chore(deps): update dependency go to v1.26.1

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
go		minor	1.25.5 → 1.26.1
go (source)	toolchain	minor	1.25.5 → 1.26.1

---

Release Notes

golang/go (go)

v1.26.1

Compare Source

v1.26.0

Compare Source

v1.25.8

Compare Source

v1.25.7

Compare Source

v1.25.6

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Renovate PR Review Results

⚖️ Safety Assessment: ✅ Safe

🔍 Release Content Analysis

Version Update: Go 1.25.5 → Go 1.26.1 (Minor version update)

Major Changes in Go 1.26:

• New Green Tea Garbage Collector: Now default, providing 10-40% GC overhead reduction. This is a performance improvement with no breaking changes
• Enhanced Language Features: new() function now allows initial values, and self-referential generic types are supported
• Runtime Improvements: ~30% faster cgo calls, heap base address randomization for enhanced security
• Post-quantum Cryptography: Enabled by default in TLS (SecP256r1MLKEM768 and SecP384r1MLKEM1024)
• Performance Optimizations: io.ReadAll is ~2x faster, improved image/jpeg implementation

Breaking Changes Identified:

1. cmd/doc and go tool doc removed (replaced with go doc) - Not affecting this project
2. 32-bit Windows ARM port removed - Not affecting this project (targets linux, windows, darwin)
3. net/url.Parse now rejects malformed URLs with unbracketed IPv6 addresses - Not affecting this project (no URL parsing found in codebase)
4. Various deprecated crypto APIs - Not affecting this project (no crypto packages used)
5. http.ReverseProxy.Director deprecation - Not affecting this project (no reverse proxy usage)

Security Fixes:

• Post-quantum cryptography enabled by default in TLS
• New crypto/hpke and crypto/mlkem packages
• Heap base address randomization for improved security
• Enhanced data-independent timing for crypto operations

🎯 Impact Scope Investigation

Files Modified:

• go.mod: Updated toolchain from go1.25.5 to go1.26.1
• mise.toml: Updated Go version from 1.25.5 to 1.26.1

Codebase Analysis:

• Total Go source files: 38
• No usage of deprecated APIs found:
  • No crypto packages (crypto/rsa, crypto/ecdsa, crypto/tls, etc.)
  • No net/url.Parse usage
  • No http.ReverseProxy usage
  • No cmd/doc or go tool doc references

Dependencies Analysis:

• All dependencies are compatible with Go 1.26.1
• No breaking changes detected in dependency chain
• Key dependencies tested:
  • github.com/alecthomas/chroma/v2 v2.21.1 ✅
  • github.com/charmbracelet/glamour v0.10.0 ✅
  • github.com/spf13/cobra v1.10.2 ✅
  • golang.org/x/term v0.38.0 ✅
  • golang.org/x/image v0.35.0 ✅

Build & Test Results:

• ✅ All tests pass: go test ./... completed successfully
• ✅ Build successful: go build -o gat completed without errors
• ✅ Binary runs correctly: ./gat --version works as expected
• ✅ GoReleaser configuration compatible (targets: linux, windows, darwin)

Platform Compatibility:

• Go module version requirement: go 1.24.0 (unchanged)
• Toolchain version: Updated to go1.26.1
• Target platforms (linux, windows, darwin) are all supported in Go 1.26.1
• No platform-specific breaking changes affect this project

💡 Recommended Actions

Immediate Actions:

1. ✅ Merge the PR - This is a safe upgrade with backward compatibility maintained
2. Monitor CI pipeline after merge to confirm all automated tests pass in production environment

Optional Considerations:

1. Performance Benefits: The new Green Tea GC will provide automatic performance improvements (10-40% reduced GC overhead)
2. Security Enhancement: Automatic benefit from heap base address randomization and post-quantum crypto in TLS
3. Future Compatibility: Staying current with Go releases ensures continued security updates and compatibility

No Manual Migration Required:

• No code changes needed
• No configuration changes needed
• No dependency updates required
• All existing functionality preserved

🔗 Reference Links

• Go 1.26 Release Notes
• Go 1.26.1 Release
• Go Release History
• Go 1.26 Security Improvements

Generated by koki-develop/claude-renovate-review

---

🚫 Permission Denied Tool Executions

The following tool executions that Claude Code attempted were blocked due to insufficient permissions.
Consider adding them to allowed_tools if needed.

Run #22856389728 - 1 tool denied

Tool	Input
WebSearch	{"query":"Go 1.26 release notes breaking changes backwards compatibility 2026"}

Generated by koki-develop/claude-denied-tools