Skip to content

chore(deps): update dependency go to v1.26.0#255

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/go-1.x
Open

chore(deps): update dependency go to v1.26.0#255
renovate[bot] wants to merge 1 commit intomainfrom
renovate/go-1.x

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Feb 19, 2026
edited
Loading

This PR contains the following updates:

Package Type Update Change
go minor 1.25.51.26.0
go (source) toolchain minor 1.25.51.26.0

Release Notes

golang/go (go)

v1.26.0

Compare Source

v1.25.7

Compare Source

v1.25.6

Compare Source

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions
Copy link
Contributor

github-actions bot commented Feb 19, 2026
edited
Loading

Renovate PR Review Results

⚖️ Safety Assessment: ✅ Safe

🔍 Release Content Analysis

Major Changes in Go 1.26.0:

  • Green Tea Garbage Collector (Default): 10-40% reduction in GC overhead for GC-heavy programs, with additional 10% improvement on modern amd64 CPUs via SIMD
  • Faster cgo calls: ~30% reduction in cgo call overhead
  • Enhanced new() function: Now accepts expressions for initial values (backward compatible)
  • Self-referential generic types: Previously rejected patterns now allowed
  • Heap base address randomization (64-bit): Security enhancement making heap addresses harder to predict
  • Goroutine leak profile (experimental): Available via runtime/pprof for detecting leaked goroutines
  • Revamped go fix command: Complete rewrite with modernizers framework

Breaking Changes:

  1. crypto/* packages: Random parameter behavior changed - now ignores rand parameter and always uses secure cryptographic randomness. Can use GODEBUG=cryptocustomrand=1 for temporary compatibility
  2. net/url.Parse(): Stricter validation for colons in host without brackets. Can use GODEBUG=urlstrictcolons=0 for old behavior
  3. cmd/doc removed: Use go doc instead
  4. Platform deprecations:
    • Last release supporting macOS 12 Monterey
    • Last release supporting ELFv1 ABI on ppc64
    • Removed windows/arm port

New Packages:

  • crypto/hpke: Hybrid Public Key Encryption (RFC 9180)
  • simd/archsimd (experimental): Architecture-specific SIMD operations
  • runtime/secret (experimental): Secure temporary erasure

Standard Library Additions:

  • bytes.Buffer.Peek()
  • errors.AsType() (generic type-safe alternative)
  • reflect iterators for types and values
  • testing artifact handling improvements
  • crypto/tls post-quantum support (SecP256r1MLKEM768, SecP384r1MLKEM1024)

🎯 Impact Scope Investigation

Codebase Analysis:

  1. No usage of affected crypto packages: The codebase does not use crypto/dsa, crypto/ecdh, crypto/ecdsa, crypto/ed25519, or crypto/rsa, so the crypto random parameter changes have no impact

  2. No usage of net/url.Parse(): No direct usage found in the codebase

  3. No usage of time.Timer: The timer channel behavior change does not affect this project

  4. Error handling patterns verified: Both cmd/root.go:14-16 and docs/update.go:57-58 use proper error checking patterns immediately after os.Open/os.Create calls, making them compatible with the nil pointer bug fix from Go 1.25

  5. Build and test verification:

    • ✅ Project builds successfully with Go 1.26.0
    • ✅ All tests pass (internal/gat, internal/masker, internal/prettier)
    • ✅ Binary executes correctly

Dependency Impact:

  • The project uses standard dependencies that are compatible with Go 1.26
  • Module directive go 1.24.0 is compatible (Go 1.26 requires Go 1.24.6+ for bootstrap)
  • Only toolchain version changes from go1.25.5 to go1.26.0

Configuration Changes:

The PR modifies:

  • go.mod: Updates toolchain go1.25.5toolchain go1.26.0
  • mise.toml: Updates go = "1.25.5"go = "1.26.0"

Both changes are purely version updates with no functional impact.

💡 Recommended Actions

  1. Merge with confidence: This is a safe upgrade with backward compatibility maintained
  2. No code changes required: The codebase does not use any affected APIs or deprecated features
  3. Optional: Leverage new features: Consider these improvements in future development:
    • Use errors.AsType() for type-safe error handling
    • Enable GOEXPERIMENT=goroutineleakprofile for production leak detection
    • Benefit from automatic GC performance improvements (10-40% reduction)
  4. Monitor performance: The Green Tea GC should provide noticeable performance improvements for this terminal application

🔗 Reference Links

Generated by koki-develop/claude-renovate-review

🚫 Permission Denied Tool Executions

The following tool executions that Claude Code attempted were blocked due to insufficient permissions.
Consider adding them to allowed_tools if needed.

Run #22201164041 - 1 tool denied

Tool Input
WebSearch {"query":"Go 1.26.0 release notes changes breaking"}

Generated by koki-develop/claude-denied-tools

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants

Comments