[Snyk] Security upgrade golang from 1.24 to 1.26.4

[c-warren]

Snyk has created this PR to fix 3 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

• docker/github_actions/Dockerfile

We recommend upgrading to golang:1.26.4, as this image has only 162 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Integer Underflow SNYK-DEBIAN13-GNUTLS28-16344314	714
	CVE-2026-42010 SNYK-DEBIAN13-GNUTLS28-16344357	714
	CVE-2026-31789 SNYK-DEBIAN13-OPENSSL-15969301	714
	CVE-2026-31789 SNYK-DEBIAN13-OPENSSL-15969301	714
	CVE-2026-31789 SNYK-DEBIAN13-OPENSSL-15969301	714

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 84.83%. Comparing base (7275259) to head (a7e4022).

❌ Your project check has failed because the head coverage (84.83%) is below the target coverage (85.00%). You can increase the head coverage or adjust the target coverage.
see 1 file with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7275259...a7e4022. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[gitar-bot]

CI failed: The CI failed due to a missing conventional commit prefix in the PR title, failures in unit tests within the /internal/ package, and build errors triggered by uncommitted changes in auto-generated files like mocks.

Overview

Multiple distinct failure patterns were identified, including configuration errors in the PR metadata, build failures due to environment-induced code generation diffs, and unit test regressions in the internal package.

Failures

PR Title Validation Error (confidence: high)

• Type: configuration
• Affected jobs: N/A (CI workflow triggered)
• Related to change: yes
• Root cause: The pull request title does not contain a valid conventional commit prefix (e.g., 'chore:', 'feat:', 'fix:').
• Suggested fix: Rename the PR title to conform to conventional commits (e.g., "chore: [Snyk] Security upgrade golang from 1.24 to 1.26.4").

Build Failure: Uncommitted Generated Files (confidence: high)

• Type: build
• Affected jobs: 79267418427, 79267425688
• Related to change: yes
• Root cause: scripts/golint.sh detects uncommitted changes to generated files (mocks, thrift code) after make build executes in the CI environment.
• Suggested fix: Run make build locally to update all generated artifacts and commit the resulting changes to the branch before pushing.

Unit Test Failures in /internal/ (confidence: medium)

• Type: test
• Affected jobs: 79267418461
• Related to change: yes
• Root cause: Regressions in the /internal/ package unit tests, likely exacerbated by the Go 1.26.4 upgrade and potential race conditions in log synchronization handled by testlogger.go.
• Suggested fix: Run go test -v ./internal/ locally to isolate the failing tests and verify that the testlogger logic remains compatible with the Go 1.26+ concurrency model.

Summary

• Change-related failures: 3 (PR title format, build-time generated code diffs, and unit test regressions).
• Infrastructure/flaky failures: 0.
• Recommended action: Update the PR title first to allow the pipeline to proceed. Then, synchronize all generated files locally by running make build, commit those changes, and investigate the specific failures in the internal package tests.

Code Review ✅ Approved

Upgrades the Go base image from 1.24 to 1.26.4 in the Dockerfile to address critical security vulnerabilities in GnuTLS and OpenSSL. No issues found.

Tip

Comment Gitar fix CI or enable auto-apply: gitar auto-apply:on

Options

Auto-apply is off → Gitar will not commit updates to this branch.
Display: compact → Showing less information.

Comment with these commands to change:

Auto-apply	Compact
gitar auto-apply:on	gitar display:verbose

_{Was this helpful? React with 👍 / 👎 | Gitar}