chore(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
gh		minor	2.86.0 → 2.89.0
github.com/alecthomas/kong	require	minor	v1.12.1 → v1.15.0
github.com/alecthomas/repr	require	patch	v0.5.1 → v0.5.2
github.com/antchfx/htmlquery	require	patch	v1.3.4 → v1.3.6
github.com/antchfx/xpath	require	patch	v1.3.4 → v1.3.6
github.com/itchyny/gojq	require	patch	v0.12.18 → v0.12.19
github.com/klauspost/compress	require	patch	v1.18.0 → v1.18.5
github.com/mattn/go-isatty	require	patch	v0.0.20 → v0.0.21
github.com/ulikunitz/xz	require	patch	v0.5.12 → v0.5.15
go		minor	1.24.5 → 1.26.2
go (source)	toolchain	minor	1.24.5 → 1.26.2
go	uses-with	minor	1.24.x → 1.26.x
golang.org/x/net	require	minor	v0.42.0 → v0.53.0
golang.org/x/sync	require	minor	v0.16.0 → v0.20.0
golang.org/x/sys	require	minor	v0.38.0 → v0.43.0
golang.org/x/term	require	minor	v0.33.0 → v0.42.0
hugo		minor	0.148.1 → 0.152.2
just		minor	1.46.0 → 1.49.0
markupsafe (changelog)		patch	==3.0.2 → ==3.0.3
mkdocs-include-markdown-plugin (changelog)		minor	==7.1.6 → ==7.2.2
protoc		minor	3.7.1 → 3.20.3
python3		minor	3.13.2 → 3.14.3
shellcheck		minor	0.10.0 → 0.11.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

cli/cli (gh)

v2.89.0: GitHub CLI 2.89.0

gh agent-task now works on ghe.com tenancies

gh agent-task commands previously failed with 401 Unauthorized for users on ghe.com tenancy hosts because the Copilot API URL was hardcoded. The URL is now resolved dynamically per host, so gh agent-task works correctly regardless of your GitHub hosting environment.

Experimental new prompter

A new TUI-based prompter powered by charmbracelet/huh is available behind the GH_EXPERIMENTAL_PROMPTER environment variable. This is an early preview — try it out and share feedback!

export GH_EXPERIMENTAL_PROMPTER=1

gh issue create and gh issue transfer no longer require extra token scopes

gh issue create and gh issue transfer previously fetched repository fields they didn't need, which could require additional token scopes. These commands now fetch only the minimal fields necessary for issue operations.

What's Changed

✨ Features

• gh pr create, gh issue create, gh issue edit: search-based assignee selection and login-based mutation on github.com by @​BagToad in #​13009
• Add experimental huh-only prompter gated by GH_EXPERIMENTAL_PROMPTER by @​BagToad in #​12859

🐛 Fixes

• fix(agent-task): resolve Copilot API URL dynamically for ghe.com tenancies by @​BagToad in #​12956
• fix(issue): avoid fetching unnecessary fields in issue create and issue transfer by @​babakks in #​12884
• fix: resolve data race in codespaces port forwarder by @​Lslightly in #​13033

📚 Docs & Chores

• Record agentic invocations in User-Agent header by @​williammartin in #​13023
• docs: clarify that gh pr edit --add-reviewer can re-request reviews by @​joshjohanning in #​13021
• Add AGENTS.md by @​williammartin in #​13024
• Fix typo: remove extra space in README.md link by @​realMelTuc in #​12725
• Align triage.md with current triage process by @​tidy-dev in #​13030
• Remove auto-labels from issue templates by @​tidy-dev in #​12972
• Consolidate actor-mode signals into ApiActorsSupported by @​BagToad in #​13025
• Fix acceptance test failures: git identity, headRepository JSON, obsolete traversal test by @​BagToad in #​13037

Dependencies

• chore(deps): bump google.golang.org/grpc from 1.79.2 to 1.79.3 by @​dependabot[bot] in #​12963
• chore(deps): bump github.com/google/go-containerregistry from 0.20.7 to 0.21.3 by @​dependabot[bot] in #​12962
• chore(deps): bump github.com/zalando/go-keyring from 0.2.6 to 0.2.8 by @​dependabot[bot] in #​13031
• chore(deps): bump microsoft/setup-msbuild from 2.0.0 to 3.0.0 by @​dependabot[bot] in #​13005
• chore(deps): bump mislav/bump-homebrew-formula-action from 3.6 to 4.1 by @​dependabot[bot] in #​13004
• chore(deps): bump azure/login from 2.3.0 to 3.0.0 by @​dependabot[bot] in #​12951

New Contributors

• @​joshjohanning made their first contribution in #​13021
• @​realMelTuc made their first contribution in #​12725
• @​Lslightly made their first contribution in #​13033

Full Changelog: v2.88.1...v2.89.0

v2.88.1: GitHub CLI 2.88.1

Fix pr commands failing with read:project scope error

v2.88.0 introduced a regression where pr commands would fail with the error:

error: your authentication token is missing required scopes [read:project]
To request it, run:  gh auth refresh -s read:project

Previously, missing read:project scope was gracefully handled, and project data was silently skipped. A change inadvertently broke the error matching that enabled this graceful degradation. v2.88.1 reverts these changes so that pr commands work correctly without requiring the read:project scope.

What's Changed

• Migrate Windows code signing from client secret to OIDC by @​BagToad in #​12911
• Revert "refactor: deduplicate scope error handling between api/client.go and project queries" by @​williammartin in #​12914
• Revert "fix: clarify scope error while creating issues for projects" by @​williammartin in #​12915

Full Changelog: cli/cli@v2.88.0...v2.88.1

v2.88.0: GitHub CLI 2.88.0

Request Copilot Code Review from gh

gh pr create and gh pr edit now support Copilot Code Review as a reviewer. Request a review with --add-reviewer @​copilot, or select Copilot interactively from the searchable reviewer prompt.

Create a pull request and request review from Copilot:

gh pr create --reviewer @​copilot

Edit a pull request and request review from Copilot:

gh pr edit --add-reviewer @​copilot

Close issues as duplicates with gh issue close --duplicate-of

You can now close issues as duplicates and link to a duplicate issue directly from the CLI. The new --duplicate-of flag accepts an issue number or URL and marks the closed issue as a duplicate of the referenced one. You can also use --reason duplicate to set the close reason without linking a specific issue.

# Close as duplicate, linking to the original issue
gh issue close 123 --duplicate-of 456

# Close with duplicate reason only
gh issue close 123 --reason duplicate

JSON support for gh agent-task

gh agent-task list and gh agent-task view now support --json, --jq, and --template flags, consistent with other gh commands.

gh agent-task list --json id,name,state
gh agent-task view <id> --json state --jq '.state'

What's Changed

✨ Features

• gh pr create: login-based reviewer requests and search-based interactive selection by @​BagToad in #​12627
• gh pr view and gh issue view: show friendly display names for all actors by @​BagToad in #​12854
• gh issue close: add --duplicate-of flag and duplicate reason by @​tksohishi in #​12811
• gh pr diff: add --exclude flag to filter files from diff output by @​yuvrajangadsingh in #​12655
• gh pr view/list: add changeType field to files JSON output by @​yuvrajangadsingh in #​12657
• gh repo clone: add --no-upstream flag by @​4RH1T3CT0R7 in #​12686
• gh repo edit: add --squash-merge-commit-message flag by @​yuvrajangadsingh in #​12846
• gh browse: add --blame flag by @​masonmcelvain in #​11486
• gh agent-task list: add --json support by @​maxbeizer in #​12806
• gh agent-task view: add --json support by @​maxbeizer in #​12807
• gh copilot: set COPILOT_GH env var when launching Copilot CLI by @​devm33 in #​12821

🐛 Fixes

• Fix gh project item-edit error when editing Draft Issue with only one (--title/--body) flag by @​ManManavadaria in #​12787
• Fix extension install error message showing raw struct instead of owner/repo by @​Copilot in #​12836
• Fix incorrect integer conversion from int to uint16 in port forwarder by @​BagToad in #​12831
• Fix invalid ANSI SGR escape code in JSON and diff colorization by @​BagToad in #​12720
• Fix assignees databaseId always being 0 in --json output by @​srt32 in #​12783
• Fix error when --remote flag used with repo argument by @​majiayu000 in #​12375
• Fix redundant API call in gh issue view --comments by @​VishnuVV27 in #​12652
• Clarify scope error while creating issues for projects by @​elijahthis in #​12596
• Reject pull request-only search qualifiers in gh issue list by @​LouisLau-art in #​12623
• Prevent .git/config corruption on repeated issue develop --name invocation by @​gunadhya in #​12651
• Use pre-compiled regexp for matching Content-Type by @​itchyny in #​12781
• Isolate generated licenses per platform (os/arch) by @​babakks in #​12774

📚 Docs & Chores

• Add examples to gh issue close help text by @​BagToad in #​12830
• Customizable install prefix in Makefile by @​scarf005 in #​11714
• Deduplicate scope error handling between api/client.go and project queries by @​yuvrajangadsingh in #​12845
• Remove unnecessary StateReason and StateReasonDuplicate feature detection by @​BagToad in #​12838
• Update Go version requirement to 1.26+ by @​BagToad in #​12864
• Add monthly pitch surfacing workflow by @​tidy-dev in #​12894

Dependencies

• Bump Go from 1.25.7 to 1.26.1 by @​BagToad in #​12860
• chore(deps): bump golang.org/x/sync from 0.19.0 to 0.20.0 by @​dependabot[bot] in #​12886
• chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.2 by @​dependabot[bot] in #​12851
• chore(deps): bump github.com/docker/cli from 29.0.3+incompatible to 29.2.0+incompatible by @​dependabot[bot] in #​12842
• chore(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.1 by @​dependabot[bot] in #​12759
• chore(deps): bump goreleaser/goreleaser-action from 6.4.0 to 7.0.0 by @​dependabot[bot] in #​12760
• chore(deps): bump actions/upload-artifact from 6 to 7 by @​dependabot[bot] in #​12797
• chore(deps): bump actions/download-artifact from 7 to 8 by @​dependabot[bot] in #​12796
• chore(deps): bump actions/attest-build-provenance from 3.2.0 to 4.1.0 by @​dependabot[bot] in #​12795
• chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.11 to 1.4.13 by @​dependabot[bot] in #​12615

New Contributors

• @​srt32 made their first contribution in #​12783
• @​itchyny made their first contribution in #​12781
• @​VishnuVV27 made their first contribution in #​12652
• @​elijahthis made their first contribution in #​12596
• @​ManManavadaria made their first contribution in #​12787
• @​maxbeizer made their first contribution in #​12806
• @​LouisLau-art made their first contribution in #​12623
• @​4RH1T3CT0R7 made their first contribution in #​12686
• @​yuvrajangadsingh made their first contribution in #​12657
• @​masonmcelvain made their first contribution in #​11486
• @​scarf005 made their first contribution in #​11714
• @​tksohishi made their first contribution in #​12811
• @​tidy-dev made their first contribution in #​12894

Full Changelog: cli/cli@v2.87.3...v2.88.0

v2.87.3: GitHub CLI 2.87.3

What's Changed

• Fix project mutation query variable usage by @​williammartin in #​12757

Full Changelog: cli/cli@v2.87.2...v2.87.3

v2.87.2: GitHub CLI 2.87.2

ℹ️ Note

This release was cut primarily to resolve a publishing issue. We recommend reviewing the v2.87.1 release notes for the complete set of latest features and fixes.

What's Changed

• chore(deps): bump golang.org/x/crypto from 0.47.0 to 0.48.0 by @​dependabot[bot] in #​12659

Full Changelog: cli/cli@v2.87.1...v2.87.2

v2.87.0: GitHub CLI 2.87.0

gh workflow run immediately returns workflow run URL

One of our most requested features - with the latest changes in GitHub API, gh workflow run will immediately print the created workflow run URL.

Improved gh auth login experience in VM/WSL environments

We have observed rare cases of time drift between the wall and monotonic clocks, mostly in WSL or VM environments, causing failures during polling for the OAuth token. This new release implements measures to account for such situations.

If you continue to experience gh auth login issues in WSL, please comment in #​9370

Request Copilot Code Review from gh + performance improvements

gh pr edit now supports Copilot Code Review as a reviewer. You can request a review from Copilot using the --add-reviewer @​copilot flag or interactively by selecting reviewers in the prompts.

This release also introduces a new search experience for selecting reviewers and assignees in gh pr edit. Instead of loading all collaborators and teams upfront, results are now fetched based on inputs to a new search option. Initial options are suggestions based on those involved with the pull request already.

? Reviewers  [Use arrows to move, space to select, <right> to all, <left> to none, type to filter]
  [ ]  Search (7472 more)
  [x]  BagToad (Kynan Ware)
> [x]  Copilot (AI)

This experience will follow in gh pr create and gh issue for assignees in a later release.

What's Changed

✨ Features

• Bundle licenses at release time by @​williammartin in #​12625
• Add --query flag to project item-list by @​williammartin in #​12696
• feat(workflow run): retrieve workflow dispatch run details by @​babakks in #​12695
• Pin REST API version to 2022-11-28 by @​williammartin in #​12680
• Respect --exit-status with --log and --log-failed in run view by @​williammartin in #​12679
• Fork with default branch only during pr create by @​williammartin in #​12673
• gh pr edit: Add support for Copilot as reviewer with search capability, performance and accessibility improvements by @​BagToad in #​12567
• gh pr edit: new interactive prompt for assignee selection, performance and accessibility improvements by @​BagToad in #​12526

📚 Docs & Chores

• Clean up project item-list query addition changes by @​williammartin in #​12714
• gh release upload: Clarify --clobber flag deletes assets before re-uploading by @​BagToad in #​12711
• Add usage examples to gh gist edit command by @​BagToad in #​12710
• Remove feedback issue template by @​BagToad in #​12708
• Migrate issue triage workflows to shared workflows by @​BagToad in #​12677
• Migrate PR triage workflows to shared workflows by @​BagToad in #​12707
• Add missing TODO comments for featuredetection if-statements by @​BagToad in #​12701
• Add manual dispatch to bump-go workflow by @​BagToad in #​12631
• typo: dont to don't by @​cuiweixie in #​12554
• Fix fmt.Errorf format argument in ParseFullReference by @​mikelolasagasti in #​12516
• Lint source.md by @​Sethispr in #​12521

Dependencies

• chore(deps): bump golang.org/x/text from 0.32.0 to 0.33.0 by @​dependabot[bot] in #​12468
• chore(deps): bump golang.org/x/term from 0.38.0 to 0.39.0 by @​dependabot[bot] in #​12616
• Bump go to 1.25.7 by @​BagToad in #​12630
• chore(deps): bump golang.org/x/crypto from 0.46.0 to 0.47.0 by @​dependabot[bot] in #​12629
• chore: bump cli/oauth to v1.2.2 by @​babakks in #​12573
• update Go to 1.25.6 by @​BagToad in #​12580
• chore(deps): bump actions/attest-build-provenance from 3.1.0 to 3.2.0 by @​dependabot[bot] in #​12558
• chore(deps): bump github.com/sigstore/rekor from 1.4.3 to 1.5.0 by @​dependabot[bot] in #​12524
• chore(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.3.1 to 2.4.1 by @​dependabot[bot] in #​12555
• chore(deps): bump github.com/gdamore/tcell/v2 from 2.13.4 to 2.13.7 by @​dependabot[bot] in #​12469
• chore(deps): bump github.com/sigstore/sigstore from 1.10.0 to 1.10.4 by @​dependabot[bot] in #​12525
• chore(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.3.0 to 2.3.1 by @​dependabot[bot] in #​12515
• chore(deps): bump actions/download-artifact from 6 to 7 by @​dependabot[bot] in #​12314
• chore(deps): bump actions/upload-artifact from 5 to 6 by @​dependabot[bot] in #​12315
• chore(deps): bump goreleaser/goreleaser-action from 6.0.0 to 6.4.0 by @​dependabot[bot] in #​12354

New Contributors

• @​Sethispr made their first contribution in #​12521
• @​cuiweixie made their first contribution in #​12554

Full Changelog: cli/cli@v2.86.0...v2.87.0

alecthomas/kong (github.com/alecthomas/kong)

v1.15.0

Compare Source

v1.14.0

Compare Source

v1.13.0

Compare Source

alecthomas/repr (github.com/alecthomas/repr)

v0.5.2

Compare Source

antchfx/htmlquery (github.com/antchfx/htmlquery)

v1.3.6

Compare Source

Update github.com/antchfx/xpath from v1.3.5 to v1.3.6.

v1.3.5

Compare Source

• Fix #​75 (@​zak-pawel)

• Update github.com/antchfx/xpath from v1.3.3 to v1.3.5

antchfx/xpath (github.com/antchfx/xpath)

v1.3.6

Compare Source

Merged PR:

• #​120(@​mislav) - Fix last() predicate on grouped expr.

Fixed:

• #​121

v1.3.5

Compare Source

Merged PR:

• #​117(@​mislav）- fix ancestor:: axes with position predicate.

Fixed:

• #​113 - (fix string() function)

itchyny/gojq (github.com/itchyny/gojq)

v0.12.19

Compare Source

• fix gsub and sub when the replacement emits multiple values
• fix fmax, fmin, modf functions against NaN and infinities
• fix join/1 to use add/0 implementation and handle null separator
• fix del and delpaths on null to emit null
• fix arithmetic operations on the minimum integer
• fix significand function against subnormal numbers
• fix handling of -- in cli flag parsing for jq compatibility
• fix flatten/1 to emit error when the depth is NaN
• fix array slice update to validate index types
• fix string repetition boundary check to match jq behavior
• implement splits/2 using match/2 for better jq compatibility
• implement to_entries and from_entries in jq for simplicity
• improve performance of regexp functions by caching compiled regexps

klauspost/compress (github.com/klauspost/compress)

v1.18.5

Compare Source

What's Changed

• zstd: Fix crash when changing encoder dictionary with same ID by @​klauspost in #​1135
• zstd: Default to full zero frames by @​klauspost in #​1134
• flate: Clean up histogram order by @​klauspost in #​1133

Full Changelog: klauspost/compress@v1.18.4...v1.18.5

v1.18.4

Compare Source

What's Changed

• gzhttp: Add zstandard to server handler wrapper by @​klauspost in #​1121
• zstd: Add ResetWithOptions to encoder/decoder by @​klauspost in #​1122
• gzhttp: preserve qvalue when extra parameters follow in Accept-Encoding by @​analytically in #​1116

New Contributors

• @​analytically made their first contribution in #​1116
• @​ethaizone made their first contribution in #​1124
• @​zwass made their first contribution in #​1125

Full Changelog: klauspost/compress@v1.18.2...v1.18.4

v1.18.3

Compare Source

Downstream CVE-2025-61728

See golang/go#77102

Full Changelog: klauspost/compress@v1.18.2...v1.18.3

v1.18.2

Compare Source

What's Changed

• flate: Fix invalid encoding on level 9 with single value input by @​klauspost in #​1115
• flate: reduce stateless allocations by @​RXamzin in #​1106
• build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 in the github-actions group by @​dependabot[bot] in #​1111

v1.18.1 is marked "retracted" due to invalid flate/zip/gzip encoding.

New Contributors

• @​RXamzin made their first contribution in #​1106

Full Changelog: klauspost/compress@v1.18.1...v1.18.2

v1.18.1

Compare Source

What's Changed

• zstd: Fix incorrect buffer size in dictionary encodes by @​klauspost in #​1059
• s2: check for cap, not len of buffer in EncodeBetter/Best by @​vdarulis in #​1080
• zstd: Add simple zstd EncodeTo/DecodeTo functions by @​klauspost in #​1079
• zlib: Avoiding extra allocation in zlib.reader.Reset by @​travelpolicy in #​1086
• gzhttp: remove redundant err check in zstdReader by @​ryanfowler in #​1090
• Run modernize. Deprecate Go 1.22 by @​klauspost in #​1095
• flate: Simplify matchlen by @​klauspost in #​1101
• flate: Add examples by @​klauspost in #​1102
• flate: Use exact sizes for huffman tables by @​klauspost in #​1103
• flate: Faster load+store by @​klauspost in #​1104
• Add notice to S2 about MinLZ by @​klauspost in #​1065

New Contributors

• @​wooffie made their first contribution in #​1069
• @​vdarulis made their first contribution in #​1080
• @​travelpolicy made their first contribution in #​1086
• @​ryanfowler made their first contribution in #​1090

Full Changelog: klauspost/compress@v1.18.0...v1.18.1

mattn/go-isatty (github.com/mattn/go-isatty)

v0.0.21

Compare Source

ulikunitz/xz (github.com/ulikunitz/xz)

v0.5.15

Compare Source

v0.5.14

Compare Source

v0.5.13

Compare Source

golang/go (go)

v1.26.2

v1.26.1

v1.26.0

v1.25.7

v1.25.6

v1.25.5

v1.25.4

v1.25.3

v1.25.2

v1.25.1

v1.25.0

v1.24.13

v1.24.12

v1.24.11

v1.24.10

v1.24.9

v1.24.8

v1.24.7

v1.24.6

actions/go-versions (go)

v1.26.2: 1.26.2

Compare Source

Go 1.26.2

v1.26.1: 1.26.1

Compare Source

Go 1.26.1

v1.26.0: 1.26.0

Compare Source

Go 1.26.0

v1.25.9: 1.25.9

Compare Source

Go 1.25.9

v1.25.8: 1.25.8

Compare Source

Go 1.25.8

v1.25.7: 1.25.7

Compare Source

Go 1.25.7

v1.25.6: 1.25.6

Compare Source

Go 1.25.6

v1.25.5: 1.25.5

Compare Source

Go 1.25.5

v1.25.4: 1.25.4

Compare Source

Go 1.25.4

v1.25.3: 1.25.3

Compare Source

Go 1.25.3

v1.25.2: 1.25.2

Compare Source

Go 1.25.2

v1.25.1: 1.25.1

Compare Source

Go 1.25.1

v1.25.0: 1.25.0

Compare Source

Go 1.25.0

gohugoio/hugo (hugo)

v0.152.2

In v0.152.0 we tightened the source validation for file mounts. We always said that project mounts can mount with absolute file/directorynames, modules/themes are restricted to relative. In v0.152.0 we narrowed module/themes mounts to be local, which made the setup in the bug report listed below fail:

[[module.mounts]]
source = '../../node_modules/bootstrap'
target = 'assets/vendor/bootstrap'

One part of this is security. But the construct above is usually very odd (the project uses files in a theme/module, not the other way around) and not very portable. But the example above demonstrates a valid exception, that we now have added support for in a portable way. The above example now works as it did before v0.152.0, but going forward you can also write:

[[module.mounts]]
source = 'node_modules/bootstrap'
target = 'assets/vendor/bootstrap'

We now have the node_modules as a special case: For themes/modules we first check if the mounted source exists locally, if not we try relative to the project root.

What's Changed

• deps: Update github.com/tdewolff/minify v2.24.4 => v2.24.5 1c8c21e @​jmooring #​14086
• hugofs: Make node_modules a "special case" mount 809ebe0 @​bep #​14089
• github: Fix typo in stale PR message 08a0679 @​jordelver

v0.152.1

These fixes are are all related to the YAML library upgrade in v0.152.0.

• Expand the numeric conversions to template funcs/methods e08278d @​bep #​14079
• Fix where with uint64 df4f80d @​bep #​14081
• Fix it so YAML integer types can be used where Go int types are expected d4c7888 @​bep #​14079
• tpl/compare: Fix compare/sort of uint64s 29e2c2f @​bep #​14078
• Fix "assignment to entry in nil map" on empty YAML config files 0579afc @​bep #​14074

v0.152.0

The big new thing and the motivation behind this release is the upgrade to a more modern YAML library in @​goccy 's github.com/goccy/go-yaml. It's been a surprisingly long and winding road to get here. Note that this upgrade comes with some minor breaking changes, most notably that the old YAML 1.1 spec listed a set of strings that, when unquoted, were treated as boolean true or false. So if you're using any of the values in the table below as booleans, you need to adjust your YAML, but I suspect that fixing this very surprising behavior will fix more issues than it introduces. A big new thing with this new YAML library is the support for YAML anchors and aliases which helps to reduce duplication in e.g. your configuration. There are some examples in Hugo's release build configuration and in the [Hugo's CI release setup](https:/

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: from: protoc-3.7.1, to: protoc-3.20.3

Bootstrapping /home/ubuntu/.cache/hermit/pkg/hermit@stable/hermit from https://github.com/cashapp/hermit/releases/download/stable
Creating /home/ubuntu/.cache/hermit/pkg/hermit@stable
Downloading https://github.com/cashapp/hermit/releases/download/stable/hermit-linux-amd64.gz to /home/ubuntu/.cache/hermit/pkg/hermit@stable/hermit
Hermit installed as /home/ubuntu/.cache/hermit/pkg/hermit@stable/hermit
Found Hermit in /home/ubuntu/bin/hermit but it is a different distribution, not overwriting.
Hermit is installed as /home/ubuntu/bin/hermit-stable

See https://cashapp.github.io/hermit/usage/get-started/ for more information.

error:file:///#PWD/../packages/.git: Cloning into '/home/ubuntu/.cache/hermit/sources/f20ea07710435d2335a6d24aca10db13a814bfe509d2a70211a13b2c57bd5690-2256473732'...
fatal: '/#PWD/../packages/.git' does not appear to be a git repository
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

fatal:hermit: git sync failed: git clone --depth=1 file:///#PWD/../packages/.git /home/ubuntu/.cache/hermit/sources/f20ea07710435d2335a6d24aca10db13a814bfe509d2a70211a13b2c57bd5690-2256473732 failed: exit status 128

[alecthomas]

We need to upgrade golangci-lint first.

[github-advanced-security]

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

• The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
• Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
• You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.