From 8febec75f61b2fd9183d6bb7c6fc765ae7045b2e Mon Sep 17 00:00:00 2001
From: l-qing <9499086+l-qing@users.noreply.github.com>
Date: Sun, 7 Jun 2026 16:30:51 +0000
Subject: [PATCH] chore(go): bump go directive to 1.26.4 to rebuild with fixed
 Go stdlib

Rebuild released binaries with Go 1.26.4 to clear stdlib CVE-2026-42504,
CVE-2026-27145 and CVE-2026-42507. The Alauda release workflow resolves the
toolchain via setup-go go-version-file: kustomize/go.mod, so bumping this
directive is sufficient for the next -alauda-N release to build on Go 1.26.4.

Consumed downstream by AlaudaDevops/catalog.
---
 kustomize/go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kustomize/go.mod b/kustomize/go.mod
index cfc3ebb75d..e3987bd462 100644
--- a/kustomize/go.mod
+++ b/kustomize/go.mod
@@ -1,6 +1,6 @@
 module sigs.k8s.io/kustomize/kustomize/v5
 
-go 1.26.3
+go 1.26.4
 
 require (
 	github.com/google/go-cmp v0.7.0