From f6426bd3adfa2d362084bcf6e661db24c65ecc89 Mon Sep 17 00:00:00 2001
From: l-qing <9499086+l-qing@users.noreply.github.com>
Date: Sun, 7 Jun 2026 16:38:25 +0000
Subject: [PATCH] chore(go): bump go directive to 1.26.4 to rebuild with fixed
 Go stdlib

Rebuild released binaries with Go 1.26.4 to clear stdlib CVE-2026-42504,
CVE-2026-27145 and CVE-2026-42507 (all fixed in Go 1.26.4). The Alauda
release workflow uses setup-go with go-version-file: image/git-init/go.mod,
so bumping this directive is sufficient for the next -alauda-N release to
build on Go 1.26.4 and scan clean downstream in AlaudaDevops/catalog.
---
 image/git-init/go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/image/git-init/go.mod b/image/git-init/go.mod
index 6dd12ea7..002cdb6a 100644
--- a/image/git-init/go.mod
+++ b/image/git-init/go.mod
@@ -1,6 +1,6 @@
 module github.com/tektoncd-catalog/git-clone/git-init
 
-go 1.26.3
+go 1.26.4
 
 require (
 	github.com/google/go-cmp v0.7.0