chore(deps): update dependency go to v1.26.3

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
go		minor	1.25.5 → 1.26.3
go (source)	toolchain	minor	1.25.5 → 1.26.3

---

Release Notes

golang/go (go)

v1.26.3

Compare Source

v1.26.2

Compare Source

v1.26.1

Compare Source

v1.26.0

Compare Source

v1.25.10

Compare Source

v1.25.9

Compare Source

v1.25.8

Compare Source

v1.25.7

Compare Source

v1.25.6

Compare Source

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At 12:00 AM through 04:59 AM and 10:00 PM through 11:59 PM, Monday through Friday (* 0-4,22-23 * * 1-5)
  • Only on Sunday and Saturday (* * * * 0,6)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Renovate PR Review Results

⚖️ Safety Assessment: ✅ Safe

🔍 Release Content Analysis

Go 1.26.0 Major Changes:

• New Green Tea Garbage Collector: Now default, providing 10-40% reduction in GC overhead with better performance on modern CPUs
• Language Enhancements: Enhanced new() function and self-referential generic types support
• Performance Improvements: ~30% reduction in cgo call overhead, faster stack allocation, 2x faster io.ReadAll()
• Security Enhancements: Heap base address randomization on 64-bit platforms, post-quantum TLS enabled by default
• New Standard Library Packages: crypto/hpke, simd/archsimd, runtime/secret (experimental)
• Crypto Changes: Random parameters ignored in key generation functions (always uses secure randomness), ~18% faster MLKEM operations
• Standard Library Updates: Stricter URL parsing (rejects malformed colons), faster JPEG encoder/decoder with new implementation, new methods in bytes, errors, log/slog, net, etc.

Breaking Changes:

• Removed: cmd/doc, go tool doc, 32-bit Windows ARM port, obsolete go fix fixers
• Deprecated: crypto/rsa.EncryptPKCS1v15(), some crypto/ecdsa fields, net/http/httputil.ReverseProxy.Director
• Stricter URL parsing may reject previously accepted malformed URLs
• JPEG output may differ from previous versions
• Several GODEBUG settings scheduled for removal in Go 1.27

Patch Release Security Fixes (1.26.1-1.26.3):

• 1.26.1: Fixes in crypto/x509, html/template, net/url, os
• 1.26.2: Fixes in compiler, archive/tar, crypto/tls, crypto/x509, html/template, os
• 1.26.3: Fixes in go command, pack tool, html/template, net, net/http, net/http/httputil, net/mail, syscall

🎯 Impact Scope Investigation

Codebase Analysis Results:

1. No Cryptography Usage: The codebase does not use crypto/* packages, so crypto API changes and deprecations have zero impact.

2. No URL Parsing: No usage of url.Parse() or related functions found. Stricter URL validation will not affect the project.

3. No Network Operations: No usage of net/* packages detected. Network-related changes are irrelevant.

4. Image Decoding Present (Low Risk):

   • Location: internal/gat/gat.go:232
   • Uses standard image.Decode() API with JPEG support
   • Impact: New JPEG implementation may produce different output, but API remains compatible
   • Risk Level: Low - standard API usage ensures compatibility

5. No Generics or Goroutines:

   • No generic type definitions found
   • No goroutines used (synchronous processing only)
   • New language features and goroutine leak detector are not applicable

6. Simple new() Usage: Only basic bytes.Buffer allocations, unaffected by new() enhancements.

7. Dependency Compatibility: All dependencies in go.mod are compatible with Go 1.26.3 (verified via successful test and build).

CI/CD Configuration:

• Uses mise for toolchain management (configured in mise.toml)
• CI workflow delegates to .github/actions/setup which uses mise-action
• The update correctly modifies both go.mod and mise.toml

Test Results:

• ✅ All tests pass: go test ./... completed successfully
• ✅ Build succeeds: go build completed without errors
• ✅ No compilation issues detected

💡 Recommended Actions

Immediate Actions:

1. ✅ Merge this PR - All tests pass, no breaking changes affect this codebase
2. Monitor CI pipeline after merge to ensure all workflows complete successfully
3. No code modifications required - the codebase is fully compatible

Optional Future Considerations:

1. Performance Gains: Expect automatic 10-40% GC overhead reduction from Green Tea GC
2. JPEG Output: If JPEG image display is critical to your use case, verify output quality after upgrade (though unlikely to cause issues)
3. Go 1.27 Preparation: No deprecated features used in this codebase, so future upgrades should be smooth

Why This Is Safe:

• Go maintains strong backward compatibility for minor version updates
• This codebase uses only stable, unchanged APIs
• The project already specifies go 1.25.0 with toolchain go1.26.3, indicating intentional Go 1.26 adoption
• All tests and builds pass with Go 1.26.3
• No deprecated or changed features are used in the codebase
• The update includes security fixes from patch releases 1.26.1-1.26.3

🔗 Reference Links

• Go 1.26 Release Notes
• Go Release History
• Go 1.26.1 Release Announcement
• Go 1.26.2 Release Announcement
• Go 1.26.3 Release Announcement
• Go GitHub Repository

Generated by koki-develop/claude-renovate-review