chore(deps): bump hexo from 4.2.1 to 5.2.0

[dependabot-preview]

Bumps hexo from 4.2.1 to 5.2.0.

Release notes

Sourced from hexo's releases.

5.2.0

Changes

• perf(external_link): faster regexp @SukkaW #4536
  • prioritise http(s):// over //
• feat: support 'disableNunjucks' in front-matter @curbengh #4518
  • Enable this option to disable tag plugin
  • Setting this option in front-matter will override the same option set by the renderer (e.g. hexo-renderer-marked)

  ---
  title: foo
  date: 2020-01-02 03:04:05
  disableNunjucks: true|false
  ---

• fix: avoid escaping front-matter if unnecessary @curbengh #4522
  • using variable (e.g. {{ title }}) with special characters no longer result in double-quote wrap
• fix: validate value of config.url @curbengh #4520
  • config.url should starts with "http://" or "https://"
• fix(router): convert string to buffer in route stream @ppoffice #4517
  • fix crash in hexo generate --bail
• fix(disableNunjucks): query both async and sync versions of renderer @curbengh #4498
  • disableNunjucks option should now works reliably with synchronous renderer
• feat(load_plugin): ignore pkg name endswith theme name @SukkaW #4497
  • An initial effort to support scoped package

Housekeeping

• chore/ci: move benchmark & profiling to Actions @SukkaW #4525 #4514 #4335
  • Travis is now completely replaced by Actions (in this repo)
• chore: use example.com for example domain @YoshinoriN #4512

5.1.1

Changes

• fix(filter/highlight): avoid escaping curly bracket when highlight & prismjs disabled @curbengh #4489
  • When both highlight.js and prismjs are disabled:

  # _config.yml
  highlight:
    enable: false
  prismjs
  enable: false

  • there was an issue that curly brackets { } are escaped &[#123](https://github.com/hexojs/hexo/issues/123); &[#125](https://github.com/hexojs/hexo/issues/125); mistakenly in the backtick_code_block.js filter. The fix is to avoid running that filter when code highlight is disabled.
  • Some users disable Hexo's default code highlight as they prefer to their own method.

5.1.0

Features

Commits

• 223a046 Merge pull request #4537 from curbengh/v5.2.0
• 638df7a release: 5.2.0
• 41a7239 Merge pull request #4536 from SukkaW/perf-regexp
• 75f9f0d perf(external_link): faster regexp
• d445b68 merge(#4535): from hexojs/actions-flamegraph
• c7c3db2 chore(benchmark): run profiling in a separate job
• a2d8bfa ci(benchmark): fix folder path
• f4b464a ci(benchmark): compatibility with surge.sh
• 8188507 chore/ci: move profiling to Actions
• b69e685 Merge pull request #4518 from curbengh/fm-disable-nunjucks
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

Superseded by #41.