From ce8bd5d0ed04ed62df5905bfe03e1d65a6ad1174 Mon Sep 17 00:00:00 2001
From: l-qing <9499086+l-qing@users.noreply.github.com>
Date: Sun, 7 Jun 2026 16:27:10 +0000
Subject: [PATCH] chore(go): bump go directive to 1.26.4 to rebuild with fixed
 Go stdlib

Rebuild released binaries with Go 1.26.4 to clear stdlib CVE-2026-42504,
CVE-2026-27145 and CVE-2026-42507. The Alauda release workflow resolves the
toolchain via setup-go go-version-file: go.mod, so bumping this directive is
sufficient for the next -alauda-N release to build on Go 1.26.4.
---
 go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index d607a1f93..7025a9c6b 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/google/go-containerregistry
 
-go 1.26.3
+go 1.26.4
 
 require (
 	github.com/containerd/stargz-snapshotter/estargz v0.18.1