From 2e2b2f5f856836e29e9adf5c514ffd431cef6365 Mon Sep 17 00:00:00 2001
From: Chris Burns <29541485+ChrisJBurns@users.noreply.github.com>
Date: Mon, 9 Mar 2026 22:40:55 +0000
Subject: [PATCH 1/2] Update Go version from 1.25.0 to 1.26.0

---
 go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index af45e6d..345c8c2 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/stackloklabs/yardstick
 
-go 1.25.0
+go 1.26.0
 
 require (
 	github.com/google/jsonschema-go v0.4.2

From 851a2789e4e2272bf7bd0d3a27f8c77b825ada39 Mon Sep 17 00:00:00 2001
From: Chris Burns <29541485+ChrisJBurns@users.noreply.github.com>
Date: Mon, 9 Mar 2026 22:54:58 +0000
Subject: [PATCH 2/2] fix: sanitize tainted input in log to resolve gosec G706

Use strconv.Quote to sanitize the user-supplied action string before
logging, preventing potential log injection.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 cmd/yardstick-client/main.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/yardstick-client/main.go b/cmd/yardstick-client/main.go
index ef7884b..718eecc 100644
--- a/cmd/yardstick-client/main.go
+++ b/cmd/yardstick-client/main.go
@@ -285,6 +285,6 @@ func main() {
 		}
 
 	default:
-		log.Fatalf("Unknown action: %s", action)
+		log.Fatalf("Unknown action: %s", strconv.Quote(action))
 	}
 }