chore: upgraded to go 1.24.10

.github/workflows/release.yml

@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-22.04
     strategy:
       matrix:
-        go: ['1.23', '1.24']
+        go: ['1.24', '1.25']
     name: Go ${{ matrix.go }} test
     steps:
       - uses: actions/checkout@v6

README.md

@@ -27,18 +27,18 @@ The most important packages of the library:
 
 Supported SAML features:
 
-| Feature | Identity provider |
-| --- | --- | 
-| POST-binding | yes |
-| Redirect-binding | yes |
-| Artifact-binding | [no](https://github.com/zitadel/zitadel/issues/3089) |
-| Request signing | yes |
-| Response signing | yes |
-| Metadata signing | yes |
-| Response encryption | [no](https://github.com/zitadel/zitadel/issues/3090) |
-| Assertion Query/Request | no |
-| Attribute Query | yes |
-| NameID Mapping | no |
+| Feature                 | Identity provider                                    |
+|-------------------------|------------------------------------------------------| 
+| POST-binding            | yes                                                  |
+| Redirect-binding        | yes                                                  |
+| Artifact-binding        | [no](https://github.com/zitadel/zitadel/issues/3089) |
+| Request signing         | yes                                                  |
+| Response signing        | yes                                                  |
+| Metadata signing        | yes                                                  |
+| Response encryption     | [no](https://github.com/zitadel/zitadel/issues/3090) |
+| Assertion Query/Request | no                                                   |
+| Attribute Query         | yes                                                  |
+| NameID Mapping          | no                                                   |
 
 ## Resources
 
@@ -55,15 +55,13 @@ For your convenience you can find the relevant standards linked below.
 
 ## Supported Go Versions
 
-For security reasons, we only support and recommend the use of one of the latest three Go versions (:white_check_mark:)
-.  
-Versions that also build are marked with :warning:.
+For security reasons, we only support and recommend the use of one of the latest three Go versions (:white_check_mark:).
 
 | Version | Supported          |
-| ------- | ------------------ |
-| <1.23   | :x:                |
-| 1.23    | :white_check_mark: |
+|---------|--------------------|
+| <1.24   | :x:                |
 | 1.24    | :white_check_mark: |
+| 1.25    | :white_check_mark: |
 
 ## Why another library
 

go.mod

@@ -1,6 +1,6 @@
 module github.com/zitadel/saml
 
-go 1.23.7
+go 1.24.10
 
 require (
 	github.com/amdonov/xmlsig v0.1.0

pkg/provider/login.go

@@ -2,6 +2,7 @@ package provider
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"net/http"
 
@@ -66,25 +67,25 @@ func (p *IdentityProvider) callbackHandleFunc(w http.ResponseWriter, r *http.Req
 func (p *IdentityProvider) loginResponse(ctx context.Context, authRequest models.AuthRequestInt, response *Response) (*samlp.ResponseType, error) {
 	if !authRequest.Done() {
 		logging.Error(StatusCodeAuthNFailed)
-		return nil, fmt.Errorf(StatusCodeAuthNFailed)
+		return nil, errors.New(StatusCodeAuthNFailed)
 	}
 
 	attrs := &Attributes{}
 	if err := p.storage.SetUserinfoWithUserID(ctx, authRequest.GetApplicationID(), attrs, authRequest.GetUserID(), []int{}); err != nil {
 		logging.Error(err)
-		return nil, fmt.Errorf(StatusCodeInvalidAttrNameOrValue)
+		return nil, errors.New(StatusCodeInvalidAttrNameOrValue)
 	}
 
 	cert, key, err := getResponseCert(ctx, p.storage)
 	if err != nil {
 		logging.Error(err)
-		return nil, fmt.Errorf(StatusCodeInvalidAttrNameOrValue)
+		return nil, errors.New(StatusCodeInvalidAttrNameOrValue)
 	}
 
 	samlResponse := response.makeSuccessfulResponse(attrs, p.TimeFormat, p.Expiration)
 	if err := createSignature(response, samlResponse, key, cert, p.conf.SignatureAlgorithm); err != nil {
 		logging.Error(err)
-		return nil, fmt.Errorf(StatusCodeResponder)
+		return nil, errors.New(StatusCodeResponder)
 	}
 	return samlResponse, nil
 }

pkg/provider/response.go

@@ -13,7 +13,7 @@ import (
 	"github.com/zitadel/saml/pkg/provider/xml/samlp"
 )
 
-var (
+const (
 	StatusCodeSuccess                = "urn:oasis:names:tc:SAML:2.0:status:Success"
 	StatusCodeVersionMissmatch       = "urn:oasis:names:tc:SAML:2.0:status:VersionMismatch"
 	StatusCodeAuthNFailed            = "urn:oasis:names:tc:SAML:2.0:status:AuthnFailed"

pkg/provider/signature/certificates.go

@@ -26,15 +26,15 @@ func ParseCertificates(certStrs []string) ([]*x509.Certificate, error) {
 		certStr = strings.TrimPrefix(strings.TrimSuffix(certStr, "-----ENDCERTIFICATE-----"), "-----BEGINCERTIFICATE-----")
 		certBytes, err := base64.StdEncoding.DecodeString(certStr)
 		if err != nil {
-			return nil, fmt.Errorf("failed to decode certificate:" + err.Error())
+			return nil, fmt.Errorf("failed to decode certificate: %v", err)
 		}
 		block, _ := pem.Decode(certBytes)
 		if block != nil {
 			certBytes = block.Bytes
 		}
 		parsedCert, err := x509.ParseCertificate(certBytes)
 		if err != nil {
-			return nil, fmt.Errorf("failed to parse certificate: " + err.Error())
+			return nil, fmt.Errorf("failed to parse certificate: %s", err)
 		}
 		certs[i] = parsedCert
 	}

pkg/provider/signature/signature_test.go

@@ -250,18 +250,18 @@ func TestSignature_ValidateRedirect(t *testing.T) {
 
 			certBytes, err := base64.StdEncoding.DecodeString(certStr)
 			if err != nil {
-				t.Errorf("failed to parse PEM block containing the public key")
+				t.Error("failed to parse PEM block containing the public key")
 				return
 			}
 			parsedCert, err := x509.ParseCertificate(certBytes)
 			if err != nil {
-				t.Errorf("failed to parse certificate: " + err.Error())
+				t.Errorf("failed to parse certificate: %v", err)
 				return
 			}
 
 			signatureValue, err := base64.StdEncoding.DecodeString(tt.args.sig)
 			if err != nil {
-				t.Errorf("failed to decode sig: " + err.Error())
+				t.Errorf("failed to decode sig: %v", err)
 				return
 			}