Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code.
Release Notes
hexojs/hexo (hexo)
### [`v6.0.0`](https://togithub.com/hexojs/hexo/releases/tag/6.0.0)
[Compare Source](https://togithub.com/hexojs/hexo/compare/5.4.2...6.0.0)
#### Breaking Changes
- Drop Node 10 [@stevenjoezhang](https://togithub.com/stevenjoezhang) \[[#4779](https://togithub.com/hexojs/hexo/issues/4779), [#4691](https://togithub.com/hexojs/hexo/issues/4691)]
#### Security
- Escape HTML by default in list_tag [@tomap](https://togithub.com/tomap) \[[#4743](https://togithub.com/hexojs/hexo/issues/4743)]
**Please see more detail:** [Announcement: About CVE-2021-25987](https://togithub.com/hexojs/hexo/issues/4838)
#### New features
- feat: load hexo plugin in the theme's package.json [@stevenjoezhang](https://togithub.com/stevenjoezhang) \[[#4771](https://togithub.com/hexojs/hexo/issues/4771)]
- feat(open_graph): different URLs for `og:image` and `twitter:image` [@KentarouTakeda](https://togithub.com/KentarouTakeda) \[[#4748](https://togithub.com/hexojs/hexo/issues/4748)]
#### Performance
- perf(tag/helper): memoize [@SukkaW](https://togithub.com/SukkaW) \[[#4789](https://togithub.com/hexojs/hexo/issues/4789)]
- perf(external_link): optimize regex [@SukkaW](https://togithub.com/SukkaW) \[[#4790](https://togithub.com/hexojs/hexo/issues/4790)]
- refactor/perf: use nanocolors [@SukkaW](https://togithub.com/SukkaW) \[[#4788](https://togithub.com/hexojs/hexo/issues/4788)]
- Switch to picocolors [@tomap](https://togithub.com/tomap) \[[#4825](https://togithub.com/hexojs/hexo/issues/4825)]
- perf: avoid using delete operator [@SukkaW](https://togithub.com/SukkaW) \[[#4711](https://togithub.com/hexojs/hexo/issues/4711)]
- perf: overall improvements [@SukkaW](https://togithub.com/SukkaW) \[[#4783](https://togithub.com/hexojs/hexo/issues/4783)]
- refactor/perf(post): use state machine to escape swig tag [@SukkaW](https://togithub.com/SukkaW) \[[#4780](https://togithub.com/hexojs/hexo/issues/4780)]
- refactor: refactor pagination - paginatorHelper - pagenasionPartShow [@CroMarmot](https://togithub.com/CroMarmot) \[[#4662](https://togithub.com/hexojs/hexo/issues/4662)]
#### Fixes
- fix(post): escape swig full tag with args [@stevenjoezhang](https://togithub.com/stevenjoezhang) \[[#4824](https://togithub.com/hexojs/hexo/issues/4824)]
- fix(processor): remove race condition failsafe [@SukkaW](https://togithub.com/SukkaW) \[[#4791](https://togithub.com/hexojs/hexo/issues/4791)]
- fix([#4780](https://togithub.com/hexojs/hexo/issues/4780)): curly brackets [@SukkaW](https://togithub.com/SukkaW) \[[#4784](https://togithub.com/hexojs/hexo/issues/4784)]
- fix([#4780](https://togithub.com/hexojs/hexo/issues/4780)): empty tag name correction [@SukkaW](https://togithub.com/SukkaW) \[[#4786](https://togithub.com/hexojs/hexo/issues/4786)]
- Generate draft assets in draft mode [@darekkay](https://togithub.com/darekkay) \[[#4563](https://togithub.com/hexojs/hexo/issues/4563)]
#### Refactor
- refactor: native `Array.flat()` [@curbengh](https://togithub.com/curbengh) \[[#4806](https://togithub.com/hexojs/hexo/issues/4806)]
#### Docs
- doc: add homebrew install [@chenrui333](https://togithub.com/chenrui333) \[[#4724](https://togithub.com/hexojs/hexo/issues/4724)]
- doc(extend/console): add jsdoc [@SukkaW](https://togithub.com/SukkaW) \[[#4500](https://togithub.com/hexojs/hexo/issues/4500)]
#### Dependencies
- Cleanup dependabot [@tomap](https://togithub.com/tomap) \[[#4820](https://togithub.com/hexojs/hexo/issues/4820)]
- chore: bump actions/stale from 3 to 4 [@dependabot](https://togithub.com/dependabot) \[[#4828](https://togithub.com/hexojs/hexo/issues/4828)]
- chore: bump sinon from 11.1.2 to 12.0.1 [@dependabot](https://togithub.com/dependabot) \[[#4810](https://togithub.com/hexojs/hexo/issues/4810)]
- chore: bump eslint from 7.32.0 to 8.0.0 [@dependabot](https://togithub.com/dependabot) \[[#4799](https://togithub.com/hexojs/hexo/issues/4799)]
- chore: bump hexo-log from 2.0.0 to 3.0.0 [@dependabot](https://togithub.com/dependabot) \[[#4794](https://togithub.com/hexojs/hexo/issues/4794)]
- chore: bump husky from 4.3.8 to 7.0.2 [@dependabot](https://togithub.com/dependabot) \[[#4763](https://togithub.com/hexojs/hexo/issues/4763)]
- chore: bump sinon from 10.0.1 to 11.1.2 [@dependabot](https://togithub.com/dependabot) \[[#4747](https://togithub.com/hexojs/hexo/issues/4747)]
- chore: bump mocha from 8.4.0 to 9.1.1 [@dependabot](https://togithub.com/dependabot) \[[#4765](https://togithub.com/hexojs/hexo/issues/4765)]
- chore: bump lint-staged from 10.5.4 to 11.0.0 [@dependabot](https://togithub.com/dependabot) \[[#4697](https://togithub.com/hexojs/hexo/issues/4697)]
- Upgrade to GitHub-native Dependabot [@dependabot-preview](https://togithub.com/dependabot-preview) \[[#4689](https://togithub.com/hexojs/hexo/issues/4689)]
- chore(deps-dev): bump sinon from 9.2.4 to 10.0.0 [@dependabot-preview](https://togithub.com/dependabot-preview) \[[#4670](https://togithub.com/hexojs/hexo/issues/4670)]
- chore(deps-dev): bump hexo-renderer-marked from 3.3.0 to 4.0.0 [@dependabot-preview](https://togithub.com/dependabot-preview) \[[#4649](https://togithub.com/hexojs/hexo/issues/4649)]
#### New Contributors
- [@CroMarmot](https://togithub.com/CroMarmot) made their first contribution in [https://github.com/hexojs/hexo/pull/4662](https://togithub.com/hexojs/hexo/pull/4662)
- [@darekkay](https://togithub.com/darekkay) made their first contribution in [https://github.com/hexojs/hexo/pull/4563](https://togithub.com/hexojs/hexo/pull/4563)
- [@dependabot](https://togithub.com/dependabot) made their first contribution in [https://github.com/hexojs/hexo/pull/4697](https://togithub.com/hexojs/hexo/pull/4697)
- [@chenrui333](https://togithub.com/chenrui333) made their first contribution in [https://github.com/hexojs/hexo/pull/4724](https://togithub.com/hexojs/hexo/pull/4724)
**Full Changelog**: https://github.com/hexojs/hexo/compare/5.4.0...6.0.0
### [`v5.4.2`](https://togithub.com/hexojs/hexo/releases/tag/5.4.2)
[Compare Source](https://togithub.com/hexojs/hexo/compare/5.4.1...5.4.2)
#### Fixes
- fix([#4917](https://togithub.com/hexojs/hexo/issues/4917)): downgrade `js-yaml` from `v4.x` to `v3.14.x` by [@yoshinorin](https://togithub.com/yoshinorin) in [https://github.com/hexojs/hexo/pull/4932](https://togithub.com/hexojs/hexo/pull/4932)
**Full Changelog**: https://github.com/hexojs/hexo/compare/5.4.1...5.4.2
### [`v5.4.1`](https://togithub.com/hexojs/hexo/releases/tag/5.4.1)
[Compare Source](https://togithub.com/hexojs/hexo/compare/5.4.0...5.4.1)
#### Fixes
- Fix js-yaml tags for v4.0.0+ ([#4869](https://togithub.com/hexojs/hexo/issues/4869)) by [@marcofranssen](https://togithub.com/marcofranssen) in [https://github.com/hexojs/hexo/pull/4876](https://togithub.com/hexojs/hexo/pull/4876)
**Full Changelog**: https://github.com/hexojs/hexo/compare/5.4.0...5.4.1
### [`v5.4.0`](https://togithub.com/hexojs/hexo/releases/tag/5.4.0)
[Compare Source](https://togithub.com/hexojs/hexo/compare/5.3.0...5.4.0)
#### New features
- feat: handle config.root is not exist [@jiangtj](https://togithub.com/jiangtj) \[[#4616](https://togithub.com/hexojs/hexo/issues/4616)]
#### Breaking change
- fix(excerpt): use span instead of anchor element for better SEO performance [@stevenjoezhang](https://togithub.com/stevenjoezhang) \[[#4627](https://togithub.com/hexojs/hexo/issues/4627)]
#### Fixes
- fix(box): set property awaitWriteFinish for chokidar filewatcher [@stevenjoezhang](https://togithub.com/stevenjoezhang) \[[#4633](https://togithub.com/hexojs/hexo/issues/4633)]
- fix(codeblock): match whitespace but not newlines [@stevenjoezhang](https://togithub.com/stevenjoezhang) \[[#4625](https://togithub.com/hexojs/hexo/issues/4625)]
- fix(i18n): page.lang is undefined when using the key `language` in front-matter [@stevenjoezhang](https://togithub.com/stevenjoezhang) \[[#4614](https://togithub.com/hexojs/hexo/issues/4614)]
#### Misc
- github: update actions/setup-node action to v2 [@stevenjoezhang](https://togithub.com/stevenjoezhang) \[[#4604](https://togithub.com/hexojs/hexo/issues/4604)]
- chore/ci: migrate from probot/stale to GitHub Actions [@stevenjoezhang](https://togithub.com/stevenjoezhang) \[[#4598](https://togithub.com/hexojs/hexo/issues/4598)]
#### Dependencies
- chore(deps): bump js-yaml from 3.14.1 to 4.0.0 [@dependabot-preview](https://togithub.com/dependabot-preview) \[[#4607](https://togithub.com/hexojs/hexo/issues/4607)]
### [`v5.3.0`](https://togithub.com/hexojs/hexo/releases/tag/5.3.0)
[Compare Source](https://togithub.com/hexojs/hexo/compare/5.2.0...5.3.0)
#### New features
- expose `escape_html` helper method for string manipulation to templates [@awwong1](https://togithub.com/awwong1) \[[#4581](https://togithub.com/hexojs/hexo/issues/4581)]
- list_tags: span element & custom class for label [@noraj](https://togithub.com/noraj) \[[#4578](https://togithub.com/hexojs/hexo/issues/4578)]
#### Fixes
- fix(load_plugins): ignore plugin whose name is started with "hexo-theme" [@stevenjoezhang](https://togithub.com/stevenjoezhang) \[[#4592](https://togithub.com/hexojs/hexo/issues/4592)]
- fix(codeblock): closing code fence may be followed only by spaces [@stevenjoezhang](https://togithub.com/stevenjoezhang) \[[#4574](https://togithub.com/hexojs/hexo/issues/4574)]
#### Refactor
- Replace `process.mainModule` with `require.main` [@stevenjoezhang](https://togithub.com/stevenjoezhang) \[[#4583](https://togithub.com/hexojs/hexo/issues/4583)]
#### Docs
- docs(badge): replace david-dm with more reliable shields.io [@curbengh](https://togithub.com/curbengh) \[[#4538](https://togithub.com/hexojs/hexo/issues/4538)]
### [`v5.2.0`](https://togithub.com/hexojs/hexo/releases/tag/5.2.0)
[Compare Source](https://togithub.com/hexojs/hexo/compare/5.1.1...5.2.0)
#### Changes
- perf(external_link): faster regexp [@SukkaW](https://togithub.com/SukkaW) \[[#4536](https://togithub.com/hexojs/hexo/issues/4536)]
- prioritise `http(s)://` over `//`
- feat: support 'disableNunjucks' in front-matter [@curbengh](https://togithub.com/curbengh) \[[#4518](https://togithub.com/hexojs/hexo/issues/4518)]
- Enable this option to disable [tag plugin](https://hexo.io/docs/tag-plugins)
- Setting this option in front-matter will override the same option set by the renderer (e.g. [hexo-renderer-marked](https://togithub.com/hexojs/hexo-renderer-marked))
```yml
---
title: foo
date: 2020-01-02 03:04:05
disableNunjucks: true|false
---
```
- fix: avoid escaping front-matter if unnecessary [@curbengh](https://togithub.com/curbengh) \[[#4522](https://togithub.com/hexojs/hexo/issues/4522)]
- using variable (e.g. `{{ title }}`) with special characters no longer result in double-quote wrap
- fix: validate value of [config.url](https://hexo.io/docs/configuration#URL) [@curbengh](https://togithub.com/curbengh) \[[#4520](https://togithub.com/hexojs/hexo/issues/4520)]
- `config.url` should starts with "http://" or "https://"
- fix(router): convert string to buffer in route stream [@ppoffice](https://togithub.com/ppoffice) \[[#4517](https://togithub.com/hexojs/hexo/issues/4517)]
- fix crash in `hexo generate --bail`
- fix(disableNunjucks): query both async and sync versions of renderer [@curbengh](https://togithub.com/curbengh) \[[#4498](https://togithub.com/hexojs/hexo/issues/4498)]
- [`disableNunjucks`](https://hexo.io/api/renderer#Disable-Nunjucks-tags) option should now works reliably with synchronous renderer
- feat(load_plugin): ignore pkg name endswith theme name [@SukkaW](https://togithub.com/SukkaW) \[[#4497](https://togithub.com/hexojs/hexo/issues/4497)]
- An initial effort to support scoped package
#### Housekeeping
- chore/ci: move benchmark & profiling to Actions [@SukkaW](https://togithub.com/SukkaW) \[[#4525](https://togithub.com/hexojs/hexo/issues/4525)] \[[#4514](https://togithub.com/hexojs/hexo/issues/4514)] \[[#4335](https://togithub.com/hexojs/hexo/issues/4335)]
- Travis is now completely replaced by Actions (in this repo)
- chore: use example.com for example domain [@YoshinoriN](https://togithub.com/YoshinoriN) \[[#4512](https://togithub.com/hexojs/hexo/issues/4512)]
### [`v5.1.1`](https://togithub.com/hexojs/hexo/releases/tag/5.1.1)
[Compare Source](https://togithub.com/hexojs/hexo/compare/5.1.0...5.1.1)
#### Changes
- fix(filter/highlight): avoid escaping curly bracket when highlight & prismjs disabled [@curbengh](https://togithub.com/curbengh) \[[#4489](https://togithub.com/hexojs/hexo/issues/4489)]
- When both highlight.js and prismjs are disabled:
```yml
```
### \_config.yml
highlight:
enable: false
prismjs
enable: false
* there was an issue that curly brackets `{ }` are escaped `{ }` mistakenly in the [backtick_code_block.js](https://togithub.com/hexojs/hexo/blob/5795c1225f602ff0d5848fecf560fd33409cd96f/lib/plugins/filter/before_post_render/backtick_code_block.js) filter. The fix is to avoid running that filter when code highlight is disabled.
* Some users disable Hexo's default code highlight as they prefer to their own method.
### [`v5.1.0`](https://togithub.com/hexojs/hexo/releases/tag/5.1.0)
[Compare Source](https://togithub.com/hexojs/hexo/compare/5.0.2...5.1.0)
#### Features
- feat(highlight): parse 'caption' option to prismHighlight [@curbengh](https://togithub.com/curbengh) \[[#4476](https://togithub.com/hexojs/hexo/issues/4476)]
- `caption` is now available in prismjs:
```yml
```
### \_config.yml
highlight:
enable: false
prismjs:
enable: true
* It can be used in triple backtick codeblock:
``` js caption
console.log('foo')
```
* above codeblock will be rendered as:
(class attributes are omitted for brevity)
``` html
caption
console...
```
* you can style the caption by:
``` css
pre div.caption {
font-size: 0.9em;
color: #888;
}
pre div.caption a {
float: right;
}
```
* also available via [`codeblock`](https://hexo.io/docs/tag-plugins#Code-Block) and [`include_code`](https://hexo.io/docs/tag-plugins#Include-Code) tag plugins.
- fix: refactor post escape @SukkaW [#4472]
* fixed issue with prismjs that, in some cases, did not remove hexo's processing tag properly
- Remove plugins option in config @stevenjoezhang [#4475]
``` yml
### _config.yml
plugins:
- `plugins` option has been deprecated long ago and it's now completely dropped
- plugins should be saved in `scripts/` folder or installed via npm `package.json`.
#### Performance
- perf(backtick_code): avoid duplicated escaping [@SukkaW](https://togithub.com/SukkaW) \[[#4478](https://togithub.com/hexojs/hexo/issues/4478)]
### [`v5.0.2`](https://togithub.com/hexojs/hexo/releases/tag/5.0.2)
[Compare Source](https://togithub.com/hexojs/hexo/compare/5.0.1...5.0.2)
#### Changes
- Revert "perf: avoid running plugins in 'clean' command" \[[#4386](https://togithub.com/hexojs/hexo/issues/4386)] [@curbengh](https://togithub.com/curbengh) \[[#4470](https://togithub.com/hexojs/hexo/issues/4470)]
- This fixes error in `hexo clean`.
### [`v5.0.1`](https://togithub.com/hexojs/hexo/releases/tag/5.0.1)
[Compare Source](https://togithub.com/hexojs/hexo/compare/5.0.0...5.0.1)
#### Changes
- fix(helpers): call url_for from hexo-util [@curbengh](https://togithub.com/curbengh) \[[#4447](https://togithub.com/hexojs/hexo/issues/4447)]
- [helpers](https://hexo.io/docs/helpers) are now accessible from APIs such as [`Injector`](https://hexo.io/api/injector#Example)
- perf(external_link): update regexp [@SukkaW](https://togithub.com/SukkaW) \[[#4467](https://togithub.com/hexojs/hexo/issues/4467)]
- regex of [`external_link`](https://togithub.com/hexojs/hexo/blob/master/lib/plugins/filter/after_render/external_link.js) filter now pre-match external links, instead of solely rely on [`isExternalLink`](https://togithub.com/hexojs/hexo-util#isexternallinkurl-sitehost-exclude)
- perf(injector): shorthand optimization [@SukkaW](https://togithub.com/SukkaW) \[[#4462](https://togithub.com/hexojs/hexo/issues/4462)]
### [`v5.0.0`](https://togithub.com/hexojs/hexo/releases/tag/5.0.0)
[Compare Source](https://togithub.com/hexojs/hexo/compare/4.2.1...5.0.0)
#### Breaking change
- refactor(external_link): migrate config during load_config [@SukkaW](https://togithub.com/SukkaW) \[[#4414](https://togithub.com/hexojs/hexo/issues/4414)] \[[#4371](https://togithub.com/hexojs/hexo/issues/4371)]
- See [Writing](https://hexo.io/docs/configuration#Writing) section for new options (introduced back in v4)
```yml
```
### \_config.yml
external_link: true|false # deprecated
### New option
external_link:
enable: true|false
````
``` yml
### _config.yml
### https://hexo.io/docs/configuration#Date-Time-format
use_date_for_updated: true # deprecated
### New option
updated_option: date
````
- If you check `external_link` for truthy value, since it's now automatically converted to object, it will be always truthy:
```js
<% if (config.external_link) { %>
```
- If you wish to maintain backward compatibility with older Hexo versions:
```js
<% if ((typeof config.external_link === 'boolean' && config.external_link === true) || (typeof config.external_link === 'object' && config.external_link.enable === true)) { %>
```
- refactor(box): remove Bluebird.asCallback [@SukkaW](https://togithub.com/SukkaW) \[[#4379](https://togithub.com/hexojs/hexo/issues/4379)]
- Callback syntax for [`Box`](https://hexo.io/api/box) is never documented nor utilized in Hexo's internal.
- This is also a reminder that we might drop callbacks from all Hexo API in future. \[[#3328](https://togithub.com/hexojs/hexo/issues/3328)]
- feat: bring up config.[updated_option](https://hexo.io/docs/configuration#Date-Time-format) [@SukkaW](https://togithub.com/SukkaW) \[[#4278](https://togithub.com/hexojs/hexo/issues/4278)]
- This can be useful for a theme that prefers to display ` Updated: ` only when it's set in the article's front-matter.
- feat(open_graph): drop 'keywords' option from front-matter [@curbengh](https://togithub.com/curbengh) \[[#4174](https://togithub.com/hexojs/hexo/issues/4174)]
- Search engines no longer support `keywords`.
- fix([#3464](https://togithub.com/hexojs/hexo/issues/3464)): override permalink use the front-matter [@SukkaW](https://togithub.com/SukkaW) \[[#4359](https://togithub.com/hexojs/hexo/issues/4359)]
- User config:
```yml
```
### \_config.yml
permalink: :year/:month/:day/:title/
````
* Front-matter
``` yml
---
title: foo bar
permalink: breaking-news/
---
````
- That post will be available on `http://yourhexo.com/breaking-news/`
- A reminder that permalink must have a trailing `.html` or `/`
```yml
permalink: :year/:month/:day/:title/ # default
### or
permalink: :year/:month/:day/:title.html
```
- Remove lodash from global variable [@SukkaW](https://togithub.com/SukkaW) \[[#4266](https://togithub.com/hexojs/hexo/issues/4266)]
- Lodash `_` is no longer available on Hexo API.
-
```js
// Dropped
<% const arrayB = _.uniq(arrayA) %>
```
- We encourage the use over native JS API over Lodash, we find [this guide](https://togithub.com/you-dont-need/You-Dont-Need-Lodash-Underscore) to be helpful.
- If you prefer to use Lodash, you can always install it and make it available via [`Helper`](https://hexo.io/api/helper) API
- chore/ci: drop Node.js 8 and add Node.js 14 [@SukkaW](https://togithub.com/SukkaW) \[[#4255](https://togithub.com/hexojs/hexo/issues/4255)]
- Node 8 has [reached EOL](https://togithub.com/nodejs/Release) on 31 Dec 2019.
- Hexo now requires Node 10+; although Node 10.x is still supported, but it's going to be officially deprecated in less than a year (April 2021), so we recommend Node 12+.
- refactor: remove site config from theme config [@SukkaW](https://togithub.com/SukkaW) \[[#4145](https://togithub.com/hexojs/hexo/issues/4145)]
- Previously `hexo.theme.config` is merged into `hexo.config`, they are now separated to avoid possible conflict in configuration.
#### New feature
- feat([tag](https://hexo.io/api/tag)): show source of the error & beautify [@SukkaW](https://togithub.com/SukkaW) \[[#4420](https://togithub.com/hexojs/hexo/issues/4420)]
- feat([post_link](https://hexo.io/docs/tag-plugins#Include-Posts)): better error message when a post could not be located \[[#4426](https://togithub.com/hexojs/hexo/issues/4426)]
- The error message is now clearer when there is an incorrect filename.
- skip assets of unpublished posts and delete them if exist [@DaemondShu](https://togithub.com/DaemondShu) \[[#3489](https://togithub.com/hexojs/hexo/issues/3489)]
- When there is an unpublished post:
```yml
---
title: Still a draft....
published: false
---
```
- That post including its assets will not be generated into the `public/` folder.
- feat(extend/injector): bring up new extend Injector [@SukkaW](https://togithub.com/SukkaW) \[[#4049](https://togithub.com/hexojs/hexo/issues/4049)]
- Refer to the API [documentation](https://hexo.io/api/injector) for usage.
- feat: add prism highlight support [@SukkaW](https://togithub.com/SukkaW) \[[#4119](https://togithub.com/hexojs/hexo/issues/4119)]
- Refer to the [documentation](https://hexo.io/docs/syntax-highlight#PrismJS) for usage.
- feat([tagcloud](https://hexo.io/docs/helpers#tagcloud)): new option class & level [@stevenjoezhang](https://togithub.com/stevenjoezhang) \[[#4370](https://togithub.com/hexojs/hexo/issues/4370)]
- Ability to add class name for CSS styling.
- feat(config): validate config before processing posts [@SukkaW](https://togithub.com/SukkaW) \[[#4381](https://togithub.com/hexojs/hexo/issues/4381)]
- feat(post_permalink): add `:second` attribute option for post permalink [@kkocdko](https://togithub.com/kkocdko) \[[#4185](https://togithub.com/hexojs/hexo/issues/4185)]
- Example:
```yml
permalink: :year/:month/:day/:hour/:minute/:second/:title.html
```
- Refer to [Permalinks](https://hexo.io/docs/permalinks) for available attributes.
- feat([youtube_tag](https://hexo.io/docs/tag-plugins#YouTube)): add cookie option [@curbengh](https://togithub.com/curbengh) \[[#4155](https://togithub.com/hexojs/hexo/issues/4155)]
- When disabled, cookie is not set/sent in the youtube video embed.
- feat(youtube_tag): support playlist [@SukkaW](https://togithub.com/SukkaW) \[[#4139](https://togithub.com/hexojs/hexo/issues/4139)]
- Ability to embed a playlist.
- feat(load_theme_config): support alternate theme config [@SukkaW](https://togithub.com/SukkaW) \[[#4120](https://togithub.com/hexojs/hexo/issues/4120)]
- Theme can be configured in a file `_config.[name].yml`, e.g. `_config.landscape.yml` for [hexo-theme-landscape](https://togithub.com/hexojs/hexo-theme-landscape).
- Placed the file in the root folder, same as the current `_config.yml`.
- Refer to the [documentation](https://hexo.io/docs/configuration#Alternate-Theme-Config) for configuration priority.
- feat([feed_tag](https://hexo.io/docs/helpers#feed-tag)): support parsing config.feed [@curbengh](https://togithub.com/curbengh) \[[#4029](https://togithub.com/hexojs/hexo/issues/4029)]
- Better integration with [hexo-generator-feed](https://togithub.com/hexojs/hexo-generator-feed).
- feat(tag): add unregister() method [@SukkaW](https://togithub.com/SukkaW) \[[#4046](https://togithub.com/hexojs/hexo/issues/4046)]
- This means you can now unregister existing [tag plugins](https://hexo.io/docs/tag-plugins) and replace it with your own with the same name.
- feat(filter): add `_after_html_render` filter [@jiangtj](https://togithub.com/jiangtj) \[[#4051](https://togithub.com/hexojs/hexo/issues/4051)]
- perf(filter): set `after_render:html` as alias of `_after_html_render` [@curbengh](https://togithub.com/curbengh) \[[#4073](https://togithub.com/hexojs/hexo/issues/4073)]
- Existing `after_render:html` filter plugins automatically benefit from this improvement.
- feat(load_config): support theme_dir in node_modules [@SukkaW](https://togithub.com/SukkaW) \[[#4112](https://togithub.com/hexojs/hexo/issues/4112)]
- fix(list_tags): custom class for each element [@noraj](https://togithub.com/noraj) \[[#4059](https://togithub.com/hexojs/hexo/issues/4059)]
- Customize the class name for each element `
Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future 6.x releases. But if you manually upgrade to 6.x then Renovate will re-enable minor and patch updates automatically.
If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.
This PR contains the following updates:
3.9.0->6.0.0GitHub Vulnerability Alerts
CVE-2021-25987
Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code.
Release Notes
hexojs/hexo (hexo)
### [`v6.0.0`](https://togithub.com/hexojs/hexo/releases/tag/6.0.0) [Compare Source](https://togithub.com/hexojs/hexo/compare/5.4.2...6.0.0) #### Breaking Changes - Drop Node 10 [@stevenjoezhang](https://togithub.com/stevenjoezhang) \[[#4779](https://togithub.com/hexojs/hexo/issues/4779), [#4691](https://togithub.com/hexojs/hexo/issues/4691)] #### Security - Escape HTML by default in list_tag [@tomap](https://togithub.com/tomap) \[[#4743](https://togithub.com/hexojs/hexo/issues/4743)] **Please see more detail:** [Announcement: About CVE-2021-25987](https://togithub.com/hexojs/hexo/issues/4838) #### New features - feat: load hexo plugin in the theme's package.json [@stevenjoezhang](https://togithub.com/stevenjoezhang) \[[#4771](https://togithub.com/hexojs/hexo/issues/4771)] - feat(open_graph): different URLs for `og:image` and `twitter:image` [@KentarouTakeda](https://togithub.com/KentarouTakeda) \[[#4748](https://togithub.com/hexojs/hexo/issues/4748)] #### Performance - perf(tag/helper): memoize [@SukkaW](https://togithub.com/SukkaW) \[[#4789](https://togithub.com/hexojs/hexo/issues/4789)] - perf(external_link): optimize regex [@SukkaW](https://togithub.com/SukkaW) \[[#4790](https://togithub.com/hexojs/hexo/issues/4790)] - refactor/perf: use nanocolors [@SukkaW](https://togithub.com/SukkaW) \[[#4788](https://togithub.com/hexojs/hexo/issues/4788)] - Switch to picocolors [@tomap](https://togithub.com/tomap) \[[#4825](https://togithub.com/hexojs/hexo/issues/4825)] - perf: avoid using delete operator [@SukkaW](https://togithub.com/SukkaW) \[[#4711](https://togithub.com/hexojs/hexo/issues/4711)] - perf: overall improvements [@SukkaW](https://togithub.com/SukkaW) \[[#4783](https://togithub.com/hexojs/hexo/issues/4783)] - refactor/perf(post): use state machine to escape swig tag [@SukkaW](https://togithub.com/SukkaW) \[[#4780](https://togithub.com/hexojs/hexo/issues/4780)] - refactor: refactor pagination - paginatorHelper - pagenasionPartShow [@CroMarmot](https://togithub.com/CroMarmot) \[[#4662](https://togithub.com/hexojs/hexo/issues/4662)] #### Fixes - fix(post): escape swig full tag with args [@stevenjoezhang](https://togithub.com/stevenjoezhang) \[[#4824](https://togithub.com/hexojs/hexo/issues/4824)] - fix(processor): remove race condition failsafe [@SukkaW](https://togithub.com/SukkaW) \[[#4791](https://togithub.com/hexojs/hexo/issues/4791)] - fix([#4780](https://togithub.com/hexojs/hexo/issues/4780)): curly brackets [@SukkaW](https://togithub.com/SukkaW) \[[#4784](https://togithub.com/hexojs/hexo/issues/4784)] - fix([#4780](https://togithub.com/hexojs/hexo/issues/4780)): empty tag name correction [@SukkaW](https://togithub.com/SukkaW) \[[#4786](https://togithub.com/hexojs/hexo/issues/4786)] - Generate draft assets in draft mode [@darekkay](https://togithub.com/darekkay) \[[#4563](https://togithub.com/hexojs/hexo/issues/4563)] #### Refactor - refactor: native `Array.flat()` [@curbengh](https://togithub.com/curbengh) \[[#4806](https://togithub.com/hexojs/hexo/issues/4806)] #### Docs - doc: add homebrew install [@chenrui333](https://togithub.com/chenrui333) \[[#4724](https://togithub.com/hexojs/hexo/issues/4724)] - doc(extend/console): add jsdoc [@SukkaW](https://togithub.com/SukkaW) \[[#4500](https://togithub.com/hexojs/hexo/issues/4500)] #### Dependencies - Cleanup dependabot [@tomap](https://togithub.com/tomap) \[[#4820](https://togithub.com/hexojs/hexo/issues/4820)] - chore: bump actions/stale from 3 to 4 [@dependabot](https://togithub.com/dependabot) \[[#4828](https://togithub.com/hexojs/hexo/issues/4828)] - chore: bump sinon from 11.1.2 to 12.0.1 [@dependabot](https://togithub.com/dependabot) \[[#4810](https://togithub.com/hexojs/hexo/issues/4810)] - chore: bump eslint from 7.32.0 to 8.0.0 [@dependabot](https://togithub.com/dependabot) \[[#4799](https://togithub.com/hexojs/hexo/issues/4799)] - chore: bump hexo-log from 2.0.0 to 3.0.0 [@dependabot](https://togithub.com/dependabot) \[[#4794](https://togithub.com/hexojs/hexo/issues/4794)] - chore: bump husky from 4.3.8 to 7.0.2 [@dependabot](https://togithub.com/dependabot) \[[#4763](https://togithub.com/hexojs/hexo/issues/4763)] - chore: bump sinon from 10.0.1 to 11.1.2 [@dependabot](https://togithub.com/dependabot) \[[#4747](https://togithub.com/hexojs/hexo/issues/4747)] - chore: bump mocha from 8.4.0 to 9.1.1 [@dependabot](https://togithub.com/dependabot) \[[#4765](https://togithub.com/hexojs/hexo/issues/4765)] - chore: bump lint-staged from 10.5.4 to 11.0.0 [@dependabot](https://togithub.com/dependabot) \[[#4697](https://togithub.com/hexojs/hexo/issues/4697)] - Upgrade to GitHub-native Dependabot [@dependabot-preview](https://togithub.com/dependabot-preview) \[[#4689](https://togithub.com/hexojs/hexo/issues/4689)] - chore(deps-dev): bump sinon from 9.2.4 to 10.0.0 [@dependabot-preview](https://togithub.com/dependabot-preview) \[[#4670](https://togithub.com/hexojs/hexo/issues/4670)] - chore(deps-dev): bump hexo-renderer-marked from 3.3.0 to 4.0.0 [@dependabot-preview](https://togithub.com/dependabot-preview) \[[#4649](https://togithub.com/hexojs/hexo/issues/4649)] #### New Contributors - [@CroMarmot](https://togithub.com/CroMarmot) made their first contribution in [https://github.com/hexojs/hexo/pull/4662](https://togithub.com/hexojs/hexo/pull/4662) - [@darekkay](https://togithub.com/darekkay) made their first contribution in [https://github.com/hexojs/hexo/pull/4563](https://togithub.com/hexojs/hexo/pull/4563) - [@dependabot](https://togithub.com/dependabot) made their first contribution in [https://github.com/hexojs/hexo/pull/4697](https://togithub.com/hexojs/hexo/pull/4697) - [@chenrui333](https://togithub.com/chenrui333) made their first contribution in [https://github.com/hexojs/hexo/pull/4724](https://togithub.com/hexojs/hexo/pull/4724) **Full Changelog**: https://github.com/hexojs/hexo/compare/5.4.0...6.0.0 ### [`v5.4.2`](https://togithub.com/hexojs/hexo/releases/tag/5.4.2) [Compare Source](https://togithub.com/hexojs/hexo/compare/5.4.1...5.4.2) #### Fixes - fix([#4917](https://togithub.com/hexojs/hexo/issues/4917)): downgrade `js-yaml` from `v4.x` to `v3.14.x` by [@yoshinorin](https://togithub.com/yoshinorin) in [https://github.com/hexojs/hexo/pull/4932](https://togithub.com/hexojs/hexo/pull/4932) **Full Changelog**: https://github.com/hexojs/hexo/compare/5.4.1...5.4.2 ### [`v5.4.1`](https://togithub.com/hexojs/hexo/releases/tag/5.4.1) [Compare Source](https://togithub.com/hexojs/hexo/compare/5.4.0...5.4.1) #### Fixes - Fix js-yaml tags for v4.0.0+ ([#4869](https://togithub.com/hexojs/hexo/issues/4869)) by [@marcofranssen](https://togithub.com/marcofranssen) in [https://github.com/hexojs/hexo/pull/4876](https://togithub.com/hexojs/hexo/pull/4876) **Full Changelog**: https://github.com/hexojs/hexo/compare/5.4.0...5.4.1 ### [`v5.4.0`](https://togithub.com/hexojs/hexo/releases/tag/5.4.0) [Compare Source](https://togithub.com/hexojs/hexo/compare/5.3.0...5.4.0) #### New features - feat: handle config.root is not exist [@jiangtj](https://togithub.com/jiangtj) \[[#4616](https://togithub.com/hexojs/hexo/issues/4616)] #### Breaking change - fix(excerpt): use span instead of anchor element for better SEO performance [@stevenjoezhang](https://togithub.com/stevenjoezhang) \[[#4627](https://togithub.com/hexojs/hexo/issues/4627)] #### Fixes - fix(box): set property awaitWriteFinish for chokidar filewatcher [@stevenjoezhang](https://togithub.com/stevenjoezhang) \[[#4633](https://togithub.com/hexojs/hexo/issues/4633)] - fix(codeblock): match whitespace but not newlines [@stevenjoezhang](https://togithub.com/stevenjoezhang) \[[#4625](https://togithub.com/hexojs/hexo/issues/4625)] - fix(i18n): page.lang is undefined when using the key `language` in front-matter [@stevenjoezhang](https://togithub.com/stevenjoezhang) \[[#4614](https://togithub.com/hexojs/hexo/issues/4614)] #### Misc - github: update actions/setup-node action to v2 [@stevenjoezhang](https://togithub.com/stevenjoezhang) \[[#4604](https://togithub.com/hexojs/hexo/issues/4604)] - chore/ci: migrate from probot/stale to GitHub Actions [@stevenjoezhang](https://togithub.com/stevenjoezhang) \[[#4598](https://togithub.com/hexojs/hexo/issues/4598)] #### Dependencies - chore(deps): bump js-yaml from 3.14.1 to 4.0.0 [@dependabot-preview](https://togithub.com/dependabot-preview) \[[#4607](https://togithub.com/hexojs/hexo/issues/4607)] ### [`v5.3.0`](https://togithub.com/hexojs/hexo/releases/tag/5.3.0) [Compare Source](https://togithub.com/hexojs/hexo/compare/5.2.0...5.3.0) #### New features - expose `escape_html` helper method for string manipulation to templates [@awwong1](https://togithub.com/awwong1) \[[#4581](https://togithub.com/hexojs/hexo/issues/4581)] - list_tags: span element & custom class for label [@noraj](https://togithub.com/noraj) \[[#4578](https://togithub.com/hexojs/hexo/issues/4578)] #### Fixes - fix(load_plugins): ignore plugin whose name is started with "hexo-theme" [@stevenjoezhang](https://togithub.com/stevenjoezhang) \[[#4592](https://togithub.com/hexojs/hexo/issues/4592)] - fix(codeblock): closing code fence may be followed only by spaces [@stevenjoezhang](https://togithub.com/stevenjoezhang) \[[#4574](https://togithub.com/hexojs/hexo/issues/4574)] #### Refactor - Replace `process.mainModule` with `require.main` [@stevenjoezhang](https://togithub.com/stevenjoezhang) \[[#4583](https://togithub.com/hexojs/hexo/issues/4583)] #### Docs - docs(badge): replace david-dm with more reliable shields.io [@curbengh](https://togithub.com/curbengh) \[[#4538](https://togithub.com/hexojs/hexo/issues/4538)] ### [`v5.2.0`](https://togithub.com/hexojs/hexo/releases/tag/5.2.0) [Compare Source](https://togithub.com/hexojs/hexo/compare/5.1.1...5.2.0) #### Changes - perf(external_link): faster regexp [@SukkaW](https://togithub.com/SukkaW) \[[#4536](https://togithub.com/hexojs/hexo/issues/4536)] - prioritise `http(s)://` over `//` - feat: support 'disableNunjucks' in front-matter [@curbengh](https://togithub.com/curbengh) \[[#4518](https://togithub.com/hexojs/hexo/issues/4518)] - Enable this option to disable [tag plugin](https://hexo.io/docs/tag-plugins) - Setting this option in front-matter will override the same option set by the renderer (e.g. [hexo-renderer-marked](https://togithub.com/hexojs/hexo-renderer-marked)) ```yml --- title: foo date: 2020-01-02 03:04:05 disableNunjucks: true|false --- ``` - fix: avoid escaping front-matter if unnecessary [@curbengh](https://togithub.com/curbengh) \[[#4522](https://togithub.com/hexojs/hexo/issues/4522)] - using variable (e.g. `{{ title }}`) with special characters no longer result in double-quote wrap - fix: validate value of [config.url](https://hexo.io/docs/configuration#URL) [@curbengh](https://togithub.com/curbengh) \[[#4520](https://togithub.com/hexojs/hexo/issues/4520)] - `config.url` should starts with "http://" or "https://" - fix(router): convert string to buffer in route stream [@ppoffice](https://togithub.com/ppoffice) \[[#4517](https://togithub.com/hexojs/hexo/issues/4517)] - fix crash in `hexo generate --bail` - fix(disableNunjucks): query both async and sync versions of renderer [@curbengh](https://togithub.com/curbengh) \[[#4498](https://togithub.com/hexojs/hexo/issues/4498)] - [`disableNunjucks`](https://hexo.io/api/renderer#Disable-Nunjucks-tags) option should now works reliably with synchronous renderer - feat(load_plugin): ignore pkg name endswith theme name [@SukkaW](https://togithub.com/SukkaW) \[[#4497](https://togithub.com/hexojs/hexo/issues/4497)] - An initial effort to support scoped package #### Housekeeping - chore/ci: move benchmark & profiling to Actions [@SukkaW](https://togithub.com/SukkaW) \[[#4525](https://togithub.com/hexojs/hexo/issues/4525)] \[[#4514](https://togithub.com/hexojs/hexo/issues/4514)] \[[#4335](https://togithub.com/hexojs/hexo/issues/4335)] - Travis is now completely replaced by Actions (in this repo) - chore: use example.com for example domain [@YoshinoriN](https://togithub.com/YoshinoriN) \[[#4512](https://togithub.com/hexojs/hexo/issues/4512)] ### [`v5.1.1`](https://togithub.com/hexojs/hexo/releases/tag/5.1.1) [Compare Source](https://togithub.com/hexojs/hexo/compare/5.1.0...5.1.1) #### Changes - fix(filter/highlight): avoid escaping curly bracket when highlight & prismjs disabled [@curbengh](https://togithub.com/curbengh) \[[#4489](https://togithub.com/hexojs/hexo/issues/4489)] - When both highlight.js and prismjs are disabled: ```yml ``` ### \_config.yml highlight: enable: false prismjs enable: false * there was an issue that curly brackets `{ }` are escaped `{ }` mistakenly in the [backtick_code_block.js](https://togithub.com/hexojs/hexo/blob/5795c1225f602ff0d5848fecf560fd33409cd96f/lib/plugins/filter/before_post_render/backtick_code_block.js) filter. The fix is to avoid running that filter when code highlight is disabled. * Some users disable Hexo's default code highlight as they prefer to their own method. ### [`v5.1.0`](https://togithub.com/hexojs/hexo/releases/tag/5.1.0) [Compare Source](https://togithub.com/hexojs/hexo/compare/5.0.2...5.1.0) #### Features - feat(highlight): parse 'caption' option to prismHighlight [@curbengh](https://togithub.com/curbengh) \[[#4476](https://togithub.com/hexojs/hexo/issues/4476)] - `caption` is now available in prismjs: ```yml ``` ### \_config.yml highlight: enable: false prismjs: enable: true * It can be used in triple backtick codeblock: * above codeblock will be rendered as: (class attributes are omitted for brevity) ``` html ``` * you can style the caption by: ``` css pre div.caption { font-size: 0.9em; color: #888; } pre div.caption a { float: right; } ``` * also available via [`codeblock`](https://hexo.io/docs/tag-plugins#Code-Block) and [`include_code`](https://hexo.io/docs/tag-plugins#Include-Code) tag plugins. - fix: refactor post escape @SukkaW [#4472] * fixed issue with prismjs that, in some cases, did not remove hexo's processing tag properly - Remove plugins option in config @stevenjoezhang [#4475] ``` yml ### _config.yml plugins: - `plugins` option has been deprecated long ago and it's now completely dropped - plugins should be saved in `scripts/` folder or installed via npm `package.json`. #### Performance - perf(backtick_code): avoid duplicated escaping [@SukkaW](https://togithub.com/SukkaW) \[[#4478](https://togithub.com/hexojs/hexo/issues/4478)] ### [`v5.0.2`](https://togithub.com/hexojs/hexo/releases/tag/5.0.2) [Compare Source](https://togithub.com/hexojs/hexo/compare/5.0.1...5.0.2) #### Changes - Revert "perf: avoid running plugins in 'clean' command" \[[#4386](https://togithub.com/hexojs/hexo/issues/4386)] [@curbengh](https://togithub.com/curbengh) \[[#4470](https://togithub.com/hexojs/hexo/issues/4470)] - This fixes error in `hexo clean`. ### [`v5.0.1`](https://togithub.com/hexojs/hexo/releases/tag/5.0.1) [Compare Source](https://togithub.com/hexojs/hexo/compare/5.0.0...5.0.1) #### Changes - fix(helpers): call url_for from hexo-util [@curbengh](https://togithub.com/curbengh) \[[#4447](https://togithub.com/hexojs/hexo/issues/4447)] - [helpers](https://hexo.io/docs/helpers) are now accessible from APIs such as [`Injector`](https://hexo.io/api/injector#Example) - perf(external_link): update regexp [@SukkaW](https://togithub.com/SukkaW) \[[#4467](https://togithub.com/hexojs/hexo/issues/4467)] - regex of [`external_link`](https://togithub.com/hexojs/hexo/blob/master/lib/plugins/filter/after_render/external_link.js) filter now pre-match external links, instead of solely rely on [`isExternalLink`](https://togithub.com/hexojs/hexo-util#isexternallinkurl-sitehost-exclude) - perf(injector): shorthand optimization [@SukkaW](https://togithub.com/SukkaW) \[[#4462](https://togithub.com/hexojs/hexo/issues/4462)] ### [`v5.0.0`](https://togithub.com/hexojs/hexo/releases/tag/5.0.0) [Compare Source](https://togithub.com/hexojs/hexo/compare/4.2.1...5.0.0) #### Breaking change - refactor(external_link): migrate config during load_config [@SukkaW](https://togithub.com/SukkaW) \[[#4414](https://togithub.com/hexojs/hexo/issues/4414)] \[[#4371](https://togithub.com/hexojs/hexo/issues/4371)] - See [Writing](https://hexo.io/docs/configuration#Writing) section for new options (introduced back in v4) ```yml ``` ### \_config.yml external_link: true|false # deprecated ### New option external_link: enable: true|false ```` ``` yml ### _config.yml ### https://hexo.io/docs/configuration#Date-Time-format use_date_for_updated: true # deprecated ### New option updated_option: date ```` - If you check `external_link` for truthy value, since it's now automatically converted to object, it will be always truthy: ```js <% if (config.external_link) { %> ``` - If you wish to maintain backward compatibility with older Hexo versions: ```js <% if ((typeof config.external_link === 'boolean' && config.external_link === true) || (typeof config.external_link === 'object' && config.external_link.enable === true)) { %> ``` - refactor(box): remove Bluebird.asCallback [@SukkaW](https://togithub.com/SukkaW) \[[#4379](https://togithub.com/hexojs/hexo/issues/4379)] - Callback syntax for [`Box`](https://hexo.io/api/box) is never documented nor utilized in Hexo's internal. - This is also a reminder that we might drop callbacks from all Hexo API in future. \[[#3328](https://togithub.com/hexojs/hexo/issues/3328)] - feat: bring up config.[updated_option](https://hexo.io/docs/configuration#Date-Time-format) [@SukkaW](https://togithub.com/SukkaW) \[[#4278](https://togithub.com/hexojs/hexo/issues/4278)] - This can be useful for a theme that prefers to display ` Updated: ` only when it's set in the article's front-matter. - feat(open_graph): drop 'keywords' option from front-matter [@curbengh](https://togithub.com/curbengh) \[[#4174](https://togithub.com/hexojs/hexo/issues/4174)] - Search engines no longer support `keywords`. - fix([#3464](https://togithub.com/hexojs/hexo/issues/3464)): override permalink use the front-matter [@SukkaW](https://togithub.com/SukkaW) \[[#4359](https://togithub.com/hexojs/hexo/issues/4359)] - User config: ```yml ``` ### \_config.yml permalink: :year/:month/:day/:title/ ```` * Front-matter ``` yml --- title: foo bar permalink: breaking-news/ --- ```` - That post will be available on `http://yourhexo.com/breaking-news/` - A reminder that permalink must have a trailing `.html` or `/` ```yml permalink: :year/:month/:day/:title/ # default ### or permalink: :year/:month/:day/:title.html ``` - Remove lodash from global variable [@SukkaW](https://togithub.com/SukkaW) \[[#4266](https://togithub.com/hexojs/hexo/issues/4266)] - Lodash `_` is no longer available on Hexo API. - ```js // Dropped <% const arrayB = _.uniq(arrayA) %> ``` - We encourage the use over native JS API over Lodash, we find [this guide](https://togithub.com/you-dont-need/You-Dont-Need-Lodash-Underscore) to be helpful. - If you prefer to use Lodash, you can always install it and make it available via [`Helper`](https://hexo.io/api/helper) API - chore/ci: drop Node.js 8 and add Node.js 14 [@SukkaW](https://togithub.com/SukkaW) \[[#4255](https://togithub.com/hexojs/hexo/issues/4255)] - Node 8 has [reached EOL](https://togithub.com/nodejs/Release) on 31 Dec 2019. - Hexo now requires Node 10+; although Node 10.x is still supported, but it's going to be officially deprecated in less than a year (April 2021), so we recommend Node 12+. - refactor: remove site config from theme config [@SukkaW](https://togithub.com/SukkaW) \[[#4145](https://togithub.com/hexojs/hexo/issues/4145)] - Previously `hexo.theme.config` is merged into `hexo.config`, they are now separated to avoid possible conflict in configuration. #### New feature - feat([tag](https://hexo.io/api/tag)): show source of the error & beautify [@SukkaW](https://togithub.com/SukkaW) \[[#4420](https://togithub.com/hexojs/hexo/issues/4420)] - feat([post_link](https://hexo.io/docs/tag-plugins#Include-Posts)): better error message when a post could not be located \[[#4426](https://togithub.com/hexojs/hexo/issues/4426)] - The error message is now clearer when there is an incorrect filename. - skip assets of unpublished posts and delete them if exist [@DaemondShu](https://togithub.com/DaemondShu) \[[#3489](https://togithub.com/hexojs/hexo/issues/3489)] - When there is an unpublished post: ```yml --- title: Still a draft.... published: false --- ``` - That post including its assets will not be generated into the `public/` folder. - feat(extend/injector): bring up new extend Injector [@SukkaW](https://togithub.com/SukkaW) \[[#4049](https://togithub.com/hexojs/hexo/issues/4049)] - Refer to the API [documentation](https://hexo.io/api/injector) for usage. - feat: add prism highlight support [@SukkaW](https://togithub.com/SukkaW) \[[#4119](https://togithub.com/hexojs/hexo/issues/4119)] - Refer to the [documentation](https://hexo.io/docs/syntax-highlight#PrismJS) for usage. - feat([tagcloud](https://hexo.io/docs/helpers#tagcloud)): new option class & level [@stevenjoezhang](https://togithub.com/stevenjoezhang) \[[#4370](https://togithub.com/hexojs/hexo/issues/4370)] - Ability to add class name for CSS styling. - feat(config): validate config before processing posts [@SukkaW](https://togithub.com/SukkaW) \[[#4381](https://togithub.com/hexojs/hexo/issues/4381)] - feat(post_permalink): add `:second` attribute option for post permalink [@kkocdko](https://togithub.com/kkocdko) \[[#4185](https://togithub.com/hexojs/hexo/issues/4185)] - Example: ```yml permalink: :year/:month/:day/:hour/:minute/:second/:title.html ``` - Refer to [Permalinks](https://hexo.io/docs/permalinks) for available attributes. - feat([youtube_tag](https://hexo.io/docs/tag-plugins#YouTube)): add cookie option [@curbengh](https://togithub.com/curbengh) \[[#4155](https://togithub.com/hexojs/hexo/issues/4155)] - When disabled, cookie is not set/sent in the youtube video embed. - feat(youtube_tag): support playlist [@SukkaW](https://togithub.com/SukkaW) \[[#4139](https://togithub.com/hexojs/hexo/issues/4139)] - Ability to embed a playlist. - feat(load_theme_config): support alternate theme config [@SukkaW](https://togithub.com/SukkaW) \[[#4120](https://togithub.com/hexojs/hexo/issues/4120)] - Theme can be configured in a file `_config.[name].yml`, e.g. `_config.landscape.yml` for [hexo-theme-landscape](https://togithub.com/hexojs/hexo-theme-landscape). - Placed the file in the root folder, same as the current `_config.yml`. - Refer to the [documentation](https://hexo.io/docs/configuration#Alternate-Theme-Config) for configuration priority. - feat([feed_tag](https://hexo.io/docs/helpers#feed-tag)): support parsing config.feed [@curbengh](https://togithub.com/curbengh) \[[#4029](https://togithub.com/hexojs/hexo/issues/4029)] - Better integration with [hexo-generator-feed](https://togithub.com/hexojs/hexo-generator-feed). - feat(tag): add unregister() method [@SukkaW](https://togithub.com/SukkaW) \[[#4046](https://togithub.com/hexojs/hexo/issues/4046)] - This means you can now unregister existing [tag plugins](https://hexo.io/docs/tag-plugins) and replace it with your own with the same name. - feat(filter): add `_after_html_render` filter [@jiangtj](https://togithub.com/jiangtj) \[[#4051](https://togithub.com/hexojs/hexo/issues/4051)] - perf(filter): set `after_render:html` as alias of `_after_html_render` [@curbengh](https://togithub.com/curbengh) \[[#4073](https://togithub.com/hexojs/hexo/issues/4073)] - Existing `after_render:html` filter plugins automatically benefit from this improvement. - feat(load_config): support theme_dir in node_modules [@SukkaW](https://togithub.com/SukkaW) \[[#4112](https://togithub.com/hexojs/hexo/issues/4112)] - fix(list_tags): custom class for each element [@noraj](https://togithub.com/noraj) \[[#4059](https://togithub.com/hexojs/hexo/issues/4059)] - Customize the class name for each element ``, `- `, ``, `` for [list_tags](https://hexo.io/docs/helpers#list-tags) plugin.
#### Performance
- perf(tag): rendering optimization [@SukkaW](https://togithub.com/SukkaW) \[[#4418](https://togithub.com/hexojs/hexo/issues/4418)]
- perf(external_link): faster regexp & condition shorthand [@SukkaW](https://togithub.com/SukkaW) \[[#4436](https://togithub.com/hexojs/hexo/issues/4436)]
- perf(external_link): optimize regex [@SukkaW](https://togithub.com/SukkaW) \[[#4008](https://togithub.com/hexojs/hexo/issues/4008)]
- perf(filter): shorthand syntax [@SukkaW](https://togithub.com/SukkaW) \[[#4377](https://togithub.com/hexojs/hexo/issues/4377)]
- perf(backtick_code): shorthand [@SukkaW](https://togithub.com/SukkaW) \[[#4369](https://togithub.com/hexojs/hexo/issues/4369)]
- perf: avoid running irrelevant plugins in 'clean' command [@curbengh](https://togithub.com/curbengh) \[[#4386](https://togithub.com/hexojs/hexo/issues/4386)]
- To maintain compatibility with third-party [console](https://hexo.io/api/console) plugins, this only applies to `hexo clean`, not `hexo c` alias.
- perf(titlecase): lazy require [@SukkaW](https://togithub.com/SukkaW) \[[#4417](https://togithub.com/hexojs/hexo/issues/4417)]
- perf(tag/code): performance improvements [@SukkaW](https://togithub.com/SukkaW) \[[#4416](https://togithub.com/hexojs/hexo/issues/4416)]
- perf(post): simplify codeblock escape [@SukkaW](https://togithub.com/SukkaW) \[[#4254](https://togithub.com/hexojs/hexo/issues/4254)]
- perf(meta_generator): avoid unnecessary check [@SukkaW](https://togithub.com/SukkaW) \[[#4208](https://togithub.com/hexojs/hexo/issues/4208)]
- perf(external_link): cache config [@SukkaW](https://togithub.com/SukkaW) \[[#4134](https://togithub.com/hexojs/hexo/issues/4134)]
- perf(open_graph): avoid using htmlTag() and enhance cache [@SukkaW](https://togithub.com/SukkaW) \[[#4125](https://togithub.com/hexojs/hexo/issues/4125)]
- refactor(list_archives): reduce calls to date.format() [@dailyrandomphoto](https://togithub.com/dailyrandomphoto) \[[#4011](https://togithub.com/hexojs/hexo/issues/4011)]
- fix(moment.locale): avoid lookup repeatedly with the wrong names [@dailyrandomphoto](https://togithub.com/dailyrandomphoto) \[[#4007](https://togithub.com/hexojs/hexo/issues/4007)]
#### Fix
- fix(box): ignore .git and node modules in the theme folder [@jiangtj](https://togithub.com/jiangtj) \[[#4306](https://togithub.com/hexojs/hexo/issues/4306)]
- fix: allow empty title [@stevenjoezhang](https://togithub.com/stevenjoezhang) \[[#4344](https://togithub.com/hexojs/hexo/issues/4344)]
- fix([#4236](https://togithub.com/hexojs/hexo/issues/4236)): don't create "/index" directories when [post_asset_folder](https://hexo.io/docs/asset-folders) is true [@jiangtj](https://togithub.com/jiangtj) \[[#4258](https://togithub.com/hexojs/hexo/issues/4258)]
- fix([#4317](https://togithub.com/hexojs/hexo/issues/4317)): non-greedy regexp for tag escape [@SukkaW](https://togithub.com/SukkaW) \[[#4358](https://togithub.com/hexojs/hexo/issues/4358)]
- fix(post): use non-greedy regular expressions [@stevenjoezhang](https://togithub.com/stevenjoezhang) \[[#4161](https://togithub.com/hexojs/hexo/issues/4161)]
- fix(post): properly escape swig tag inside post [@SukkaW](https://togithub.com/SukkaW) \[[#4352](https://togithub.com/hexojs/hexo/issues/4352)]
- swig tag inside a single backtick is now interpreted as code embed.
-
- fix(logging): log database only in relevant commands [@curbengh](https://togithub.com/curbengh) \[[#4387](https://togithub.com/hexojs/hexo/issues/4387)]
- `Writing database to ${dbPath}/db.json` message shouldn't show up in `hexo clean` and `hexo version`.
- fix(server-cache): must match exact alias [@curbengh](https://togithub.com/curbengh) \[[#4388](https://togithub.com/hexojs/hexo/issues/4388)]
- Improve compatibility with 3rd-party console plugins that may have a name that starts with an 's'.
- fix(tag-code): parse 'wrap' option [@curbengh](https://togithub.com/curbengh) \[[#4391](https://togithub.com/hexojs/hexo/issues/4391)]
- [`highlight.wrap`](https://hexo.io/docs/configuration#Writing) option in user config is now properly passed to the [`codeblock`](https://hexo.io/docs/tag-plugins#Code-Block) tag plugin
- fix: remove unused type check [@Himself65](https://togithub.com/Himself65) \[[#4398](https://togithub.com/hexojs/hexo/issues/4398)]
- fix: access error code from error object directly [@SukkaW](https://togithub.com/SukkaW) \[[#4280](https://togithub.com/hexojs/hexo/issues/4280)]
- Improve compatibility with native JS API
- fix: load_plugin with extra line EOF [@SukkaW](https://togithub.com/SukkaW) \[[#4256](https://togithub.com/hexojs/hexo/issues/4256)]
- fix: parsing code error in backticks [@seaoak](https://togithub.com/seaoak) \[[#4229](https://togithub.com/hexojs/hexo/issues/4229)]
- fix(toc_helper): escape class name and handle null id [@curbengh](https://togithub.com/curbengh) \[[#4009](https://togithub.com/hexojs/hexo/issues/4009)]
- fix(meta_generator): match existing `` with different order [@SukkaW](https://togithub.com/SukkaW) \[[#4017](https://togithub.com/hexojs/hexo/issues/4017)]
- fix(excerpt): stricter regex [@curbengh](https://togithub.com/curbengh) \[[#4443](https://togithub.com/hexojs/hexo/issues/4443)]
- Now only the following variants of [excerpt tag](https://hexo.io/docs/tag-plugins#Post-Excerpt) are valid.
1. ``
2. ``
3. ``
4. ``
#### Refactor
- refactor(meta_generator): no longer ignore empty [@SukkaW](https://togithub.com/SukkaW) \[[#4442](https://togithub.com/hexojs/hexo/issues/4442)]
- refactor(external_link): migrate config during load_config [@SukkaW](https://togithub.com/SukkaW) \[[#4414](https://togithub.com/hexojs/hexo/issues/4414)]
- Reduce array#reduce [@segayuu](https://togithub.com/segayuu) \[[#4299](https://togithub.com/hexojs/hexo/issues/4299)]
- Correct using createSha1Hash() with pipe() [@seaoak](https://togithub.com/seaoak) \[[#4323](https://togithub.com/hexojs/hexo/issues/4323)]
- refactor(post): reduce promise [@SukkaW](https://togithub.com/SukkaW) \[[#4337](https://togithub.com/hexojs/hexo/issues/4337)]
- refactor: simplify code [@2997ms](https://togithub.com/2997ms) \[[#4408](https://togithub.com/hexojs/hexo/issues/4408)]
- refactor(external_link): filter regexp [@segayuu](https://togithub.com/segayuu) \[[#4412](https://togithub.com/hexojs/hexo/issues/4412)]
- refactor(hexo): merge theme_config before generation [@SukkaW](https://togithub.com/SukkaW) \[[#4360](https://togithub.com/hexojs/hexo/issues/4360)]
- refactor(nunjucks): dedicated nunjucks renderer [@SukkaW](https://togithub.com/SukkaW) \[[#4356](https://togithub.com/hexojs/hexo/issues/4356)]
- refactor: drop hexo-util#HashStream [@SukkaW](https://togithub.com/SukkaW) \[[#4279](https://togithub.com/hexojs/hexo/issues/4279)]
- refactor(toc): avoid using htmlTag [@SukkaW](https://togithub.com/SukkaW) \[[#4183](https://togithub.com/hexojs/hexo/issues/4183)]
- refactor(hexo_index): remove unused parameter [@curbengh](https://togithub.com/curbengh) \[[#4153](https://togithub.com/hexojs/hexo/issues/4153)]
- Refactor(class): Replace prototype to class syntax [@segayuu](https://togithub.com/segayuu) \[[#4151](https://togithub.com/hexojs/hexo/issues/4151)]
- refactor: copy object with spread operator [@SukkaW](https://togithub.com/SukkaW) \[[#4140](https://togithub.com/hexojs/hexo/issues/4140)]
- refactor: simplify code [@Himself65](https://togithub.com/Himself65) \[[#4138](https://togithub.com/hexojs/hexo/issues/4138)]
- refactor: utilize Object.entries [@SukkaW](https://togithub.com/SukkaW) \[[#4118](https://togithub.com/hexojs/hexo/issues/4118)]
- refactor: utilize hexo-util pr-169 [@SukkaW](https://togithub.com/SukkaW) \[[#4045](https://togithub.com/hexojs/hexo/issues/4045)]
- refactor(hexo/index): use Set [@SukkaW](https://togithub.com/SukkaW) \[[#4013](https://togithub.com/hexojs/hexo/issues/4013)]
- refactor: Class syntax [@SukkaW](https://togithub.com/SukkaW) \[[#4100](https://togithub.com/hexojs/hexo/issues/4100)]
- refactor(helper): minor changes [@SukkaW](https://togithub.com/SukkaW) \[[#4061](https://togithub.com/hexojs/hexo/issues/4061)]
- style: space for asyncArrow [@SukkaW](https://togithub.com/SukkaW) \[[#4102](https://togithub.com/hexojs/hexo/issues/4102)]
- Reduce stream [@segayuu](https://togithub.com/segayuu) \[[#4333](https://togithub.com/hexojs/hexo/issues/4333)]
#### Dependencies
- chore(deps): update hexo-front-matter from 1.0.0 to 2.0.0 [@SukkaW](https://togithub.com/SukkaW) \[[#4439](https://togithub.com/hexojs/hexo/issues/4439)]
- chore(deps): update hexo-util from 1.9.0 to 2.2.0 \[[#4276](https://togithub.com/hexojs/hexo/issues/4276)] \[[#4438](https://togithub.com/hexojs/hexo/issues/4438)]
- chore(deps): bump hexo-log from 1.0.0 to 2.0.0 \[[#4392](https://togithub.com/hexojs/hexo/issues/4392)]
- chore(deps-dev): bump hexo-renderer-marked from 2.0.0 to 3.0.0 \[[#4390](https://togithub.com/hexojs/hexo/issues/4390)]
- chore(deps-dev): bump mocha from 6.2.2 to 8.0.1 \[[#4060](https://togithub.com/hexojs/hexo/issues/4060)] \[[#4354](https://togithub.com/hexojs/hexo/issues/4354)]
- Update tester node version [@segayuu](https://togithub.com/segayuu) \[[#4324](https://togithub.com/hexojs/hexo/issues/4324)]
- chore(deps-dev): bump eslint from 6.8.0 to 7.0.0 \[[#4301](https://togithub.com/hexojs/hexo/issues/4301)]
- chore(deps): bump warehouse from 3.0.1 to 4.0.0 \[[#4077](https://togithub.com/hexojs/hexo/issues/4077)] \[[#4322](https://togithub.com/hexojs/hexo/issues/4322)]
- chore(deps-dev): bump lint-staged from 9.5.0 to 10.2.0 \[[#4283](https://togithub.com/hexojs/hexo/issues/4283)]
- chore(deps): bump hexo-fs from 2.0.0 to 3.0.1 \[[#4277](https://togithub.com/hexojs/hexo/issues/4277)]
- chore(deps-dev): bump sinon from 7.5.0 to 9.0.2 \[[#4005](https://togithub.com/hexojs/hexo/issues/4005)] \[[#4232](https://togithub.com/hexojs/hexo/issues/4232)]
- chore(deps-dev): bump husky from 3.1.0 to 4.2.5 \[[#4235](https://togithub.com/hexojs/hexo/issues/4235)]
- chore(deps): bump chalk from 3.0.0 to 4.0.0 \[[#4215](https://togithub.com/hexojs/hexo/issues/4215)]
- chore(deps-dev): bump nyc from 14.1.1 to 15.0.0 \[[#4003](https://togithub.com/hexojs/hexo/issues/4003)]
#### Misc
- refactor: port shell script to javascript [@Himself65](https://togithub.com/Himself65) \[[#4405](https://togithub.com/hexojs/hexo/issues/4405)]
- refactor(console/generate): class & destructure assign [@SukkaW](https://togithub.com/SukkaW) \[[#4338](https://togithub.com/hexojs/hexo/issues/4338)]
- Fix not to pass callback to hexo-fs [@segayuu](https://togithub.com/segayuu) \[[#4339](https://togithub.com/hexojs/hexo/issues/4339)]
- style: es6 string extensions & destructure [@SukkaW](https://togithub.com/SukkaW) \[[#4357](https://togithub.com/hexojs/hexo/issues/4357)]
- Migrate Travis and Appveyor tp GitHub Actions
- ci(appveyor): drop appveyor [@SukkaW](https://togithub.com/SukkaW) \[[#4402](https://togithub.com/hexojs/hexo/issues/4402)]
- chore: add release release-drafter ([#3858](https://togithub.com/hexojs/hexo/issues/3858)) [@YoshinoriN](https://togithub.com/YoshinoriN) \[[#4165](https://togithub.com/hexojs/hexo/issues/4165)]
- ci: add GitHub Actions to run linter [@Himself65](https://togithub.com/Himself65) \[[#4143](https://togithub.com/hexojs/hexo/issues/4143)]
- ci(travis): remove Windows [@curbengh](https://togithub.com/curbengh) \[[#4076](https://togithub.com/hexojs/hexo/issues/4076)]
- ci(github_actions): Create tester job [@segayuu](https://togithub.com/segayuu) \[[#4169](https://togithub.com/hexojs/hexo/issues/4169)]
- Move coveralls from travis to github actions [@segayuu](https://togithub.com/segayuu) \[[#4326](https://togithub.com/hexojs/hexo/issues/4326)]
- ci(benchmark): generate flamegraph [@SukkaW](https://togithub.com/SukkaW) \[[#4000](https://togithub.com/hexojs/hexo/issues/4000)]
- ci(flamegraph): fix 0x [@SukkaW](https://togithub.com/SukkaW) \[[#4116](https://togithub.com/hexojs/hexo/issues/4116)]
- Fix issues found by [lgtm.com](https://lgtm.com/projects/g/hexojs/hexo/)
- fix(console_generate): remove unnecessary boolean-to-object conversion [@curbengh](https://togithub.com/curbengh) \[[#4152](https://togithub.com/hexojs/hexo/issues/4152)]
- fix: remove useless conditions [@curbengh](https://togithub.com/curbengh) \[[#4147](https://togithub.com/hexojs/hexo/issues/4147)]
- fix: return callback if called [@curbengh](https://togithub.com/curbengh) \[[#4178](https://togithub.com/hexojs/hexo/issues/4178)]
- refactor(benchmark): minor changes [@SukkaW](https://togithub.com/SukkaW) \[[#4411](https://togithub.com/hexojs/hexo/issues/4411)]
- github(issue_template): add special notice [@SukkaW](https://togithub.com/SukkaW) \[[#4348](https://togithub.com/hexojs/hexo/issues/4348)]
- add mandarin issue template
#### Test
- test(benchmark): optimize for local & render post support [@SukkaW](https://togithub.com/SukkaW) \[[#4428](https://togithub.com/hexojs/hexo/issues/4428)]
- perf(mocha): run tests in parallel [@curbengh](https://togithub.com/curbengh) \[[#4374](https://togithub.com/hexojs/hexo/issues/4374)]
- refactor(test): async hexo/load_config.js [@segayuu](https://togithub.com/segayuu) \[[#4340](https://togithub.com/hexojs/hexo/issues/4340)]
- test([#4087](https://togithub.com/hexojs/hexo/issues/4087)): add related cases [@SukkaW](https://togithub.com/SukkaW) \[[#4364](https://togithub.com/hexojs/hexo/issues/4364)]
- test(post): add test cases for \[[#3543](https://togithub.com/hexojs/hexo/issues/3543)] & \[[#3459](https://togithub.com/hexojs/hexo/issues/3459)] [@SukkaW](https://togithub.com/SukkaW) \[[#4361](https://togithub.com/hexojs/hexo/issues/4361)]
- test(generate): add a small delay before clean up [@SukkaW](https://togithub.com/SukkaW) \[[#4393](https://togithub.com/hexojs/hexo/issues/4393)]
- test([#4385](https://togithub.com/hexojs/hexo/issues/4385)): no double escape in code block [@SukkaW](https://togithub.com/SukkaW) \[[#4395](https://togithub.com/hexojs/hexo/issues/4395)]
- test(generate): add a longer delay after fs#unlink [@SukkaW](https://togithub.com/SukkaW) \[[#4400](https://togithub.com/hexojs/hexo/issues/4400)]
- test: coverage improvements [@SukkaW](https://togithub.com/SukkaW) \[[#4270](https://togithub.com/hexojs/hexo/issues/4270)] \[[#4421](https://togithub.com/hexojs/hexo/issues/4421)] \[[#4422](https://togithub.com/hexojs/hexo/issues/4422)]
- test(box): fix test cases for macOS [@stevenjoezhang](https://togithub.com/stevenjoezhang) \[[#4269](https://togithub.com/hexojs/hexo/issues/4269)]
- test(load_plugins): make sure file is created [@SukkaW](https://togithub.com/SukkaW) \[[#4265](https://togithub.com/hexojs/hexo/issues/4265)]
- test(post): adding extra test cases [@SukkaW](https://togithub.com/SukkaW) \[[#4238](https://togithub.com/hexojs/hexo/issues/4238)]
- test(load_plugins): minor changes [@SukkaW](https://togithub.com/SukkaW) \[[#4212](https://togithub.com/hexojs/hexo/issues/4212)]
- test(post): fix cases added in [#4161](https://togithub.com/hexojs/hexo/issues/4161) [@SukkaW](https://togithub.com/SukkaW) \[[#4162](https://togithub.com/hexojs/hexo/issues/4162)]
- test(tags-plugins/helper): improve test coverage [@SukkaW](https://togithub.com/SukkaW) \[[#4014](https://togithub.com/hexojs/hexo/issues/4014)]
- style(test-helper-is): asyncArrow space [@SukkaW](https://togithub.com/SukkaW) \[[#4015](https://togithub.com/hexojs/hexo/issues/4015)]
- test: improve coverage [@SukkaW](https://togithub.com/SukkaW) \[[#4050](https://togithub.com/hexojs/hexo/issues/4050)]
- test(load-database): fix EPERM error in windows [@curbengh](https://togithub.com/curbengh) \[[#4069](https://togithub.com/hexojs/hexo/issues/4069)]
- test: useful sinon.assert [@segayuu](https://togithub.com/segayuu) \[[#4164](https://togithub.com/hexojs/hexo/issues/4164)]
- test: replace from rewire to sinon.stub() [@segayuu](https://togithub.com/segayuu) \[[#4157](https://togithub.com/hexojs/hexo/issues/4157)]
- refactor test [@segayuu](https://togithub.com/segayuu) \[[#4115](https://togithub.com/hexojs/hexo/issues/4115)]
- simplify unit test
### [`v4.2.1`](https://togithub.com/hexojs/hexo/releases/tag/4.2.1)
[Compare Source](https://togithub.com/hexojs/hexo/compare/4.2.0...4.2.1)
#### Fix
- Fix compatibility with Node 14 \[[#4285](https://togithub.com/hexojs/hexo/issues/4285)]
### [`v4.2.0`](https://togithub.com/hexojs/hexo/releases/tag/4.2.0)
[Compare Source](https://togithub.com/hexojs/hexo/compare/4.1.1...4.2.0)
##### Features
- Caching is disabled by default in hexo-server \[[#3963](https://togithub.com/hexojs/hexo/issues/3963)]
- It's disabled so that any changes (particularly to the theme's layout) can be previewed in real-time.
- If you use hexo-server in production environment to serve your website, it can be enabled by,
```yml
_config.yml
server:
cache: true
```
- Add `min_depth:` option to [`toc()`](https://hexo.io/docs/helpers#toc) helper \[[#3997](https://togithub.com/hexojs/hexo/issues/3997)]
- Example usage:
```js
<%- toc(page.content, { min_depth: 2 }) %>
// table of content would only include
` element \[[#3827](https://togithub.com/hexojs/hexo/issues/3827)]
- Enabled by default, enabling `line_number` also enables it
- Configure in [`highlight:`](https://hexo.io/docs/configuration#Writing)
```yml
_config.yml
highlight:
line_number: false # must be disabled to disable wrap:
wrap: false
```
- This option also can be passed to [`codeblock()`](https://hexo.io/docs/tag-plugins#Code-Block) tag plugin \[[#3848](https://togithub.com/hexojs/hexo/issues/3848)]
```js
{% codeblock lang:js wrap:false %}
const foo = (bar) => {
return bar;
};
{% endcodeblock %}
```
##### Fixes
- Retain blank lines in a codeblock attached in blockquote \[[#3770](https://togithub.com/hexojs/hexo/issues/3770)]
- Replaced deprecated `og_updated_time` [Open Graph](https://ogp.me/) tag with `article:modified_time` \[[#3674](https://togithub.com/hexojs/hexo/issues/3674)]
- Replaced deprecated `keywords` Open Graph tag with `article:tag` \[[#3805](https://togithub.com/hexojs/hexo/issues/3805)]
- meta_generator tag should be inserted into `` that spans multiple lines \[[#3778](https://togithub.com/hexojs/hexo/issues/3778)]
- No longer clear database `db.json` when running `hexo new` or `hexo --help` \[[#3793](https://togithub.com/hexojs/hexo/issues/3793)]
- Completely ignore files/folders specified in [`ignore:`](https://hexo.io/docs/configuration#Include-Exclude-Files-or-Folders) option \[[#3797](https://togithub.com/hexojs/hexo/issues/3797)]
- If you're using Webpack or related tools in your theme, the `node_modules` folder could cause some issues
- A temporary workaround is to configure Hexo to ignore that folder,
```yml
_config.yml
ignore: '**/themes/*/node_modules/**'
```
- The workaround will no longer be necessary in future version
- jsfiddle, vimeo and youtube tag plugins now use https only \[[#3806](https://togithub.com/hexojs/hexo/issues/3806)]
- `external_link` filter should not process data URLs (e.g. `mailto:` & `javascript:`) \[[#3812](https://togithub.com/hexojs/hexo/issues/3812)] and `` element \[[#3895](https://togithub.com/hexojs/hexo/issues/3895)]
- Prevent unnecessary insertion of front-matter when using alias in Hexo [CLI](https://hexo.io/docs/commands) \[[#3830](https://togithub.com/hexojs/hexo/issues/3830)]
- `-p` is alias of `--path`
- `-s` is alias of `--slug`
- `-r` is alias of `--replace`
- Applies `include:` and `exclude:` [options](https://hexo.io/docs/configuration#Include-Exclude-Files-or-Folders) to post's asset folder \[[#3882](https://togithub.com/hexojs/hexo/issues/3882)]
- `ignore:` option should work for files, in addition to folders \[[#3878](https://togithub.com/hexojs/hexo/issues/3878)]
##### Housekeeping
- Add [FOSSA](https://fossa.com/) license analyzer for open-source software license compliance \[[#3779](https://togithub.com/hexojs/hexo/issues/3779)]
- Run benchmark in CI to catch regression \[[#3776](https://togithub.com/hexojs/hexo/issues/3776)]
- Further reduces lodash usage \[[#3786](https://togithub.com/hexojs/hexo/issues/3786)], \[[#3788](https://togithub.com/hexojs/hexo/issues/3788)], \[[#3790](https://togithub.com/hexojs/hexo/issues/3790)], \[[#3785](https://togithub.com/hexojs/hexo/issues/3785)], \[[#3809](https://togithub.com/hexojs/hexo/issues/3809)], \[[#3791](https://togithub.com/hexojs/hexo/issues/3791)], \[[#3810](https://togithub.com/hexojs/hexo/issues/3810)], \[[#3826](https://togithub.com/hexojs/hexo/issues/3826)], \[[#3867](https://togithub.com/hexojs/hexo/issues/3867)], \[[#3845](https://togithub.com/hexojs/hexo/issues/3845)]
- Remove unnecessary file at the end of unit test \[[#3792](https://togithub.com/hexojs/hexo/issues/3792)]
- Add funding source to npm \[[#3851](https://togithub.com/hexojs/hexo/issues/3851)]
- Update bump strip-ansi from 5.2.0 to 6.0.0 \[[#3852](https://togithub.com/hexojs/hexo/issues/3852)]
- Update chalk from 2.4.2 to 3.0.0 \[[#3853](https://togithub.com/hexojs/hexo/issues/3853)]
### [`v4.0.0`](https://togithub.com/hexojs/hexo/releases/tag/4.0.0)
[Compare Source](https://togithub.com/hexojs/hexo/compare/3.9.0...4.0.0)
#### Breaking change
- chore: drop Node 6 [#3598]
- fix post_link, asset_link when title contains unescaped html charaters [#3704]
- Affects `asset_link`, `post_link` [tag plugins](https://hexo.io/docs/tag-plugins)
- If you want to retain unescaped characters, set `false` to the final argument `{% asset_link 'filename 'title' 'false' %}`
- fix: encode permalink by default [#3708]
- If you currently use `encodeURI(post.permalink)` (including `permalink` of page, tag & category variables), there are three options:
1. Use `encodeURI(decodeURI(post.permalink))` for backward-compa
- [ ] If you want to rebase/retry this PR, check this box
vercel[bot]
commented
5 months ago
Name
Status
Preview
Comments
Updated (UTC)
mryan2005-github-io
❌ Failed (Inspect)
Jan 7, 2024 2:42am
renovate[bot]
commented
5 months ago
- © Githubissues.
- Githubissues is a development platform for aggregating issues.
,
and above ``` ##### Fixes - Merges similar theme configs in main config and theme's config \[[#3967](https://togithub.com/hexojs/hexo/issues/3967)] - For example: ```yml _config.yml theme_config: a: b: 'foo' ``` - Plus, ```yml _config.yml of theme a: c: 'bar' ``` - [`theme`](https://hexo.io/docs/variables#Global-Variables) variable should have, a: { b: 'foo', c: 'bar' } - Fixes some caching issue \[[#3985](https://togithub.com/hexojs/hexo/issues/3985)] - [Open Graph](https://hexo.io/docs/helpers#open-graph) now applies all [`pretty_urls`](https://hexo.io/docs/configuration#URL) options to `og:url` tag \[[#3983](https://togithub.com/hexojs/hexo/issues/3983)] ##### Refactor - No longer uses lodash \[[#3969](https://togithub.com/hexojs/hexo/issues/3969)], \[[#3987](https://togithub.com/hexojs/hexo/issues/3987)], \[[#3753](https://togithub.com/hexojs/hexo/issues/3753)] - Lodash `_` is still available as a [global variable](https://hexo.io/docs/variables#Global-Variables), usually utilized in theme layout. - However, we plan to completely drop it in the coming Hexo 5.0.0 - This [project page](https://togithub.com/orgs/hexojs/projects/5#card-27533837) includes all the relevant pull requests which you may find useful - Completely drops cheerio \[[#3850](https://togithub.com/hexojs/hexo/issues/3850)], \[[#3677](https://togithub.com/hexojs/hexo/issues/3677)] - This means Hexo no longer includes cheerio as part of its production dependencies (it's still a development dependency) - This also means the following initialization methods no longer work, ```js const cheerio = require('./node_modules/hexo/node_modules/cheerio/index') const cheerio = require('./node_modules/cheerio/index') ``` - To use cheerio, ```sh $ npm install --save cheerio ``` ```js const cheerio = require('cheerio') ``` ### [`v4.1.1`](https://togithub.com/hexojs/hexo/releases/tag/4.1.1) [Compare Source](https://togithub.com/hexojs/hexo/compare/4.1.0...4.1.1) ##### Feature - Add `trailing_html:` to [`pretty_urls:`](https://hexo.io/docs/configuration#URL) option to remove ".html" from url \[[#3917](https://togithub.com/hexojs/hexo/issues/3917)] - Use the following config to remove the trailing ".html" from permalink [variables](https://hexo.io/docs/variables) ```yml _config.yml pretty_urls: trailing_html: false ``` - Example: `https://yoursite.com/page/about.html` -> `https://yoursite.com/page/about` ##### Fixes - Set default locales (in "language_TERRITORY" format) for [`og:locale`](https://ogp.me/#optional) Open Graph tag \[[#3921](https://togithub.com/hexojs/hexo/issues/3921)] - Previously `og:locale` was inserted only if [`language:`](https://hexo.io/docs/configuration#Site) is configured in "language-TERRITORY" format - With this fix, if the language is "en", `og:locale` will default to "en_US". Refer to the pull request for the full list. - [`meta_generator()`](https://hexo.io/docs/helpers#meta-generator) helper should output the correct Hexo version \[[#3925](https://togithub.com/hexojs/hexo/issues/3925)] - [`permalink_defaults:`](https://hexo.io/docs/configuration#URL) option should be parsed, not replaced \[[#3926](https://togithub.com/hexojs/hexo/issues/3926)] - "node_modules/" and ".git/" folders in themes/ are now always ignored \[[#3918](https://togithub.com/hexojs/hexo/issues/3918)] ##### Refactor - Further reduces lodash usage \[[#3880](https://togithub.com/hexojs/hexo/issues/3880)] ### [`v4.1.0`](https://togithub.com/hexojs/hexo/releases/tag/4.1.0) [Compare Source](https://togithub.com/hexojs/hexo/compare/4.0.0...4.1.0) ##### Breaking change - Requires Node 8.10 or above \[[#3778](https://togithub.com/hexojs/hexo/issues/3778)] - Node 8 is going to be deprecated in [less than a month](https://togithub.com/nodejs/Release/blob/master/README.md), we strongly urge to upgrade to Node 10 or newer - `og:locale` Open Graph tag won't be inserted if `language:` (in config, front-matter of post/page or [`open_graph()`](https://hexo.io/docs/helpers#open-graph) helper) is not in `language-TERRITORY` format \[[#3808](https://togithub.com/hexojs/hexo/issues/3808)] - `en` is invalid - `en-GB` is valid - Not all locales are supported (e.g. `en-AU` is not valid), see [official list](https://developers.facebook.com/docs/messenger-platform/messenger-profile/supported-locales/) - Dash (e.g. "en-GB") must be used for multilingual support, dash is automatically transformed to underscore (e.g. "en_GB") in `og:locale` - **Verify** the corresponding file exists in the `languages/` folder of installed theme before changing the `language:` config ##### Features - Support adding hour and minute to post permalink \[[#3629](https://togithub.com/hexojs/hexo/issues/3629)] - Example usage: ```yml _config.yml permalink: :year/:month/:day/:hour/:minute/:title/ ``` - Results in `https://yoursite.com/2019/12/09/23/59/a-post/` - Insert `article:published_time` \[[#3674](https://togithub.com/hexojs/hexo/issues/3674)] `article:author` \[[#3805](https://togithub.com/hexojs/hexo/issues/3805)] Open Graph tags - Enable `lazyload` in iframe-related tag plugins \[[#3798](https://togithub.com/hexojs/hexo/issues/3798)] - Affects [`iframe`](https://hexo.io/docs/tag-plugins#iframe), [`jsfiddle`](https://hexo.io/docs/tag-plugins#jsFiddle), [`vimeo`](https://hexo.io/docs/tag-plugins#Vimeo), [`youtube`](https://hexo.io/docs/tag-plugins#YouTube) tag plugins - Requires [supported browsers](https://caniuse.com/#feat=loading-lazy-attr) to benefit from this feature - Unsupported browsers would simply ignore the attribute, thus it is safe to use and always enabled - `meta_generator` helper to insert [metadata](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meta) element tag \[[#3782](https://togithub.com/hexojs/hexo/issues/3782)] - Example usage: - Insert the following snippet (if EJS is used) inside `` element of your theme layout, ```js <%- meta_generator() %> ``` - would output `` - Hexo 3.9.0+ inserts the tag automatically; to get the performance benefit (of the `meta_generator` helper), [`meta_generator:`](https://hexo.io/docs/configuration#Extensions) option should be disabled, ```yml _config.yml meta_generator: false ``` - Support custom attributes in [`js()`](https://hexo.io/docs/helpers#js) \[[#3681](https://togithub.com/hexojs/hexo/issues/3681)] and [`css()`](https://hexo.io/docs/helpers#css) \[[#3690](https://togithub.com/hexojs/hexo/issues/3690)] helpers - Example usage: ```js <%- js({ src: 'script.js', integrity: 'foo', async: true }) %> // <%- css({ href: 'style.css', integrity: 'foo' }) %> // ``` - Support `wrap:` option to enable/disable wrapping backtick codeblock in `
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.
The latest updates on your projects. Learn more about Vercel for Git ↗︎
Renovate Ignore Notification
Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future
6.xreleases. But if you manually upgrade to6.xthen Renovate will re-enableminorandpatchupdates automatically.If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.