Build with Go 1.26.2

[rvanlieshout]

This updates Thruster to build with Go 1.26.2 so the bundled thrust binary picks up the April 2026 Go security fixes.

Trivy currently reports CVE-2026-32280, CVE-2026-32282, and CVE-2026-33810 against the binary shipped in the current release.

[claude]

Claude Code Review

This pull request is from a fork — automated review is disabled. A repository maintainer can comment @claude review to run a one-time review.

[Copilot]

Pull request overview

This PR updates Thruster’s build target to Go 1.26.2 so the bundled thrust binary includes the April 2026 Go security fixes and addresses the CVEs reported by Trivy.

Tip

If you aren't ready for review, convert to a draft PR.
Click "Convert to draft" or run gh pr ready --undo.
Click "Ready for review" or run gh pr ready to reengage.

Changes:

• Bump the go version in go.mod from 1.26.1 to 1.26.2.
• Add a v0.1.20 CHANGELOG entry noting the Go toolchain update.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
go.mod	Updates the Go version to 1.26.2 to ensure builds pick up security fixes.
CHANGELOG.md	Documents the Go version bump in the next release entry.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[ryenski]

👋🏼 We'd love to see this PR merged - our app is currently reporting these CVEs, and this would close several open issues for us.

[alexandrule]

Hi! Thanks for the PR. Do you know if there is any plan to merge this and publish a new Thruster release soon?
We’re currently seeing these Go CVEs reported against the bundled thrust binary, and this update would help us close the security findings on our side.

[kevinmcconnell]

Thanks @rvanlieshout! And sorry for the slow response, I was out of the office for a while.

Since there's been another Go release since you opened this, I've gone ahead and bumped it to the (current) latest too. I'll get this shipped shortly.