ci: bump Go image to 1.26.5 to fix GO-2026-5856 govulncheck failure (#330)

govulncheck flags GO-2026-5856 (Encrypted Client Hello privacy leak in
crypto/tls), present in the Go standard library through go1.26.4 and
fixed in go1.26.5. The CI and release workflows pin the golang:1.26.4
container image, so govulncheck fails with exit code 3 on every run.
Bump both workflow images to golang:1.26.5.
This commit is contained in:
kite 2026-07-09 11:00:45 +08:00 committed by GitHub
parent e2d75b732a
commit e6e5da0930
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 2 additions and 2 deletions

View file

@ -14,7 +14,7 @@ jobs:
runs-on: self-hosted
timeout-minutes: 15
container:
image: golang:1.26.4
image: golang:1.26.5
steps:
- uses: actions/checkout@v4

View file

@ -11,7 +11,7 @@ jobs:
build:
runs-on: self-hosted
container:
image: golang:1.26.4
image: golang:1.26.5
strategy:
matrix:
include: