chore(deps): update module golang.org/x/crypto to v0.35.0 [security] (#531)

* chore(deps): update module golang.org/x/crypto to v0.35.0 [security]

* TAR_OPTIONS=--skip-old-files

* fix

---------

Co-authored-by: descope[bot] <107609351+descope[bot]@users.noreply.github.com>
Co-authored-by: Omer Cohen <[email protected]>
Co-authored-by: Omer C <[email protected]>

Author: descope[bot]

.github/actions/setup/action.yml

@@ -6,14 +6,8 @@ runs:
   steps:
     - name: Set up Go
       uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
+      env:
+        # to handle cache overwrite errors
+        TAR_OPTIONS: --skip-old-files
       with:
         go-version-file: go.mod
-
-    - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
-      with:
-        path: |
-          ~/.cache/go-build
-          ~/go/pkg/mod
-        key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-        restore-keys: |
-          ${{ runner.os }}-go-

.gitleaksignore

@@ -0,0 +1 @@
+2db698a94e8f6af32c81e8e2830062ca6418077a:descope/types.go:generic-api-key:991

descope/api/client.go

@@ -1477,7 +1477,7 @@ func (c *Client) DoRequest(ctx context.Context, method, uriPath string, body io.
 	}
 
 	if response.Body != nil {
-		defer response.Body.Close()
+		defer func() { _ = response.Body.Close() }()
 	}
 	if !isResponseOK(response) {
 		err = c.parseDescopeError(response).WithInfo(descope.ErrorInfoKeys.HTTPResponseStatusCode, response.StatusCode)

descope/gin/go.mod

@@ -2,6 +2,8 @@ module github.com/descope/go-sdk/descope/gin
 
 go 1.23
 
+toolchain go1.24.0
+
 replace github.com/descope/go-sdk => ../../
 
 require (

descope/internal/auth/auth_test.go

@@ -22,10 +22,10 @@ import (
 )
 
 const (
-	jwtTokenValid    = `eyJhbGciOiJFUzM4NCIsImtpZCI6InRlc3RrZXkiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsidGVzdCJdLCJkcm4iOiJEUyIsImV4cCI6MzY1OTU2MTQzMCwiaWF0IjoxNjU5NTYxNDMwLCJpc3MiOiJ0ZXN0Iiwic3ViIjoic29tZXVzZXIiLCJ0ZXN0IjoidGVzdCJ9.tE6hXIuH74drymm6DSAs4FkaQSzf3MQ0D7pjC-9SaBRnqHoRuDOIJd3mIRsxzfb2nS6NX_tk6H1na6kFEKsJdMsUG-LbCqqib98z9tHtq-Jh6Axl5Qe9RITfIOwzOssw`
-	jwtRTokenValid   = `eyJhbGciOiJFUzM4NCIsImtpZCI6InRlc3RrZXkiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsidGVzdCJdLCJkcm4iOiJEU1IiLCJleHAiOjM2NTk1NjE0MzAsImlhdCI6MTY1OTU2MTQzMCwiaXNzIjoidGVzdCIsInN1YiI6InNvbWV1c2VyIiwidGVzdCI6InRlc3QifQ.zKbJKuGo9Q9NsvI_SdrH1pDH8uuTRnTcT4eMJe237Lr6ZrtRGbw2a0U0aEwgNrox2RXupkmD3vfQtZiD3AiU9xHY8X3xwTGsDwA497eT6RrA13zNufrhSMNjF6V5-xVl`
-	jwtTokenExpired  = `eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzM4NCIsImtpZCI6ImU0YTU3Y2M5ZGZiNDAyYTNlNTNjNDJhNjQyMmY3M2FmIn0.eyJjb29raWVOYW1lIjoiRFMiLCJleHAiOjEyNTYyNTg2OTF9.AvU50pkQt8F000JqpVy7vCbcV-pwGqyi_GENqmmqrRMVswk5Y5VfSjP7axBnZ55xJ85sP6ozawbs_g1FdGtzvgrHEIJVRJSe73EwWTV9yZwiUD8kU-QAtUqP_Vk-rf-3zzE1lmI3DubXZYGTE4tMUsIQ-2NI3-Q9R89yzjLMv9z7_0TaDB28LMCJPlmjTA-7x_FoWqxmCs0z00dZ6sthtppbo25DiO3EW7D35gE1CPOgITjktWSRt035TR0iV91YoPyPAkmEo3mxI4XXu-1fLcZdFFTZOOU4TmA-_wbXevf0kIaQ9Kl4jPEK9lSUHEhLG59nu_0aPVxUXqE-Y8Qo7Ed-Gri5fPhZarDtMRRpVc1pc7D8zYMyKEHvCqkdjV9MDfIK3eCVuCGUxytgEe4Px-sgPSS_7Ne8hZ1T7K3TbcoMlRl--fI6rbmcOj-2srCcofr9NX2pxeUdWU8g6ZfFFxADSfJNb0MbZz55QGN8yz-54jZR3nT7i7kXX0ylrDQw`
-	jwtTokenNotYet   = `eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzM4NCIsImtpZCI6ImU0YTU3Y2M5ZGZiNDAyYTNlNTNjNDJhNjQyMmY3M2FmIn0.eyJjb29raWVOYW1lIjoiRFMiLCJuYmYiOjI2NTYyNTg2OTF9.dvkNfmyUgbhlwv2eW_qC8VfcKYaMKaS8aDM2XdgYxnLuOhQUNnlY87H8bQGw7RChvqyJtciFo74KFhTZkAWqKDpdisIPDnydJ7SzY-NOv6Mtg0DAl99nDuItsYDoSIHVV_3h6feZC353ziQIEoktPf9dnyYpN0IumGMg-g5ww7foDglpwbIP9c6SxxDIOIMh5fGlT7tG79-i_QJ3zsDuYo0v8aNFd7QcP5tA8Kj9Tthp2pHTacu0WDSq39p6XEvDaKiLRhhVOfyd_jTTC2xzmkXRzt2KOy1ObRvhOiItQCoISn66QO4dm8febSagA2_GtDd1VYxwT0zW7usK4CwKfoSej_UMp-BZZ8Q1fDqMWfG9qWjeinfty7ePQwV2Y_kiNCjyTvKlbPnTINL_VXemb0pIaAITfROlzWtXGGnP3soFczgWe4WXC_Q7wx3uCkyN5BIKLajxCF3EAfPzDi7YbYnQXEk-imGoqWpYXw0SXMkYo2wkd9Qul4uXH_mGh50l`
+	jwtTokenValid    = `eyJhbGciOiJFUzM4NCIsImtpZCI6InRlc3RrZXkiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsidGVzdCJdLCJkcm4iOiJEUyIsImV4cCI6MzY1OTU2MTQzMCwiaWF0IjoxNjU5NTYxNDMwLCJpc3MiOiJ0ZXN0Iiwic3ViIjoic29tZXVzZXIiLCJ0ZXN0IjoidGVzdCJ9.tE6hXIuH74drymm6DSAs4FkaQSzf3MQ0D7pjC-9SaBRnqHoRuDOIJd3mIRsxzfb2nS6NX_tk6H1na6kFEKsJdMsUG-LbCqqib98z9tHtq-Jh6Axl5Qe9RITfIOwzOssw`                                                                                                                                                                                                                                                                                                                                      // nolint:gosec
+	jwtRTokenValid   = `eyJhbGciOiJFUzM4NCIsImtpZCI6InRlc3RrZXkiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsidGVzdCJdLCJkcm4iOiJEU1IiLCJleHAiOjM2NTk1NjE0MzAsImlhdCI6MTY1OTU2MTQzMCwiaXNzIjoidGVzdCIsInN1YiI6InNvbWV1c2VyIiwidGVzdCI6InRlc3QifQ.zKbJKuGo9Q9NsvI_SdrH1pDH8uuTRnTcT4eMJe237Lr6ZrtRGbw2a0U0aEwgNrox2RXupkmD3vfQtZiD3AiU9xHY8X3xwTGsDwA497eT6RrA13zNufrhSMNjF6V5-xVl`                                                                                                                                                                                                                                                                                                                                    // nolint:gosec
+	jwtTokenExpired  = `eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzM4NCIsImtpZCI6ImU0YTU3Y2M5ZGZiNDAyYTNlNTNjNDJhNjQyMmY3M2FmIn0.eyJjb29raWVOYW1lIjoiRFMiLCJleHAiOjEyNTYyNTg2OTF9.AvU50pkQt8F000JqpVy7vCbcV-pwGqyi_GENqmmqrRMVswk5Y5VfSjP7axBnZ55xJ85sP6ozawbs_g1FdGtzvgrHEIJVRJSe73EwWTV9yZwiUD8kU-QAtUqP_Vk-rf-3zzE1lmI3DubXZYGTE4tMUsIQ-2NI3-Q9R89yzjLMv9z7_0TaDB28LMCJPlmjTA-7x_FoWqxmCs0z00dZ6sthtppbo25DiO3EW7D35gE1CPOgITjktWSRt035TR0iV91YoPyPAkmEo3mxI4XXu-1fLcZdFFTZOOU4TmA-_wbXevf0kIaQ9Kl4jPEK9lSUHEhLG59nu_0aPVxUXqE-Y8Qo7Ed-Gri5fPhZarDtMRRpVc1pc7D8zYMyKEHvCqkdjV9MDfIK3eCVuCGUxytgEe4Px-sgPSS_7Ne8hZ1T7K3TbcoMlRl--fI6rbmcOj-2srCcofr9NX2pxeUdWU8g6ZfFFxADSfJNb0MbZz55QGN8yz-54jZR3nT7i7kXX0ylrDQw` // nolint:gosec
+	jwtTokenNotYet   = `eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzM4NCIsImtpZCI6ImU0YTU3Y2M5ZGZiNDAyYTNlNTNjNDJhNjQyMmY3M2FmIn0.eyJjb29raWVOYW1lIjoiRFMiLCJuYmYiOjI2NTYyNTg2OTF9.dvkNfmyUgbhlwv2eW_qC8VfcKYaMKaS8aDM2XdgYxnLuOhQUNnlY87H8bQGw7RChvqyJtciFo74KFhTZkAWqKDpdisIPDnydJ7SzY-NOv6Mtg0DAl99nDuItsYDoSIHVV_3h6feZC353ziQIEoktPf9dnyYpN0IumGMg-g5ww7foDglpwbIP9c6SxxDIOIMh5fGlT7tG79-i_QJ3zsDuYo0v8aNFd7QcP5tA8Kj9Tthp2pHTacu0WDSq39p6XEvDaKiLRhhVOfyd_jTTC2xzmkXRzt2KOy1ObRvhOiItQCoISn66QO4dm8febSagA2_GtDd1VYxwT0zW7usK4CwKfoSej_UMp-BZZ8Q1fDqMWfG9qWjeinfty7ePQwV2Y_kiNCjyTvKlbPnTINL_VXemb0pIaAITfROlzWtXGGnP3soFczgWe4WXC_Q7wx3uCkyN5BIKLajxCF3EAfPzDi7YbYnQXEk-imGoqWpYXw0SXMkYo2wkd9Qul4uXH_mGh50l` // nolint:gosec
 	unknownPublicKey = `{
 		"crv": "P-384",
 		"key_ops": [
@@ -40,7 +40,7 @@ const (
 	  }`
 	publicKey = `{"alg":"ES384","crv":"P-384","kid":"testkey","kty":"EC","use":"sig","x":"fcK-QcFhZooWoMPU2qIfkwBXfLIKkGm2plbS35jEQ53JqgnCaHDzLpyGaWWaIKfg","y":"IJS9pIQl3ZHh3GXi166DZgDieWGEypG9zaE3mEQrjgU-9F4qJWYDo4Fk0XS-ZJXr"}`
 
-	jwtTokenWithTenants  = "eyJhbGciOiJFUzM4NCIsImtpZCI6InRlc3RrZXkiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsidGVzdCJdLCJkcm4iOiJEUyIsImV4cCI6MzY2MDIyMzc1OSwiaWF0IjoxNjYwMjIzNzU5LCJpc3MiOiJ0ZXN0Iiwic3ViIjoic29tZXVzZXIiLCJ0ZW5hbnRzIjp7InQxIjp7fSwidDIiOnt9fX0.sIa7U18_h772xYpyFCjOXtsBtMtwWBoFNmDA-Bc-hmWciQC_5-sndtwLdaJD77t2wkoq3wAbjp6jcL1-qBSNZ6pueMdO02IbGK-mkmC439UhdQ7xs7jQXziHstMBaHT5"
+	jwtTokenWithTenants  = "eyJhbGciOiJFUzM4NCIsImtpZCI6InRlc3RrZXkiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsidGVzdCJdLCJkcm4iOiJEUyIsImV4cCI6MzY2MDIyMzc1OSwiaWF0IjoxNjYwMjIzNzU5LCJpc3MiOiJ0ZXN0Iiwic3ViIjoic29tZXVzZXIiLCJ0ZW5hbnRzIjp7InQxIjp7fSwidDIiOnt9fX0.sIa7U18_h772xYpyFCjOXtsBtMtwWBoFNmDA-Bc-hmWciQC_5-sndtwLdaJD77t2wkoq3wAbjp6jcL1-qBSNZ6pueMdO02IbGK-mkmC439UhdQ7xs7jQXziHstMBaHT5" // nolint:gosec
 	publicKeyWithTenants = `{"alg":"ES384","crv":"P-384","kid":"testkey","kty":"EC","use":"sig","x":"Ov545bC4GMh_YPMF_rHzpi2iuLk4wmQsSN_HiCS_-e1TOp2zrPPOVzjIaGWk-S4u","y":"uzQM6ROnewL6UhYkV7FNH-0sXRj3QqoaKsQmclzJSad8oYw9Q7czRDfGa0dWo7r6"}`
 )
 
@@ -1217,7 +1217,7 @@ func TestMeEmptyResponse(t *testing.T) {
 func TestTenants(t *testing.T) {
 	a, err := newTestAuth(nil, func(r *http.Request) (*http.Response, error) {
 		m := &map[string]any{}
-		readBody(r, m)
+		_ = readBody(r, m)
 		assert.EqualValues(t, map[string]any{"dct": true, "ids": nil}, *m)
 		res := descope.TenantsResponse{Tenants: []descope.MeTenant{{ID: "a"}}}
 		bs, err := utils.Marshal(res)

descope/internal/mgmt/jwt_test.go

@@ -25,7 +25,8 @@ func TestUpdateJwt(t *testing.T) {
 		require.EqualValues(t, refreshDuration, req["refreshDuration"])
 
 	}, map[string]interface{}{"jwt": expectedJWT}))
-	jwtRes, err := mgmt.JWT().UpdateJWTWithCustomClaims(context.Background(), orgJwt, customClaims, int32(refreshDuration))
+	jwtRes, err := mgmt.JWT().UpdateJWTWithCustomClaims(context.Background(), orgJwt, customClaims,
+		int32(refreshDuration)) // nolint:gosec
 	require.NoError(t, err)
 	require.EqualValues(t, expectedJWT, jwtRes)
 }
@@ -94,8 +95,8 @@ func TestImpersonateMissingImpersonator(t *testing.T) {
 	require.Empty(t, jwtRes)
 }
 
-const jwtTokenValid = `eyJhbGciOiJFUzM4NCIsImtpZCI6InRlc3RrZXkiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsidGVzdCJdLCJkcm4iOiJEUyIsImV4cCI6MzY1OTU2MTQzMCwiaWF0IjoxNjU5NTYxNDMwLCJpc3MiOiJ0ZXN0Iiwic3ViIjoic29tZXVzZXIiLCJ0ZXN0IjoidGVzdCJ9.tE6hXIuH74drymm6DSAs4FkaQSzf3MQ0D7pjC-9SaBRnqHoRuDOIJd3mIRsxzfb2nS6NX_tk6H1na6kFEKsJdMsUG-LbCqqib98z9tHtq-Jh6Axl5Qe9RITfIOwzOssw`
-const jwtRTokenValid = `eyJhbGciOiJFUzM4NCIsImtpZCI6InRlc3RrZXkiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsidGVzdCJdLCJkcm4iOiJEU1IiLCJleHAiOjM2NTk1NjE0MzAsImlhdCI6MTY1OTU2MTQzMCwiaXNzIjoidGVzdCIsInN1YiI6InNvbWV1c2VyIiwidGVzdCI6InRlc3QifQ.zKbJKuGo9Q9NsvI_SdrH1pDH8uuTRnTcT4eMJe237Lr6ZrtRGbw2a0U0aEwgNrox2RXupkmD3vfQtZiD3AiU9xHY8X3xwTGsDwA497eT6RrA13zNufrhSMNjF6V5-xVl`
+const jwtTokenValid = `eyJhbGciOiJFUzM4NCIsImtpZCI6InRlc3RrZXkiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsidGVzdCJdLCJkcm4iOiJEUyIsImV4cCI6MzY1OTU2MTQzMCwiaWF0IjoxNjU5NTYxNDMwLCJpc3MiOiJ0ZXN0Iiwic3ViIjoic29tZXVzZXIiLCJ0ZXN0IjoidGVzdCJ9.tE6hXIuH74drymm6DSAs4FkaQSzf3MQ0D7pjC-9SaBRnqHoRuDOIJd3mIRsxzfb2nS6NX_tk6H1na6kFEKsJdMsUG-LbCqqib98z9tHtq-Jh6Axl5Qe9RITfIOwzOssw`    // nolint:gosec
+const jwtRTokenValid = `eyJhbGciOiJFUzM4NCIsImtpZCI6InRlc3RrZXkiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsidGVzdCJdLCJkcm4iOiJEU1IiLCJleHAiOjM2NTk1NjE0MzAsImlhdCI6MTY1OTU2MTQzMCwiaXNzIjoidGVzdCIsInN1YiI6InNvbWV1c2VyIiwidGVzdCI6InRlc3QifQ.zKbJKuGo9Q9NsvI_SdrH1pDH8uuTRnTcT4eMJe237Lr6ZrtRGbw2a0U0aEwgNrox2RXupkmD3vfQtZiD3AiU9xHY8X3xwTGsDwA497eT6RrA13zNufrhSMNjF6V5-xVl` // nolint:gosec
 
 func TestSignIn(t *testing.T) {
 	loginID := "id2"

descope/tests/mocks/auth/authenticationmock.go

@@ -74,7 +74,7 @@ type MockMagicLink struct {
 	SignUpOrInAssert func(method descope.DeliveryMethod, loginID string, URI string, signUpOptions *descope.SignUpOptions)
 	SignUpOrInError  error
 
-	VerifyAssert   func(token string, w http.ResponseWriter) (*descope.AuthenticationInfo, error)
+	VerifyAssert   func(token string, w http.ResponseWriter)
 	VerifyError    error
 	VerifyResponse *descope.AuthenticationInfo
 
@@ -146,7 +146,7 @@ type MockEnchantedLink struct {
 	GetSessionResponse *descope.AuthenticationInfo
 	GetSessionError    error
 
-	VerifyAssert func(token string) (*descope.AuthenticationInfo, error)
+	VerifyAssert func(token string)
 	VerifyError  error
 
 	UpdateUserEmailAssert   func(loginID, email, URI string, updateOptions *descope.UpdateOptions, r *http.Request)

descope/tests/mocks/mgmt/managementmock.go

@@ -176,7 +176,7 @@ type MockSSO struct {
 	ConfigureSAMLSettingsByMetadataAssert func(tenantID string, settings *descope.SSOSAMLSettingsByMetadata, redirectURL string, domains []string, ssoID string)
 	ConfigureSAMLSettingsByMetadataError  error
 
-	ConfigureOIDCSettingsAssert func(tenantID string, settings *descope.SSOOIDCSettings, domains []string, ssoID string) error
+	ConfigureOIDCSettingsAssert func(tenantID string, settings *descope.SSOOIDCSettings, domains []string, ssoID string)
 	ConfigureOIDCSettingsError  error
 
 	NewSettingsAssert   func(tenantID string, ssoID string, displayName string)
@@ -950,7 +950,7 @@ type MockTenant struct {
 	ConfigureSettingsResponse *descope.TenantSettings
 	ConfigureSettingsError    error
 
-	GenerateSSOConfigurationLinkAssert   func(tenantID string, expireDuration int64, ssoID string, email string, templateID string) error
+	GenerateSSOConfigurationLinkAssert   func(tenantID string, expireDuration int64, ssoID string, email string, templateID string)
 	GenerateSSOConfigurationLinkResponse string
 	GenerateSSOConfigurationLinkError    error
 }
@@ -1574,16 +1574,16 @@ func (m *MockAuthz) GetModified(_ context.Context, since time.Time) (*descope.Au
 }
 
 type MockFGA struct {
-	SaveSchemaAssert func(schema *descope.FGASchema) error
+	SaveSchemaAssert func(schema *descope.FGASchema)
 	SaveSchemaError  error
 
 	LoadSchemaResponse *descope.FGASchema
 	LoadSchemaError    error
 
-	CreateRelationsAssert func(relations []*descope.FGARelation) error
+	CreateRelationsAssert func(relations []*descope.FGARelation)
 	CreateRelationsError  error
 
-	DeleteRelationsAssert func(relations []*descope.FGARelation) error
+	DeleteRelationsAssert func(relations []*descope.FGARelation)
 	DeleteRelationsError  error
 
 	CheckAssert   func(relations []*descope.FGARelation)

descope/types.go

@@ -1018,7 +1018,7 @@ const (
 	EnvironmentVariableProjectID         = "DESCOPE_PROJECT_ID"
 	EnvironmentVariablePublicKey         = "DESCOPE_PUBLIC_KEY"
 	EnvironmentVariableManagementKey     = "DESCOPE_MANAGEMENT_KEY"
-	EnvironmentVariableAuthManagementKey = "DESCOPE_AUTH_MANAGEMENT_KEY"
+	EnvironmentVariableAuthManagementKey = "DESCOPE_AUTH_MANAGEMENT_KEY" // gitleaks:allow
 	EnvironmentVariableBaseURL           = "DESCOPE_BASE_URL"
 )
 

descope/types_test.go

@@ -47,9 +47,9 @@ func TestNewToken(t *testing.T) {
 	subject := "subj"
 	expiration := time.Now()
 
-	token.Set(jwt.IssuerKey, issuer)
-	token.Set(jwt.SubjectKey, subject)
-	token.Set(jwt.ExpirationKey, expiration)
+	_ = token.Set(jwt.IssuerKey, issuer)
+	_ = token.Set(jwt.SubjectKey, subject)
+	_ = token.Set(jwt.ExpirationKey, expiration)
 
 	resToken := NewToken(jwtStr, token)
 
@@ -69,9 +69,9 @@ func TestNewTokenWithProjectID(t *testing.T) {
 	subject := "subj"
 	expiration := time.Now()
 
-	token.Set(jwt.IssuerKey, issuer)
-	token.Set(jwt.SubjectKey, subject)
-	token.Set(jwt.ExpirationKey, expiration)
+	_ = token.Set(jwt.IssuerKey, issuer)
+	_ = token.Set(jwt.SubjectKey, subject)
+	_ = token.Set(jwt.ExpirationKey, expiration)
 
 	resToken := NewToken(jwtStr, token)
 
@@ -86,11 +86,12 @@ func TestGetCreatedTime(t *testing.T) {
 	now := time.Now()
 	ct := now.Unix()
 	now = time.Unix(ct, 0)
-	u := UserResponse{CreatedTime: int32(ct)}
+	u := UserResponse{CreatedTime: int32(ct)} // nolint:gosec
 	assert.True(t, u.GetCreatedTime().Equal(now))
-	r := Role{CreatedTime: int32(ct)}
+	r := Role{CreatedTime: int32(ct)} // nolint:gosec
 	assert.True(t, r.GetCreatedTime().Equal(now))
-	c := ThirdPartyApplicationConsent{CreatedTime: int32(ct)}
+
+	c := ThirdPartyApplicationConsent{CreatedTime: int32(ct)} // nolint:gosec
 	assert.True(t, c.GetCreatedTime().Equal(now))
 }
 

go.mod

@@ -1,6 +1,8 @@
 module github.com/descope/go-sdk
 
-go 1.23
+go 1.23.0
+
+toolchain go1.24.1
 
 require (
 	github.com/google/uuid v1.6.0
@@ -20,7 +22,7 @@ require (
 	github.com/lestrrat-go/option v1.0.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/segmentio/asm v1.2.0 // indirect
-	golang.org/x/crypto v0.31.0 // indirect
-	golang.org/x/sys v0.28.0 // indirect
+	golang.org/x/crypto v0.35.0 // indirect
+	golang.org/x/sys v0.30.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -28,12 +28,12 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
-golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
+golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs=
+golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ=
 golang.org/x/exp v0.0.0-20220921023135-46d9e7742f1e h1:Ctm9yurWsg7aWwIpH9Bnap/IdSVxixymIb3MhiMEQQA=
 golang.org/x/exp v0.0.0-20220921023135-46d9e7742f1e/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE=
-golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
-golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
+golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

scripts/lint/.golangci.yml

@@ -50,7 +50,7 @@ linters:
     - godox
     - depguard
     - forbidigo
-  disable-all: true
+    - gosec
 
 issues:
   # Excluding configuration per-path, per-linter, per-text and per-source
@@ -63,4 +63,4 @@ issues:
   exclude-use-default: false
 
   # Maximum issues count per one linter. Set to 0 to disable. Default is 50.
-  max-issues-per-linter: 0
+  max-issues-per-linter: 0

scripts/lint/lint.sh

@@ -1,6 +1,7 @@
 #!/usr/bin/env bash
 
-GITLEAKS_VERSION="v8.8.11"
+# renovate: datasource=docker depName=ghcr.io/gitleaks/gitleaks
+GITLEAKS_VERSION="v8.24.0"
 CURRENT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 
 run_linter() {
@@ -62,7 +63,8 @@ lint_go_build() {
 # Run golangci-lint
 lint_run_golangci() {
 	echo "- Running golangci-lint"
-	GOLANG_CI_SUPPORTED_VERSION="1.61.0"
+	# renovate: datasource=github-releases depName=golangci/golangci-lint
+	GOLANG_CI_SUPPORTED_VERSION="1.64.7"
 	INSTALLED_GOLANG_CLI_VERSION="$(golangci-lint --version)"
 	if [[ $INSTALLED_GOLANG_CLI_VERSION != *"$GOLANG_CI_SUPPORTED_VERSION"* ]]; then
 		echo "Installing golangci-lint for the first time..."
@@ -71,12 +73,7 @@ lint_run_golangci() {
 	fi
 
 	local golang_cli_config="${1:-"${CURRENT_DIR}/.golangci.yml"}" # get first argument and set "cmd" to be default
-	lintresult=$(golangci-lint --config ${golang_cli_config} --out-format colored-line-number run)
-	if [[ -n $lintresult ]]; then
-		echo "Some files aren't passing lint, please run 'golangci-lint run' to see the errors it flags and correct your source code before committing"
-		echo $lintresult
-		exit 1
-	fi
+	golangci-lint --config ${golang_cli_config} --out-format colored-line-number run
 	if [ $? -ne 0 ]; then
 		exit 1
 	fi
@@ -86,19 +83,19 @@ lint_run_golangci() {
 # Run detect-secrets
 lint_find_secrets() {
 	echo "- Running secrets check"
-	INSTALLED_SECRETS_VERSION="$(docker inspect ghcr.io/zricethezav/gitleaks:$GITLEAKS_VERSION)"
+	INSTALLED_SECRETS_VERSION="$(docker inspect ghcr.io/gitleaks/gitleaks:$GITLEAKS_VERSION)"
 	if [[ -z $INSTALLED_SECRETS_VERSION ]]; then
 		echo "Installing gitleaks for the first time..."
-		git pull ghcr.io/zricethezav/gitleaks:$GITLEAKS_VERSION
+		git pull ghcr.io/gitleaks/gitleaks:$GITLEAKS_VERSION
 		echo "Done installing gitleaks"
 	fi
 	echo "  - Finding leaks in git log"
-	docker run --rm -v ${CURRENT_DIR}:/conf -v ${PWD}:/code ghcr.io/zricethezav/gitleaks:$GITLEAKS_VERSION detect -v --redact --source="/code" -c /conf/gitleaks.toml
+	docker run --rm -v ${CURRENT_DIR}:/conf -v ${PWD}:/code ghcr.io/gitleaks/gitleaks:$GITLEAKS_VERSION detect -v --redact --source="/code" -c /conf/gitleaks.toml
 	if [ $? -ne 0 ]; then
 		exit 1
 	fi
 	echo "  - Finding leaks in local repo"
-	docker run --rm -v ${CURRENT_DIR}:/conf -v ${PWD}:/code ghcr.io/zricethezav/gitleaks:$GITLEAKS_VERSION detect --no-git -v --redact --source="/code" -c /conf/gitleaks.toml
+	docker run --rm -v ${CURRENT_DIR}:/conf -v ${PWD}:/code ghcr.io/gitleaks/gitleaks:$GITLEAKS_VERSION detect --no-git -v --redact --source="/code" -c /conf/gitleaks.toml
 	if [ $? -ne 0 ]; then
 		exit 1
 	fi