Bump min go version to 1.26.2 (go-gitea#37139)

silverwind · claude · GiteaBot · commit ebb9a7a4904a · 2026-04-08T15:57:26.000Z
Update Go from 1.26.1 to 1.26.2 to fix 6 stdlib vulnerabilities:
- GO-2026-4947: `crypto/x509` chain building
- GO-2026-4946: `crypto/x509` policy validation
- GO-2026-4870: `crypto/tls` KeyUpdate DoS
- GO-2026-4869: `archive/tar` unbounded allocation
- GO-2026-4866: `crypto/x509` name constraints bypass
- GO-2026-4865: `html/template` XSS

Co-authored-by: Claude (Opus 4.6) &lt;noreply@anthropic.com&gt;
diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module code.gitea.io/gitea
 
-go 1.26.1
+go 1.26.2
 
 // rfc5280 said: "The serial number is an integer assigned by the CA to each certificate."
 // But some CAs use negative serial number, just relax the check. related:
