Bump go to v1.26.3, along with some golang.org/x/ deps

[calebbrown]

No description provided.

[kusari-inspector]

Kusari Analysis Results:

✅ No Flagged Issues Detected
All values appear to be within acceptable risk parameters.

The two analyses conflict on one point: the code analysis flags golang.org/x/net v0.47.0 (CVE-2026-33814, HTTP/2 infinite-loop DoS) as a blocking transitive dependency, while the dependency analysis — the authoritative source for resolved module versions — explicitly confirms that golang.org/x/net is pinned at v0.54.0 in the current PR, which carries no active advisories. The code analysis acknowledges it found zero code issues, zero secrets, and zero workflow issues; its sole blocking concern is the v0.47.0 transitive dependency, which the dependency analysis has already resolved. Applying senior security engineer judgment: the dependency analysis supersedes the code analysis on this specific dependency-version question. The PR is positive overall: it eliminates 9 previously confirmed CVEs across golang.org/x/net and golang.org/x/crypto by upgrading Go from v1.23.1 to v1.26.3, all replacement versions are clean, and all licenses are BSD-3-Clause. No outstanding remediation items remain.

Note

View full detailed analysis result for more information on the output and the checks that were run.

---

@kusari-inspector rerun - Trigger a re-analysis of this PR
@kusari-inspector feedback [your message] - Send feedback to our AI and team
See Kusari's documentation for setup and configuration.
Commit: 71cfa52, performed at: 2026-05-14T11:39:27Z

Found this helpful? Give it a 👍 or 👎 reaction!

[kusari-inspector]

Kusari PR Analysis rerun based on - 06436ab performed at: 2026-05-14T11:34:26Z - link to updated analysis

[kusari-inspector]

Kusari PR Analysis rerun based on - 71cfa52 performed at: 2026-05-14T11:40:09Z - link to updated analysis

[calebbrown]

Please ignore the linter warning for now. That version will be bumped in an upcoming dependabot PR.