fix(deps): update all non-major dependencies

[renovate]

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
actions/checkout	action	patch	v5.0.0 → v5.0.1
actions/setup-go	action	minor	v5.5.0 → v5.6.0
alpine	final	minor	3.22.1 → 3.23.2
alpine	stage	minor	3.22.1 → 3.23.2
codecov/codecov-action	action	minor	v5.4.3 → v5.5.2
github.com/go-vela/server	require	patch	v0.27.0 → v0.27.4
github.com/spf13/afero	require	minor	v1.14.0 → v1.15.0
github.com/urfave/cli/v3	require	minor	v3.4.1 → v3.6.1
github/codeql-action	action	minor	v3.29.9 → v3.31.10
gohugoio/hugo		minor	0.148.2 → 0.154.5

---

Release Notes

actions/checkout (actions/checkout)

v5.0.1

Compare Source

What's Changed

• Port v6 cleanup to v5 by @​ericsciple in #​2301

Full Changelog: actions/checkout@v5...v5.0.1

actions/setup-go (actions/setup-go)

v5.6.0

Compare Source

What's Changed

• Fall back to downloading from go.dev/dl instead of storage.googleapis.com/golang by @​aparnajyothi-y in #​689

Full Changelog: actions/setup-go@v5...v5.6.0

codecov/codecov-action (codecov/codecov-action)

v5.5.2

Compare Source

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

Compare Source

What's Changed

• fix: overwrite pr number on fork by @​thomasrockhu-codecov in #​1871
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​app/dependabot in #​1868
• build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @​app/dependabot in #​1867
• fix: update to use local app/ dir by @​thomasrockhu-codecov in #​1872
• docs: fix typo in README by @​datalater in #​1866
• Document a codecov-cli version reference example by @​webknjaz in #​1774
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @​app/dependabot in #​1861
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​app/dependabot in #​1833

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

Compare Source

What's Changed

• feat: upgrade wrapper to 0.2.4 by @​jviall in #​1864
• Pin actions/github-script by Git SHA by @​martincostello in #​1859
• fix: check reqs exist by @​joseph-sentry in #​1835
• fix: Typo in README by @​spalmurray in #​1838
• docs: Refine OIDC docs by @​spalmurray in #​1837
• build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @​app/dependabot in #​1829

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

go-vela/server (github.com/go-vela/server)

v0.27.4

Compare Source

What's Changed

• fix(api): regen install token if expired for status update by @​ecrupper in #​1375
• chore(deps): update all non major deps for v0.27.4 patch release by @​ecrupper in #​1376

Full Changelog: go-vela/server@v0.27.3...v0.27.4

v0.27.3

Compare Source

What's Changed

• fix(patch-v0.27.3): backport yaml expansion fix by @​ecrupper in #​1362

Full Changelog: go-vela/server@v0.27.2...v0.27.3

v0.27.2

Compare Source

What's Changed

• fix(compiler): always include build repo in install and add VELA_GIT_TOKEN by @​ecrupper in #​1346
• fix(db/log): remove redundant service_id and step_id indices from log table by @​wass3r in #​1344
• fix(oidc): no trailing colon on non-action events in claim by @​ecrupper in #​1355

Full Changelog: go-vela/server@v0.27.1...v0.27.2

v0.27.1

Compare Source

What's Changed

• fix(scm): inherit custom props in translation to Vela repo by @​ecrupper in #​1336
• enhance: use installation token for status updates when available by @​ecrupper in #​1337
• chore(lint): address linter issues from upgrade by @​ecrupper in #​1338
• fix(rulesets): eval other rules at compile time with status declared by @​ecrupper in #​1340
• fix(compiler)!: rectify service and secret rulesets for Compile and CompileLite by @​ecrupper in #​1339
• chore(deps): upgrade Gorm and fix tests by @​ecrupper in #​1342
• fix(jsonschema): allow origin secrets by @​wass3r in #​1341
• fix(deps): update all non-major dependencies by @​renovate[bot] in #​1332
• chore(deps): update actions/checkout action to v5 by @​renovate[bot] in #​1335

Full Changelog: go-vela/server@v0.27.0...v0.27.1

spf13/afero (github.com/spf13/afero)

v1.15.0

Compare Source

What's Changed

• Bump golangci/golangci-lint-action from 6.5.1 to 6.5.2 by @​dependabot[bot] in #​479
• Lint by @​sagikazarmark in #​492
• build(deps): bump github/codeql-action from 2.13.4 to 3.28.15 by @​dependabot[bot] in #​494
• build(deps): bump actions/dependency-review-action from 4.5.0 to 4.6.0 by @​dependabot[bot] in #​493
• Bump actions/setup-go from 5.3.0 to 5.4.0 by @​dependabot[bot] in #​480
• build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by @​dependabot[bot] in #​496
• support aliyun oss storage with third-party link by @​messikiller in #​491
• build(deps): bump github/codeql-action from 3.28.16 to 3.28.17 by @​dependabot[bot] in #​497
• chore: update x/test by @​sagikazarmark in #​502
• build(deps): bump actions/setup-go from 5.4.0 to 5.5.0 by @​dependabot[bot] in #​503
• build(deps): bump actions/dependency-review-action from 4.6.0 to 4.7.1 by @​dependabot[bot] in #​505
• build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @​dependabot[bot] in #​506
• fix(gcsfs): update object not exist check logic by @​ahkui in #​485
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​dependabot[bot] in #​508
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.4 by @​dependabot[bot] in #​519
• build(deps): bump github/codeql-action from 3.29.4 to 3.29.7 by @​dependabot[bot] in #​524
• build(deps): bump github/codeql-action from 3.29.7 to 3.30.1 by @​dependabot[bot] in #​537
• build(deps): bump actions/setup-go from 5.5.0 to 6.0.0 by @​dependabot[bot] in #​536
• build(deps): bump actions/dependency-review-action from 4.7.1 to 4.7.3 by @​dependabot[bot] in #​533
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​dependabot[bot] in #​527
• chore: update deps by @​sagikazarmark in #​538
• fix: spelling errors (excpected -> expected, iself -> itself) by @​MarkRosemaker in #​523

New Contributors

• @​messikiller made their first contribution in #​491
• @​ahkui made their first contribution in #​485
• @​MarkRosemaker made their first contribution in #​523

Full Changelog: spf13/afero@v1.14.0...v1.15.0

urfave/cli (github.com/urfave/cli/v3)

v3.6.1

Compare Source

What's Changed

• chore(deps): bump golangci/golangci-lint-action from 8 to 9 by @​dependabot[bot] in #​2222
• feat: add ability to override usage text of default help command by @​Maks1mS in #​2196
• Fix:(issue_2223) Fix incorrect processing of empty value after = by @​dearchap in #​2224

New Contributors

• @​Maks1mS made their first contribution in #​2196

Full Changelog: urfave/cli@v3.6.0...v3.6.1

v3.6.0

Compare Source

What's Changed

• support parallel running of commands by @​oprudkyi in #​2215
• Fix:(issue_2208) Fix local flag by @​dearchap in #​2211
• chore(deps): bump the python-packages group with 2 updates by @​dependabot[bot] in #​2219
• Call actions on flags set from env by @​malclocke in #​2221

New Contributors

• @​malclocke made their first contribution in #​2221

Full Changelog: urfave/cli@v3.5.0...v3.6.0

v3.5.0

Compare Source

What's Changed

• Update mkdocs reqs by @​meatballhat in #​2190
• Allow the user to stop processing flags after seeing N args by @​adrian-thurston in #​2163
• chore(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.0 by @​dependabot[bot] in #​2194
• chore(deps): bump mkdocs-material from 9.6.16 to 9.6.18 in the python-packages group by @​dependabot[bot] in #​2195
• chore(deps): bump actions/setup-go from 5 to 6 by @​dependabot[bot] in #​2198
• chore(deps): bump actions/setup-node from 4 to 5 by @​dependabot[bot] in #​2199
• chore(deps): bump actions/setup-python from 5 to 6 by @​dependabot[bot] in #​2200
• chore(deps): bump github.com/stretchr/testify from 1.11.0 to 1.11.1 by @​dependabot[bot] in #​2197
• chore(deps): bump mkdocs-material from 9.6.18 to 9.6.19 in the python-packages group by @​dependabot[bot] in #​2201
• chore(deps): bump mkdocs-material from 9.6.19 to 9.6.20 in the python-packages group by @​dependabot[bot] in #​2202
• feat: add name of argument into error message when parsing fails by @​oprudkyi in #​2203
• chore(deps): bump mkdocs-material from 9.6.20 to 9.6.21 in the python-packages group by @​dependabot[bot] in #​2204
• add space between arguments usage by @​dimfu in #​2207
• chore(deps): bump mkdocs-material from 9.6.21 to 9.6.22 in the python-packages group by @​dependabot[bot] in #​2213
• Fix: Make DefaultText behaviour consistent by @​dearchap in #​2214

New Contributors

• @​adrian-thurston made their first contribution in #​2163
• @​oprudkyi made their first contribution in #​2203
• @​dimfu made their first contribution in #​2207

Full Changelog: urfave/cli@v3.4.1...v3.5.0

github/codeql-action (github/codeql-action)

v3.31.10

Compare Source

v3.31.9

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.9 - 16 Dec 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.31.8

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.8 - 11 Dec 2025

• Update default CodeQL bundle version to 2.23.8. #​3354

See the full CHANGELOG.md for more information.

v3.31.7

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.7 - 05 Dec 2025

• Update default CodeQL bundle version to 2.23.7. #​3343

See the full CHANGELOG.md for more information.

v3.31.6

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.6 - 01 Dec 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.31.5

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.5 - 24 Nov 2025

• Update default CodeQL bundle version to 2.23.6. #​3321

See the full CHANGELOG.md for more information.

v3.31.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.4 - 18 Nov 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.31.3

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.3 - 13 Nov 2025

• CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
• Update default CodeQL bundle version to 2.23.5. #​3288

See the full CHANGELOG.md for more information.

v3.31.2

Compare Source

v3.31.1

Compare Source

v3.31.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.0 - 24 Oct 2025

• Bump minimum CodeQL bundle version to 2.17.6. #​3223
• When SARIF files are uploaded by the analyze or upload-sarif actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the upload-sarif action. For analyze, this may affect Advanced Setup for CodeQL users who specify a value other than always for the upload input. #​3222

See the full CHANGELOG.md for more information.

v3.30.9

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.9 - 17 Oct 2025

• Update default CodeQL bundle version to 2.23.3. #​3205
• Experimental: A new setup-codeql action has been added which is similar to init, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #​3204

See the full CHANGELOG.md for more information.

v3.30.8

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.8 - 10 Oct 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.30.7

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.7 - 06 Oct 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.30.6

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.6 - 02 Oct 2025

• Update default CodeQL bundle version to 2.23.2. #​3168

See the full CHANGELOG.md for more information.

v3.30.5

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.5 - 26 Sep 2025

• We fixed a bug that was introduced in 3.30.4 with upload-sarif which resulted in files without a .sarif extension not getting uploaded. #​3160

See the full CHANGELOG.md for more information.

v3.30.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.4 - 25 Sep 2025

• We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the codeql-action/init step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the codeql-action/init step. #​3099 and #​3100
• We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. #​3107
• You can now run the latest CodeQL nightly bundle by passing tools: nightly to the init action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. #​3130
• Update default CodeQL bundle version to 2.23.1. #​3118

See the full CHANGELOG.md for more information.

v3.30.3

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.3 - 10 Sep 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.30.2

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.2 - 09 Sep 2025

• Fixed a bug which could cause language autodetection to fail. #​3084
• Experimental: The quality-queries input that was added in 3.29.2 as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new analysis-kinds input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. #​3064

See the full CHANGELOG.md for more information.

v3.30.1

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.1 - 05 Sep 2025

• Update default CodeQL bundle version to 2.23.0. #​3077

See the full CHANGELOG.md for more information.

v3.30.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.0 - 01 Sep 2025

• Reduce the size of the CodeQL Action, speeding up workflows by approximately 4 seconds. #​3054

See the full CHANGELOG.md for more information.

v3.29.11

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.11 - 21 Aug 2025

• Update default CodeQL bundle version to 2.22.4. #​3044

See the full CHANGELOG.md for more information.

v3.29.10

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.10 - 18 Aug 2025

No user facing changes.

See the full CHANGELOG.md for more information.

gohugoio/hugo (gohugoio/hugo)

v0.154.5

Compare Source

What's Changed

• Fix some default site redirect woes a775488 @​bep #​14357 #​14361
• hugolib: Fix newly created shortcodes not found during server rebuild 66ba63c @​Hasaber8 #​14207
• tpl/tplimpl: Remove trailing slash from void elements eb06a3c @​jmooring

v0.154.4

Compare Source

What's Changed

• tpl: Fix language resolution for markdown shortcodes ec178ea @​BarkinBalci #​14098
• For multiple dimensions setups, fix alias handling and multihost publish path 2d80b8a @​bep #​14354 #​14356
• build(deps): bump github.com/goccy/go-yaml from 1.19.1 to 1.19.2 a2b2a5a @​dependabot[bot]

Also see the new Page.OutputFormats.Canonical method.

v0.154.3

Compare Source

What's Changed

• build(deps): bump github.com/yuin/goldmark from 1.7.13 to 1.7.16 866b8e5 @​dependabot[bot]

v0.154.2

Compare Source

What's Changed

• Fix alpha/fuzzy border issue with new webp decoder for images with with transparent background e9b9b36 @​bep #​14339

v0.154.1

Compare Source

What's Changed

• Add WASM licensing information to README 8f3527f @​bep
• Fix partial decorator detection in partial with blocks with outer range break or continue 09048aa @​bep #​14333

v0.154.0

Compare Source

Hugo v0.154.0 is the 14th release this year (not counting patch releases) and introduces partial decorators, or “partials with a twist.” This is a very powerful construct that I, @​bep, have always wanted to have in Hugo, but I could never wrap my head around an implementation. Until now.

A small and not very useful example:

{{ with partial "b.html" "World" }}Hello {{ . }}{{ end }}
{{ define "_partials/b.html" }}<b>{{ inner . }}</b>{{ end }}

The above renders to:

<b>Hello World</b>

• The new inner keyword can be used zero or more times in a partial template, typically with different data (e.g. pages in a range), and its presence signals a reversal of the execution -- the callee becomes the caller.
• Decorators can be deeply nested, see this PR for an example.

This release also brings some new utility funcs in the reflect package to identify the core types in Hugo. For example, to identify an processable image hasn't been trivial, now it is:

{{ $obj := . }}
{{ if reflect.IsResource $obj }}
   {{ if reflect.IsImageResource $obj }}
        // It has width/height and we can process it.
   {{ else }}
       // Just link to it.
   {{ end }}
{{ end }}

Bug fixes

• tpl/collections: Fix apply to work with built-in funcs like len 5c7fad2 @​bep #​13418
• Revert "resources/page: Fix slugorcontentbasename for section pages" bf1d20d @​bep #​14104 #​14325

Improvements

• helpers: Limit verbose watch output for better readability d3b5d47 @​majiayu000 #​14277
• tpl/reflect: Make the IsImageResource implementation less technical 86cd183 @​bep
• internal/warpc: Increase WebP memory limit to 384 MiB 871da33 @​jmooring #​14309
• Update tpl/reflect/reflect.go 1deec99 @​bep
• Add reflect.Is{Page,Site,Resource,ImageResource} b7bb557 @​bep #​14307
• Allow partials to work as decorators 7c19c19 @​bep #​13193

Dependency Updates

• build(deps): bump github.com/tetratelabs/wazero from 1.10.1 to 1.11.0 2637aa1 @​dependabot[bot]

v0.153.5

Compare Source

What's Changed

• images: Add compression option to image config and clean up some of the options handling c6ae33c @​bep
• config: Fix cascade per language in hugo.toml regression edeebf0 @​bep #​14321
• images: Fix WebP quality and hint parameters being ignored ea9675f @​simonheimlicher #​14316

v0.153.4

Compare Source

What's Changed

• Set cascade target to the content matrix if not set in the cascade itself 96777d9 @​bep #​14310

v0.153.3

Compare Source

What's Changed

• build(deps): bump github.com/bep/imagemeta from 0.12.0 to 0.12.1 96ac146 @​dependabot[bot]
• Fix error with _content.gotmpl file with index.md siblings d4c0e44 @​bep #​14299

v0.153.2

Compare Source

What's Changed

• Fix "image: unknown format" error a8c5d0d @​bep #​14295
• modules: Remove extended edition check a94a941 @​bep #​14284
• misc: Update edition comparison and guidance in README.md 385d1a1 @​jmooring

v0.153.1

Compare Source

[!note]
This is a bug fix release. See the main release for a list of new features.

• Handle PNG named *.webp 4085ee9 @​bep #​14288
• Revert deprecation logging for contentDir per language 168bf17 @​bep #​14287
• Fix panic when 404 is backed by a content file f740d7c @​bep #​14283
• internal/warpc: Increase WebP memory limit to 256 MiB 5f46da6 @​jmooring #​14282

v0.153.0

Compare Source

[!note]
There is a newer bug fix release available here.

This is a good one! Hugo v0.153.0 comes with a powerful new multidimensional content model (languages, versions and roles) and completely overhauls WebP image support, and much more:

• For the new multidimensional content model, start reading sites matrix and sites complements. The matrix is what gets written to disk, complements allows e.g. a site in Swedish to fill in missing gaps in the site in Norwegian's page and resource collections. Also see the new Rotate method, that allows you to rotate the content tree in a given dimension.
• For WebP we now build a WASM version of libwebp (v1.6.0) and run it in the Wazero runtime. We use this for both encoding and decoding. This solves an old and annoying issue with Go's stdlib's decoder, with loss of contrast and muted colors in some photos, but it also means that you don't need the extended version of Hugo to handle WebP images. And, drum roll, we now also support animated WebP, including converting to and from animated GIFs.
• For MacOS, we now build signed and notarised pkg installers.

Also:

• The Asciidoctor integration is greatly improved.
• New template funcs urls.PathUnescape and urls.PathEscape.
• openapi3.Unmarshal now support external refs (including remote refs).

Notes

• tpl/css: Deprecate libsass in favor of dartsass (note) 9937a5d @​bep #​14261
• Build Order: Hugo builds sites based on the sorted dimensions (see below). In earlier versions, we built the sites starting with the default content language. This change is also reflected in the sort order of .Site.Sites to make it consistent with .Site.Languages.
• Sort Order: The dimensions are sorted as follows, which affects build order and complement selection:
  • languages: By weight, then by name.
  • versions: By weight, then by semantic versioning (descending).
  • roles: By weight, then by name.
• Deprecations:
  • The lang option on mounts (https://gohugo.io/configuration/module/#mounts) and segments
    (https://gohugo.io/configuration/segments/#segment-definition) is deprecated in favor of the more powerful sites.matrix
    option.
  • File mount includeFiles and excludeFiles are deprecated in favour of the new files filter, which supports negation.
• Logging: We no longer log warnings about potential duplicate content paths, as this becomes impractical to reason about with a
  complex sites matrix.

Bug fixes

• Fix some outdated front matter b82e496 @​bep #​14271
• Fix server rebuilds on editing content with Chinese terms e2e64ae @​bep #​14240
• Fix slow server startup of very big content trees 7a43b92 @​bep #​14211
• github: Fix "no space left on device" issue in CI b037b93 @​bep
• docs: Fix link to CGO wiki page 5af3112 @​jordelver
• Fix grammatical error in styleguide.md 62c4740 @​bep
• hugolib: Fix recently introduced data race 94a6233 @​bep #​14140
• docshelper: Fix some YAML serialization issues with sites matrix configuration 22d0c17 @​bep #​14132
• resources/page: Fix slugorcontentbasename for section pages 25c7c18 @​dvdksn #​14104
• all: Fix some benchmarks broken by modernize 91eac9e @​bep #​14107
• all: Run modernize -fix ./... 04650ce @​bep #​14107

Improvements

• resources/images: Don't trust the file extension when decoding JPEG and PNG images 65d43e1 @​bep
• Add full filename to image processing error messages if possible [`65a76

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 21.52%. Comparing base (df661b0) to head (c0a15aa).

❌ Your project check has failed because the head coverage (21.52%) is below the target coverage (90.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files

@@            Coverage Diff             @@
##             main      #99      +/-   ##
==========================================
- Coverage   28.76%   21.52%   -7.24%     
==========================================
  Files           7        7              
  Lines         584      432     -152     
==========================================
- Hits          168       93      -75     
+ Misses        414      337      -77     
  Partials        2        2              

see 7 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 2 additional dependencies were updated

Details:

Package	Change
golang.org/x/sys	v0.34.0 -> v0.35.0
golang.org/x/text	v0.27.0 -> v0.28.0

[renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 2 additional dependencies were updated
• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.24.6 -> 1.25.5
golang.org/x/sys	v0.34.0 -> v0.39.0
golang.org/x/text	v0.27.0 -> v0.32.0