build(deps): bump github.com/gohugoio/hugo from 0.88.1 to 0.163.3

[dependabot]

Bumps github.com/gohugoio/hugo from 0.88.1 to 0.163.3.

Release notes

Sourced from github.com/gohugoio/hugo's releases.

v0.163.3

What's Changed

• markup/highlight: Escape lang in default code block rendering ce1a7e0b @​bep thanks to @​k0ngj1 for reporting this issue.
• parser/pageparser: Preserve non-ASCII whitespace after e.g. summary divider 70a9068a @​bep
• resources: Support babel/postcss config variants 9d66d513 @​jmooring #15039 #15040 #15043
• hugolib: Fix page/section name collision regression f0133466 @​jmooring #15046

v0.163.2

What's Changed

• Continue resolving on ERR_ACCESS_DENIED in Node's resolver 134674f0 @​bep #15041
• markup: Standardize behavior when external converters are missing 147f605f @​jmooring #14222

v0.163.1

The majority of the fixes in this release are security related (including the upstream fix in 93c8c7d3 (golang.org/x/image)). Thanks to @​vnth4nhnt for finding the issues fixed in a00b5c72 and cf9c8f93 (I will do the CVE work on this later). There has been a uptick in security reports lately, which doesn't mean that Hugo has gotten less secure, this is mostly the work of the new and powerful AI tools using Hugo's restrictive security model as their baseline. Just take a look at Go's recent security issue list to see a demonstration of this.

What's Changed

• build(deps): bump golang.org/x/image from 0.41.0 to 0.42.0 93c8c7d3 @​dependabot[bot]
• Fix multi --renderSegments merge behavior 95e5e9f4 @​bep #15024
• security: Normalize integer IPv4 host encodings in http.urls check a00b5c72 @​bep
• Drop symlinks in os.ReadDir, os.ReadFile, os.Stat and os.FileExists cf9c8f93 @​bep #15019
• commands: Fix convert command 2602796c @​jmooring #15012

v0.163.0

The main topic in this release is improvements to the AVIF image handling that we introduced in v0.162.0. See the docs for details, but:

• We have turned down the default quality for AVIF to 60. Turns out, JPEG/WebP with quality 75 is comparable to AVIF with quality 60. You can now also set quality per image format in your project config (and also per image processed if needed).
• We have added a hint to the AVIF with the same values as for WEBP. For lossy compression, the photo/picture hints (and the default) encodes with YUV420 chroma subsampling instead of YUV444, keeping 444 for text/icon/drawing. This greatly reduces the memory needed to encode these images.

Improvements

• resources/jsconfig: Remove deprecated baseUrl setting ff2903a9 @​bep #14991 #14996
• all: Adjust tests for deprecated link and image render hook settings ca68936d @​jmooring
• all: Run go fix ./... 781fabf4 @​bep
• pagesfromdata: Use relative path for content adapter template metrics 1d018ef8 @​anupamojha-eng #14999
• ci: Re-add macos-latest to the test matrix 121bc6ce @​bep
• images: Deprecate Imaging.Compression and move it down to webp and avif configs cf18b827 @​bep #14998
• Only support the latest Go version 98ad9b3c @​bep #14997
• page: Add IsBranch and deprecate IsNode b89e7fe6 @​bep #11574
• images: Force cache invalidation for AVIF target e8fefc83 @​bep #14990
• images: Add a per-format AVIF hint setting a043d3ec @​bep #14992
• images: Make AVIF chroma subsampling content-aware via the hint 341f575d @​bep #14987

... (truncated)

Commits

• 4d22555 releaser: Bump versions for release of 0.163.3
• ce1a7e0 markup/highlight: Escape lang in default code block rendering
• e8988c3 Merge commit 'c86d9f4aa8a58931f52df6516f10b67c807505fb'
• c86d9f4 Squashed 'docs/' changes from 1f8ddb8a52..e17426e2b6
• 70a9068 parser/pageparser: Preserve non-ASCII whitespace after e.g. summary divider
• 9d66d51 resources: Support babel/postcss config variants
• f013346 hugolib: Fix page/section name collision regression
• 96e06e1 releaser: Prepare repository for 0.164.0-DEV
• 19a5cec releaser: Bump versions for release of 0.163.2
• 134674f Continue resolving on ERR_ACCESS_DENIED in Node's resolver
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}