Update Go to 1.26.1, also update email address and PGP key in SECURITY.md

[wollomatic]

Summary by CodeRabbit

Release Notes

• Documentation

  • Updated README with latest image tag and added examples to allow HEAD requests.
  • Updated SECURITY information: contact details, checksum algorithm, and PGP public key/download information.

• Chores

  • Bumped build base image to the latest patch release.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: da75271f-51cf-4d84-9698-c592311b165e

📥 Commits

Reviewing files that changed from the base of the PR and between f483f9e and d108ca4.

📒 Files selected for processing (1)

• SECURITY.md

---

Walkthrough

This pull request updates the Docker build base image (Go 1.26.0 → 1.26.1), bumps a documented image tag (1.11.3 → 1.11.4) and adds HEAD-request examples in README, and revises the security policy (hash algorithm, contact email, PGP key details and download link).

Changes

Cohort / File(s)	Summary
Build Configuration Dockerfile	Updated build-stage base image from golang:1.26.0-alpine3.23 to golang:1.26.1-alpine3.23 and adjusted image digest; no other build logic changes.
Documentation and Examples README.md	Bumped "Latest image" reference from 1.11.3 to 1.11.4 and added examples for allowing HEAD requests ('-allowHEAD=.*' and SP_ALLOW_HEAD=".*").
Security Policy and Keys SECURITY.md	Switched hash algorithm from SHA256 to SHA512, updated vulnerability contact email, added PGP public key download link, and refreshed PGP public key/signature block formatting and content.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A tiny hop from one to one-point-one,
I nudge the build, I tweak the sun,
Keys polished bright, SHA512 gleams,
Docs updated with HEAD-request dreams,
I nibble at code and leave a cheerful run!

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarises the main changes: Go version bump to 1.26.1 in Dockerfile and security contact/PGP key updates in SECURITY.md, matching the actual changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch update-go

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

SECURITY.md (1)

27-34: ⚠️ Potential issue | 🟠 Major

Update PGP key information: embedded key has expired and does not match the download link.

The embedded PGP public key block (lines 29–34) has expired as of 31 December 2025. Additionally, the key ID from the download link (9123F130) does not match the fingerprint of the embedded key (D57424AC7C262F4B44F45B575586B7A4D15E6CA7), creating ambiguity for users attempting to encrypt vulnerability reports.

Replace the embedded key block with the current, valid key from the download link, or clarify which key should be used.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@SECURITY.md` around lines 27 - 34, Replace the expired/incorrect embedded PGP
public key block in SECURITY.md (the pasted PGP PUBLIC KEY BLOCK and the
fingerprint D57424AC7C262F4B44F45B575586B7A4D15E6CA7) with the current valid key
that matches the download link key ID 9123F130; alternatively remove the
embedded block and add a clear statement directing users to download and verify
the correct public key from the provided URL and include the correct fingerprint
and key ID (9123F130) for verification. Ensure the file now either contains the
up-to-date key text that matches the download link or a clarified instruction
referencing the download link and the correct fingerprint/key ID for
verification.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@SECURITY.md`:
- Line 27: Replace the insecure HTTP PGP key download URL in SECURITY.md (the
line containing "http://wollomatic.dev/gpg/9123F130.gpg.asc") with its HTTPS
equivalent and verify the HTTPS endpoint is valid and serves the same key;
update the markdown link to "https://wollomatic.dev/gpg/9123F130.gpg.asc" (or an
alternative trusted HTTPS key server) so the PGP key download is protected
against MITM tampering.

---

Outside diff comments:
In `@SECURITY.md`:
- Around line 27-34: Replace the expired/incorrect embedded PGP public key block
in SECURITY.md (the pasted PGP PUBLIC KEY BLOCK and the fingerprint
D57424AC7C262F4B44F45B575586B7A4D15E6CA7) with the current valid key that
matches the download link key ID 9123F130; alternatively remove the embedded
block and add a clear statement directing users to download and verify the
correct public key from the provided URL and include the correct fingerprint and
key ID (9123F130) for verification. Ensure the file now either contains the
up-to-date key text that matches the download link or a clarified instruction
referencing the download link and the correct fingerprint/key ID for
verification.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: aa93a333-20a5-4f92-a32e-6934a2aded96

📥 Commits

Reviewing files that changed from the base of the PR and between 903ed04 and f483f9e.

📒 Files selected for processing (3)

• Dockerfile
• README.md
• SECURITY.md