chore: bump github.com/gohugoio/hugo from 0.146.3 to 0.163.2

[dependabot]

Bumps github.com/gohugoio/hugo from 0.146.3 to 0.163.2.

Release notes

Sourced from github.com/gohugoio/hugo's releases.

v0.163.2

What's Changed

• Continue resolving on ERR_ACCESS_DENIED in Node's resolver 134674f0 @​bep #15041
• markup: Standardize behavior when external converters are missing 147f605f @​jmooring #14222

v0.163.1

The majority of the fixes in this release are security related (including the upstream fix in 93c8c7d3 (golang.org/x/image)). Thanks to @​vnth4nhnt for finding the issues fixed in a00b5c72 and cf9c8f93 (I will do the CVE work on this later). There has been a uptick in security reports lately, which doesn't mean that Hugo has gotten less secure, this is mostly the work of the new and powerful AI tools using Hugo's restrictive security model as their baseline. Just take a look at Go's recent security issue list to see a demonstration of this.

What's Changed

• build(deps): bump golang.org/x/image from 0.41.0 to 0.42.0 93c8c7d3 @​dependabot[bot]
• Fix multi --renderSegments merge behavior 95e5e9f4 @​bep #15024
• security: Normalize integer IPv4 host encodings in http.urls check a00b5c72 @​bep
• Drop symlinks in os.ReadDir, os.ReadFile, os.Stat and os.FileExists cf9c8f93 @​bep #15019
• commands: Fix convert command 2602796c @​jmooring #15012

v0.163.0

The main topic in this release is improvements to the AVIF image handling that we introduced in v0.162.0. See the docs for details, but:

• We have turned down the default quality for AVIF to 60. Turns out, JPEG/WebP with quality 75 is comparable to AVIF with quality 60. You can now also set quality per image format in your project config (and also per image processed if needed).
• We have added a hint to the AVIF with the same values as for WEBP. For lossy compression, the photo/picture hints (and the default) encodes with YUV420 chroma subsampling instead of YUV444, keeping 444 for text/icon/drawing. This greatly reduces the memory needed to encode these images.

Improvements

• resources/jsconfig: Remove deprecated baseUrl setting ff2903a9 @​bep #14991 #14996
• all: Adjust tests for deprecated link and image render hook settings ca68936d @​jmooring
• all: Run go fix ./... 781fabf4 @​bep
• pagesfromdata: Use relative path for content adapter template metrics 1d018ef8 @​anupamojha-eng #14999
• ci: Re-add macos-latest to the test matrix 121bc6ce @​bep
• images: Deprecate Imaging.Compression and move it down to webp and avif configs cf18b827 @​bep #14998
• Only support the latest Go version 98ad9b3c @​bep #14997
• page: Add IsBranch and deprecate IsNode b89e7fe6 @​bep #11574
• images: Force cache invalidation for AVIF target e8fefc83 @​bep #14990
• images: Add a per-format AVIF hint setting a043d3ec @​bep #14992
• images: Make AVIF chroma subsampling content-aware via the hint 341f575d @​bep #14987
• Cap AVIF lossy quality at 99 248241b6 @​bep #14981
• config: Deprecate the glogal imaging quality setting 4e47d95d @​bep #14979
• images: Make 60 the default quality for AVIF 03b4b542 @​bep #14979
• livereload: Disconnect from websocket server on pageswap 79be0532 @​bep #14983
• tpl/tplimpl/embedded: Prevent leading newline in sitemap template 0f440460 @​bep #14977
• images: Recover from memory alloc errors in WASM image processors 4e17421e @​bep #14985
• images: Add quality setting per image format b01ecd4c @​bep #14957
• misc: Remove duplicate words in comments 45c00b7c @​jmooring #14936 #14950 #14965
• Add some PNG to AVIF golden test cases 28d882ab @​bep

... (truncated)

Commits

• 19a5cec releaser: Bump versions for release of 0.163.2
• 134674f Continue resolving on ERR_ACCESS_DENIED in Node's resolver
• 147f605 markup: Standardize behavior when external converters are missing
• 1f35beb releaser: Prepare repository for 0.164.0-DEV
• 2a4fd58 releaser: Bump versions for release of 0.163.1
• 93c8c7d build(deps): bump golang.org/x/image from 0.41.0 to 0.42.0
• 95e5e9f Fix multi --renderSegments merge behavior
• a00b5c7 security: Normalize integer IPv4 host encodings in http.urls check
• cf9c8f9 Drop symlinks in os.ReadDir, os.ReadFile, os.Stat and os.FileExists
• 11f09f5 Update CI workflow to exclude macOS
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)