From 26c0193e1462e45786c64a2724d803699ddd76bc Mon Sep 17 00:00:00 2001
From: Dimitrij Drus <dimitrij.drus@innoq.com>
Date: Mon, 1 Sep 2025 11:33:37 +0200
Subject: [PATCH 1/2] chore: golangci updated to v2.4.0

---
 .github/workflows/ci.yml        |   8 +-
 .github/workflows/security.yaml |   2 +-
 .golangci.yaml                  | 140 ++++++++++++++++++--------------
 accept_signature_builder.go     |  46 +++++------
 asymmetric_test.go              |   2 +
 message_test.go                 |  14 ++--
 signature_parameters.go         |   2 +-
 verifier_test.go                |   1 -
 8 files changed, 117 insertions(+), 98 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 41a4e05..5296ee4 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -21,8 +21,8 @@ jobs:
       - name: Review code
         uses: reviewdog/action-golangci-lint@f9bba13753278f6a73b27a56a3ffb1bfda90ed71 # v2.8.0
         with:
-          go_version: 1.23.12
-          golangci_lint_version: v1.59.1
+          go_version: 1.25.0
+          golangci_lint_version: 2.4.0
           reporter: github-pr-review
           fail_on_error: true
 
@@ -35,7 +35,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
         with:
-          go-version: 1.23.12
+          go-version: 1.25.0
       - name: Get google/go-licenses package
         run: go install github.com/google/go-licenses@v1.6.0
       - name: Check the licenses
@@ -54,7 +54,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
         with:
-          go-version: 1.23.12
+          go-version: 1.25.0
       - name: Execute tests
         run: |
           go test -v -gcflags=all=-l -cover ./... -coverprofile coverage.out -coverpkg ./...
diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
index 0f99207..bf8eaa1 100644
--- a/.github/workflows/security.yaml
+++ b/.github/workflows/security.yaml
@@ -44,7 +44,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
         with:
-          go-version: 1.23.12
+          go-version: 1.25.0
       - name: Initialize CodeQL
         uses: github/codeql-action/init@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.11
         with:
diff --git a/.golangci.yaml b/.golangci.yaml
index ab8ddba..872067b 100644
--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -1,73 +1,91 @@
-# Options for analysis running.
+version: "2"
+
 run:
-  timeout: 5m
   modules-download-mode: readonly
 
 linters:
-  enable-all: true
+  default: all
   disable:
+    - depguard
     - dupl
-    - wrapcheck
-    - ireturn
     - exhaustruct
-    - testpackage
-    - paralleltest
+    - ireturn
     - nolintlint
+    - paralleltest
+    - testpackage
     - tparallel
-    - depguard
+    - wrapcheck
     - zerologlint
-    # depricated
-    - gomnd
-    - execinquery
+    - goconst
+    - noinlineerr
+    # deprecated
+    - wsl
+  settings:
+    cyclop:
+      max-complexity: 11
+    exhaustive:
+      default-signifies-exhaustive: true
+      ignore-enum-members: POT.+
+    funlen:
+      lines: 80
+    mnd:
+      ignored-functions:
+        - ^make
+        - ^math\.
+        - ^time\.*
+    tagliatelle:
+      case:
+        rules:
+          json: snake
+          yaml: snake
+    varnamelen:
+      min-name-length: 2
+      ignore-names:
+        - err
+      ignore-type-assert-ok: true
+      ignore-map-index-ok: true
+      ignore-chan-recv-ok: true
+      ignore-decls:
+        - t testing.T
+        - i int
+        - T any
+        - m map[string]int
+        - w http.ResponseWriter
+        - r *http.Request
+  exclusions:
+    generated: lax
+    presets:
+      - comments
+      - common-false-positives
+      - legacy
+      - std-error-handling
+    rules:
+      - linters:
+          - canonicalheader
+          - cyclop
+          - err113
+          - errcheck
+          - forcetypeassert
+          - funlen
+          - gocognit
+          - iface
+          - lll
+          - maintidx
+          - mnd
+          - goconst
+          - varnamelen
+        path: (.+)_test\.go
 
-issues:
-  exclude-rules:
-    - path: '(.+)_test\.go'
-      linters:
-        - funlen
-        - maintidx
-        - cyclop
-        - gocognit
-        - err113
-        - lll
-        - errcheck
-        - canonicalheader
-        - mnd
-        - varnamelen
-        - forcetypeassert
-        - exhaustive
+formatters:
+  enable:
+    - gci
+    - gofmt
+    - gofumpt
+    - goimports
+  settings:
+    gci:
+      sections:
+        - standard
+        - default
+        - prefix(github.com/dadrus/httpsig)
 
-linters-settings:
-  exhaustive:
-    ignore-enum-members: "POT.+"
-    default-signifies-exhaustive: true
-  gci:
-    sections:
-      - standard # Captures all standard packages if they do not match another section.
-      - default # Contains all imports that could not be matched to another section type.
-      - prefix(github.com/dadrus/heimdall) # Groups all imports with the specified Prefix.
-  varnamelen:
-    min-name-length: 2
-    ignore-type-assert-ok: true
-    ignore-map-index-ok: true
-    ignore-chan-recv-ok: true
-    ignore-names:
-      - err
-    ignore-decls:
-      - t testing.T
-      - i int
-      - T any
-      - m map[string]int
-      - w http.ResponseWriter
-      - r *http.Request
-  goconst:
-    ignore-tests: true
-  cyclop:
-    max-complexity: 11
-  funlen:
-    lines: 80
-  mnd:
-    ignored-functions:
-      - '^make'
-      - '^math\.'
-      - '^time\.*'
diff --git a/accept_signature_builder.go b/accept_signature_builder.go
index 5c8a369..2028032 100644
--- a/accept_signature_builder.go
+++ b/accept_signature_builder.go
@@ -120,16 +120,25 @@ type AcceptSignatureBuilder struct {
 	wantContentDigest bool
 }
 
-func (asb *AcceptSignatureBuilder) setIdentifiers(identifiers []*componentIdentifier) {
-	asb.identifiers = identifiers
-
-	for _, identifier := range asb.identifiers {
-		if identifier.Value == componentIdentifierContentDigest {
-			asb.wantContentDigest = true
+func NewAcceptSignature(opts ...AcceptSignatureOption) (*AcceptSignatureBuilder, error) {
+	asb := &AcceptSignatureBuilder{
+		addCreatedTS: true,
+		addExpiresTS: true,
+		nonceGetter:  nonceGetter{},
+		label:        "sig",
+		cdAlgPrefs: []string{
+			AlgorithmPreference{Algorithm: Sha256, Preference: 5}.String(),  //nolint: mnd
+			AlgorithmPreference{Algorithm: Sha512, Preference: 10}.String(), //nolint: mnd
+		},
+	}
 
-			break
+	for _, opt := range opts {
+		if err := opt(asb); err != nil {
+			return nil, err
 		}
 	}
+
+	return asb, nil
 }
 
 func (asb *AcceptSignatureBuilder) Build(ctx context.Context, header http.Header) error {
@@ -166,23 +175,14 @@ func (asb *AcceptSignatureBuilder) Build(ctx context.Context, header http.Header
 	return nil
 }
 
-func NewAcceptSignature(opts ...AcceptSignatureOption) (*AcceptSignatureBuilder, error) {
-	asb := &AcceptSignatureBuilder{
-		addCreatedTS: true,
-		addExpiresTS: true,
-		nonceGetter:  nonceGetter{},
-		label:        "sig",
-		cdAlgPrefs: []string{
-			AlgorithmPreference{Algorithm: Sha256, Preference: 5}.String(),  //nolint: mnd
-			AlgorithmPreference{Algorithm: Sha512, Preference: 10}.String(), //nolint: mnd
-		},
-	}
+func (asb *AcceptSignatureBuilder) setIdentifiers(identifiers []*componentIdentifier) {
+	asb.identifiers = identifiers
 
-	for _, opt := range opts {
-		if err := opt(asb); err != nil {
-			return nil, err
+	for _, identifier := range asb.identifiers {
+		if identifier.Value == componentIdentifierContentDigest {
+			asb.wantContentDigest = true
+
+			break
 		}
 	}
-
-	return asb, nil
 }
diff --git a/asymmetric_test.go b/asymmetric_test.go
index 982f89e..62530dc 100644
--- a/asymmetric_test.go
+++ b/asymmetric_test.go
@@ -203,6 +203,8 @@ func TestRSASignerSignPayload(t *testing.T) {
 					err = rsa.VerifyPSS(&sig.privateKey.PublicKey, sig.hash, hashed, res, &rsa.PSSOptions{
 						SaltLength: rsa.PSSSaltLengthEqualsHash,
 					})
+				default:
+					require.Fail(t, "unknown algorithm")
 				}
 
 				require.NoError(t, err)
diff --git a/message_test.go b/message_test.go
index 3966f66..7985916 100644
--- a/message_test.go
+++ b/message_test.go
@@ -192,7 +192,7 @@ func TestMessageFromRequest(t *testing.T) {
 				require.NoError(t, err)
 
 				assert.Equal(t, data1, data2)
-				assert.Equal(t, []byte(`{"hello": "world"}`), data1)
+				assert.JSONEq(t, `{"hello": "world"}`, string(data1))
 			},
 		},
 		{
@@ -231,7 +231,7 @@ func TestMessageFromRequest(t *testing.T) {
 				require.NoError(t, err)
 
 				assert.Equal(t, data1, data2)
-				assert.Equal(t, []byte(`{"hello": "world"}`), data1)
+				assert.JSONEq(t, `{"hello": "world"}`, string(data1))
 			},
 		},
 	} {
@@ -371,7 +371,7 @@ Content-Length: 23
 				require.NoError(t, err)
 
 				assert.Equal(t, data1, data2)
-				assert.Equal(t, []byte(`{"hello": "world"}`), data1)
+				assert.JSONEq(t, `{"hello": "world"}`, string(data1))
 
 				assert.NotNil(t, msg.Body)
 
@@ -388,7 +388,7 @@ Content-Length: 23
 				require.NoError(t, err)
 
 				assert.Equal(t, data1, data2)
-				assert.Equal(t, []byte(`{"message": "good dog"}`), data1)
+				assert.JSONEq(t, `{"message": "good dog"}`, string(data1))
 			},
 		},
 	} {
@@ -454,7 +454,7 @@ func TestMessageForResponse(t *testing.T) {
 				require.NoError(t, err)
 
 				assert.Equal(t, data1, data2)
-				assert.Equal(t, []byte(`{"hello": "world"}`), data1)
+				assert.JSONEq(t, `{"hello": "world"}`, string(data1))
 
 				assert.NotNil(t, msg.Body)
 
@@ -516,7 +516,7 @@ func TestMessageForResponse(t *testing.T) {
 				require.NoError(t, err)
 
 				assert.Equal(t, data1, data2)
-				assert.Equal(t, []byte(`{"hello": "world"}`), data1)
+				assert.JSONEq(t, `{"hello": "world"}`, string(data1))
 
 				assert.NotNil(t, msg.Body)
 
@@ -533,7 +533,7 @@ func TestMessageForResponse(t *testing.T) {
 				require.NoError(t, err)
 
 				assert.Equal(t, data1, data2)
-				assert.Equal(t, []byte(`{"message": "good dog"}`), data1)
+				assert.JSONEq(t, `{"message": "good dog"}`, string(data1))
 			},
 		},
 	} {
diff --git a/signature_parameters.go b/signature_parameters.go
index d3191b9..08d7c3a 100644
--- a/signature_parameters.go
+++ b/signature_parameters.go
@@ -170,7 +170,7 @@ func (p *signatureParameters) toSignatureBase(msg *Message) ([]byte, error) {
 
 func (p *signatureParameters) hasIdentifier(id *componentIdentifier) bool {
 	for _, identifier := range p.identifiers {
-		if identifier.Item.Value == id.Item.Value && slices.Equal(identifier.Params.Names(), id.Params.Names()) {
+		if identifier.Value == id.Value && slices.Equal(identifier.Params.Names(), id.Params.Names()) {
 			return true
 		}
 	}
diff --git a/verifier_test.go b/verifier_test.go
index 6ef80bb..1f13808 100644
--- a/verifier_test.go
+++ b/verifier_test.go
@@ -583,7 +583,6 @@ func TestWithRequiredTag(t *testing.T) {
 			err := recoverIfPanics(t, func() error {
 				return WithRequiredTag("test", tc.opts...)(v, nil, false)
 			})
-
 			if err == nil {
 				require.Len(t, v.tagExpectations, 1)
 			}

From 97faa8502ebe00d7534c945a2ae828f5b4cb06ae Mon Sep 17 00:00:00 2001
From: Dimitrij Drus <dimitrij.drus@innoq.com>
Date: Mon, 1 Sep 2025 11:35:26 +0200
Subject: [PATCH 2/2] referenced version fixed

---
 .github/workflows/ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 5296ee4..03d4a88 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -22,7 +22,7 @@ jobs:
         uses: reviewdog/action-golangci-lint@f9bba13753278f6a73b27a56a3ffb1bfda90ed71 # v2.8.0
         with:
           go_version: 1.25.0
-          golangci_lint_version: 2.4.0
+          golangci_lint_version: v2.4.0
           reporter: github-pr-review
           fail_on_error: true