[Snyk] Security upgrade golang from 1.18 to 1.26rc3

[snyk-io]

Snyk has created this PR to fix 2 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

• Dockerfile-secretmessage

We recommend upgrading to golang:1.26rc3, as this image has only 121 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Out-of-bounds Write SNYK-DEBIAN11-GLIBC-5927133	823
	Out-of-bounds Write SNYK-DEBIAN11-GLIBC-5927133	823
	Out-of-bounds Write SNYK-DEBIAN11-GLIBC-5927133	823
	Out-of-bounds Write SNYK-DEBIAN11-GLIBC-5927133	823
	Link Following SNYK-DEBIAN11-GIT-6846200	582

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Out-of-bounds Write

[snyk-io]

This upgrade from Go 1.18 to 1.26 spans multiple major versions and includes significant language and runtime changes. While Go maintains a strong backward-compatibility promise, several key changes are gated by the Go version in your go.mod file and require developer attention.

High Risk Breaking Change:

• Go 1.22: for Loop Variable Semantics: The most critical change is in Go 1.22, which alters how loop variables are handled. Each iteration of a for loop now creates a new variable. This fixes a common bug where closures or goroutines would accidentally capture the same variable from the last iteration. Code relying on the old behavior will break once the go.mod file is updated to go 1.22 or newer.

  Recommendation: Thoroughly audit all for loops that use goroutines or closures that reference loop variables. The go vet tool can help identify problematic loops in older codebases.

Medium Risk Behavioral & Environment Changes:

• Go 1.23: time.Timer and time.Ticker Behavior: Timers and Tickers that are no longer referenced are now eligible for garbage collection, even if Stop() has not been called. Additionally, the underlying channel is now unbuffered. This change is active for modules using go 1.23 or newer and may affect programs relying on the old timer behavior.
• Go 1.19: os/exec Path Security: For security reasons, the os/exec package no longer finds executables using relative paths in the PATH environment variable. This can break scripts or applications that depend on this behavior.
• **Go 1.24+:

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.