chore: bump github.com/gohugoio/hugo from 0.147.0 to 0.151.2

[dependabot]

Bumps github.com/gohugoio/hugo from 0.147.0 to 0.151.2.

Release notes

Sourced from github.com/gohugoio/hugo's releases.

v0.151.2

What's Changed

• parser/pageparser: Add a testcase for nested shortcodes of the same name 989454a52 @​bep #14054
• parser/pageparser: Fix shortcode nesting regression 1e91e4652 @​bep #14054

v0.151.1

This release is mostly motivated by some upstream security fixes:

• Upgrade from Go 1.25.1 to Go 1.25.3 which comes with 10 security fixes.
• Go's net/html package also has one security patch

I, @​bep, have inspected the above issues, and none of them seem to be relevant for Hugo, but we understand that many want to have a clean security report.

Bug fixes

• tpl: Fix strings/truncate CJK handling 88aea5668 @​oishikazuo #14039
• parser/pagerparser: Fix closing shortcode error handling when repeated a133393ed @​bep

Improvements

• Upgrade Go to 1.25.3 e2fb0b0e8 @​bep
• create/skeletons: Wrap section and home lists with section tags 29cf87444 @​imomaliev
• markup/goldmark: Align blockquote default output with Goldmark 1b4dd436d @​jmooring #14046
• parser/pageparser: Store shortcode names as unique.Handle[string] to save memory allocations 4414ef73f @​bep
• testscripts: Make test assertion less specific 9197debbf @​bep

Dependency Updates

• build(deps): bump github.com/gohugoio/hashstructure from 0.5.0 to 0.6.0 f4c11571b @​dependabot[bot]
• build(deps): bump golang.org/x/image from 0.30.0 to 0.32.0 54075acc2 @​dependabot[bot]
• build(deps): bump github.com/evanw/esbuild from 0.25.10 to 0.25.11 8b52303e3 @​dependabot[bot]
• build(deps): bump golang.org/x/tools from 0.37.0 to 0.38.0 3d45d30a4 @​dependabot[bot]
• build(deps): bump golang.org/x/mod from 0.28.0 to 0.29.0 095157cd6 @​dependabot[bot]

v0.151.0

Some notable new features in Hugo v0.151.0 are:

• New transform.HTMLToMarkdown template function. One possible use case would be to provide LLM friendly content.
• Hugo now reports OSC 9;4 progress when building; progress bars/indicators are supported by terminals such as Ghostty on Macos and Linux, Windows terminal.
• Several new config options for Markdown foot notes.

Note

• transform/livereloadinject: Skip livereload.js injection if no tags found (note) 7fd6762c1 @​AndrewChubatiuk

... (truncated)

Commits

• a3574f6 releaser: Bump versions for release of 0.151.2
• 989454a parser/pageparser: Add a testcase for nested shortcodes of the same name
• 1e91e46 parser/pageparser: Fix shortcode nesting regression
• 8a57d0f testscripts: Add and improve commands tests for static mounts
• b76c50a releaser: Prepare repository for 0.152.0-DEV
• 1cdd178 releaser: Bump versions for release of 0.151.1
• e2fb0b0 Upgrade Go to 1.25.3
• 88aea56 tpl: Fix strings/truncate CJK handling
• f4c1157 build(deps): bump github.com/gohugoio/hashstructure from 0.5.0 to 0.6.0
• 54075ac build(deps): bump golang.org/x/image from 0.30.0 to 0.32.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
❌ Deployment failed View logs	codeserver	adc331a	Oct 20 2025, 12:22 PM

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	github.com/​aws/​aws-sdk-go-v2@​v1.36.3 ⏵ v1.39.2	+1
	github.com/​aws/​smithy-go@​v1.22.3 ⏵ v1.23.0	+1
	github.com/​gohugoio/​hugo@​v0.147.0 ⏵ v0.151.2	+1
	github.com/​aws/​aws-sdk-go-v2/​config@​v1.29.14 ⏵ v1.29.17
	github.com/​go-jose/​go-jose/​v4@​v4.1.0 ⏵ v4.1.1	+1
	cloud.google.com/​go/​compute/​metadata@​v0.7.0 ⏵ v0.9.0	+1

View full report

[dependabot]

Superseded by #469.