fix(security): upgrade Go 1.25.7 to 1.26.1 to resolve 4 stdlib vulnerabilities

GO-2026-4602 (os), GO-2026-4601 (net/url), GO-2026-4600 and GO-2026-4599 (crypto/x509). The crypto/x509 fixes are only available in go1.26.1+, not backported to go1.25.x.
2026-03-07 08:45:55 +08:00
parent 1b4d2a41c9
commit 0c9ba9e86c
6 changed files with 10 additions and 31 deletions
--- a/.github/workflows/backend-ci.yml
+++ b/.github/workflows/backend-ci.yml
@@ -19,7 +19,7 @@ jobs:
          cache: true
      - name: Verify Go version
        run: |
-          go version | grep -q 'go1.25.7'
+          go version | grep -q 'go1.26.1'
      - name: Unit tests
        working-directory: backend
        run: make test-unit
@@ -38,7 +38,7 @@ jobs:
          cache: true
      - name: Verify Go version
        run: |
-          go version | grep -q 'go1.25.7'
+          go version | grep -q 'go1.26.1'
      - name: golangci-lint
        uses: golangci/golangci-lint-action@v9
        with:
--- a/.github/workflows/security-scan.yml
+++ b/.github/workflows/security-scan.yml
@@ -23,7 +23,7 @@ jobs:
          cache-dependency-path: backend/go.sum
      - name: Verify Go version
        run: |
-          go version | grep -q 'go1.25.7'
+          go version | grep -q 'go1.26.1'
      - name: Run govulncheck
        working-directory: backend
        run: |