From 5beb510885e562623a00f8eb700735aae917f345 Mon Sep 17 00:00:00 2001 From: Caian Ertl Date: Tue, 7 Jul 2026 21:45:22 -0300 Subject: [PATCH] fix(build): pin Go toolchain to go1.26.4 for stdlib vuln patches Addresses GO-2026-5039 (net/textproto) and GO-2026-5037 (crypto/x509), both fixed in go1.26.4. The release builds via `go-version-file: go.mod`, so pinning the toolchain here ensures published binaries link the patched standard library. Co-Authored-By: Claude Opus 4.8 (1M context) --- go.mod | 2 ++ 1 file changed, 2 insertions(+) diff --git a/go.mod b/go.mod index 43b5e09..146e449 100644 --- a/go.mod +++ b/go.mod @@ -2,6 +2,8 @@ module github.com/c3-oss/mcp-plane go 1.26.2 +toolchain go1.26.4 + require ( github.com/mark3labs/mcp-go v0.55.1 github.com/spf13/cobra v1.10.2