Bump to go1.24.1

.github/workflows/ci.yml

@@ -38,8 +38,8 @@ jobs:
       matrix:
         go: ${{ fromJSON(needs.load-versions.outputs.go_version_list) }}
         os: [ubuntu-latest]
-        golangci-lint: ["1.62.2"]
-        gosec: ["2.19.0"]
+        golangci-lint: ["1.64.8"]
+        gosec: ["2.22.2"]
     steps:
     - name: Set up Go 1.x
       uses: actions/[email protected]

.golangci.yaml

@@ -215,7 +215,7 @@ linters:
     #- errorlint # finds code that will cause problems with the error wrapping scheme introduced in Go 1.13
     #- execinquery # checks query string in Query function which reads your Go src files and warning it finds
     - exhaustive # checks exhaustiveness of enum switch statements
-    - exportloopref # checks for pointers to enclosing loop variables
+    #- exportloopref # checks for pointers to enclosing loop variables
     #- forbidigo # forbids identifiers
     #- funlen # tool for detection of long functions
     #- gochecknoinits # checks that no init functions are present in Go code

go.mod

@@ -1,6 +1,6 @@
 module github.com/bitnami-labs/sealed-secrets
 
-go 1.23.7
+go 1.24.1
 
 require (
 	github.com/Masterminds/sprig/v3 v3.3.0

pkg/controller/keys_test.go

@@ -38,7 +38,7 @@ func signKeyWithNotBefore(r io.Reader, key *rsa.PrivateKey, notBefore time.Time)
 func TestReadKey(t *testing.T) {
 	rand := testRand()
 
-	key, err := rsa.GenerateKey(rand, 512)
+	key, err := rsa.GenerateKey(rand, 2048)
 	if err != nil {
 		t.Fatalf("Failed to generate test key: %v", err)
 	}
@@ -77,7 +77,7 @@ func TestReadKey(t *testing.T) {
 func TestWriteKey(t *testing.T) {
 	ctx := context.Background()
 	rand := testRand()
-	key, err := rsa.GenerateKey(rand, 512)
+	key, err := rsa.GenerateKey(rand, 2048)
 	if err != nil {
 		t.Fatalf("Failed to generate test key: %v", err)
 	}
@@ -125,15 +125,15 @@ func TestWriteKey(t *testing.T) {
 		labelKey := strings.Split(label, "=")[0]
 		labelValue := strings.Split(label, "=")[1]
 		if labels.(map[string]interface{})[labelKey] != labelValue {
-			t.Errorf("writeKey didn't set label " + labelKey + " to value '" + labelValue + "'")
+			t.Errorf("writeKey didn't set label %v to value '%v'", labelKey, labelValue)
 		}
 	}
 
 	for _, annotation := range strings.Split(additionalAnnotations, ",") {
 		annotationKey := strings.Split(annotation, "=")[0]
 		annotationValue := strings.Split(annotation, "=")[1]
 		if annotations.(map[string]interface{})[annotationKey] != annotationValue {
-			t.Errorf("writeKey didn't set annotation '" + annotationKey + "' to value '" + annotationValue + "'")
+			t.Errorf("writeKey didn't set annotation '%v' to value '%v'", annotationKey, annotationValue)
 		}
 	}
 }

pkg/controller/main_test.go

@@ -160,7 +160,7 @@ func TestInitKeyRotationTick(t *testing.T) {
 func TestReuseKey(t *testing.T) {
 	ctx := context.Background()
 	rand := testRand()
-	key, err := rsa.GenerateKey(rand, 512)
+	key, err := rsa.GenerateKey(rand, 2048)
 	if err != nil {
 		t.Fatalf("Failed to generate test key: %v", err)
 	}
@@ -199,7 +199,7 @@ func TestReuseKey(t *testing.T) {
 func TestRenewStaleKey(t *testing.T) {
 	ctx := context.Background()
 	rand := testRand()
-	key, err := rsa.GenerateKey(rand, 512)
+	key, err := rsa.GenerateKey(rand, 2048)
 	if err != nil {
 		t.Fatalf("Failed to generate test key: %v", err)
 	}
@@ -259,7 +259,7 @@ func TestRenewStaleKey(t *testing.T) {
 func TestKeyCutoff(t *testing.T) {
 	ctx := context.Background()
 	rand := testRand()
-	key, err := rsa.GenerateKey(rand, 512)
+	key, err := rsa.GenerateKey(rand, 2048)
 	if err != nil {
 		t.Fatalf("Failed to generate test key: %v", err)
 	}
@@ -331,7 +331,7 @@ func writeLegacyKey(ctx context.Context, client kubernetes.Interface, key *rsa.P
 func TestLegacySecret(t *testing.T) {
 	ctx := context.Background()
 	rand := testRand()
-	key, err := rsa.GenerateKey(rand, 512)
+	key, err := rsa.GenerateKey(rand, 2048)
 	if err != nil {
 		t.Fatalf("Failed to generate test key: %v", err)
 	}

pkg/crypto/crypto.go

@@ -59,6 +59,7 @@ func HybridEncrypt(rnd io.Reader, pubKey *rsa.PublicKey, plaintext, label []byte
 	// First 2 bytes are RSA ciphertext length, so we can separate
 	// all the pieces later.
 	ciphertext := make([]byte, 2)
+	// #nosec G115
 	binary.BigEndian.PutUint16(ciphertext, uint16(len(rsaCiphertext)))
 	ciphertext = append(ciphertext, rsaCiphertext...)
 

pkg/crypto/keys_test.go

@@ -17,7 +17,7 @@ func testRand() io.Reader {
 func TestSignKey(t *testing.T) {
 	rand := testRand()
 
-	key, err := rsa.GenerateKey(rand, 512)
+	key, err := rsa.GenerateKey(rand, 2048)
 	if err != nil {
 		t.Fatalf("Failed to generate test key: %v", err)
 	}

versions.env

@@ -1,2 +1,2 @@
-GO_VERSION=1.23.7
+GO_VERSION=1.24.1
 GO_VERSION_LIST="[\"$GO_VERSION\"]"