Bump Go from 1.24.5 to 1.26.1 to fix security vulnerabilities (#2817)

Lagoja · claude · Lagoja · commit 6a541fcbe719 · 2026-04-16T12:39:04.000-07:00
Update go.mod, flake.nix (buildGo126Module), and flake.lock (nixpkgs-unstable)
to resolve 1 critical and 12 high-severity CVEs in Go 1.24.5.

Co-Authored-By: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -27,7 +27,7 @@
         # Run `devbox run update-flake` to update the vendor-hash
         vendorHash = if builtins.pathExists ./vendor-hash then builtins.readFile ./vendor-hash else "";
 
-        buildGoModule = pkgs.buildGo125Module;
+        buildGoModule = pkgs.buildGo126Module;
 
       in
       {
diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module go.jetify.com/devbox
 
-go 1.24.5
+go 1.26.1
 
 require (
 	al.essio.dev/pkg/shellescape v1.6.0

Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@`
`27`	`27`	# Run `devbox run update-flake` to update the vendor-hash
`28`	`28`	`vendorHash = if builtins.pathExists ./vendor-hash then builtins.readFile ./vendor-hash else "";`
`29`	`29`
`30`		`- buildGoModule = pkgs.buildGo125Module;`
	`30`	`+ buildGoModule = pkgs.buildGo126Module;`
`31`	`31`
`32`	`32`	`in`
`33`	`33`	`{`