Hugo

The only change in this release is that the release binaries are compiled with [Go 1.21.5](https://github.com/golang/go/issues?q=milestone%3AGo1.21.5+label%3ACherryPickApproved) which contains some [security fixes](https://groups.google.com/g/golang-announce/c/iLGK3x6yuNo) that are relevant for Hugo.

* Upgrade to Go 1.21.5 eb9f1eb65 bep 11786

There are some minor new features in this release, but it's mostly a release with bug fixes and dependency updates. One notable dependency update is [libweb v1.3.2](https://github.com/webmproject/libwebp/releases/tag/v1.3.2) which comes with a security fix for the Webp _decoder_ (chromium: #1479274, CVE-2023-4863). Hugo only uses the encoder (we use Go's native Webp decoder) so we're not affected by this, but we have been contacted by some corporate Hugo users who's eager to have a clean security report.

Notes

* [kin-openapi v0.122.0](https://github.com/getkin/kin-openapi#v01220) has some minor breaking API changes which, from Hugo's side of it, can be adapted by using the new `.Map` accessors if you get an error.

Bug fixes and enhancements

* github: Fix CI build on Windows 6d4b01241 bep
* Fix handling of dropped error in test 26a8ec207 alrs
* resources/resource: Fix GroupByParamDate with raw TOML dates dd6cd6268 jmooring 11563
* helpers: Fix TrimShortHTML used by markdownify and RenderString 0bde6931a jmooring 11698
* Pull in the latest code from Go's template packages (11771) 9f978d387 bep 10707 11507
* tpl: Allow using page resources on the images page parameter for `opengraph`, `schema` and `twitter_cards` templates 14d85ec13 razonyang
* hugolib: Apply titleCaseStyle to automatic section pages 171836cdf jmooring 11547
* tpl/urls: Retain query and fragment with absURL and absLangURL 9ea7103db jmooring 11772
* markup: Add Level to Heading struct 3fc42da3d jmooring 10776
* tpl/fmt: Print suppression help with erroridf d24da1712 jmooring 11506
* tpl/transform: Display Chroma highlighting errors 4583b4130 jmooring 9642
* common/para: Skip flaky test on CI e2a624dd6 bep
* watcher: Skip flaky test for now 30a18e882 bep
* tpl/transform: Add transform.XMLEscape template function b4c5df42f jmooring 3268
* tpl/tplimpl: Remove superfluous type attr on script elements 8d32ca223 jmooring 6379
* common/para: Skip flaky tests on Windows 27620daa2 bep
* navigation: Unexport menu entry methods 80d2fdbaa jmooring 11670
* markup/goldmark: Sync image render hook code with Goldmark 805cc1773 jmooring 11681

Dependency Updates

* build(deps): bump github.com/alecthomas/chroma/v2 from 2.11.1 to 2.12.0 558f3258a dependabot[bot]
* build(deps): bump github.com/tdewolff/minify/v2 from 2.20.8 to 2.20.9 507f4e356 dependabot[bot]
* build(deps): bump github.com/spf13/cast from 1.5.1 to 1.6.0 a7e721e02 dependabot[bot]
* build(deps): bump github.com/getkin/kin-openapi from 0.121.0 to 0.122.0 2627b91d3 dependabot[bot]
* build(deps): bump golang.org/x/image from 0.13.0 to 0.14.0 e536d461a dependabot[bot]
* deps: Update github.com/tdewolff/minify/v2 v2.20.7 => v2.20.8 bfc325f56 jmooring 5748
* build(deps): bump github.com/spf13/afero from 1.10.0 to 1.11.0 36a60f65d dependabot[bot]
* build(deps): bump github.com/evanw/esbuild from 0.19.7 to 0.19.8 de2fcc5e1 dependabot[bot]
* build(deps): bump google.golang.org/api from 0.151.0 to 0.152.0 9ca889ba4 dependabot[bot]
* deps: Upgrade to libwebp 1.3.2 4fb40ee87 bep 11746
* build(deps): bump github.com/aws/aws-sdk-go from 1.48.4 to 1.48.6 bc93a3613 dependabot[bot]
* build(deps): bump golang.org/x/tools from 0.15.0 to 0.16.0 3e5bc6f3b dependabot[bot]
* build(deps): bump github.com/getkin/kin-openapi from 0.120.0 to 0.121.0 7c47036f1 dependabot[bot]
* build(deps): bump github.com/bep/logg from 0.3.0 to 0.4.0 4d07e1fe8 dependabot[bot]
* deps: Upgrade to github.com/bep/simplecobra v0.4.0 1c41232e6 bep
* build(deps): bump github.com/aws/aws-sdk-go from 1.48.2 to 1.48.4 f11ca0fad dependabot[bot]
* build(deps): bump golang.org/x/tools from 0.14.0 to 0.15.0 d7a2f3f98 dependabot[bot]
* build(deps): bump github.com/gorilla/websocket from 1.5.0 to 1.5.1 ef12d169c dependabot[bot]
* build(deps): bump github.com/fatih/color from 1.15.0 to 1.16.0 a62bbfa9e dependabot[bot]
* build(deps): bump golang.org/x/net from 0.17.0 to 0.18.0 5887230b7 dependabot[bot]
* build(deps): bump github.com/evanw/esbuild from 0.19.5 to 0.19.7 a4a66b821 dependabot[bot]
* build(deps): bump github.com/alecthomas/chroma/v2 from 2.10.0 to 2.11.1 813390b5a dependabot[bot]
* build(deps): bump github.com/tdewolff/minify/v2 from 2.20.5 to 2.20.7 d528bbd6d dependabot[bot]
* build(deps): bump google.golang.org/api from 0.138.0 to 0.151.0 af7f6c8b3 dependabot[bot]
* build(deps): bump github.com/aws/aws-sdk-go from 1.45.14 to 1.48.2 (11724) e70849ea7 dependabot[bot] 11723

Documentation

* docs: Regen docshelper 255e0a971 bep
* docs: Adjust last merge from docs repository 6580cd30a jmooring
* docs: Regen docs helper 7617de86c bep

The only change in this release is that the release binaries are compiled with Go 1.21.4 which comes with a security fix for Windows that may be relevant for Hugo. See:

* https://github.com/golang/go/issues?q=milestone%3AGo1.21.4+label%3ACherryPickApproved
* Especially golang/go63715

What's Changed

* Upgrade to go 1.21.4 9315a2d2c bep 11685

What's Changed

* tpl/tplimpl: Fix deprecation logic in embedded templates cb98e9061 jmooring 11658
* Remove some old and unused deprecation code 5fa97ee96 bep
* Add a field prefix to the deprecated log statements 4d38f4725 bep
* Avoid double printing INFO deprecation messages 80f793c38 bep 11645
* build(deps): bump github.com/tdewolff/parse/v2 from 2.7.1 to 2.7.3 a9079d7a6 dependabot[bot]
* build(deps): bump github.com/tdewolff/minify/v2 from 2.20.1 to 2.20.5 4914b7f18 dependabot[bot]

What's Changed

* Fix deprecation printing on info level ab2143368 bep 11638
* tpl/tplimpl: Fix deprecation logic in RSS template 23fcfb7f7 jmooring 11639

What's Changed

* deps: Update github.com/tdewolff/minify/v2 v2.20.0 => v2.20.1 2bedcf3d1 jmooring 11633