Update golang Docker tag to v1.26

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
golang	stage	minor	1.25-alpine → 1.26-alpine

---

Configuration

📅 Schedule: Branch creation - "before 9am every weekday" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[claude]

Code Review: Update golang Docker tag to v1.26

Summary

This PR updates the Go base image from 1.25-alpine to 1.26-alpine in the Dockerfile. This is a Renovate-managed dependency update.

✅ Positive Points

1. Security & Maintenance: Keeping Go updated is important for security patches and bug fixes
2. SHA256 Pinning: The new image correctly uses SHA256 pinning for supply chain security
3. Clean Change: Single-line change, minimal risk
4. CI Compatibility: The CI workflows use go-version-file: 'go.mod', which will automatically pick up the Go version from go.mod (currently 1.25.5), so there's no mismatch risk during CI runs

⚠️ Issues & Recommendations

1. go.mod Version Mismatch (Required Fix)

The go.mod file currently specifies:

go 1.25.5

This needs to be updated to match the Docker build environment. The go.mod version acts as the minimum required Go version for the project.

Recommendation: Update go.mod to:

go 1.26

Or if you want to be more specific once Go 1.26.x is released:

go 1.26.0

2. CLAUDE.md Documentation Update

The project documentation in CLAUDE.md states:

## Prerequisites
- Go 1.25+

Recommendation: Update to:

## Prerequisites
- Go 1.26+

3. Testing Considerations

Action Items:

• ✅ Ensure all CI tests pass (lint, test, build check)
• ✅ Verify integration tests complete successfully
• ✅ Check that no new deprecation warnings appear

🔍 Code Quality Assessment

Build Configuration: ✅ Excellent

• Uses multi-stage build
• Proper CGO_ENABLED=0 for static binary
• Alpine base for minimal image size

Security: ✅ Strong

• SHA256 image pinning
• No security concerns with version bump

Performance: ✅ No Impact

• Go 1.26 includes performance improvements
• No breaking changes expected for this codebase

📋 Summary of Required Changes

Before merging, please update:

1. go.mod: Change go 1.25.5 to go 1.26 (or appropriate 1.26.x version)
2. CLAUDE.md: Update prerequisites from "Go 1.25+" to "Go 1.26+"

🎯 Final Verdict

Approve with minor changes required: The Docker image update itself is good, but the go.mod version must be synchronized to maintain consistency across the build environment. Once the go.mod version is updated, this PR is safe to merge.

The change is low-risk since:

• Go maintains strong backward compatibility
• The codebase uses standard library features
• CI will catch any compatibility issues
• No new Go 1.26-specific features are being introduced (yet)

---

Review generated by Claude Code