chore(deps): update dependency go to v1.26.2

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
go		minor	1.25.5 → 1.26.2
go (source)	toolchain	minor	1.25.5 → 1.26.2

---

Release Notes

golang/go (go)

v1.26.2

Compare Source

v1.26.1

Compare Source

v1.26.0

Compare Source

v1.25.9

Compare Source

v1.25.8

Compare Source

v1.25.7

Compare Source

v1.25.6

Compare Source

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At 12:00 AM through 04:59 AM and 10:00 PM through 11:59 PM, Monday through Friday (* 0-4,22-23 * * 1-5)
  • Only on Sunday and Saturday (* * * * 0,6)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Renovate PR Review Results

⚖️ Safety Assessment: ✅ Safe

🔍 Release Content Analysis

Go 1.26.0 Major Changes:

• Language enhancements: Enhanced new function accepting expressions for initial values, self-referential generic types support
• Runtime improvements: Green Tea GC enabled by default (10-40% reduction in GC overhead), faster cgo calls (~30% overhead reduction), heap address randomization for security
• New standard library packages: crypto/hpke (Hybrid Public Key Encryption), enhanced crypto/mlkem (ML-KEM post-quantum cipher)
• Tool changes: cmd/doc removed (use go doc instead), go fix command revamped using analysis framework
• Breaking changes: url.Parse strictness (rejects malformed URLs with colons), crypto packages now ignore custom rand parameter, ServeMux trailing slash redirects use HTTP 307 instead of 301, 32-bit windows/arm port removed

Go 1.26.1 (Released 2026-03-05):

• Security fixes: crypto/x509, html/template, net/url, os
• Bug fixes: go command, go fix command, compiler, os package, reflect package

Go 1.26.2 (Released 2026-04-07):

• Security fixes: go command, compiler, archive/tar, crypto/tls, crypto/x509, html/template, os
• Bug fixes: go command, go fix command, compiler, linker, runtime, net, net/http, net/url packages

🎯 Impact Scope Investigation

Codebase Analysis:

1. No usage of deprecated/breaking APIs: The codebase does not use any of the affected breaking change APIs:

   • No url.Parse usage found
   • No crypto package APIs (crypto/dsa, crypto/ecdh, crypto/ecdsa, crypto/rsa) found
   • No ServeMux or ReverseProxy.Director usage found
   • No cmd/doc or go tool doc invocations in scripts

2. Build configuration compatibility:

   • Uses CGO_ENABLED=0 in .goreleaser.yaml, avoiding cgo-related changes
   • Target platforms (linux, windows, darwin) are all supported in Go 1.26
   • No 32-bit windows/arm builds that would be affected by removed port
   • Go module requires go 1.25.0 with toolchain go1.26.2 - fully compatible

3. Test and build verification:

   • ✅ All tests pass successfully with Go 1.26.2
   • ✅ Binary builds without errors or warnings
   • ✅ All module dependencies verified
   • ✅ No breaking changes in dependency compatibility

4. Dependency ecosystem:

   • All dependencies are compatible with Go 1.26.2
   • Major dependencies (Chroma v2.21.1, Glamour v0.10.0, Cobra v1.10.2) work correctly
   • No reported issues with golang.org/x packages

💡 Recommended Actions

Immediate Actions:

1. ✅ Merge this PR - The update is safe and brings important security fixes
2. ✅ No code changes required - The codebase is fully compatible with Go 1.26.2
3. ✅ No migration work needed - All APIs used are stable and unchanged

Post-Merge Verification:

1. Monitor CI pipeline to confirm all tests pass in the CI environment
2. Verify GoReleaser builds complete successfully for all target platforms
3. No configuration changes required in .goreleaser.yaml or CI workflows

Benefits of This Update:

• Security: Multiple security fixes in crypto/x509, crypto/tls, html/template, net/url, os, archive/tar, and the go command itself
• Performance: 10-40% reduction in GC overhead with Green Tea GC, ~30% faster cgo calls (though gat uses CGO_ENABLED=0)
• Stability: Bug fixes in compiler, linker, runtime, and standard library packages
• Compliance: Staying current with Go releases ensures continued support and security updates

🔗 Reference Links

• Go 1.26 Release Notes
• Go 1.26.1 Milestone
• Go 1.26.2 Milestone
• Go Release History
• Go Security Policy

Generated by koki-develop/claude-renovate-review