Skip to content

chore: update golang a patch release to 1.26.2#576

Open
lockwobr wants to merge 1 commit intomainfrom
chore/update-golang
Open

chore: update golang a patch release to 1.26.2#576
lockwobr wants to merge 1 commit intomainfrom
chore/update-golang

Conversation

@lockwobr
Copy link
Copy Markdown
Contributor

@lockwobr lockwobr commented Apr 14, 2026

Summary

Update go version to pull in security patches.

Motivation / Context

Running vulnerability scan...
NAME      INSTALLED  FIXED IN        TYPE       VULNERABILITY        SEVERITY  EPSS          RISK   
stdlib    go1.26.1   1.25.9, 1.26.2  go-module  CVE-2026-32280       High      < 0.1% (3rd)  < 0.1  
stdlib    go1.26.1   1.25.9, 1.26.2  go-module  CVE-2026-27140       High      < 0.1% (0th)  < 0.1  
stdlib    go1.26.1   1.25.9, 1.26.2  go-module  CVE-2026-32289       Medium    < 0.1% (1st)  < 0.1  
stdlib    go1.26.1   1.25.9, 1.26.2  go-module  CVE-2026-32282       Medium    < 0.1% (1st)  < 0.1  
stdlib    go1.26.1   1.25.9, 1.26.2  go-module  CVE-2026-32283       High      < 0.1% (0th)  < 0.1  
stdlib    go1.26.1   1.25.9, 1.26.2  go-module  CVE-2026-32281       High      < 0.1% (0th)  < 0.1  
pygments  2.19.2     2.20.0          python     GHSA-5239-wwwm-4pmq  Low       < 0.1% (2nd)  < 0.1  
stdlib    go1.26.1   1.26.2          go-module  CVE-2026-33810       High      < 0.1% (0th)  < 0.1  
stdlib    go1.26.1   1.25.9, 1.26.2  go-module  CVE-2026-32288       Medium    < 0.1% (0th)  < 0.1

Fixes:
Related:

Type of Change

  • Bug fix (non-breaking change that fixes an issue)
  • New feature (non-breaking change that adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update
  • Refactoring (no functional changes)
  • Build/CI/tooling

Component(s) Affected

  • CLI (cmd/aicr, pkg/cli)
  • API server (cmd/aicrd, pkg/api, pkg/server)
  • Recipe engine / data (pkg/recipe)
  • Bundlers (pkg/bundler, pkg/component/*)
  • Collectors / snapshotter (pkg/collector, pkg/snapshotter)
  • Validator (pkg/validator)
  • Core libraries (pkg/errors, pkg/k8s)
  • Docs/examples (docs/, examples/)
  • Other: ____________

Implementation Notes

Testing

# Commands run (prefer `make qualify` for non-trivial changes)
make qualify

Risk Assessment

  • Low — Isolated change, well-tested, easy to revert
  • Medium — Touches multiple components or has broader impact
  • High — Breaking change, affects critical paths, or complex rollout

Rollout notes:

Checklist

  • Tests pass locally (make test with -race)
  • Linter passes (make lint)
  • I did not skip/disable tests to make CI green
  • I added/updated tests for new functionality
  • I updated docs if user-facing behavior changed
  • Changes follow existing patterns in the codebase
  • Commits are cryptographically signed (git commit -S) — GPG signing info

@lockwobr lockwobr requested review from a team as code owners April 14, 2026 22:50
@lockwobr lockwobr self-assigned this Apr 14, 2026
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 14, 2026

Coverage Report ✅

Metric Value
Coverage 74.5%
Threshold 70%
Status Pass
Coverage Badge 
![Coverage](https://img.shields.io/badge/coverage-74.5%25-green)

No Go source files changed in this PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@lockwobr lockwobr

Labels

size/S

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lockwobr