deps: update golang to v1.23.0 (#1711)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Dimitrij Drus <dadrus@gmx.de>

.github/workflows/ci.yaml

@@ -11,8 +11,8 @@ on:
       - release
 
 env:
-  GO_VERSION: "1.22.6"
-  GOLANGCI_LINT_VERSION: "v1.57.2"
+  GO_VERSION: "1.23.0"
+  GOLANGCI_LINT_VERSION: "v1.60.1"
   HELM_VERSION: "3.14.1"
   KUBECONFORM_VERSION: "0.6.4"
   KUBERNETES_API_VERSION: "1.27.0"

.github/workflows/security.yaml

@@ -1,7 +1,7 @@
 name: "Security Scan"
 
 env:
-  GO_VERSION: "1.22.6"
+  GO_VERSION: "1.23.0"
 
 on:
   push:

.golangci.yaml

@@ -10,23 +10,15 @@ linters:
     - wrapcheck
     - ireturn
     - exhaustruct
-    - exhaustivestruct
     - testpackage
     - paralleltest
     - nolintlint
     - tparallel
     - depguard
     - zerologlint
-    # deprecated
-    - interfacer
-    - varcheck
-    - deadcode
-    - nosnakecase
-    - structcheck
-    - maligned
-    - scopelint
-    - ifshort
-    - golint
+    # depricated
+    - gomnd
+    - execinquery
 
 issues:
   exclude-rules:
@@ -39,6 +31,9 @@ issues:
         - goerr113
         - lll
         - errcheck
+        - canonicalheader
+        - mnd
+        - err113
 
 linters-settings:
   exhaustive:
@@ -83,3 +78,8 @@ linters-settings:
       # to avoid having a CVE in the used version
       - golang.org/x/net
       - golang.org/x/text
+  mnd:
+    ignored-functions:
+      - '^make'
+      - '^math\.'
+      - '^time\.*'

docker/Dockerfile

@@ -2,7 +2,7 @@
 # Builder image to build the app
 ARG USER=heimdall
 
-FROM --platform=$BUILDPLATFORM golang:1.22.6-bookworm@sha256:f020456572fc292e9627b3fb435c6de5dfb8020fbcef1fd7b65dd092c0ac56bb as builder
+FROM --platform=$BUILDPLATFORM golang:1.23.0-bookworm@sha256:31dc846dd1bcca84d2fa231bcd16c09ff271bcc1a5ae2c48ff10f13b039688f3 as builder
 ARG USER
 ARG TARGETARCH
 ARG VERSION="unknown"

docker/debug.Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.22.6-bookworm@sha256:f020456572fc292e9627b3fb435c6de5dfb8020fbcef1fd7b65dd092c0ac56bb
+FROM golang:1.23.0-bookworm@sha256:31dc846dd1bcca84d2fa231bcd16c09ff271bcc1a5ae2c48ff10f13b039688f3
 ENV CGO_ENABLED 1
 
 RUN apt-get update && apt-get install -y --no-install-recommends inotify-tools=3.14-7 psmisc=23.2-1+deb10u1 \

docs/content/docs/getting_started/installation.adoc

@@ -19,7 +19,7 @@ You can always build a copy of heimdall by following the following instructions
 === Prerequisites
 
 * https://git-scm.com/[git]
-* The https://go.dev/dl/[Go] programming language >= 1.22
+* The https://go.dev/dl/[Go] programming language >= 1.23
 
 === Download
 Retrieve the latest copy of heimdall source code by cloning the git repository

go.mod

@@ -1,6 +1,6 @@
 module github.com/dadrus/heimdall
 
-go 1.22.6
+go 1.23.0
 
 require (
 	github.com/Masterminds/sprig/v3 v3.2.3

internal/cache/redis/cluster.go

@@ -36,7 +36,7 @@ func NewClusterCache(conf map[string]any, cw watcher.Watcher) (cache.Cache, erro
 	}
 
 	cfg := Config{
-		baseConfig: baseConfig{ClientCache: clientCache{TTL: 5 * time.Minute}}, //nolint:gomnd
+		baseConfig: baseConfig{ClientCache: clientCache{TTL: 5 * time.Minute}}, //nolint:mnd
 	}
 
 	err := decodeConfig(conf, &cfg)

internal/cache/redis/sentinel.go

@@ -40,7 +40,7 @@ func NewSentinelCache(conf map[string]any, cw watcher.Watcher) (cache.Cache, err
 	}
 
 	cfg := Config{
-		baseConfig: baseConfig{ClientCache: clientCache{TTL: 5 * time.Minute}}, //nolint:gomnd
+		baseConfig: baseConfig{ClientCache: clientCache{TTL: 5 * time.Minute}}, //nolint:mnd
 	}
 
 	err := decodeConfig(conf, &cfg)

internal/cache/redis/standalone.go

@@ -37,7 +37,7 @@ func NewStandaloneCache(conf map[string]any, cw watcher.Watcher) (cache.Cache, e
 	}
 
 	cfg := Config{
-		baseConfig: baseConfig{ClientCache: clientCache{TTL: 5 * time.Minute}}, //nolint:gomnd
+		baseConfig: baseConfig{ClientCache: clientCache{TTL: 5 * time.Minute}}, //nolint:mnd
 	}
 
 	err := decodeConfig(conf, &cfg)

internal/handler/envoyextauth/grpcv3/handler_test.go

@@ -194,7 +194,7 @@ func TestHandleDecisionEndpointRequest(t *testing.T) {
 		t.Run("case="+tc.uc, func(t *testing.T) {
 			// GIVEN
 			lis := bufconn.Listen(1024 * 1024)
-			conn, err := grpc.DialContext(context.Background(), "bufnet",
+			conn, err := grpc.NewClient("passthrough://bufnet",
 				grpc.WithContextDialer(func(context.Context, string) (net.Conn, error) { return lis.Dial() }),
 				grpc.WithTransportCredentials(insecure.NewCredentials()))
 			require.NoError(t, err)

internal/handler/metrics/module.go

@@ -90,10 +90,10 @@ func newLifecycleManager(conf *config.Configuration, logger zerolog.Logger) life
 		ServiceAddress: cfg.Address(),
 		Server: &http.Server{
 			Handler:        mux,
-			ReadTimeout:    5 * time.Second,  // nolint: gomnd
-			WriteTimeout:   10 * time.Second, // nolint: gomnd
-			IdleTimeout:    90 * time.Second, // nolint: gomnd
-			MaxHeaderBytes: 4096,             // nolint: gomnd
+			ReadTimeout:    5 * time.Second,  // nolint: mnd
+			WriteTimeout:   10 * time.Second, // nolint: mnd
+			IdleTimeout:    90 * time.Second, // nolint: mnd
+			MaxHeaderBytes: 4096,             // nolint: mnd
 			ErrorLog:       loggeradapter.NewStdLogger(logger),
 		},
 		Logger: logger,

internal/handler/middleware/grpc/accesslog/interceptor_test.go

@@ -238,7 +238,7 @@ func TestAccessLogInterceptorForKnownService(t *testing.T) {
 			tb := &testsupport.TestingLog{TB: t}
 			logger := zerolog.New(zerolog.TestWriter{T: tb})
 			handler := &mocks2.MockHandler{}
-			conn, err := grpc.DialContext(context.Background(), "bufnet",
+			conn, err := grpc.NewClient("passthrough://bufnet",
 				grpc.WithContextDialer(func(context.Context, string) (net.Conn, error) { return lis.Dial() }),
 				grpc.WithTransportCredentials(insecure.NewCredentials()))
 			require.NoError(t, err)
@@ -303,7 +303,7 @@ func TestAccessLogInterceptorForUnknownService(t *testing.T) {
 	bufDialer := func(context.Context, string) (net.Conn, error) {
 		return lis.Dial()
 	}
-	conn, err := grpc.DialContext(context.Background(), "bufnet",
+	conn, err := grpc.NewClient("passthrough://bufnet",
 		grpc.WithContextDialer(bufDialer),
 		grpc.WithTransportCredentials(insecure.NewCredentials()))
 	require.NoError(t, err)

internal/handler/middleware/grpc/errorhandler/interceptor_test.go

@@ -250,7 +250,7 @@ func TestErrorInterceptor(t *testing.T) {
 			lis := bufconn.Listen(1024 * 1024)
 			handler := &mocks.MockHandler{}
 			bufDialer := func(context.Context, string) (net.Conn, error) { return lis.Dial() }
-			conn, err := grpc.DialContext(context.Background(), "bufnet",
+			conn, err := grpc.NewClient("passthrough://bufnet",
 				grpc.WithContextDialer(bufDialer),
 				grpc.WithTransportCredentials(insecure.NewCredentials()))
 			require.NoError(t, err)

internal/handler/middleware/grpc/logger/interceptor_test.go

@@ -115,7 +115,7 @@ func TestLoggerInterceptor(t *testing.T) {
 			bufDialer := func(context.Context, string) (net.Conn, error) {
 				return lis.Dial()
 			}
-			conn, err := grpc.DialContext(context.Background(), "bufnet",
+			conn, err := grpc.NewClient("passthrough://bufnet",
 				grpc.WithContextDialer(bufDialer),
 				grpc.WithTransportCredentials(insecure.NewCredentials()))
 			require.NoError(t, err)

internal/handler/middleware/grpc/otelmetrics/interceptor_test.go

@@ -213,7 +213,7 @@ func TestHandlerObserveKnownRequests(t *testing.T) {
 
 			lis := bufconn.Listen(1024 * 1024)
 			handler := &mocks2.MockHandler{}
-			conn, err := grpc.DialContext(context.Background(), "bufnet",
+			conn, err := grpc.NewClient("passthrough://bufnet",
 				grpc.WithContextDialer(func(context.Context, string) (net.Conn, error) { return lis.Dial() }),
 				grpc.WithTransportCredentials(insecure.NewCredentials()))
 			require.NoError(t, err)
@@ -275,7 +275,7 @@ func TestHandlerObserveUnknownRequests(t *testing.T) {
 
 	lis := bufconn.Listen(1024 * 1024)
 	handler := &mocks2.MockHandler{}
-	conn, err := grpc.DialContext(context.Background(), "bufnet",
+	conn, err := grpc.NewClient("passthrough://bufnet",
 		grpc.WithContextDialer(func(context.Context, string) (net.Conn, error) { return lis.Dial() }),
 		grpc.WithTransportCredentials(insecure.NewCredentials()))
 	require.NoError(t, err)

internal/handler/middleware/http/dump/handler.go

@@ -163,7 +163,7 @@ func writeStatusLine(bw *bytes.Buffer, proto string, code int, scratch []byte) {
 	bw.WriteString(proto + " ")
 
 	if text := http.StatusText(code); text != "" {
-		bw.Write(strconv.AppendInt(scratch[:0], int64(code), 10)) //nolint:gomnd
+		bw.Write(strconv.AppendInt(scratch[:0], int64(code), 10)) //nolint:mnd
 		bw.WriteByte(' ')
 		bw.WriteString(text)
 		bw.WriteString("\r\n")

internal/handler/profiling/module.go

@@ -61,8 +61,8 @@ func newLifecycleManager(conf *config.Configuration, logger zerolog.Logger) life
 		ServiceAddress: cfg.Address(),
 		Logger:         logger,
 		Server: &http.Server{
-			ReadHeaderTimeout: 5 * time.Second,  // nolint: gomnd
-			IdleTimeout:       90 * time.Second, // nolint: gomnd
+			ReadHeaderTimeout: 5 * time.Second,  // nolint: mnd
+			IdleTimeout:       90 * time.Second, // nolint: mnd
 			ErrorLog:          loggeradapter.NewStdLogger(logger),
 		},
 	}

internal/handler/proxy/request_context.go

@@ -56,15 +56,15 @@ func newContextFactory(
 		// is possible per upstream
 		Proxy: http.ProxyFromEnvironment,
 		DialContext: (&net.Dialer{
-			Timeout:   30 * time.Second, //nolint:gomnd
-			KeepAlive: 30 * time.Second, //nolint:gomnd
+			Timeout:   30 * time.Second, //nolint:mnd
+			KeepAlive: 30 * time.Second, //nolint:mnd
 		}).DialContext,
 		ResponseHeaderTimeout: cfg.Timeout.Read,
 		MaxIdleConns:          cfg.ConnectionsLimit.MaxIdle,
 		MaxIdleConnsPerHost:   cfg.ConnectionsLimit.MaxIdlePerHost,
 		MaxConnsPerHost:       cfg.ConnectionsLimit.MaxPerHost,
 		IdleConnTimeout:       cfg.Timeout.Idle,
-		TLSHandshakeTimeout:   10 * time.Second, //nolint:gomnd
+		TLSHandshakeTimeout:   10 * time.Second, //nolint:mnd
 		ExpectContinueTimeout: 1 * time.Second,
 		ForceAttemptHTTP2:     true,
 		TLSClientConfig:       tlsCfg,

internal/handler/proxy/service_test.go

@@ -983,7 +983,7 @@ func TestWebSocketSupport(t *testing.T) {
 	require.NoError(t, err)
 
 	upstreamSrv := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
-		require.Equal(t, "/bar", req.URL.Path)
+		assert.Equal(t, "/bar", req.URL.Path)
 
 		upgrader := websocket.Upgrader{
 			CheckOrigin: func(_ *http.Request) bool {
@@ -992,22 +992,22 @@ func TestWebSocketSupport(t *testing.T) {
 		}
 
 		con, err := upgrader.Upgrade(rw, req, nil)
-		require.NoError(t, err)
+		assert.NoError(t, err)
 
 		defer con.Close()
 
 		err = con.WriteMessage(websocket.TextMessage, []byte("ping 1"))
-		require.NoError(t, err)
+		assert.NoError(t, err)
 
 		_, message, err := con.ReadMessage()
-		require.NoError(t, err)
+		assert.NoError(t, err)
 		assert.Equal(t, []byte("ping 1"), message)
 
 		err = con.WriteMessage(websocket.TextMessage, []byte("ping 2"))
-		require.NoError(t, err)
+		assert.NoError(t, err)
 
 		_, message, err = con.ReadMessage()
-		require.NoError(t, err)
+		assert.NoError(t, err)
 		assert.Equal(t, []byte("ping 2"), message)
 	}))
 	defer upstreamSrv.Close()
@@ -1092,7 +1092,7 @@ func TestServerSentEventsSupport(t *testing.T) {
 	require.NoError(t, err)
 
 	upstreamSrv := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
-		require.Equal(t, "/bar", req.URL.Path)
+		assert.Equal(t, "/bar", req.URL.Path)
 
 		rw.Header().Set("Content-Type", "text/event-stream")
 		rw.Header().Set("Cache-Control", "no-cache")
@@ -1102,9 +1102,9 @@ func TestServerSentEventsSupport(t *testing.T) {
 
 		for i := range 5 {
 			_, err := rw.Write(stringx.ToBytes(strconv.Itoa(i)))
-			require.NoError(t, err)
+			assert.NoError(t, err)
 
-			require.NoError(t, rc.Flush())
+			assert.NoError(t, rc.Flush())
 
 			time.Sleep(50 * time.Millisecond)
 		}

internal/httpcache/round_tripper_test.go

@@ -46,7 +46,7 @@ func TestRoundTripperRoundTrip(t *testing.T) {
 		}
 
 		_, err := w.Write([]byte("foobar"))
-		require.NoError(t, err)
+		assert.NoError(t, err)
 	}))
 
 	defer srv.Close()

internal/keystore/cert_chain_test.go

@@ -293,13 +293,13 @@ func (suite *CertChainTestSuite) TestFindChain() {
 			},
 		},
 	} {
-		suite.T().Run("case="+tc.uc, func(t *testing.T) {
+		suite.Run("case="+tc.uc, func() {
 			// GIVEN
 			// WHEN
 			chain := keystore.FindChain(tc.eeCert.PublicKey, tc.certPool)
 
 			// THEN
-			tc.assert(t, chain)
+			tc.assert(suite.T(), chain)
 		})
 	}
 }
@@ -368,15 +368,15 @@ func (suite *CertChainTestSuite) TestValidateChain() {
 			},
 		},
 	} {
-		suite.T().Run("case="+tc.uc, func(t *testing.T) {
+		suite.Run("case="+tc.uc, func() {
 			// GIVEN
 			chain := keystore.FindChain(tc.eeCert.PublicKey, tc.certPool)
 
 			// WHEN
 			err := keystore.ValidateChain(chain)
 
 			// THEN
-			tc.assert(t, err)
+			tc.assert(suite.T(), err)
 		})
 	}
 }

internal/rules/endpoint/authstrategy/client_credentials_test.go

@@ -90,7 +90,7 @@ func TestApplyClientCredentialsStrategy(t *testing.T) {
 
 		w.WriteHeader(code)
 		_, err = w.Write(rawResp)
-		require.NoError(t, err)
+		assert.NoError(t, err)
 	}))
 	defer srv.Close()
 

internal/rules/endpoint/endpoint_test.go

@@ -376,7 +376,7 @@ func TestEndpointSendRequest(t *testing.T) {
 
 		if serverResponse != nil {
 			_, err := w.Write(serverResponse)
-			require.NoError(t, err)
+			assert.NoError(t, err)
 		}
 
 		w.WriteHeader(statusCode)

internal/rules/mechanisms/authenticators/generic_authenticator_test.go

@@ -764,7 +764,7 @@ func TestGenericAuthenticatorExecute(t *testing.T) {
 			w.Header().Set("Content-Type", responseContentType)
 			w.Header().Set("Content-Length", strconv.Itoa(len(responseContent)))
 			_, err := w.Write(responseContent)
-			require.NoError(t, err)
+			assert.NoError(t, err)
 		}
 
 		w.WriteHeader(responseCode)

internal/rules/mechanisms/authenticators/jwt_authenticator_test.go

@@ -881,7 +881,7 @@ func TestJwtAuthenticatorExecute(t *testing.T) {
 		if jwksResponseContent != nil {
 			w.Header().Set("Content-Type", jwksResponseContentType)
 			_, err := w.Write(jwksResponseContent)
-			require.NoError(t, err)
+			assert.NoError(t, err)
 		} else {
 			w.WriteHeader(jwksResponseCode)
 		}
@@ -895,7 +895,7 @@ func TestJwtAuthenticatorExecute(t *testing.T) {
 		if metadataResponseContent != nil {
 			w.Header().Set("Content-Type", metadataResponseContentType)
 			_, err = w.Write(metadataResponseContent)
-			require.NoError(t, err)
+			assert.NoError(t, err)
 		} else {
 			w.WriteHeader(metadataResponseCode)
 		}