Skip to content

Bump Go toolchain to 1.26.3 for security remediation#741

Merged
michaeljguarino merged 1 commit into
mainfrom
agent/go-toolchain-security-bump-1778794204710
May 14, 2026
Merged

Bump Go toolchain to 1.26.3 for security remediation#741
michaeljguarino merged 1 commit into
mainfrom
agent/go-toolchain-security-bump-1778794204710

Conversation

@plural-copilot

@plural-copilot plural-copilot Bot commented May 14, 2026

Copy link
Copy Markdown
Contributor

Summary

This PR remediates in-scope security vulnerabilities for console-related Go code by updating the Go toolchain version.

Changes

  • go.mod: Updated Go directive from 1.26.2 to 1.26.3
  • Dockerfile: Updated golang base images from 1.26.2-alpine3.22 to 1.26.3-alpine3.22 (2 occurrences)

Dependencies Status

The required go-git dependency versions were already at target levels:

  • github.com/go-git/go-git/v5@v5.19.0 (already at target)
  • github.com/go-git/go-billy/v5@v5.9.0 (already at target)

No changes to go.sum were necessary as this is a toolchain-only update with no dependency graph changes.

Service

Service: plural-cli

This change affects the Plural CLI, which has dependencies on github.com/pluralsh/console packages.

Testing

  • Verified golang:1.26.3-alpine3.22 Docker image exists and pulls successfully
  • Confirmed minimal change scope (only Go version updates)

Note: This is a minimal security remediation PR focused solely on the Go toolchain version bump as requested.

@stratospoc
Bump Go toolchain to 1.26.3 for security remediation
495fcd2 
Updates Go version from 1.26.2 to 1.26.3 across:
- go.mod: Go directive updated to 1.26.3
- Dockerfile: golang base images updated to 1.26.3-alpine3.22

Dependencies github.com/go-git/go-git/v5@v5.19.0 and
github.com/go-git/go-billy/v5@v5.9.0 are already at required versions.

This change remediates in-scope vulnerabilities for console-related Go code.
plural-copilot[bot]
plural-copilot Bot commented May 14, 2026
View reviewed changes

@plural-copilot plural-copilot Bot left a comment

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR was generated by the claude Plural Agent Runtime. Here's some useful information you might want to know to evaluate the ai's perfomance:

Name Details
💬 Prompt Create a minimal PR in pluralsh/plural-cli to remediate the in-scope vulnerabilities for console-related Go code....
🔗 Run history View run history

@michaeljguarino michaeljguarino added the enhancement New feature or request label May 14, 2026
@michaeljguarino michaeljguarino merged commit 7bdc547 into main May 14, 2026
13 of 15 checks passed
@michaeljguarino michaeljguarino deleted the agent/go-toolchain-security-bump-1778794204710 branch May 14, 2026 22:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@michaeljguarino michaeljguarino michaeljguarino approved these changes

@zreigz zreigz Awaiting requested review from zreigz zreigz is a code owner

@floreks floreks Awaiting requested review from floreks floreks is a code owner

@maciaszczykm maciaszczykm Awaiting requested review from maciaszczykm maciaszczykm is a code owner

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@michaeljguarino @stratospoc