From 205b80fbd24eacb89946df6d17234950690e2d94 Mon Sep 17 00:00:00 2001
From: Mike Odnis <airwolf635@gmail.com>
Date: Wed, 15 Apr 2026 01:01:40 -0400
Subject: [PATCH] fix(security): bump Go toolchain to stable for OSV-scanner
 v2.3.5
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

osv-scanner v2.3.5 requires Go ≥ 1.26.1. Pinning go-version to '1.23'
failed with 'requires go >= 1.26.1 (running go 1.23.12; GOTOOLCHAIN=local)'.
Switch to 'stable' which tracks the latest released Go.
---
 .github/workflows/security-scan.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
index 34182a1..a27b204 100644
--- a/.github/workflows/security-scan.yml
+++ b/.github/workflows/security-scan.yml
@@ -135,7 +135,7 @@ jobs:
       - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4
       - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00  # v6
         with:
-          go-version: "1.23"
+          go-version: "stable"  # osv-scanner v2.3.5 needs Go ≥ 1.26.1
       - name: Install + run OSV-Scanner
         run: |
           set -euxo pipefail