fix: upgrade Security Scan to Go 1.26 to fix crypto/x509 vulnerabilities

devfeel · devfeel · commit 54b28f610ee6 · 2026-03-07T16:17:17.000+08:00
- GO-2026-4600: Panic in name constraint checking (fixed in Go 1.26.1)
- GO-2026-4599: Incorrect email constraints (fixed in Go 1.26.1)
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -20,14 +20,14 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v5
         with:
-          go-version: '1.25'
+          go-version: '1.26'
           cache: true
 
       # Dependency vulnerability scan
       - name: Run govulncheck
         uses: golang/govulncheck-action@v1
         with:
-          go-version-input: '1.25'
+          go-version-input: '1.26'
           check-latest: true
 
       # Security code scan
