From 3809a845a01a7f7ce179527953307ca4cf740e6e Mon Sep 17 00:00:00 2001 From: Dov Benyomin Sohacheski Date: Thu, 25 Jun 2026 11:29:48 +0300 Subject: [PATCH] chore(deps): bump go directive to 1.26.4 go.mod was pinned to 1.26.1, which still ships the stdlib advisories fixed across 1.26.2-1.26.4. build.yaml sets up Go with go-version-file: go.mod, so CI and the from-source toolchain floor both stay on the vulnerable patch. Bumping to 1.26.4 pulls in the patched stdlib. Module deps are already current on main, so this is toolchain-only; go mod tidy is otherwise a no-op and govulncheck comes back clean. --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 5bdfbfa71..78ae6f3f8 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module golang.stackrox.io/kube-linter -go 1.26.1 +go 1.26.4 require ( github.com/Masterminds/sprig/v3 v3.3.0