chore(deps): update dependency gohugoio/hugo to v0.152.2 in .github/workflows/test.yml

[renovate]

This PR contains the following updates:

Package	Update	Change	OpenSSF
gohugoio/hugo	minor	0.151.0 -> 0.152.2

---

Release Notes

gohugoio/hugo (gohugoio/hugo)

v0.152.2

Compare Source

In v0.152.0 we tightened the source validation for file mounts. We always said that project mounts can mount with absolute file/directorynames, modules/themes are restricted to relative. In v0.152.0 we narrowed module/themes mounts to be local, which made the setup in the bug report listed below fail:

[[module.mounts]]
source = '../../node_modules/bootstrap'
target = 'assets/vendor/bootstrap'

One part of this is security. But the construct above is usually very odd (the project uses files in a theme/module, not the other way around) and not very portable. But the example above demonstrates a valid exception, that we now have added support for in a portable way. The above example now works as it did before v0.152.0, but going forward you can also write:

[[module.mounts]]
source = 'node_modules/bootstrap'
target = 'assets/vendor/bootstrap'

We now have the node_modules as a special case: For themes/modules we first check if the mounted source exists locally, if not we try relative to the project root.

What's Changed

• deps: Update github.com/tdewolff/minify v2.24.4 => v2.24.5 1c8c21e @​jmooring #​14086
• hugofs: Make node_modules a "special case" mount 809ebe0 @​bep #​14089
• github: Fix typo in stale PR message 08a0679 @​jordelver

v0.152.1

Compare Source

These fixes are are all related to the YAML library upgrade in v0.152.0.

• Expand the numeric conversions to template funcs/methods e08278d @​bep #​14079
• Fix where with uint64 df4f80d @​bep #​14081
• Fix it so YAML integer types can be used where Go int types are expected d4c7888 @​bep #​14079
• tpl/compare: Fix compare/sort of uint64s 29e2c2f @​bep #​14078
• Fix "assignment to entry in nil map" on empty YAML config files 0579afc @​bep #​14074

v0.152.0

Compare Source

The big new thing and the motivation behind this release is the upgrade to a more modern YAML library in @​goccy 's github.com/goccy/go-yaml. It's been a surprisingly long and winding road to get here. Note that this upgrade comes with some minor breaking changes, most notably that the old YAML 1.1 spec listed a set of strings that, when unquoted, were treated as boolean true or false. So if you're using any of the values in the table below as booleans, you need to adjust your YAML, but I suspect that fixing this very surprising behavior will fix more issues than it introduces. A big new thing with this new YAML library is the support for YAML anchors and aliases which helps to reduce duplication in e.g. your configuration. There are some examples in Hugo's release build configuration and in the Hugo's CI release setup.

Values	Old meaning	New meaning
yes, Yes, YES, y, Y, on, On, ON	true (bool)	yes, Yes, YES, y, Y, on, On, ON (string)
no, No, NO, n, N, off, Off, OFF	false (bool)	no, No, NO, n, N, off, Off, OFF (string)

Note

• Replace to gopkg.in/yaml with github.com/goccy/go-yaml (note) a3d9548 @​bep #​8822 #​13043 #​14053

Improvements

• config: Clone language map entries before modifying them a130770 @​bep #​14072
• Skip flaky test for now 9425b93 @​bep #​14072
• Misc YAML adjustments bd50c9c @​bep #​14067
• hugofs: Make sure that non-project module mounts are local paths a8e0ca9 @​bep #​14069
• langs/i18n: Improve reserved key error message 559a029 @​jmooring #​14061
• langs: Add test case using a "reserved" i18n code 5bad0d5 @​bep #​14061

Dependency Updates

• deps: Upgrade github.com/gohugoio/go-i18n/v2 184b10e @​bep
• build(deps): bump github.com/tdewolff/minify/v2 from 2.24.3 to 2.24.4 9e344bb @​dependabot[bot]

Build Setup

• Merge branch 'release-0.151.2' d51adca @​bep

v0.151.2

Compare Source

What's Changed

• parser/pageparser: Add a testcase for nested shortcodes of the same name 989454a @​bep #​14054
• parser/pageparser: Fix shortcode nesting regression 1e91e46 @​bep #​14054

v0.151.1

Compare Source

This release is mostly motivated by some upstream security fixes:

• Upgrade from Go 1.25.1 to Go 1.25.3 which comes with 10 security fixes.
• Go's net/html package also has one security patch

I, @​bep, have inspected the above issues, and none of them seem to be relevant for Hugo, but we understand that many want to have a clean security report.

Bug fixes

• tpl: Fix strings/truncate CJK handling 88aea56 @​oishikazuo #​14039
• parser/pagerparser: Fix closing shortcode error handling when repeated a133393 @​bep

Improvements

• Upgrade Go to 1.25.3 e2fb0b0 @​bep
• create/skeletons: Wrap section and home lists with section tags 29cf874 @​imomaliev
• markup/goldmark: Align blockquote default output with Goldmark 1b4dd43 @​jmooring #​14046
• parser/pageparser: Store shortcode names as unique.Handle[string] to save memory allocations 4414ef7 @​bep
• testscripts: Make test assertion less specific 9197deb @​bep

Dependency Updates

• build(deps): bump github.com/gohugoio/hashstructure from 0.5.0 to 0.6.0 f4c1157 @​dependabot[bot]
• build(deps): bump golang.org/x/image from 0.30.0 to 0.32.0 54075ac @​dependabot[bot]
• build(deps): bump github.com/evanw/esbuild from 0.25.10 to 0.25.11 8b52303 @​dependabot[bot]
• build(deps): bump golang.org/x/tools from 0.37.0 to 0.38.0 3d45d30 @​dependabot[bot]
• build(deps): bump golang.org/x/mod from 0.28.0 to 0.29.0 095157c @​dependabot[bot]

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[cloudflare-workers-and-pages]

Deploying crs-documentation with    Cloudflare Pages

Latest commit:	14b7f6c
Status:	✅  Deploy successful!
Preview URL:	https://008613aa.documentation-km5.pages.dev
Branch Preview URL:	https://renovate-all-minor-patch.documentation-km5.pages.dev

View logs