chore: bump github.com/gohugoio/hugo from 0.147.0 to 0.160.1 by dependabot[bot] · Pull Request #694 · officialmofabs/codeserver

dependabot · 2026-04-13T11:51:22Z

Bumps github.com/gohugoio/hugo from 0.147.0 to 0.160.1.

Release notes

Sourced from github.com/gohugoio/hugo's releases.

v0.160.1

What's Changed

Fix panic when passthrough elements are used in headings 8b00030b @bep #14677

Fix panic on edit of legacy mapped template names that's also a valid path in the new setup c4855167 @bep #14740

Fix RenderShortcodes leaking context markers when indented 161d0d47 @bep #12457

Strip nested page context markers from standalone RenderShortcodes 45e45966 @bep #14732

Rename deprecated cascade._target to cascade.target in tests 58927aa1 @bep

Fix auto-creation of root sections in multilingual sites ce009e3a @bep #14681

readme: Fix links 07558724 @chicks-net

v0.160.0

Now you can inject CSS vars, e.g. from the configuration, into your stylesheets when building with css.Build. Also, now all the render hooks has a .Position method, now also more accurate and effective.

Bug fixes

Fix some recently introduced Position issues 4e91e14c @bep #14710

markup/goldmark: Fix double-escaping of ampersands in link URLs dc9b51d2 @bep #14715

tpl: Fix stray quotes from partial decorator in script context 43aad711 @bep #14711

Improvements

all: Replace NewIntegrationTestBuilder with Test/TestE/TestRunning 481baa08 @bep

tpl/css: Support @import "hugo:vars" for CSS custom properties in css.Build 5d09b5e3 @bep #14699

Improve and extend .Position handling in Goldmark render hooks 303e443e @bep #14663

markup/goldmark: Clean up test 638262ce @bep

Dependency Updates

build(deps): bump github.com/magefile/mage from 1.16.1 to 1.17.1 bf6e35a7 @dependabot[bot]

build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 0eda24e6 @dependabot[bot]

build(deps): bump golang.org/x/image from 0.37.0 to 0.38.0 beb57a68 @dependabot[bot]

Documentation

readme: Revise edition descriptions and installation instructions 9f1f1be0 @jmooring

v0.159.2

Note that the security fix below is not a potential threat if you either:

Trust your Markdown content files.

Have custom render hook template for links and images.

EDIT IN: This release also adds release archives for non-extended-withdeploy builds.

What's Changed

... (truncated)

Commits

d6bc816 releaser: Bump versions for release of 0.160.1
8b00030 Fix panic when passthrough elements are used in headings
c485516 Fix panic on edit of legacy mapped template names that's also a valid path in...
161d0d4 Fix RenderShortcodes leaking context markers when indented
45e4596 Strip nested page context markers from standalone RenderShortcodes
58927aa Rename deprecated cascade._target to cascade.target in tests
ce009e3 Fix auto-creation of root sections in multilingual sites
0755872 readme: Fix links
6b5554b releaser: Prepare repository for 0.161.0-DEV
652fc5a releaser: Bump versions for release of 0.160.0
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.147.0 to 0.160.1. - [Release notes](https://github.com/gohugoio/hugo/releases) - [Commits](gohugoio/hugo@v0.147.0...v0.160.1) --- updated-dependencies: - dependency-name: github.com/gohugoio/hugo dependency-version: 0.160.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

cloudflare-workers-and-pages · 2026-04-13T11:51:54Z

Deploying with Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
❌ Deployment failed View logs	codeserver	`862a513`	Apr 13 2026, 11:52 AM

socket-security · 2026-04-13T11:53:14Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Vulnerability
golang/golang.org/x/oauth2@v0.29.0 ⏵ v0.35.0	⁺¹
golang/github.com/aws/aws-sdk-go-v2@v1.36.3 ⏵ v1.41.1	⁺¹
golang/github.com/aws/smithy-go@v1.22.3 ⏵ v1.24.0	⁺¹
golang/golang.org/x/crypto@v0.39.0 ⏵ v0.49.0	⁺¹	⁺³
golang/golang.org/x/net@v0.41.0 ⏵ v0.52.0	⁺¹	⁺²
golang/github.com/gohugoio/hugo@v0.147.0 ⏵ v0.160.1	⁺¹	⁺²
golang/golang.org/x/tools@v0.33.0 ⏵ v0.43.0	⁺¹
golang/google.golang.org/grpc@v1.73.0 ⏵ v1.79.3	⁺¹	⁺⁷⁵
golang/google.golang.org/protobuf@v1.36.6 ⏵ v1.36.11	⁺¹
golang/go.opentelemetry.io/otel@v1.37.0 ⏵ v1.40.0	⁺¹
golang/golang.org/x/text@v0.26.0 ⏵ v0.35.0
golang/google.golang.org/api@v0.231.0 ⏵ v0.267.0	⁺¹
golang/golang.org/x/sys@v0.33.0 ⏵ v0.42.0
golang/github.com/aws/aws-sdk-go-v2/config@v1.29.14 ⏵ v1.32.2
golang/github.com/stretchr/testify@v1.10.0 ⏵ v1.11.1	⁺¹
golang/golang.org/x/mod@v0.25.0 ⏵ v0.34.0
golang/github.com/spf13/pflag@v1.0.6 ⏵ v1.0.10
golang/github.com/go-jose/go-jose/v4@v4.1.0 ⏵ v4.1.4		⁺¹⁶
golang/cloud.google.com/go/compute/metadata@v0.7.0 ⏵ v0.9.0	⁺¹
golang/go.opentelemetry.io/otel/sdk@v1.37.0 ⏵ v1.40.0	⁺¹	⁺⁶
golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.35.0 ⏵ v1.38.0	⁺¹
golang/golang.org/x/sync@v0.15.0 ⏵ v0.20.0
golang/github.com/prometheus/client_model@v0.6.1 ⏵ v0.6.2
golang/go.opentelemetry.io/otel/trace@v1.37.0 ⏵ v1.40.0	⁺¹
golang/golang.org/x/term@v0.32.0 ⏵ v0.41.0	⁺¹
golang/github.com/aws/aws-sdk-go-v2/feature/rds/auth@v1.5.1 ⏵ v1.6.14
golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.35.0 ⏵ v1.38.0

View full report

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Apr 13, 2026

dependabot bot mentioned this pull request Apr 13, 2026

chore: bump github.com/gohugoio/hugo from 0.147.0 to 0.160.0 #687

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: bump github.com/gohugoio/hugo from 0.147.0 to 0.160.1#694

chore: bump github.com/gohugoio/hugo from 0.147.0 to 0.160.1#694
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/go_modules/github.com/gohugoio/hugo-0.160.1

dependabot bot commented on behalf of github Apr 13, 2026

Uh oh!

cloudflare-workers-and-pages bot commented Apr 13, 2026 •

edited

Loading

Uh oh!

socket-security bot commented Apr 13, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Apr 13, 2026

v0.160.1

What's Changed

v0.160.0

Bug fixes

Improvements

Dependency Updates

Documentation

v0.159.2

What's Changed

Uh oh!

cloudflare-workers-and-pages bot commented Apr 13, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Deploying with Cloudflare Workers

Uh oh!

socket-security bot commented Apr 13, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

cloudflare-workers-and-pages bot commented Apr 13, 2026 •

edited

Loading