chore(deps): update dependency go to v1.26.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
go		minor	1.25.5 → 1.26.0
go (source)	toolchain	minor	1.25.5 → 1.26.0

---

Release Notes

golang/go (go)

v1.26.0

Compare Source

v1.25.7

Compare Source

v1.25.6

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Renovate PR Review Results

⚖️ Safety Assessment: ✅ Safe

🔍 Release Content Analysis

• Language improvements: Enhanced new() function and lifted restrictions on generic type parameter lists
• Toolchain updates: Revamped go fix command, updated go mod init behavior, removed cmd/doc and go tool doc
• New Green Tea garbage collector: Enabled by default with ~30% performance improvements for small object GC
• Security enhancements: Heap base address randomization on 64-bit platforms, secure random sources by default in crypto packages
• Standard library additions: New crypto/hpke package, experimental SIMD and runtime secret packages
• Breaking changes: Crypto package random parameters now ignored (using secure sources), several GODEBUG deprecations for Go 1.27, removed 32-bit Windows ARM port

🎯 Impact Scope Investigation

• Go version constraint: Current go.mod specifies minimum Go 1.24.0, well below the new 1.26.0 toolchain version
• No crypto/TLS usage: Codebase analysis shows no direct usage of crypto/*, tls, or net/http packages that would be affected by security changes
• Limited standard library usage: Only basic net package usage in /internal/net/listener.go:3 for TCP port allocation
• Platform support: Current .goreleaser.yaml targets linux/windows/darwin - all remain supported in Go 1.26.0
• Dependencies: All third-party dependencies in go.mod should remain compatible as this is a minor version update
• Reflection usage: Limited to test file /internal/net/listener_test.go:8 for function pointer comparison - no breaking changes affect this pattern

💡 Recommended Actions

• Immediate merge: This update is safe to merge as the codebase has minimal exposure to breaking changes
• Monitor CI pipeline: Ensure all tests, linting, and builds pass with the new Go version
• Performance validation: New garbage collector may provide performance benefits for the application
• Future planning: Be aware that Go 1.27 will enforce stricter defaults for TLS and crypto behaviors (currently controlled by GODEBUG settings)

🔗 Reference Links

• Go 1.26 Release Notes
• Go Compatibility Promise

Generated by koki-develop/claude-renovate-review

---

🚫 Permission Denied Tool Executions

The following tool executions that Claude Code attempted were blocked due to insufficient permissions.
Consider adding them to allowed_tools if needed.

Run #22002690656 - 1 tool denied

Tool	Input
WebSearch	{"query":"Go 1.26.0 release notes golang.org breaking changes compatibility"}

Generated by koki-develop/claude-denied-tools