Skip to content

security: bump Go to 1.26.3 to fix stdlib vulnerabilities#94

Merged
arnaugiralt merged 1 commit intomasterfrom
security/bump-go-1.26.3
May 8, 2026
Merged

security: bump Go to 1.26.3 to fix stdlib vulnerabilities#94
arnaugiralt merged 1 commit intomasterfrom
security/bump-go-1.26.3

Conversation

@qarlosh
Copy link
Copy Markdown
Collaborator

@qarlosh qarlosh commented May 8, 2026

Summary

  • Bumps Go toolchain from 1.26.21.26.3 across all three modules (go.mod, sdk/go.mod, plugins/contrib/go.mod) and the workspace (go.work)
  • Fixes 5 stdlib vulnerabilities reported by govulncheck, including GO-2026-4918 (infinite loop in HTTP/2 transport in net/http/internal/http2)

Test plan

  • All tests pass (make test)
  • govulncheck expected to pass in CI with go1.26.3

🤖 Generated with Claude Code

@qarlosh @claude
security: bump Go to 1.26.3 to fix stdlib vulnerabilities
c82002c 
Addresses 5 vulnerabilities reported by govulncheck in go1.26.2,
including GO-2026-4918 (infinite loop in HTTP/2 transport,
net/http/internal/http2). All fixed in go1.26.3.

Bumps all modules and the workspace: go.mod, sdk/go.mod,
plugins/contrib/go.mod, plugins/contrib/microsoft/keyvault/go.mod,
admin/go.mod, go.work.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@qarlosh qarlosh force-pushed the security/bump-go-1.26.3 branch from b10dfbd to c82002c Compare May 8, 2026 09:28
@arnaugiralt arnaugiralt merged commit 115be5b into master May 8, 2026
17 of 18 checks passed
@arnaugiralt arnaugiralt deleted the security/bump-go-1.26.3 branch May 8, 2026 09:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@arnaugiralt arnaugiralt arnaugiralt approved these changes

@victor-cuevas victor-cuevas Awaiting requested review from victor-cuevas

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@qarlosh @arnaugiralt