Skip to content

Update dependency golang to v1.26.5 (main)#3365

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/main-golang-1.26.x
Open

Update dependency golang to v1.26.5 (main)#3365
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/main-golang-1.26.x

Conversation

@renovate

@renovate renovate Bot commented Jun 27, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Update Change
golang patch 1.26.31.26.5

Release Notes

golang/go (golang)

v1.26.5

Compare Source

v1.26.4

Compare Source


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 12:00 AM and 03:59 AM (* 0-3 * * *)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@fullsend-ai-review

fullsend-ai-review Bot commented Jun 27, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 1:17 AM UTC · Completed 1:21 AM UTC
Commit: 47d3320 · View workflow run →

@fullsend-ai-review

fullsend-ai-review Bot commented Jun 27, 2026

Copy link
Copy Markdown

Review — comment

PR: #3365 — Update dependency golang to v1.26.5 (main)
Author: renovate[bot] | Base: main | Head: f7d41c2

Summary

This is an automated Renovate PR that bumps the Go version from 1.26.3 to 1.26.5 in .tool-versions (used by asdf/mise for local toolchain management). The change is a clean, single-line patch version bump with no security concerns.

However, .tool-versions is not the only file that pins the Go version. The repository has six other files still referencing 1.26.3:

File Current Purpose
go.mod go 1.26.3 CI reads this via go-version-file: go.mod
acceptance/go.mod go 1.26.3 Acceptance test module
tools/go.mod go 1.26.3 Tooling module
tools/kubectl/go.mod go 1.26.3 kubectl tooling module
Dockerfile golang:1.26.3 Container build base image
Dockerfile.dist go-toolset:1.26.3@sha256:17c888d... Distribution build base image (digest-pinned)

Since CI workflows use go-version-file: go.mod (not .tool-versions) and the repo has a golang-version-check CI step, merging this PR alone may either be caught by CI or create a version mismatch between local development and CI/production builds.

Findings

🔶 Version consistency — go.mod files (×4) medium

All four go.mod files (go.mod, acceptance/go.mod, tools/go.mod, tools/kubectl/go.mod) still declare go 1.26.3. CI uses go-version-file: go.mod to select the Go toolchain, so CI builds will continue using Go 1.26.3 regardless of this PR.

🔶 Version consistency — Dockerfiles (×2) medium

Dockerfile uses golang:1.26.3 and Dockerfile.dist uses go-toolset:1.26.3@sha256:17c888d... as build base images. Container builds will continue using Go 1.26.3.

Recommendation

If Renovate manages go.mod and Dockerfiles via separate PRs, coordinate the merge order or consider configuring Renovate to group all Go version pins into a single PR to avoid transient inconsistencies.

Dimensions reviewed

Dimension Result
Correctness 🔶 Version inconsistency across 6 files
Security ✅ No issues
Intent & coherence ✅ Mechanical change, authorization implicit
Style & conventions ✅ Value follows existing pattern
Documentation currency ✅ No stale docs
Cross-repo contracts ⏭ Skipped (no exported interfaces changed)
Previous run

Review

Verdict: Approve

Summary

Standard Renovate patch version bump of the Go toolchain from 1.26.3 to 1.26.5 in .tool-versions (asdf/mise local development tooling configuration).

Analysis

Dimension Result
Correctness ✅ Valid patch version update; .tool-versions format is correct
Security ✅ Patch updates typically include security fixes — beneficial
Intent & Scope ✅ Automated dependency update, single file, appropriately scoped
Style ✅ Consistent with existing format
Documentation ✅ No documentation changes needed
Cross-repo contracts ✅ No API or interface changes

Notes

  • The go.mod files and Dockerfile still reference Go 1.26.3. This is expected — .tool-versions controls local developer tooling and is typically updated independently from build-time Go version pins. Renovate likely manages these through separate update groups.
  • This is a patch-level bump (1.26.3 → 1.26.5), which carries minimal risk and may include important bug fixes and security patches.
Previous run (2)

Review of #3365 — Update dependency golang to v1.26.5

Verdict: ✅ Approve

This is a straightforward Renovate patch-version bump of the Go toolchain in .tool-versions from 1.26.3 to 1.26.5. The change is a single-line substitution in a tooling configuration file with no functional code impact.

What was reviewed

Dimension Result
Correctness ✅ No logic changes. Valid patch version bump.
Security ✅ Patch updates to Go typically include security fixes — this is beneficial.
Intent & coherence ✅ Renovate bot updating dependencies per configured schedule. Matches project's dependency management strategy.
Style/conventions ✅ Follows existing .tool-versions format.
Documentation ✅ No documentation impact.
Cross-repo contracts ✅ No API or interface changes.

Notes

  • The Go version in Dockerfile (line 19), Dockerfile.dist (line 19), and go.mod files remains at 1.26.3. These are managed by separate Renovate datasource rules (Docker images, Go modules) and will be updated in their own PRs. This is standard Renovate behavior and does not represent a consistency issue.
  • Auto-merge is enabled on this PR, which is appropriate for a patch-level dependency update.

No findings.


Labels: Patch-level Go toolchain version bump via Renovate

Previous run (3)

Review

Verdict: Approve

This is an automated Renovate patch version bump of Go from 1.26.3 to 1.26.5 in .tool-versions (the asdf/mise version manager configuration). The change is minimal and safe.

Analysis

Correctness: No logic or behavior changes. The .tool-versions file controls which Go version local developer tooling (asdf/mise) installs. A Go patch bump is backward compatible by the Go compatibility promise.

Security: Go patch releases typically bundle security fixes. Updating to 1.26.5 is a positive security posture improvement for local development environments.

Scope & intent: Automated dependency maintenance by Renovate, consistent with the project's renovate.json configuration and existing labels (dependencies, go, renovate).

Note

The Go version 1.26.3 is still referenced in several other files (Dockerfile, Dockerfile.dist, go.mod, acceptance/go.mod, tools/go.mod, tools/kubectl/go.mod). These are managed by separate Renovate managers and will likely be updated in their own PRs. For a patch version bump this creates no compatibility risk, but the version drift is worth tracking.

No blocking findings. Safe to merge.


Labels: Automated Go toolchain patch version bump via Renovate

Previous run (4)

Review

Outcome: Approve

Summary

Automated Renovate patch version bump of Go toolchain in .tool-versions (1.26.3 → 1.26.4). Single-line change with no impact on application logic, APIs, or build artifacts.

Analysis

Dimension Result
Correctness ✅ Valid .tool-versions syntax; patch-level bump with no behavioral impact
Security ✅ Go patch releases typically bundle security fixes — updating is beneficial
Intent & coherence ✅ Standard Renovate dependency maintenance, appropriately scoped
Style & conventions ✅ File format consistent with existing convention
Documentation ✅ No documentation impacted
Cross-repo contracts ✅ No APIs or interfaces affected

Note: Other files referencing Go 1.26.3 (go.mod, Dockerfile, Dockerfile.dist) are managed by separate Renovate rules/managers and will be updated in their own PRs. This is expected behavior.

No findings.

Previous run (5)

Review — Approve

Change summary: Automated Renovate patch-level Go version bump in .tool-versions from 1.26.31.26.4.

This is a single-line change to the asdf/mise tooling version file. The diff is correct and follows the existing format.

Analysis

Dimension Result
Correctness ✅ Valid Go version string; patch bump is safe
Security ✅ Patch releases typically include security fixes — updating is recommended
Intent & coherence ✅ Standard automated dependency maintenance, appropriately scoped
Style/conventions ✅ Follows existing .tool-versions format
Documentation ✅ No documentation impact
Cross-repo contracts ✅ No API or interface changes

Observation

Version consistency (low): After this PR merges, .tool-versions will specify Go 1.26.4, while go.mod (root + tools/, tools/kubectl/, acceptance/), Dockerfile, and Dockerfile.dist still reference Go 1.26.3. This is typical for Renovate, which manages different package managers via separate PRs. Since this is a patch-level bump, the divergence carries negligible risk — local dev tooling at 1.26.4 is fully compatible with 1.26.3 build targets. Expect Renovate to update the remaining references in separate PRs.

No blocking findings. Safe to merge.


Labels: Automated patch-level Go toolchain version bump via Renovate

Previous run (6)

Looks good to me

Previous run (7)

Looks good to me

Previous run (8)

Looks good to me


Labels: PR is an automated Go dependency patch update

fullsend-ai-review[bot]

This comment was marked as outdated.

@fullsend-ai-review fullsend-ai-review Bot added ready-for-merge All reviewers approved — ready to merge dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 27, 2026
@renovate renovate Bot force-pushed the renovate/main-golang-1.26.x branch from 9aefa39 to d295557 Compare July 1, 2026 14:36
@fullsend-ai-review

fullsend-ai-review Bot commented Jul 1, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 2:39 PM UTC · Completed 2:43 PM UTC
Commit: 47d3320 · View workflow run →

fullsend-ai-review[bot]

This comment was marked as outdated.

@fullsend-ai-review fullsend-ai-review Bot added ready-for-merge All reviewers approved — ready to merge and removed ready-for-merge All reviewers approved — ready to merge labels Jul 1, 2026
@renovate renovate Bot force-pushed the renovate/main-golang-1.26.x branch from d295557 to 116168c Compare July 1, 2026 19:50
@fullsend-ai-review

fullsend-ai-review Bot commented Jul 1, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 7:52 PM UTC · Completed 7:55 PM UTC
Commit: 47d3320 · View workflow run →

fullsend-ai-review[bot]

This comment was marked as outdated.

@fullsend-ai-review fullsend-ai-review Bot added ready-for-merge All reviewers approved — ready to merge and removed ready-for-merge All reviewers approved — ready to merge labels Jul 1, 2026
@renovate renovate Bot force-pushed the renovate/main-golang-1.26.x branch from 116168c to 1c82305 Compare July 6, 2026 09:40
@fullsend-ai-review

fullsend-ai-review Bot commented Jul 6, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 9:43 AM UTC · Completed 9:46 AM UTC
Commit: 47d3320 · View workflow run →

fullsend-ai-review[bot]

This comment was marked as outdated.

@fullsend-ai-review fullsend-ai-review Bot added ready-for-merge All reviewers approved — ready to merge and removed ready-for-merge All reviewers approved — ready to merge labels Jul 6, 2026
@renovate renovate Bot force-pushed the renovate/main-golang-1.26.x branch from 1c82305 to e3cb8ef Compare July 6, 2026 12:58
@fullsend-ai-review

fullsend-ai-review Bot commented Jul 6, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 1:03 PM UTC · Completed 1:06 PM UTC
Commit: 47d3320 · View workflow run →

fullsend-ai-review[bot]

This comment was marked as outdated.

@fullsend-ai-review fullsend-ai-review Bot added ready-for-merge All reviewers approved — ready to merge and removed ready-for-merge All reviewers approved — ready to merge labels Jul 6, 2026
@renovate renovate Bot force-pushed the renovate/main-golang-1.26.x branch from e3cb8ef to 4120e1e Compare July 7, 2026 20:46
@renovate renovate Bot changed the title Update dependency golang to v1.26.4 (main) Update dependency golang to v1.26.5 (main) Jul 7, 2026
@fullsend-ai-review

fullsend-ai-review Bot commented Jul 7, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 8:46 PM UTC · Completed 8:50 PM UTC
Commit: 7c8ccca · View workflow run →

fullsend-ai-review[bot]

This comment was marked as outdated.

@fullsend-ai-review fullsend-ai-review Bot added ready-for-merge All reviewers approved — ready to merge and removed ready-for-merge All reviewers approved — ready to merge labels Jul 7, 2026
@renovate renovate Bot force-pushed the renovate/main-golang-1.26.x branch from 4120e1e to 13f7045 Compare July 8, 2026 09:39
@fullsend-ai-review

fullsend-ai-review Bot commented Jul 8, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 9:40 AM UTC · Completed 9:43 AM UTC
Commit: 7c8ccca · View workflow run →

fullsend-ai-review[bot]

This comment was marked as outdated.

@fullsend-ai-review fullsend-ai-review Bot added ready-for-merge All reviewers approved — ready to merge and removed ready-for-merge All reviewers approved — ready to merge labels Jul 8, 2026
@renovate renovate Bot force-pushed the renovate/main-golang-1.26.x branch from 13f7045 to d362eff Compare July 8, 2026 14:40
@fullsend-ai-review

fullsend-ai-review Bot commented Jul 8, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 2:41 PM UTC · Completed 2:44 PM UTC
Commit: 7c8ccca · View workflow run →

fullsend-ai-review[bot]

This comment was marked as outdated.

@fullsend-ai-review fullsend-ai-review Bot added ready-for-merge All reviewers approved — ready to merge and removed ready-for-merge All reviewers approved — ready to merge labels Jul 8, 2026
@renovate renovate Bot force-pushed the renovate/main-golang-1.26.x branch from d362eff to f7d41c2 Compare July 8, 2026 15:30
@fullsend-ai-review

fullsend-ai-review Bot commented Jul 8, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 3:31 PM UTC · Completed 3:38 PM UTC
Commit: 8f05d87 · View workflow run →

@fullsend-ai-review fullsend-ai-review Bot added requires-manual-review Review requires human judgment and removed ready-for-merge All reviewers approved — ready to merge labels Jul 8, 2026
@renovate renovate Bot force-pushed the renovate/main-golang-1.26.x branch from f7d41c2 to aec9a4c Compare July 8, 2026 23:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code main renovate requires-manual-review Review requires human judgment size: XS

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants