From 29e7d414710673b3731aea8c1ffcef053dc604f1 Mon Sep 17 00:00:00 2001
From: Ogulcan Aydogan <ogulcanaydogan@hotmail.com>
Date: Wed, 20 May 2026 11:22:08 +0100
Subject: [PATCH] chore: pin workflows to go 1.26.x to unblock dependabot
 rollups

The weekly Go dependency rollup (PR #13) bumps go.mod to require Go 1.26.0
because hugot v0.7.2 (and a few transitives) need it. Workflows were still
pinned to 1.25.x, causing golangci-lint and tests to fail with:

  go: go.mod requires go >= 1.26.0 (running go 1.25.9; GOTOOLCHAIN=local)

Bumps actions/setup-go inputs in ci.yml (5 jobs) and release.yml (1 job)
from 1.25.x to 1.26.x. main go.mod is still 1.25.6 today, but 1.26.x can
build it without issue, so this lands cleanly before Dependabot rebases #13.
---
 .github/workflows/ci.yml      | 10 +++++-----
 .github/workflows/release.yml |  2 +-
 CHANGELOG.md                  |  3 +++
 3 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 0eeadf5..e381dae 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -14,7 +14,7 @@ jobs:
       - uses: actions/checkout@v6
       - uses: actions/setup-go@v6
         with:
-          go-version: '1.25.x'
+          go-version: '1.26.x'
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v9
         with:
@@ -28,7 +28,7 @@ jobs:
       - uses: actions/checkout@v6
       - uses: actions/setup-go@v6
         with:
-          go-version: '1.25.x'
+          go-version: '1.26.x'
       - name: Run tests
         run: go test -v -race -coverprofile=coverage.out ./...
       - name: Check coverage
@@ -54,7 +54,7 @@ jobs:
       - uses: actions/checkout@v6
       - uses: actions/setup-go@v6
         with:
-          go-version: '1.25.x'
+          go-version: '1.26.x'
       - name: Install ONNX Runtime
         run: |
           ONNX_VERSION=1.16.3
@@ -83,7 +83,7 @@ jobs:
       - uses: actions/checkout@v6
       - uses: actions/setup-go@v6
         with:
-          go-version: '1.25.x'
+          go-version: '1.26.x'
       - name: Run benchmarks
         run: go test -bench=. -benchmem -benchtime=3s ./benchmarks/... 2>/dev/null || echo "No benchmarks yet"
 
@@ -99,7 +99,7 @@ jobs:
       - uses: actions/checkout@v6
       - uses: actions/setup-go@v6
         with:
-          go-version: '1.25.x'
+          go-version: '1.26.x'
       - name: Build CLI
         env:
           GOOS: ${{ matrix.goos }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 3fcbd1d..db0a6c8 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -19,7 +19,7 @@ jobs:
           fetch-depth: 0
       - uses: actions/setup-go@v6
         with:
-          go-version: '1.25.x'
+          go-version: '1.26.x'
       - name: Run tests
         run: go test -race ./...
       - name: Build binaries
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8793029..14fea24 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Changed
+- CI and release workflows now pin `go-version: '1.26.x'` (was `1.25.x`); unblocks Dependabot rollups that bump `go.mod` to require Go 1.26.0 (e.g. `hugot` v0.7.2).
+
 ### Fixed
 - Replace deprecated `httputil.ReverseProxy.Director` with `Rewrite` in `pkg/proxy/server.go`; `Director` is deprecated since Go 1.26 (SA1019); `Rewrite` achieves the same Host-preservation behaviour and has been available since Go 1.20.