fix: bump go version

[rustatian]

Reason for This PR

closes: #2286

Description of Changes

• Update Go version to 1.26

License Acceptance

By submitting this pull request, I confirm that my contribution is made under the terms of the MIT license.

PR Checklist

[Author TODO: Meet these criteria.]
[Reviewer TODO: Verify that these criteria are met. Request changes if not]

• All commits in this PR are signed (git commit -s).
• The reason for this PR is clearly provided (issue no. or explanation).
• The description of changes is clear and encompassing.
• Any required documentation changes (code and docs) are included in this PR.
• Any user-facing changes are mentioned in CHANGELOG.md.
• All added/changed functionality is tested.

Summary by CodeRabbit

• Chores
  • Upgraded Go runtime to version 1.26
  • Updated multiple dependencies to their latest patch and minor versions, including core libraries and infrastructure tools
  • Adjusted code quality configuration settings

[coderabbitai]

📝 Walkthrough

Walkthrough

Updates Go version from 1.25.5 to 1.26 and bumps multiple indirect dependencies to newer versions, including security patches. Also modifies linter configuration to enable default Revive rules while excluding var-naming validation.

Changes

Cohort / File(s)	Summary
Linter Configuration .golangci.yml	Enables default Revive ruleset under settings and disables the var-naming rule, adjusting linting behavior without changing active linters.
Dependency and Go Version Updates go.mod	Upgrades Go toolchain from 1.25.5 to 1.26 and updates numerous indirect dependencies (cloud.google.com, temporal, redis, grpc-gateway, clipperhouse, and golang.org packages) to newer patch/minor versions.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• fix: bump go version #2251: Updates go.mod with Go toolchain version bump and multiple dependency version increments.
• release: v2025.1.5 #2257: Contains similar go.mod dependency version updates across multiple packages.
• release: v2025.1.2 #2190: Bumps Go language version and updates go.mod dependencies in parallel effort.

Suggested labels

B-bug

Poem

🐰 A version hop, from 1.25 we've grown,
To 1.26, security's now shown,
Dependencies dance with patches bright,
Revive ruleset brings the linting light,
CVE-2025 takes its gentle flight! ✨

🚥 Pre-merge checks | ✅ 6

✅ Passed checks (6 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly identifies the main change: bumping the Go version to address CVE-2025-61726.
Description check	✅ Passed	The description includes issue reference, change summary, license acceptance, and completed checklist items following the template structure.
Linked Issues check	✅ Passed	The PR updates Go from 1.25.5 to 1.26, which addresses CVE-2025-61726 reported in issue #2286, meeting the primary security objective.
Out of Scope Changes check	✅ Passed	The .golangci.yml linter configuration change is a minor, related improvement; the go.mod version bumps are expected dependency updates accompanying Go 1.26.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Merge Conflict Detection	✅ Passed	✅ No merge conflicts detected when merging into master

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/cve-2025-61726

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This pull request aims to address security vulnerability CVE-2025-61726 by updating the Go version from 1.25.5 to 1.26. The PR also includes automatic dependency updates resulting from the Go version bump and adds configuration for the revive linter.

Changes:

• Update Go version from 1.25.5 to 1.26 in go.mod
• Bump multiple indirect dependencies to newer minor versions
• Add revive linter configuration to disable var-naming rule

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 2 comments.

File	Description
go.mod	Updates Go version to 1.26 and bumps various indirect dependencies including cloud.google.com/go/auth, redis, temporal.io, and golang.org/x packages
go.sum	Reflects checksum updates for all dependency version changes from go.mod
.golangci.yml	Adds revive linter configuration with default rules enabled but var-naming rule disabled

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@go.mod`:
- Line 3: Replace the Go toolchain version directive in go.mod from "go 1.26" to
the conservative security-patched version "go 1.25.6"; update the go directive
in the go.mod file so it reads 1.25.6 (ensuring any CI/tooling that reads the go
directive is consistent) and run go mod tidy / CI to validate the change.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 35.37%. Comparing base (9dcd1df) to head (9976a61).
⚠️ Report is 2 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #2289   +/-   ##
=======================================
  Coverage   35.37%   35.37%           
=======================================
  Files          18       18           
  Lines         851      851           
=======================================
  Hits          301      301           
  Misses        511      511           
  Partials       39       39           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.