go 1.26 upgrade

[bzimmer]

No description provided.

[codecov]

Codecov Report

❌ Patch coverage is 91.66667% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 72.37%. Comparing base (cbb9598) to head (2f3aa12).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
rwgps/model_string.go	66.66%	0 Missing and 1 partial ⚠️
xfer_string.go	66.66%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main      #35      +/-   ##
==========================================
+ Coverage   66.77%   72.37%   +5.60%     
==========================================
  Files          34       34              
  Lines        1845     1564     -281     
==========================================
- Hits         1232     1132     -100     
+ Misses        493      309     -184     
- Partials      120      123       +3     

Files with missing lines	Coverage Δ
cyclinganalytics/cyclinganalytics.go	82.35% <100.00%> (+4.30%)	⬆️
rwgps/model.go	87.50% <ø> (-2.98%)	⬇️
strava/model.go	100.00% <ø> (ø)
strava/strava.go	77.35% <100.00%> (+5.92%)	⬆️
xfer.go	85.18% <100.00%> (+0.18%)	⬆️
zwift/activity.go	71.42% <100.00%> (+40.99%)	⬆️
zwift/zwift.go	89.09% <100.00%> (+2.52%)	⬆️
rwgps/model_string.go	60.00% <66.66%> (+20.00%)	⬆️
xfer_string.go	60.00% <66.66%> (+20.00%)	⬆️

... and 21 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update cbb9598...2f3aa12. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Copilot]

Pull request overview

This PR aims to upgrade the project to Go 1.26.0 and update dependencies. The changes include:

Changes:

• Upgrade Go version from 1.24.2 to 1.26.0 in go.mod
• Update golang.org/x dependencies (oauth2, sync, time, net, text) to newer versions
• Update github.com/twpayne/go-gpx and github.com/rogpeppe/go-internal dependencies
• Add SSRF protection validation for Zwift S3 URLs in activity exports
• Add gosec linter suppressions with justifications
• Remove loop variable reassignment pattern tt := tt from one test file
• Change Photo.Type field from string to int in Strava model
• Replace fmt.Sprintf with fmt.Appendf in xfer.go

Reviewed changes

Copilot reviewed 12 out of 13 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
go.mod	Upgrades Go version to 1.26.0 and updates dependency versions
go.sum	Updates checksums for upgraded dependencies
zwift/activity.go	Adds SSRF validation for S3 URLs and gosec suppression comment
zwift/zwift.go	Adds gosec linter suppression for OAuth endpoint
strava/strava.go	Adds gosec linter suppression for OAuth endpoint
cyclinganalytics/cyclinganalytics.go	Adds gosec linter suppression for OAuth endpoint
rwgps/model.go	Adds gosec linter suppression for auth token field
xfer_test.go	Removes loop variable reassignment pattern
xfer.go	Replaces fmt.Sprintf with fmt.Appendf for JSON marshaling
strava/model.go	Changes Photo.Type field from string to int

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The new validateZwiftS3URL function lacks test coverage. Given that this function is implementing important security validation to prevent SSRF attacks, it should have comprehensive tests covering:

• Valid Zwift S3 URLs
• Invalid schemes (http, ftp, etc.)
• Invalid hosts (non-S3, non-amazonaws.com, wrong region)
• Invalid bucket names (without "zwift")
• Malformed URLs
• Edge cases like case sensitivity

This is especially important since other test files in the codebase (e.g., activity_test.go, model_test.go, auth_test.go) have comprehensive test coverage for their respective functionality.