-Black.ttf" }} {{ $img := resources.GetRemote "https://gohugo.io/images/gohugoio-card-1.png" }} {{ $img = $img | images.Filter (images.Text "Rocks!!!" (dict "color" "#E6B405" "size" 100 "lineSpacing" 8 "x" 400 "y" 320 "font" $font)) }} ``` If you want to fetch any resource not having to consider where it lives, you can use a construct similar to the below: ```htmlbars {{ resource := "" }} {{ if (urls.Parse $url).IsAbs }} {{ $resource = resources.GetRemote $url }} {{ else }} {{ $resource = resources.Get $url }} {{ end }} ``` ##### New Security Configuration This release also adds some new security hardening measures for the Hugo build runtime in the form of a new `security` configuration. There are some rarely used features in Hugo that would be good to have disabled by default. One example would be the "external helpers". For `asciidoctor` and some others we use Go's `os/exec` package to start a new process. These are a predefined set of binary names, all loaded from `PATH` and with a predefined set of arguments. Still, if you don't use `asciidoctor` in your project, you might as well have it turned off. You can configure this in the new `security` configuration section. The defaults are configured to create a minimal amount of site breakage, but if that do happen, you will get clear instructions in the console about what to do. The default configuration is listed below. Note that almost all of these options are regular expression *whitelists* (a string or a slice); the value `none` will block all. ```toml [security] enableInlineShortcodes = false [security.exec] allow = ['^dart-sass-embedded$', '^go$', '^npx$', '^postcss$'] osEnv = ['(?i)^(PATH|PATHEXT|APPDATA|TMP|TEMP|TERM)$'] [security.funcs] getenv = ['^HUGO_'] [security.http] methods = ['(?i)GET|POST'] urls = ['.*'] ``` You can read more about it in [Hugo's Security Model](https://gohugo.io/about/security-model/) #### Numbers This release represents **23 contributions by 5 contributors** to the main Hugo code base.[@&#8203;bep](https://github.com/bep) leads the Hugo development with a significant amount of contributions, but also a big shoutout to [@&#8203;jmooring](https://github.com/jmooring), [@&#8203;ptgott](https://github.com/ptgott), and [@&#8203;jansorg](https://github.com/jansorg) for their ongoing contributions. And thanks to [@&#8203;digitalcraftsman](https://github.com/digitalcraftsman) for his ongoing work on keeping the themes site in pristine condition. Many have also been busy writing and fixing the documentation in [hugoDocs](https://github.com/gohugoio/hugoDocs), which has received **18 contributions by 2 contributors**. Hugo now has: - 55860+ [stars](https://github.com/gohugoio/hugo/stargazers) - 430+ [contributors](https://github.com/gohugoio/hugo/graphs/contributors) - 415+ [themes](http://themes.gohugo.io/) #### Changes - docs: Regen docs helper [`6df2f08`](https://github.com/gohugoio/hugo/commit/6df2f080) [@&#8203;bep](https://github.com/bep) - tpl/resources: Add empty method mapping for GetRemote [`b84745d`](https://github.com/gohugoio/hugo/commit/b84745d4) [@&#8203;bep](https://github.com/bep) - Always use content to resolve content type in resources.GetRemote [`4495449`](https://github.com/gohugoio/hugo/commit/44954497) [@&#8203;bep](https://github.com/bep) [#&#8203;9302](https://github.com/gohugoio/hugo/issues/9302) [#&#8203;9301](https://github.com/gohugoio/hugo/issues/9301) - Add resources.GetRemote [`22ef5da`](https://github.com/gohugoio/hugo/commit/22ef5da2) [@&#8203;bep](https://github.com/bep) [#&#8203;9285](https://github.com/gohugoio/hugo/issues/9285) [#&#8203;9296](https://github.com/gohugoio/hugo/issues/9296) - Allow for return partials with falsy arguments ([#&#8203;9298](https://github.com/gohugoio/hugo/issues/9298)) [`5758c37`](https://github.com/gohugoio/hugo/commit/5758c370) [@&#8203;ptgott](https://github.com/ptgott) [#&#8203;7528](https://github.com/gohugoio/hugo/issues/7528) - deps: Upgrade github.com/evanw/esbuild v0.14.2 => v0.14.5 [`8ee6de6`](https://github.com/gohugoio/hugo/commit/8ee6de6d) [@&#8203;bep](https://github.com/bep) - don't use path.Join, because it cleans the final path [`a4b9f1a`](https://github.com/gohugoio/hugo/commit/a4b9f1a9) [@&#8203;jansorg](https://github.com/jansorg) - Add some basic security policies with sensible defaults [`f4389e4`](https://github.com/gohugoio/hugo/commit/f4389e48) [@&#8203;bep](https://github.com/bep) - Simplify Babel test assertions [`803f572`](https://github.com/gohugoio/hugo/commit/803f572e) [@&#8203;bep](https://github.com/bep) - Improve handling of remote image/jpeg resources ([#&#8203;9278](https://github.com/gohugoio/hugo/issues/9278)) [`a037be7`](https://github.com/gohugoio/hugo/commit/a037be77) [@&#8203;jmooring](https://github.com/jmooring) [#&#8203;9275](https://github.com/gohugoio/hugo/issues/9275) - Fix Dockerfile [`8a00553`](https://github.com/gohugoio/hugo/commit/8a005538) [@&#8203;hitzhangjie](https://github.com/hitzhangjie) [#&#8203;9261](https://github.com/gohugoio/hugo/issues/9261) - Remove debug statement [`657d027`](https://github.com/gohugoio/hugo/commit/657d0272) [@&#8203;jmooring](https://github.com/jmooring) - Fix deprecation notice [`159120c`](https://github.com/gohugoio/hugo/commit/159120cd) [@&#8203;bep](https://github.com/bep) - releaser: Prepare repository for 0.91.0-DEV [`3f0d49e`](https://github.com/gohugoio/hugo/commit/3f0d49e5) [@&#8203;bep](https://github.com/bep) - releaser: Bump versions for release of 0.90.1 [`4890788`](https://github.com/gohugoio/hugo/commit/48907889) [@&#8203;bep](https://github.com/bep) - releaser: Add release notes for 0.90.1 \[ci skip] [`3075eaa`](https://github.com/gohugoio/hugo/commit/3075eaa3) [@&#8203;bep](https://github.com/bep) - Remove the retries on error in remote resources.Get [`3bc6830`](https://github.com/gohugoio/hugo/commit/3bc68304) [@&#8203;bep](https://github.com/bep) [#&#8203;9271](https://github.com/gohugoio/hugo/issues/9271) - Allow user to handle/ignore errors in resources.Get [`e4d6ec9`](https://github.com/gohugoio/hugo/commit/e4d6ec94) [@&#8203;bep](https://github.com/bep) [#&#8203;9529](https://github.com/gohugoio/hugo/issues/9529) - Make resource.Get return nil on 404 not found [`6260455`](https://github.com/gohugoio/hugo/commit/6260455b) [@&#8203;bep](https://github.com/bep) [#&#8203;9267](https://github.com/gohugoio/hugo/issues/9267) - Update to Go 1.17.5 [`c397975`](https://github.com/gohugoio/hugo/commit/c397975a) [@&#8203;bep](https://github.com/bep) [#&#8203;9269](https://github.com/gohugoio/hugo/issues/9269) - Update to Go 1.17.4 and remove timeout in resources.Get [`965a6cb`](https://github.com/gohugoio/hugo/commit/965a6cbf) [@&#8203;bep](https://github.com/bep) [#&#8203;9265](https://github.com/gohugoio/hugo/issues/9265) </details> --- ### Configuration 📅 **Schedule**: At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox. --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
renovator added 1 commit 2021-12-17 13:01:50 +01:00
xoxys merged commit 01f4574925 into main 2021-12-21 09:06:12 +01:00
xoxys deleted branch renovate/gohugoio-hugo-0.x 2021-12-21 09:06:12 +01:00
Sign in to join this conversation.
No reviewers
No Label
No Milestone
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: container/hugo#28
No description provided.