chore: Bump nixpkgs pin

Main change is the move to Go 1.23

Author: LeSuisse

.github/workflows/CI.yml

@@ -19,7 +19,7 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
       - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a
         with:
-          go-version: '^1.21.0'
+          go-version: '^1.23.0'
       - name: Tests
         run: "go test -race -coverprofile='coverage.txt' -covermode=atomic -v ./gpg/"
       - uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303

.goreleaser.yaml

@@ -1,6 +1,11 @@
+version: 2
+
 gomod:
   proxy: true
 
+metadata:
+  mod_timestamp: "{{ .CommitTimestamp }}"
+
 report_sizes: true
 
 builds:
@@ -49,6 +54,6 @@ signs:
     args: ["sign-blob", "--bundle", "${signature}", "--yes", "${artifact}"]
     artifacts: all
 snapshot:
-  name_template: "{{ incpatch .Version }}-next"
+  version_template: "{{ incpatch .Version }}-next"
 release:
   draft: true

go.mod

@@ -1,6 +1,6 @@
 module github.com/LeSuisse/vault-gpg-plugin
 
-go 1.21
+go 1.23
 
 require (
 	github.com/ProtonMail/go-crypto v1.1.3

gpg/backend_test.go

@@ -207,6 +207,7 @@ func getTestBackend(t *testing.T) (logical.Backend, logical.Storage) {
 	return b, config.StorageView
 }
 
+//nolint:gosec
 const gpgKey = `-----BEGIN PGP PRIVATE KEY BLOCK-----
 
 lQOYBFmZfJIBCACx2NgAf4rLLx2QKo444ATs3ewJICdy/cYhETxcn5wewdrxQayJ

gpg/path_decrypt_test.go

@@ -134,6 +134,7 @@ func TestGPG_DecryptError(t *testing.T) {
 	decryptMustFail("test", encryptedAndSignedMessageASCIIArmored, "ascii-armor", privateDecryptKey)
 }
 
+//nolint:gosec
 const privateDecryptKey = `-----BEGIN PGP PRIVATE KEY BLOCK-----
 
 lQEVBFmbQ68BCADeLSajk7PSagzGt4rs0Dy4LRD22qn9g2J0V/eG0BEqGPup3xYi

gpg/path_show_session_key.go

@@ -110,7 +110,7 @@ func (b *backend) pathShowSessionKeyWrite(ctx context.Context, req *logical.Requ
 			for _, key := range keys {
 				encryptedKey.Decrypt(key.PrivateKey, nil)
 
-				if encryptedKey.Key != nil && len(encryptedKey.Key) > 0 {
+				if len(encryptedKey.Key) > 0 {
 					sessionKey = fmt.Sprintf("%d:%s", encryptedKey.CipherFunc, strings.ToUpper(hex.EncodeToString(encryptedKey.Key)))
 					return &logical.Response{
 						Data: map[string]interface{}{

gpg/path_show_session_key_test.go

@@ -135,6 +135,7 @@ func TestGPG_ShowSessionKeyError(t *testing.T) {
 	showSessionKeyMustFail("test", encryptedSessionMessageASCIIArmored, "ascii-armor", "Signer key is not ASCII armored")
 }
 
+//nolint:gosec
 const privateSessionDecryptKey = `-----BEGIN PGP PRIVATE KEY BLOCK-----
 
 lQOYBFmbQ68BCADeLSajk7PSagzGt4rs0Dy4LRD22qn9g2J0V/eG0BEqGPup3xYi

shell.nix

@@ -1,13 +1,13 @@
 { pkgs ? import (
   fetchTarball {
-    url = "https://github.com/NixOS/nixpkgs/archive/01441e14af5e29c9d27ace398e6dd0b293e25a54.tar.gz";
-    sha256 = "sha256:0yvkamjbk3aj4lvhm6vdgdk4b2j0xdv3gx9n4p7wfky52j2529dy";
+    url = "https://github.com/NixOS/nixpkgs/archive/69b9a8c860bdbb977adfa9c5e817ccb717884182.tar.gz";
+    sha256 = "sha256:12ljkkjg3gicamvryxr2bnfcdb05qdlbc5wv4lcw9sxamszp4cp7";
   }
 ) {} }:
 
 pkgs.mkShell {
   buildInputs = [
-    pkgs.go_1_21
+    pkgs.go_1_23
     pkgs.gitMinimal
     pkgs.goreleaser
     pkgs.syft