chore: bump github.com/gohugoio/hugo from 0.147.0 to 0.154.2

[dependabot]

Bumps github.com/gohugoio/hugo from 0.147.0 to 0.154.2.

Release notes

Sourced from github.com/gohugoio/hugo's releases.

v0.154.2

What's Changed

• Fix alpha/fuzzy border issue with new webp decoder for images with with transparent background e9b9b36f @​bep #14339

v0.154.1

What's Changed

• Add WASM licensing information to README 8f3527f6 @​bep
• Fix partial decorator detection in partial with blocks with outer range break or continue 09048aad @​bep #14333

v0.154.0

Hugo v0.154.0 is the 14th release this year (not counting patch releases) and introduces partial decorators, or “partials with a twist.” This is a very powerful construct that I, @​bep, have always wanted to have in Hugo, but I could never wrap my head around an implementation. Until now.

A small and not very useful example:

{{ with partial "b.html" "World" }}Hello {{ . }}{{ end }}
{{ define "_partials/b.html" }}<b>{{ inner . }}</b>{{ end }}

The above renders to:

<b>Hello World</b>

• The new inner keyword can be used zero or more times in a partial template, typically with different data (e.g. pages in a range), and its presence signals a reversal of the execution -- the callee becomes the caller.
• Decorators can be deeply nested, see this PR for an example.

This release also brings some new utility funcs in the reflect package to identify the core types in Hugo. For example, to identify an processable image hasn't been trivial, now it is:

{{ $obj := . }}
{{ if reflect.IsResource $obj }}
   {{ if reflect.IsImageResource $obj }}
        // It has width/height and we can process it.
   {{ else }}
       // Just link to it.
   {{ end }}
{{ end }}

Bug fixes

• tpl/collections: Fix apply to work with built-in funcs like len 5c7fad23 @​bep #13418
• Revert "resources/page: Fix slugorcontentbasename for section pages" bf1d20d7 @​bep #14104 #14325

... (truncated)

Commits

• f66d094 releaser: Bump versions for release of 0.154.2
• e9b9b36 Fix alpha/fuzzy border issue with new webp decoder for images with with trans...
• b8a2c10 snap: Limit build platforms to amd64, arm64, ppc64el, and s390x
• 601df38 snap: Update to core 24
• 3bed212 releaser: Prepare repository for 0.155.0-DEV
• e2fd676 releaser: Bump versions for release of 0.154.1
• 8f3527f Add WASM licensing information to README
• 09048aa Fix partial decorator detection in partial with blocks with outer range break...
• f42c422 releaser: Prepare repository for 0.155.0-DEV
• 0b71db2 releaser: Bump versions for release of 0.154.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
❌ Deployment failed View logs	codeserver	73e0e22	Jan 05 2026, 12:15 PM

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	golang/​golang.org/​x/​oauth2@​v0.29.0 ⏵ v0.32.0	+1
	golang/​github.com/​aws/​aws-sdk-go-v2@​v1.36.3 ⏵ v1.41.0	+1
	golang/​github.com/​aws/​smithy-go@​v1.22.3 ⏵ v1.24.0	+1
	golang/​golang.org/​x/​crypto@​v0.39.0 ⏵ v0.46.0	+1	+3
	golang/​golang.org/​x/​net@​v0.41.0 ⏵ v0.48.0	+1
	golang/​github.com/​gohugoio/​hugo@​v0.147.0 ⏵ v0.154.2	+1
	golang/​golang.org/​x/​tools@​v0.33.0 ⏵ v0.40.0	+1
	golang/​google.golang.org/​grpc@​v1.73.0 ⏵ v1.76.0	+1
	golang/​google.golang.org/​protobuf@​v1.36.6 ⏵ v1.36.10	+1
	golang/​golang.org/​x/​text@​v0.26.0 ⏵ v0.32.0	+1
	golang/​google.golang.org/​api@​v0.231.0 ⏵ v0.255.0	+1
	golang/​golang.org/​x/​sys@​v0.33.0 ⏵ v0.39.0
	golang/​github.com/​aws/​aws-sdk-go-v2/​config@​v1.29.14 ⏵ v1.31.17
	golang/​golang.org/​x/​mod@​v0.25.0 ⏵ v0.31.0
	golang/​github.com/​spf13/​pflag@​v1.0.6 ⏵ v1.0.9
	golang/​github.com/​go-jose/​go-jose/​v4@​v4.1.0 ⏵ v4.1.2
	golang/​cloud.google.com/​go/​compute/​metadata@​v0.7.0 ⏵ v0.9.0	+1
	golang/​go.opentelemetry.io/​otel/​exporters/​otlp/​otlptrace/​otlptracegrpc@​v1.35.0 ⏵ v1.37.0	+1
	golang/​golang.org/​x/​sync@​v0.15.0 ⏵ v0.19.0
	golang/​golang.org/​x/​term@​v0.32.0 ⏵ v0.38.0	+1
	golang/​github.com/​aws/​aws-sdk-go-v2/​feature/​rds/​auth@​v1.5.1 ⏵ v1.5.13
	golang/​go.opentelemetry.io/​otel/​exporters/​otlp/​otlptrace@​v1.35.0 ⏵ v1.37.0

View full report