Upgrade Go from 1.24 to 1.26 to fix govulncheck failures

jkyberneees · claude · jkyberneees · commit 608ef1f2fc08 · 2026-06-10T12:06:48.000+02:00
9 stdlib vulnerabilities (crypto/tls, crypto/x509, net, net/http,
net/url, os) are fixed in Go 1.25.8–1.25.10. Bumping to 1.26 resolves
all of them and aligns CI, go.mod, and Docker builder images.

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -25,7 +25,7 @@ jobs:
 
       - uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5
         with:
-          go-version: "1.24"
+          go-version: "1.26"
           cache: true
 
       - name: Cache native libraries
@@ -59,7 +59,7 @@ jobs:
       - name: govulncheck
         uses: golang/govulncheck-action@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee # v1
         with:
-          go-version-input: "1.24"
+          go-version-input: "1.26"
           go-package: ./...
 
   test:
@@ -69,7 +69,7 @@ jobs:
 
       - uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5
         with:
-          go-version: "1.24"
+          go-version: "1.26"
           cache: true
 
       - name: Cache native libraries
diff --git a/Dockerfile b/Dockerfile
@@ -4,7 +4,7 @@
 # cgo is required: the tokenizer bindings link a static library and ONNX Runtime
 # is loaded at runtime. A glibc base is required (the prebuilt libtokenizers.a is
 # a GNU build), so this uses debian-based images rather than Alpine.
-FROM golang:1.24-bookworm@sha256:1a6d4452c65dea36aac2e2d606b01b4a029ec90cc1ae53890540ce6173ea77ac AS builder
+FROM golang:1.26-bookworm@sha256:483d6e0728a0e58f9e87e01ae9d80ef4181725efc9fadf659d398b3698bd60f7 AS builder
 WORKDIR /src
 
 # Cache module downloads.
diff --git a/examples/http-gateway/Dockerfile b/examples/http-gateway/Dockerfile
@@ -2,7 +2,7 @@
 # Build context is the repository root:
 #   docker build -f examples/http-gateway/Dockerfile -t piguard-gateway .
 
-FROM golang:1.24-bookworm@sha256:1a6d4452c65dea36aac2e2d606b01b4a029ec90cc1ae53890540ce6173ea77ac AS build
+FROM golang:1.26-bookworm@sha256:483d6e0728a0e58f9e87e01ae9d80ef4181725efc9fadf659d398b3698bd60f7 AS build
 WORKDIR /src
 COPY go.mod go.sum ./
 RUN go mod download
diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module github.com/BackendStack21/go-prompt-injection-guard
 
-go 1.24.7
+go 1.26
 
 require (
 	github.com/daulet/tokenizers v1.27.0
