Bump github.com/gohugoio/hugo from 0.138.0 to 0.140.0

[dependabot]

Bumps github.com/gohugoio/hugo from 0.138.0 to 0.140.0.

Release notes

Sourced from github.com/gohugoio/hugo's releases.

v0.140.0

The big new feature in this release is js.Batch – this enables JavaScript bundle groups (e.g. scripts per section) with global code splitting and flexible hooks/runners setup.

Bug fixes

• Fix panic on server rebuilds when using both base templates and template.Defer a5e5be234 @​bep #12963
• js: Fix js.Batch for multihost setups 565c30eac @​bep #13151
• parser/pageparser: Fix Org Mode summary delimiter assignment 48dd6a918 @​jmooring #13152
• Fix a rebuild on resource rename case 744b8566e @​bep
• tpl/tplimpl: Fix title attribute in details shortcode a32c889a7 @​jmooring
• Fix Sass imports on the form index.{scss,sass} 5ab38de36 @​bep #13123
• markup/goldmark: Fix blockquote render hook text parsing 34373407b @​jmooring #12913 #13119

Improvements

• js/esbuild: Add missing es2024 target 5c80cb0d2 @​bep
• js/esbuild: Add runners after scripts 7de5317ae @​bep
• js/esbuild: Batch: Avoid nil Instances slice 4cbd4ef99 @​bep
• tpl/tplimpl: Update youtube shortcode 852d86854 @​jmooring
• tpl/tplimpl: Update details shortcode 1e34e5b26 @​jmooring
• tpl/collections: Allow querify to accept a map argument 641d2616c @​jmooring #13131
• js/esbuild: Build groups in order of their ID a834bb9f7 @​bep
• tpl/tplimpl: Add details shortcode 4f130f6e4 @​racehd
• Write all logging (INFO, WARN, ERROR) to stderr 9dfa11261 @​bep #13074
• js/esbuild: Add platform option ec1933f79 @​bep #13136
• Add config option disableDefaultLanguageRedirect 75ad9cdaa @​bep #13133
• Add js.Batch e293e7ca6 @​bep #12626 #7499 #9978 #12879 #13113 #13116
• Upgrade to Go 1.23.4 6be253000 @​bep #13130
• Remove some old and unused shell scripts 989b299b5 @​bep

Dependency Updates

• build(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 157d86414 @​dependabot[bot]
• build(deps): bump golang.org/x/tools from 0.27.0 to 0.28.0 947e4e66b @​dependabot[bot]
• build(deps): bump github.com/hairyhenderson/go-codeowners 5f897868c @​dependabot[bot]
• build(deps): bump golang.org/x/net from 0.31.0 to 0.32.0 7b6921848 @​dependabot[bot]

v0.139.5

This is a release created for technical reasons, see gohugoio/hugo#13147

It's the same as https://github.com/gohugoio/hugo/releases/tag/v0.139.4 -- go there for release archives.

v0.139.4

This release contains a security fix. See this Security Advisory for details. Note that this is only relevant if you don't trust your content (e.g. Markdown) files.

What's Changed

• tpl/tplimpl: Escape Markdown attributes in render hooks and shortcodes 54398f8d5 @​jmooring

... (truncated)

Commits

• 3f35721 releaser: Bump versions for release of 0.140.0
• 5c80cb0 js/esbuild: Add missing es2024 target
• a5e5be2 Fix panic on server rebuilds when using both base templates and template.Defer
• 565c30e js: Fix js.Batch for multihost setups
• 48dd6a9 parser/pageparser: Fix Org Mode summary delimiter assignment
• 744b856 Fix a rebuild on resource rename case
• 7de5317 js/esbuild: Add runners after scripts
• 4cbd4ef js/esbuild: Batch: Avoid nil Instances slice
• a32c889 tpl/tplimpl: Fix title attribute in details shortcode
• 852d868 tpl/tplimpl: Update youtube shortcode
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[per1234]

See the review on the previous bump PR:

#142 (review)

[dependabot]

Superseded by #153.