chore(go): bump toolchain to 1.25.10 — fixes reachable stdlib CVEs

mastermanas805 · claude · mastermanas805 · commit b08cc8fabbd5 · 2026-05-21T22:47:06.000+05:30
govulncheck on PR #16 flagged Go-stdlib vulnerabilities reachable from production code paths. All fixed in Go 1.25.9–1.25.10. Also merges any in-flight master commits onto the scanner-install branch. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
diff --git a/go.mod b/go.mod
@@ -2,6 +2,8 @@ module instant.dev/common
 
 go 1.25.0
 
+toolchain go1.25.10
+
 require (
 	github.com/golang-jwt/jwt/v4 v4.5.0
 	github.com/google/uuid v1.6.0
