diff --git a/.github/workflows/auto-merge-dependabot.yml b/.github/workflows/auto-merge-dependabot.yml
deleted file mode 100644
index 9b54a916d..000000000
--- a/.github/workflows/auto-merge-dependabot.yml
+++ /dev/null
@@ -1,40 +0,0 @@
-name: auto-merge-dependabot
-
-# Auto-merge Dependabot PRs when the update is minor or patch and CI is
-# green. Major bumps are left for manual review (they have a history of
-# breaking changes — actions/checkout v4→v6, actions/upload-artifact
-# v4→v7, codeql-action v3→v4, etc.).
-
-on:
-  pull_request:
-    types: [opened, reopened, synchronize]
-
-permissions:
-  contents: write
-  pull-requests: write
-
-jobs:
-  auto-merge:
-    runs-on: ubuntu-latest
-    if: github.actor == 'dependabot[bot]'
-    steps:
-      - name: Inspect PR metadata
-        id: meta
-        uses: dependabot/fetch-metadata@v2
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Enable auto-merge for minor/patch
-        if: steps.meta.outputs.update-type == 'version-update:semver-minor' || steps.meta.outputs.update-type == 'version-update:semver-patch'
-        run: gh pr merge --auto --squash --delete-branch "$PR_URL"
-        env:
-          PR_URL: ${{ github.event.pull_request.html_url }}
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Comment on major (leave for review)
-        if: steps.meta.outputs.update-type == 'version-update:semver-major'
-        run: |
-          gh pr comment "$PR_URL" --body "Skipping auto-merge — this is a **major** version bump and deserves a human review. Check the dependency's changelog for breaking changes before merging."
-        env:
-          PR_URL: ${{ github.event.pull_request.html_url }}
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/go.mod b/go.mod
index 4e9fe99cd..13da3c299 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/GrayCodeAI/tok
 
-go 1.25.0
+go 1.26.1
 
 require (
 	github.com/BurntSushi/toml v1.6.0