Bump Go to 1.26.1 / 1.25.8

[ivanvc]

What would you like to be added?

Go 1.26.1 and 1.25.8 were released yesterday; they include fixes for CVEs: CVE-2026-27137, CVE-2026-27138, CVE-2026-27142, CVE-2026-25679 and CVE-2026-27139. According to our Dependency management documentation, we want to stay on the latest patch version. This means updating our stable branches to 1.25.8 and main to 1.26.1.

Progress track:

• etcd
  • main: go v1.26.1 - Bump Go to 1.26.1 #21459
  • release-3.6: go v1.25.8 - [release-3.6] Bump Go to 1.25.8 #21463
  • release-3.5: go v1.25.8 - [release-3.5] Bump Go to 1.25.8 #21462
  • release-3.4: go v1.25.8 - [release-3.4] Bump Go to 1.25.8 #21461
  • CHANGELOG - Changelog: Add entries for 3.4.42, 3.5.28, 3.6.9 releases #21511
• bbolt
  • main: go v1.25.8 - Bump go to 1.25.8 bbolt#1156
  • release-1.4: v1.25.8 - [release-1.4] Bump go to 1.25.8 bbolt#1157
  • release-1.3: v1.25.8 - [release-1.3] Bump go to 1.25.8 bbolt#1158
• raft
  • main: go v1.25.8 - Bump go to 1.25.8 raft#395
  • release-3.6: go v1.25.8 - [release-3.6] Bump go to 1.25.8 raft#396
• etcd-io/gofail master: go v1.25.8 - Bump golang version to 1.25.8 gofail#144
• etcd-io/auger main: go v1.26.1 - Bump go to 1.26.1 auger#445
• etcd-io/etcd-operator: go v1.26.1 - Bump golang version to 1.26.1 etcd-operator#306
• etcd-io/protodoc: go v1.25.8 - Bump go version to 1.25.8 protodoc#32

Please review the previous issues and their corresponding pull requests, such as #21364 and #21254.

Why is this needed?

To keep the project up to date with the latest Go versions. And address CVE-2026-27137, CVE-2026-27138, CVE-2026-27142, CVE-2026-25679 and CVE-2026-27139.

[ivanvc]

/assign

I'll be bumping the etcd repository due to our upcoming releases. The rest are up for grabs :)

[ivanvc]

Maybe not up for grabs, actually. As, @shuan1026 was working on the 1.26.0 version bump.