core: bump library/golang from 1.25.5-trixie to 1.26.0-trixie in /lifecycle/container (#20381)

* core: bump library/golang in /lifecycle/container Bumps library/golang from 1.25.5-trixie to 1.26.0-trixie. --- updated-dependencies: - dependency-name: library/golang dependency-version: 1.26.0-trixie dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * bump & fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * bump docs too Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2026-06-17 19:09:11 +03:00 · 2026-02-19 12:35:00 +00:00
parent ebc06a8453
commit 122cee049a
44 changed files with 156 additions and 172 deletions
@@ -1,6 +1,6 @@
 module goauthentik.io

-go 1.25.5
+go 1.26.0

 require (
 	beryju.io/ldap v0.1.0
@@ -214,12 +214,6 @@ go.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI=
 go.yaml.in/yaml/v2 v2.4.2/go.mod h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU=
 go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
 go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
-goauthentik.io/api/v3 v3.2026020.17-0.20260210174940-ae049de99535 h1:DPk8z6SGesp0gbmaD2zTAKVSd/NQ++Nu+lu3UrCkNvE=
-goauthentik.io/api/v3 v3.2026020.17-0.20260210174940-ae049de99535/go.mod h1:uYa+yGMglhJy8ymyUQ8KQiJjOb3UZTuPQ24Ot2s9BCo=
-goauthentik.io/api/v3 v3.2026020.17-0.20260211005401-cdd71ec2f62f h1:KK5lBHSvZSlMbUViB7KStlkP9kC1t9JeiMawa7wyI6Q=
-goauthentik.io/api/v3 v3.2026020.17-0.20260211005401-cdd71ec2f62f/go.mod h1:uYa+yGMglhJy8ymyUQ8KQiJjOb3UZTuPQ24Ot2s9BCo=
-goauthentik.io/api/v3 v3.2026020.17-0.20260211204352-035cbbe57393 h1:eLRd2GC+pxvwd3m2msJRNB9upH7pcIZH5V4L9/WhRcw=
-goauthentik.io/api/v3 v3.2026020.17-0.20260211204352-035cbbe57393/go.mod h1:uYa+yGMglhJy8ymyUQ8KQiJjOb3UZTuPQ24Ot2s9BCo=
 goauthentik.io/api/v3 v3.2026020.17-0.20260213141435-0db2228fbd47 h1:quNPFsxsMNKICxrJP3dFehxgCvt3Qi9UeV8HzcEk17c=
 goauthentik.io/api/v3 v3.2026020.17-0.20260213141435-0db2228fbd47/go.mod h1:uYa+yGMglhJy8ymyUQ8KQiJjOb3UZTuPQ24Ot2s9BCo=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
@@ -128,9 +128,9 @@ func (c *Config) fromEnv() error {
 	return nil
 }

-func (c *Config) walkScheme(v interface{}) {
+func (c *Config) walkScheme(v any) {
 	rv := reflect.ValueOf(v)
-	if rv.Kind() != reflect.Ptr || rv.IsNil() {
+	if rv.Kind() != reflect.Pointer || rv.IsNil() {
 		return
 	}

@@ -204,8 +204,8 @@ func (a *APIController) OnRefresh() error {
 	return err
 }

-func (a *APIController) getEventPingArgs() map[string]interface{} {
-	args := map[string]interface{}{
+func (a *APIController) getEventPingArgs() map[string]any {
+	args := map[string]any{
 		"version":        constants.VERSION(),
 		"buildHash":      constants.BUILD(""),
 		"uuid":           a.instanceUUID.String(),
@@ -186,7 +186,7 @@ func (ac *APIController) startEventHealth() {
 			time.Sleep(time.Second * 5)
 			continue
 		}
-		err := ac.SendEventHello(map[string]interface{}{})
+		err := ac.SendEventHello(map[string]any{})
 		if err != nil {
 			ac.logger.WithField("loop", "event-health").WithError(err).Warning("event write error")
 			go ac.recentEvents()
@@ -240,11 +240,9 @@ func (a *APIController) AddEventHandler(handler EventHandler) {
 	a.eventHandlers = append(a.eventHandlers, handler)
 }

-func (a *APIController) SendEventHello(args map[string]interface{}) error {
+func (a *APIController) SendEventHello(args map[string]any) error {
 	allArgs := a.getEventPingArgs()
-	for key, value := range args {
-		allArgs[key] = value
-	}
+	maps.Copy(allArgs, args)
 	aliveMsg := Event{
 		Instruction: EventKindHello,
 		Args:        allArgs,
@@ -24,11 +24,11 @@ const (
 type EventHandler func(ctx context.Context, msg Event) error

 type Event struct {
-	Instruction EventKind   `json:"instruction"`
-	Args        interface{} `json:"args"`
+	Instruction EventKind `json:"instruction"`
+	Args        any       `json:"args"`
 }

-func (wm Event) ArgsAs(out interface{}) error {
+func (wm Event) ArgsAs(out any) error {
 	return mapstructure.Decode(wm.Args, out)
 }

@@ -38,7 +38,7 @@ func Paginator[Tobj any, Treq any, Tres PaginatorResponse[Tobj]](
 	if opts.Logger == nil {
 		opts.Logger = log.NewEntry(log.StandardLogger())
 	}
-	var bfreq, cfreq interface{}
+	var bfreq, cfreq any
 	fetchOffset := func(page int32) (Tres, error) {
 		bfreq = req.Page(page)
 		cfreq = bfreq.(PaginatorRequest[Treq, Tres]).PageSize(int32(opts.PageSize))
@@ -27,10 +27,10 @@ func (pi *ProviderInstance) UserEntry(u api.User) *ldap.Entry {
 	})

 	if u.IsActive == nil {
-		u.IsActive = api.PtrBool(false)
+		u.IsActive = new(false)
 	}
 	if u.Email == nil {
-		u.Email = api.PtrString("")
+		u.Email = new("")
 	}
 	attrs = utils.EnsureAttributes(attrs, map[string][]string{
 		"ak-active":      {strings.ToUpper(strconv.FormatBool(*u.IsActive))},
@@ -20,7 +20,7 @@ type LDAPGroup struct {
 	MemberOf       []string
 	IsSuperuser    bool
 	IsVirtualGroup bool
-	Attributes     map[string]interface{}
+	Attributes     map[string]any
 }

 func (lg *LDAPGroup) Entry() *ldap.Entry {
@@ -1,3 +1,3 @@
 package handler

-type Handler interface{}
+type Handler any
@@ -83,8 +83,8 @@ func normalizeAttributes(attributes []string) []string {
 	for _, attr := range attributes {
 		if strings.Contains(attr, ",") {
 			// Split comma-separated attributes and add them individually
-			parts := strings.Split(attr, ",")
-			for _, part := range parts {
+			parts := strings.SplitSeq(attr, ",")
+			for part := range parts {
 				part = strings.TrimSpace(part)
 				if part != "" {
 					result = append(result, part)
@@ -17,7 +17,7 @@ func AttributeKeySanitize(key string) string {
 	)
 }

-func stringify(in interface{}) *string {
+func stringify(in any) *string {
 	switch t := in.(type) {
 	case string:
 		return &t
@@ -45,7 +45,7 @@ func stringify(in interface{}) *string {
 }

 func AttributesToLDAP(
-	attrs map[string]interface{},
+	attrs map[string]any,
 	keyFormatter func(key string) string,
 	valueFormatter func(value []string) []string,
 ) []*ldap.EntryAttribute {
@@ -60,7 +60,7 @@ func AttributesToLDAP(
 			entry.Values = valueFormatter(t)
 		case *[]string:
 			entry.Values = valueFormatter(*t)
-		case []interface{}:
+		case []any:
 			vv := make([]string, 0)
 			for _, v := range t {
 				v := stringify(v)
@@ -16,7 +16,7 @@ func TestAKAttrsToLDAP_String(t *testing.T) {
 	u := api.User{}

 	// normal string
-	u.Attributes = map[string]interface{}{
+	u.Attributes = map[string]any{
 		"foo": "bar",
 	}
 	mapped := AttributesToLDAP(u.Attributes, func(key string) string {
@@ -28,8 +28,8 @@ func TestAKAttrsToLDAP_String(t *testing.T) {
 	assert.Equal(t, "foo", mapped[0].Name)
 	assert.Equal(t, []string{"bar"}, mapped[0].Values)
 	// pointer string
-	u.Attributes = map[string]interface{}{
-		"foo": api.PtrString("bar"),
+	u.Attributes = map[string]any{
+		"foo": new("bar"),
 	}
 	mapped = AttributesToLDAP(u.Attributes, func(key string) string {
 		return AttributeKeySanitize(key)
@@ -44,7 +44,7 @@ func TestAKAttrsToLDAP_String(t *testing.T) {
 func TestAKAttrsToLDAP_String_List(t *testing.T) {
 	u := api.User{}
 	// string list
-	u.Attributes = map[string]interface{}{
+	u.Attributes = map[string]any{
 		"foo": []string{"bar"},
 	}
 	mapped := AttributesToLDAP(u.Attributes, func(key string) string {
@@ -56,7 +56,7 @@ func TestAKAttrsToLDAP_String_List(t *testing.T) {
 	assert.Equal(t, "foo", mapped[0].Name)
 	assert.Equal(t, []string{"bar"}, mapped[0].Values)
 	// pointer string list
-	u.Attributes = map[string]interface{}{
+	u.Attributes = map[string]any{
 		"foo": &[]string{"bar"},
 	}
 	mapped = AttributesToLDAP(u.Attributes, func(key string) string {
@@ -71,7 +71,7 @@ func TestAKAttrsToLDAP_String_List(t *testing.T) {

 func TestAKAttrsToLDAP_Dict(t *testing.T) {
 	// dict
-	d := map[string]interface{}{
+	d := map[string]any{
 		"foo": map[string]string{
 			"foo": "bar",
 		},
@@ -88,8 +88,8 @@ func TestAKAttrsToLDAP_Dict(t *testing.T) {

 func TestAKAttrsToLDAP_Mixed(t *testing.T) {
 	// dict
-	d := map[string]interface{}{
-		"foo": []interface{}{
+	d := map[string]any{
+		"foo": []any{
 			"foo",
 			6,
 		},
@@ -250,7 +250,7 @@ func NewApplication(p api.ProxyOutpostConfig, c *http.Client, server Server, old

 	if *p.SkipPathRegex != "" {
 		a.UnauthenticatedRegex = make([]*regexp.Regexp, 0)
-		for _, regex := range strings.Split(*p.SkipPathRegex, "\n") {
+		for regex := range strings.SplitSeq(*p.SkipPathRegex, "\n") {
 			re, err := regexp.Compile(regex)
 			if err != nil {
 				// TODO: maybe create event for this?
@@ -62,7 +62,7 @@ func (a *Application) getHeaders(c *types.Claims) map[string]string {
 		if additionalHeaders == nil {
 			return headers
 		}
-		for key, value := range additionalHeaders.(map[string]interface{}) {
+		for key, value := range additionalHeaders.(map[string]any) {
 			headers[key] = toString(value)
 		}
 	}
@@ -134,13 +134,13 @@ func (a *Application) getNginxForwardUrl(r *http.Request) (*url.URL, error) {
 	return u, nil
 }

-func (a *Application) ReportMisconfiguration(r *http.Request, msg string, fields map[string]interface{}) {
+func (a *Application) ReportMisconfiguration(r *http.Request, msg string, fields map[string]any) {
 	fields["message"] = msg
 	a.log.WithFields(fields).Error("Reporting configuration error")
 	req := api.EventRequest{
 		Action:   api.EVENTACTIONS_CONFIGURATION_ERROR,
 		App:      "authentik.providers.proxy", // must match python apps.py name
-		ClientIp: *api.NewNullableString(api.PtrString(r.RemoteAddr)),
+		ClientIp: *api.NewNullableString(new(r.RemoteAddr)),
 		Context:  fields,
 	}
 	_, _, err := a.ak.Client.EventsAPI.EventsEventsCreate(context.Background()).EventRequest(req).Execute()
@@ -82,9 +82,9 @@ func TestAdHeaders_Standard(t *testing.T) {

 func TestAdHeaders_BasicAuth(t *testing.T) {
 	a := newTestApplication()
-	a.proxyConfig.BasicAuthEnabled = api.PtrBool(true)
-	a.proxyConfig.BasicAuthUserAttribute = api.PtrString("user")
-	a.proxyConfig.BasicAuthPasswordAttribute = api.PtrString("pass")
+	a.proxyConfig.BasicAuthEnabled = new(true)
+	a.proxyConfig.BasicAuthUserAttribute = new("user")
+	a.proxyConfig.BasicAuthPasswordAttribute = new("pass")
 	h := http.Header{}
 	a.addHeaders(h, &types.Claims{
 		PreferredUsername: "foo",
@@ -28,7 +28,7 @@ func (a *Application) forwardHandleTraefik(rw http.ResponseWriter, r *http.Reque
 	// First check if we've got everything we need
 	fwd, err := a.getTraefikForwardUrl(r)
 	if err != nil {
-		a.ReportMisconfiguration(r, fmt.Sprintf("Outpost %s (Provider %s) failed to detect a forward URL from Traefik", a.outpostName, a.proxyConfig.Name), map[string]interface{}{
+		a.ReportMisconfiguration(r, fmt.Sprintf("Outpost %s (Provider %s) failed to detect a forward URL from Traefik", a.outpostName, a.proxyConfig.Name), map[string]any{
 			"provider": a.proxyConfig.Name,
 			"outpost":  a.outpostName,
 			"url":      r.URL.String(),
@@ -71,7 +71,7 @@ func (a *Application) forwardHandleCaddy(rw http.ResponseWriter, r *http.Request
 	// First check if we've got everything we need
 	fwd, err := a.getTraefikForwardUrl(r)
 	if err != nil {
-		a.ReportMisconfiguration(r, fmt.Sprintf("Outpost %s (Provider %s) failed to detect a forward URL from Caddy", a.outpostName, a.proxyConfig.Name), map[string]interface{}{
+		a.ReportMisconfiguration(r, fmt.Sprintf("Outpost %s (Provider %s) failed to detect a forward URL from Caddy", a.outpostName, a.proxyConfig.Name), map[string]any{
 			"provider": a.proxyConfig.Name,
 			"outpost":  a.outpostName,
 			"url":      r.URL.String(),
@@ -113,7 +113,7 @@ func (a *Application) forwardHandleNginx(rw http.ResponseWriter, r *http.Request
 	a.log.WithField("header", r.Header).Trace("tracing headers for debug")
 	fwd, err := a.getNginxForwardUrl(r)
 	if err != nil {
-		a.ReportMisconfiguration(r, fmt.Sprintf("Outpost %s (Provider %s) failed to detect a forward URL from nginx", a.outpostName, a.proxyConfig.Name), map[string]interface{}{
+		a.ReportMisconfiguration(r, fmt.Sprintf("Outpost %s (Provider %s) failed to detect a forward URL from nginx", a.outpostName, a.proxyConfig.Name), map[string]any{
 			"provider": a.proxyConfig.Name,
 			"outpost":  a.outpostName,
 			"url":      r.URL.String(),
@@ -74,10 +74,10 @@ func TestForwardHandleCaddy_Single_Claims(t *testing.T) {
 	s.Values[constants.SessionClaims] = types.Claims{
 		Sub: "foo",
 		Proxy: &types.ProxyClaims{
-			UserAttributes: map[string]interface{}{
+			UserAttributes: map[string]any{
 				"username": "foo",
 				"password": "bar",
-				"additionalHeaders": map[string]interface{}{
+				"additionalHeaders": map[string]any{
 					"foo": "bar",
 				},
 			},
@@ -110,7 +110,7 @@ func TestForwardHandleCaddy_Single_Claims(t *testing.T) {
 func TestForwardHandleCaddy_Domain_Blank(t *testing.T) {
 	a := newTestApplication()
 	a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr()
-	a.proxyConfig.CookieDomain = api.PtrString("foo")
+	a.proxyConfig.CookieDomain = new("foo")
 	req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/caddy", nil)

 	rr := httptest.NewRecorder()
@@ -122,7 +122,7 @@ func TestForwardHandleCaddy_Domain_Blank(t *testing.T) {
 func TestForwardHandleCaddy_Domain_Header(t *testing.T) {
 	a := newTestApplication()
 	a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr()
-	a.proxyConfig.CookieDomain = api.PtrString("foo")
+	a.proxyConfig.CookieDomain = new("foo")
 	a.proxyConfig.ExternalHost = "http://auth.test.goauthentik.io"
 	req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/caddy", nil)
 	req.Header.Set("X-Forwarded-Proto", "http")
@@ -56,10 +56,10 @@ func TestForwardHandleEnvoy_Single_Claims(t *testing.T) {
 	s.Values[constants.SessionClaims] = types.Claims{
 		Sub: "foo",
 		Proxy: &types.ProxyClaims{
-			UserAttributes: map[string]interface{}{
+			UserAttributes: map[string]any{
 				"username": "foo",
 				"password": "bar",
-				"additionalHeaders": map[string]interface{}{
+				"additionalHeaders": map[string]any{
 					"foo": "bar",
 				},
 			},
@@ -92,7 +92,7 @@ func TestForwardHandleEnvoy_Single_Claims(t *testing.T) {
 func TestForwardHandleEnvoy_Domain_Header(t *testing.T) {
 	a := newTestApplication()
 	a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr()
-	a.proxyConfig.CookieDomain = api.PtrString("foo")
+	a.proxyConfig.CookieDomain = new("foo")
 	a.proxyConfig.ExternalHost = "http://auth.test.goauthentik.io"
 	req, _ := http.NewRequest("GET", "http:///app", nil)
 	req.Host = "test.goauthentik.io"
@@ -75,10 +75,10 @@ func TestForwardHandleNginx_Single_Claims(t *testing.T) {
 	s.Values[constants.SessionClaims] = types.Claims{
 		Sub: "foo",
 		Proxy: &types.ProxyClaims{
-			UserAttributes: map[string]interface{}{
+			UserAttributes: map[string]any{
 				"username": "foo",
 				"password": "bar",
-				"additionalHeaders": map[string]interface{}{
+				"additionalHeaders": map[string]any{
 					"foo": "bar",
 				},
 			},
@@ -111,7 +111,7 @@ func TestForwardHandleNginx_Single_Claims(t *testing.T) {
 func TestForwardHandleNginx_Domain_Blank(t *testing.T) {
 	a := newTestApplication()
 	a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr()
-	a.proxyConfig.CookieDomain = api.PtrString("foo")
+	a.proxyConfig.CookieDomain = new("foo")
 	req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/nginx", nil)

 	rr := httptest.NewRecorder()
@@ -123,7 +123,7 @@ func TestForwardHandleNginx_Domain_Blank(t *testing.T) {
 func TestForwardHandleNginx_Domain_Header(t *testing.T) {
 	a := newTestApplication()
 	a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr()
-	a.proxyConfig.CookieDomain = api.PtrString("foo")
+	a.proxyConfig.CookieDomain = new("foo")
 	a.proxyConfig.ExternalHost = "http://auth.test.goauthentik.io"
 	req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/nginx", nil)
 	req.Header.Set("X-Original-URL", "http://test.goauthentik.io/app")
@@ -74,10 +74,10 @@ func TestForwardHandleTraefik_Single_Claims(t *testing.T) {
 	s.Values[constants.SessionClaims] = types.Claims{
 		Sub: "foo",
 		Proxy: &types.ProxyClaims{
-			UserAttributes: map[string]interface{}{
+			UserAttributes: map[string]any{
 				"username": "foo",
 				"password": "bar",
-				"additionalHeaders": map[string]interface{}{
+				"additionalHeaders": map[string]any{
 					"foo": "bar",
 				},
 			},
@@ -110,7 +110,7 @@ func TestForwardHandleTraefik_Single_Claims(t *testing.T) {
 func TestForwardHandleTraefik_Domain_Blank(t *testing.T) {
 	a := newTestApplication()
 	a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr()
-	a.proxyConfig.CookieDomain = api.PtrString("foo")
+	a.proxyConfig.CookieDomain = new("foo")
 	req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/traefik", nil)

 	rr := httptest.NewRecorder()
@@ -122,7 +122,7 @@ func TestForwardHandleTraefik_Domain_Blank(t *testing.T) {
 func TestForwardHandleTraefik_Domain_Header(t *testing.T) {
 	a := newTestApplication()
 	a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr()
-	a.proxyConfig.CookieDomain = api.PtrString("foo")
+	a.proxyConfig.CookieDomain = new("foo")
 	a.proxyConfig.ExternalHost = "http://auth.test.goauthentik.io"
 	req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/traefik", nil)
 	req.Header.Set("X-Forwarded-Proto", "http")
@@ -106,7 +106,7 @@ func (a *Application) createState(r *http.Request, w http.ResponseWriter, fwd st

 func (a *Application) stateFromRequest(rw http.ResponseWriter, r *http.Request) *OAuthState {
 	stateJwt := r.URL.Query().Get("state")
-	token, err := jwt.Parse(stateJwt, func(token *jwt.Token) (interface{}, error) {
+	token, err := jwt.Parse(stateJwt, func(token *jwt.Token) (any, error) {
 		// Don't forget to validate the alg is what you expect:
 		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
 			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
@@ -55,7 +55,7 @@ func TestCheckRedirectParam_ValidPartial(t *testing.T) {
 func TestCheckRedirectParam_Domain(t *testing.T) {
 	a := newTestApplication()
 	a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr()
-	a.proxyConfig.CookieDomain = api.PtrString("t.goauthentik.io")
+	a.proxyConfig.CookieDomain = new("t.goauthentik.io")
 	req, _ := http.NewRequest("GET", "https://a.t.goauthentik.io/outpost.goauthentik.io/auth/start", nil)

 	rd, ok := a.checkRedirectParam(req)
@@ -53,13 +53,13 @@ func TestPostgresStore_SessionLifecycle(t *testing.T) {
 	userID := uuid.New()
 	sessionKey := "test_session_" + uuid.New().String()

-	sessionData := map[string]interface{}{
-		constants.SessionClaims: map[string]interface{}{
+	sessionData := map[string]any{
+		constants.SessionClaims: map[string]any{
 			"sub":                userID.String(),
 			"email":              "test@example.com",
 			"preferred_username": "testuser",
 			"custom_claim":       "custom_value",
-			"groups":             []interface{}{"admin", "user"},
+			"groups":             []any{"admin", "user"},
 		},
 	}
 	sessionDataJSON, err := json.Marshal(sessionData)
@@ -89,11 +89,11 @@ func TestPostgresStore_SessionLifecycle(t *testing.T) {
 	assert.Equal(t, userID, *retrievedSession.UserID)

 	// Parse session data
-	var parsedData map[string]interface{}
+	var parsedData map[string]any
 	err = json.Unmarshal([]byte(retrievedSession.SessionData), &parsedData)
 	require.NoError(t, err)

-	claims, ok := parsedData[constants.SessionClaims].(map[string]interface{})
+	claims, ok := parsedData[constants.SessionClaims].(map[string]any)
 	assert.True(t, ok)
 	assert.Equal(t, "test@example.com", claims["email"])
 	assert.Equal(t, "testuser", claims["preferred_username"])
@@ -109,8 +109,8 @@ func TestPostgresStore_LogoutSessions(t *testing.T) {
 	user2 := uuid.New()

 	createSessionData := func(userID uuid.UUID, email string) string {
-		sessionData := map[string]interface{}{
-			constants.SessionClaims: map[string]interface{}{
+		sessionData := map[string]any{
+			constants.SessionClaims: map[string]any{
 				"sub":   userID.String(),
 				"email": email,
 			},
@@ -229,13 +229,13 @@ func TestPostgresStore_SessionClaims(t *testing.T) {

 	// Create session with complex claims
 	userID := uuid.New()
-	sessionData := map[string]interface{}{
-		constants.SessionClaims: map[string]interface{}{
+	sessionData := map[string]any{
+		constants.SessionClaims: map[string]any{
 			"sub":                userID.String(),
 			"email":              "test@example.com",
 			"preferred_username": "testuser",
-			"groups":             []interface{}{"admin", "user"},
-			"entitlements":       []interface{}{"read", "write"},
+			"groups":             []any{"admin", "user"},
+			"entitlements":       []any{"read", "write"},
 			"custom_field":       "custom_value",
 		},
 	}
@@ -261,24 +261,24 @@ func TestPostgresStore_SessionClaims(t *testing.T) {
 	assert.Equal(t, userID, *retrieved.UserID)

 	// Parse and verify session data
-	var parsedData map[string]interface{}
+	var parsedData map[string]any
 	err = json.Unmarshal([]byte(retrieved.SessionData), &parsedData)
 	require.NoError(t, err)

-	claims, ok := parsedData[constants.SessionClaims].(map[string]interface{})
+	claims, ok := parsedData[constants.SessionClaims].(map[string]any)
 	assert.True(t, ok)
 	assert.Equal(t, "test@example.com", claims["email"])
 	assert.Equal(t, "testuser", claims["preferred_username"])
 	assert.Equal(t, "custom_value", claims["custom_field"])

 	// Verify groups array
-	groups, ok := claims["groups"].([]interface{})
+	groups, ok := claims["groups"].([]any)
 	assert.True(t, ok)
 	assert.Contains(t, groups, "admin")
 	assert.Contains(t, groups, "user")

 	// Verify entitlements array
-	entitlements, ok := claims["entitlements"].([]interface{})
+	entitlements, ok := claims["entitlements"].([]any)
 	assert.True(t, ok)
 	assert.Contains(t, entitlements, "read")
 	assert.Contains(t, entitlements, "write")
@@ -19,7 +19,7 @@ func newTestServer() *testServer {
 	return &testServer{
 		api: ak.MockAK(
 			api.Outpost{
-				Config: map[string]interface{}{
+				Config: map[string]any{
 					"authentik_host": ak.TestSecret(),
 				},
 			},
@@ -50,18 +50,18 @@ func newTestApplication() *Application {
 	a, _ := NewApplication(
 		api.ProxyOutpostConfig{
 			Name:                       ak.TestSecret(),
-			ClientId:                   api.PtrString(ak.TestSecret()),
-			ClientSecret:               api.PtrString(ak.TestSecret()),
-			CookieDomain:               api.PtrString(""),
-			CookieSecret:               api.PtrString(ak.TestSecret()),
+			ClientId:                   new(ak.TestSecret()),
+			ClientSecret:               new(ak.TestSecret()),
+			CookieDomain:               new(""),
+			CookieSecret:               new(ak.TestSecret()),
 			ExternalHost:               "https://ext.t.goauthentik.io",
-			InternalHost:               api.PtrString("http://backend"),
-			InternalHostSslValidation:  api.PtrBool(true),
+			InternalHost:               new("http://backend"),
+			InternalHostSslValidation:  new(true),
 			Mode:                       api.PROXYMODE_FORWARD_SINGLE.Ptr(),
-			SkipPathRegex:              api.PtrString("/skip.*"),
-			BasicAuthEnabled:           api.PtrBool(true),
-			BasicAuthUserAttribute:     api.PtrString("username"),
-			BasicAuthPasswordAttribute: api.PtrString("password"),
+			SkipPathRegex:              new("/skip.*"),
+			BasicAuthEnabled:           new(true),
+			BasicAuthUserAttribute:     new("username"),
+			BasicAuthPasswordAttribute: new("password"),
 			OidcConfiguration: api.OpenIDConnectConfiguration{
 				AuthorizationEndpoint: "http://fake-auth.t.goauthentik.io/auth",
 				TokenEndpoint:         "http://fake-auth.t.goauthentik.io/token",
@@ -3,6 +3,7 @@ package application
 import (
 	"net/http"
 	"net/url"
+	"slices"
 	"strconv"
 )

@@ -29,7 +30,7 @@ func (a *Application) redirect(rw http.ResponseWriter, r *http.Request) {
 }

 // toString Generic to string function, currently supports actual strings and integers
-func toString(in interface{}) string {
+func toString(in any) string {
 	switch v := in.(type) {
 	case string:
 		return v
@@ -42,12 +43,7 @@ func toString(in interface{}) string {
 }

 func contains(s []string, e string) bool {
-	for _, a := range s {
-		if a == e {
-			return true
-		}
-	}
-	return false
+	return slices.Contains(s, e)
 }

 func cleanseHeaders(headers http.Header) map[string]string {
@@ -46,7 +46,7 @@ func TestRedirectToStart_Forward(t *testing.T) {

 func TestRedirectToStart_Forward_Domain_Invalid(t *testing.T) {
 	a := newTestApplication()
-	a.proxyConfig.CookieDomain = api.PtrString("foo")
+	a.proxyConfig.CookieDomain = new("foo")
 	a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr()
 	a.proxyConfig.ExternalHost = "https://test.goauthentik.io"
 	req, _ := http.NewRequest("GET", "/foo/bar/baz", nil)
@@ -64,7 +64,7 @@ func TestRedirectToStart_Forward_Domain_Invalid(t *testing.T) {

 func TestRedirectToStart_Forward_Domain(t *testing.T) {
 	a := newTestApplication()
-	a.proxyConfig.CookieDomain = api.PtrString("goauthentik.io")
+	a.proxyConfig.CookieDomain = new("goauthentik.io")
 	a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr()
 	a.proxyConfig.ExternalHost = "https://test.goauthentik.io"
 	req, _ := http.NewRequest("GET", "/foo/bar/baz", nil)
@@ -32,12 +32,12 @@ func CodecsFromPairs(maxAge int, keyPairs ...[]byte) []securecookie.Codec {
 	return codecs
 }

-func (s *Codec) Encode(name string, value interface{}) (string, error) {
+func (s *Codec) Encode(name string, value any) (string, error) {
 	log.Trace("cookie encode")
 	return s.SecureCookie.Encode("authentik_proxy", value)
 }

-func (s *Codec) Decode(name string, value string, dst interface{}) error {
+func (s *Codec) Decode(name string, value string, dst any) error {
 	log.Trace("cookie decode")
 	return s.SecureCookie.Decode("authentik_proxy", value, dst)
 }
@@ -22,7 +22,7 @@ func NewKeySet(secret string) *KeySet {
 }

 func (ks *KeySet) VerifySignature(ctx context.Context, rawJWT string) ([]byte, error) {
-	_, err := jwt.Parse(rawJWT, func(token *jwt.Token) (interface{}, error) {
+	_, err := jwt.Parse(rawJWT, func(token *jwt.Token) (any, error) {
 		// Don't forget to validate the alg is what you expect:
 		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
 			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
@@ -177,7 +177,7 @@ func (p *RefreshableConnPool) PrepareContext(ctx context.Context, query string)
 }

 // ExecContext implements gorm.ConnPool interface
-func (p *RefreshableConnPool) ExecContext(ctx context.Context, query string, args ...interface{}) (sql.Result, error) {
+func (p *RefreshableConnPool) ExecContext(ctx context.Context, query string, args ...any) (sql.Result, error) {
 	var result sql.Result
 	err := p.tryWithRefresh(ctx, func() error {
 		p.mu.RLock()
@@ -190,7 +190,7 @@ func (p *RefreshableConnPool) ExecContext(ctx context.Context, query string, arg
 }

 // QueryContext implements gorm.ConnPool interface
-func (p *RefreshableConnPool) QueryContext(ctx context.Context, query string, args ...interface{}) (*sql.Rows, error) {
+func (p *RefreshableConnPool) QueryContext(ctx context.Context, query string, args ...any) (*sql.Rows, error) {
 	var rows *sql.Rows
 	err := p.tryWithRefresh(ctx, func() error {
 		p.mu.RLock()
@@ -203,7 +203,7 @@ func (p *RefreshableConnPool) QueryContext(ctx context.Context, query string, ar
 }

 // QueryRowContext implements gorm.ConnPool interface
-func (p *RefreshableConnPool) QueryRowContext(ctx context.Context, query string, args ...interface{}) *sql.Row {
+func (p *RefreshableConnPool) QueryRowContext(ctx context.Context, query string, args ...any) *sql.Row {
 	// Note: sql.Row doesn't return errors until Scan() is called, so we can't detect auth errors here
 	// The error will be caught in higher-level GORM operations
 	p.mu.RLock()
@@ -237,15 +237,15 @@ func (tx *refreshableTx) PrepareContext(ctx context.Context, query string) (*sql
 	return tx.Tx.PrepareContext(ctx, query)
 }

-func (tx *refreshableTx) ExecContext(ctx context.Context, query string, args ...interface{}) (sql.Result, error) {
+func (tx *refreshableTx) ExecContext(ctx context.Context, query string, args ...any) (sql.Result, error) {
 	return tx.Tx.ExecContext(ctx, query, args...)
 }

-func (tx *refreshableTx) QueryContext(ctx context.Context, query string, args ...interface{}) (*sql.Rows, error) {
+func (tx *refreshableTx) QueryContext(ctx context.Context, query string, args ...any) (*sql.Rows, error) {
 	return tx.Tx.QueryContext(ctx, query, args...)
 }

-func (tx *refreshableTx) QueryRowContext(ctx context.Context, query string, args ...interface{}) *sql.Row {
+func (tx *refreshableTx) QueryRowContext(ctx context.Context, query string, args ...any) *sql.Row {
 	return tx.Tx.QueryRowContext(ctx, query, args...)
 }

@@ -132,11 +132,11 @@ func TestRefreshableConnPool_ConcurrentAccess(t *testing.T) {
 	var wg sync.WaitGroup
 	errChan := make(chan error, numGoroutines*numQueries)

-	for i := 0; i < numGoroutines; i++ {
+	for i := range numGoroutines {
 		wg.Add(1)
 		go func(goroutineID int) {
 			defer wg.Done()
-			for j := 0; j < numQueries; j++ {
+			for range numQueries {
 				var result int
 				err := db.WithContext(ctx).Raw("SELECT 1").Scan(&result).Error
 				if err != nil {
@@ -22,15 +22,15 @@ func (l *logrusLogger) LogMode(gormlogger.LogLevel) gormlogger.Interface {
 	return l
 }

-func (l *logrusLogger) Info(ctx context.Context, s string, args ...interface{}) {
+func (l *logrusLogger) Info(ctx context.Context, s string, args ...any) {
 	l.logger.WithContext(ctx).Infof(s, args...)
 }

-func (l *logrusLogger) Warn(ctx context.Context, s string, args ...interface{}) {
+func (l *logrusLogger) Warn(ctx context.Context, s string, args ...any) {
 	l.logger.WithContext(ctx).Warnf(s, args...)
 }

-func (l *logrusLogger) Error(ctx context.Context, s string, args ...interface{}) {
+func (l *logrusLogger) Error(ctx context.Context, s string, args ...any) {
 	l.logger.WithContext(ctx).Errorf(s, args...)
 }

@@ -226,7 +226,7 @@ func parseConnOptions(encoded string) (map[string]string, error) {
 	}

 	// Parse JSON
-	var opts map[string]interface{}
+	var opts map[string]any
 	if err := json.Unmarshal(decoded, &opts); err != nil {
 		return nil, fmt.Errorf("invalid JSON: %w", err)
 	}
@@ -473,7 +473,7 @@ func (s *PostgresStore) Close() error {
 // save writes session to PostgreSQL
 func (s *PostgresStore) save(ctx context.Context, session *sessions.Session) error {
 	// Convert session.Values (map[interface{}]interface{}) to map[string]interface{} for JSON marshaling
-	stringKeyedValues := make(map[string]interface{})
+	stringKeyedValues := make(map[string]any)
 	for k, v := range session.Values {
 		if key, ok := k.(string); ok {
 			stringKeyedValues[key] = v
@@ -489,7 +489,7 @@ func (s *PostgresStore) save(ctx context.Context, session *sessions.Session) err
 	// Extract user ID from claims if it exists
 	var userID *uuid.UUID
 	if claims, hasClaims := session.Values[constants.SessionClaims]; hasClaims {
-		if claimsMap, ok := claims.(map[string]interface{}); ok {
+		if claimsMap, ok := claims.(map[string]any); ok {
 			if sub, exists := claimsMap["sub"]; exists {
 				if subStr, ok := sub.(string); ok {
 					if parsedUUID, err := uuid.Parse(subStr); err == nil {
@@ -539,14 +539,14 @@ func (s *PostgresStore) load(ctx context.Context, session *sessions.Session) err
 	// Deserialize session data from JSON
 	if proxySession.SessionData != "" {
 		// First unmarshal to map[string]interface{}
-		var stringKeyedValues map[string]interface{}
+		var stringKeyedValues map[string]any
 		err = json.Unmarshal([]byte(proxySession.SessionData), &stringKeyedValues)
 		if err != nil {
 			return fmt.Errorf("failed to unmarshal session data: %w", err)
 		}

 		// Convert back to map[interface{}]interface{} for gorilla/sessions compatibility
-		session.Values = make(map[interface{}]interface{})
+		session.Values = make(map[any]any)
 		for k, v := range stringKeyedValues {
 			session.Values[k] = v
 		}
@@ -595,7 +595,7 @@ func (s *PostgresStore) LogoutSessions(ctx context.Context, filter func(c types.
 			continue
 		}

-		var sessionData map[string]interface{}
+		var sessionData map[string]any
 		if err := json.Unmarshal([]byte(session.SessionData), &sessionData); err != nil {
 			continue
 		}
@@ -605,7 +605,7 @@ func (s *PostgresStore) LogoutSessions(ctx context.Context, filter func(c types.
 			continue
 		}

-		claimsMap, ok := claimsData.(map[string]interface{})
+		claimsMap, ok := claimsData.(map[string]any)
 		if !ok {
 			continue
 		}
@@ -16,6 +16,7 @@ import (
 	"path/filepath"
 	"reflect"
 	"runtime"
+	"slices"
 	"testing"
 	"time"

@@ -89,7 +90,7 @@ func TestPostgresStore_Save(t *testing.T) {

 	// Set up session claims
 	userID := uuid.New()
-	claims := map[string]interface{}{
+	claims := map[string]any{
 		"sub":                userID.String(),
 		"email":              "test@example.com",
 		"preferred_username": "testuser",
@@ -108,11 +109,11 @@ func TestPostgresStore_Save(t *testing.T) {
 	assert.Equal(t, userID, *savedSession.UserID)

 	// Verify session data contains claims
-	var sessionData map[string]interface{}
+	var sessionData map[string]any
 	err = json.Unmarshal([]byte(savedSession.SessionData), &sessionData)
 	assert.NoError(t, err)

-	claimsData, ok := sessionData[constants.SessionClaims].(map[string]interface{})
+	claimsData, ok := sessionData[constants.SessionClaims].(map[string]any)
 	assert.True(t, ok)
 	assert.Equal(t, "test@example.com", claimsData["email"])
 	assert.Equal(t, "testuser", claimsData["preferred_username"])
@@ -128,8 +129,8 @@ func TestPostgresStore_Load(t *testing.T) {
 	userID := uuid.New()
 	sessionKey := "test_session_123"

-	sessionData := map[string]interface{}{
-		constants.SessionClaims: map[string]interface{}{
+	sessionData := map[string]any{
+		constants.SessionClaims: map[string]any{
 			"sub":                userID.String(),
 			"email":              "test@example.com",
 			"preferred_username": "testuser",
@@ -158,7 +159,7 @@ func TestPostgresStore_Load(t *testing.T) {
 	assert.NoError(t, err)

 	// Verify claims were loaded correctly
-	claims, ok := session.Values[constants.SessionClaims].(map[string]interface{})
+	claims, ok := session.Values[constants.SessionClaims].(map[string]any)
 	assert.True(t, ok)
 	assert.Equal(t, userID.String(), claims["sub"])
 	assert.Equal(t, "test@example.com", claims["email"])
@@ -209,7 +210,7 @@ func TestPostgresStore_LogoutSessions_ByUserID(t *testing.T) {
 			UUID:       uuid.New(),
 			SessionKey: "test_session_user1_1",
 			UserID:     &user1,
-			SessionData: createSessionData(t, map[string]interface{}{
+			SessionData: createSessionData(t, map[string]any{
 				"sub":   user1.String(),
 				"email": "user1@example.com",
 			}),
@@ -218,7 +219,7 @@ func TestPostgresStore_LogoutSessions_ByUserID(t *testing.T) {
 			UUID:       uuid.New(),
 			SessionKey: "test_session_user1_2",
 			UserID:     &user1,
-			SessionData: createSessionData(t, map[string]interface{}{
+			SessionData: createSessionData(t, map[string]any{
 				"sub":   user1.String(),
 				"email": "user1@example.com",
 			}),
@@ -227,7 +228,7 @@ func TestPostgresStore_LogoutSessions_ByUserID(t *testing.T) {
 			UUID:       uuid.New(),
 			SessionKey: "test_session_user2_1",
 			UserID:     &user2,
-			SessionData: createSessionData(t, map[string]interface{}{
+			SessionData: createSessionData(t, map[string]any{
 				"sub":   user2.String(),
 				"email": "user2@example.com",
 			}),
@@ -267,21 +268,21 @@ func TestPostgresStore_LogoutSessions_ByEmail(t *testing.T) {
 		{
 			UUID:       uuid.New(),
 			SessionKey: "test_session_admin_1",
-			SessionData: createSessionData(t, map[string]interface{}{
+			SessionData: createSessionData(t, map[string]any{
 				"email": "admin@example.com",
 			}),
 		},
 		{
 			UUID:       uuid.New(),
 			SessionKey: "test_session_admin_2",
-			SessionData: createSessionData(t, map[string]interface{}{
+			SessionData: createSessionData(t, map[string]any{
 				"email": "admin@example.com",
 			}),
 		},
 		{
 			UUID:       uuid.New(),
 			SessionKey: "test_session_user_1",
-			SessionData: createSessionData(t, map[string]interface{}{
+			SessionData: createSessionData(t, map[string]any{
 				"email": "user@example.com",
 			}),
 		},
@@ -308,10 +309,10 @@ func TestPostgresStore_LogoutSessions_ByEmail(t *testing.T) {
 	err = db.Where("session_key LIKE 'test_%'").First(&remaining).Error
 	assert.NoError(t, err)

-	var sessionData map[string]interface{}
+	var sessionData map[string]any
 	err = json.Unmarshal([]byte(remaining.SessionData), &sessionData)
 	require.NoError(t, err)
-	claims := sessionData[constants.SessionClaims].(map[string]interface{})
+	claims := sessionData[constants.SessionClaims].(map[string]any)
 	assert.Equal(t, "user@example.com", claims["email"])
 }

@@ -325,25 +326,25 @@ func TestPostgresStore_LogoutSessions_WithGroups(t *testing.T) {
 		{
 			UUID:       uuid.New(),
 			SessionKey: "test_session_admin_user",
-			SessionData: createSessionData(t, map[string]interface{}{
+			SessionData: createSessionData(t, map[string]any{
 				"email":  "admin@example.com",
-				"groups": []interface{}{"admin", "user"},
+				"groups": []any{"admin", "user"},
 			}),
 		},
 		{
 			UUID:       uuid.New(),
 			SessionKey: "test_session_regular_user",
-			SessionData: createSessionData(t, map[string]interface{}{
+			SessionData: createSessionData(t, map[string]any{
 				"email":  "user@example.com",
-				"groups": []interface{}{"user"},
+				"groups": []any{"user"},
 			}),
 		},
 		{
 			UUID:       uuid.New(),
 			SessionKey: "test_session_guest",
-			SessionData: createSessionData(t, map[string]interface{}{
+			SessionData: createSessionData(t, map[string]any{
 				"email":  "guest@example.com",
-				"groups": []interface{}{"guest"},
+				"groups": []any{"guest"},
 			}),
 		},
 	}
@@ -356,12 +357,7 @@ func TestPostgresStore_LogoutSessions_WithGroups(t *testing.T) {
 	// Logout all sessions that have "admin" group
 	ctx := context.Background()
 	err := store.LogoutSessions(ctx, func(c types.Claims) bool {
-		for _, group := range c.Groups {
-			if group == "admin" {
-				return true
-			}
-		}
-		return false
+		return slices.Contains(c.Groups, "admin")
 	})
 	assert.NoError(t, err)

@@ -376,10 +372,10 @@ func TestPostgresStore_LogoutSessions_WithGroups(t *testing.T) {
 	assert.NoError(t, err)

 	for _, session := range remainingSessions {
-		var sessionData map[string]interface{}
+		var sessionData map[string]any
 		err := json.Unmarshal([]byte(session.SessionData), &sessionData)
 		require.NoError(t, err)
-		claims := sessionData[constants.SessionClaims].(map[string]interface{})
+		claims := sessionData[constants.SessionClaims].(map[string]any)
 		assert.NotEqual(t, "admin@example.com", claims["email"])
 	}
 }
@@ -391,8 +387,8 @@ func TestPostgresStore_LoadExpiredSession(t *testing.T) {
 	store := NewTestStore(db, pool)
 	// Create an expired session
 	sessionKey := "test_expired_load"
-	expiredData := map[string]interface{}{
-		constants.SessionClaims: map[string]interface{}{
+	expiredData := map[string]any{
+		constants.SessionClaims: map[string]any{
 			"sub": "test-user",
 		},
 	}
@@ -432,7 +428,7 @@ func TestPostgresStore_ConcurrentSessionAccess(t *testing.T) {
 	const numGoroutines = 10
 	done := make(chan error, numGoroutines)

-	for i := 0; i < numGoroutines; i++ {
+	for i := range numGoroutines {
 		go func(id int) {
 			// Each goroutine creates its own unique session
 			req := httptest.NewRequest("GET", "/", nil)
@@ -473,7 +469,7 @@ func TestPostgresStore_ConcurrentSessionAccess(t *testing.T) {
 	}

 	// Wait for all goroutines to complete
-	for i := 0; i < numGoroutines; i++ {
+	for range numGoroutines {
 		err := <-done
 		assert.NoError(t, err)
 	}
@@ -942,7 +938,7 @@ func TestPostgresStore_ConnectionPoolSettings(t *testing.T) {
 	const numConcurrentOps = 20
 	done := make(chan error, numConcurrentOps)

-	for i := 0; i < numConcurrentOps; i++ {
+	for i := range numConcurrentOps {
 		go func(id int) {
 			req := httptest.NewRequest("GET", "/", nil)
 			w := httptest.NewRecorder()
@@ -960,7 +956,7 @@ func TestPostgresStore_ConnectionPoolSettings(t *testing.T) {
 	}

 	// Collect results
-	for i := 0; i < numConcurrentOps; i++ {
+	for i := range numConcurrentOps {
 		err := <-done
 		assert.NoError(t, err, "Concurrent operation %d should succeed", i)
 	}
@@ -1182,8 +1178,8 @@ func TestBuildConnConfig_Base64JSONConnOptions(t *testing.T) {
 }

 // Helper function to create session data JSON
-func createSessionData(t *testing.T, claims map[string]interface{}) string {
-	sessionData := map[string]interface{}{
+func createSessionData(t *testing.T, claims map[string]any) string {
+	sessionData := map[string]any{
 		constants.SessionClaims: claims,
 	}
 	sessionDataJSON, err := json.Marshal(sessionData)
@@ -9,7 +9,7 @@ import (
 )

 var (
-	internalOpcodeIns = []byte(fmt.Sprint(len(guac.InternalDataOpcode), ".", guac.InternalDataOpcode))
+	internalOpcodeIns = fmt.Append(nil, len(guac.InternalDataOpcode), ".", guac.InternalDataOpcode)
 	authentikOpcode   = []byte("0.authentik.")
 )

@@ -77,14 +77,14 @@ func (rs *RACServer) wsHandler(ctx context.Context, msg ak.Event) error {
 	cc.OnError = func(err error) {
 		rs.connm.Lock()
 		delete(rs.conns, wsm.ConnID)
-		_ = rs.ac.SendEventHello(map[string]interface{}{
+		_ = rs.ac.SendEventHello(map[string]any{
 			"active_connections": len(rs.conns),
 		})
 		rs.connm.Unlock()
 	}
 	rs.connm.Lock()
 	rs.conns[wsm.ConnID] = *cc
-	_ = rs.ac.SendEventHello(map[string]interface{}{
+	_ = rs.ac.SendEventHello(map[string]any{
 		"active_connections": len(rs.conns),
 	})
 	rs.connm.Unlock()
@@ -47,19 +47,19 @@ type logrusAdapter struct {
 	entry *logrus.Entry
 }

-func (l *logrusAdapter) Debug(format string, args ...interface{}) {
+func (l *logrusAdapter) Debug(format string, args ...any) {
 	l.entry.Debugf(format, args...)
 }
-func (l *logrusAdapter) Info(format string, args ...interface{}) {
+func (l *logrusAdapter) Info(format string, args ...any) {
 	l.entry.Infof(format, args...)
 }
-func (l *logrusAdapter) Warn(format string, args ...interface{}) {
+func (l *logrusAdapter) Warn(format string, args ...any) {
 	l.entry.Warnf(format, args...)
 }
-func (l *logrusAdapter) Error(format string, args ...interface{}) {
+func (l *logrusAdapter) Error(format string, args ...any) {
 	l.entry.Errorf(format, args...)
 }
-func (l *logrusAdapter) With(args ...interface{}) protocol.Logger {
+func (l *logrusAdapter) With(args ...any) protocol.Logger {
 	f := make(map[string]any, len(args)/2)
 	i := Fields(args).Iterator()
 	for i.Next() {
@@ -29,11 +29,11 @@ func storageTokenIsValid(usage string, r *http.Request) bool {
 	}
 	claims := &StorageClaims{}

-	token, err := jwt.ParseWithClaims(tokenString, claims, func(token *jwt.Token) (interface{}, error) {
+	token, err := jwt.ParseWithClaims(tokenString, claims, func(token *jwt.Token) (any, error) {
 		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
 			return nil, fmt.Errorf("unexpected signing method")
 		}
-		key := []byte(fmt.Sprintf("%s:%s", config.Get().SecretKey, usage))
+		key := fmt.Appendf(nil, "%s:%s", config.Get().SecretKey, usage)
 		hash := sha256.Sum256(key)
 		hexDigest := hex.EncodeToString(hash[:])
 		return []byte(hexDigest), nil
@@ -26,7 +26,7 @@ RUN npm run build && \
    npm run build:sfe

 # Stage 2: Build go proxy
-FROM --platform=${BUILDPLATFORM} docker.io/library/golang:1.25.5-trixie@sha256:8e8f9c84609b6005af0a4a8227cee53d6226aab1c6dcb22daf5aeeb8b05480e1 AS go-builder
+FROM --platform=${BUILDPLATFORM} docker.io/library/golang:1.26.0-trixie@sha256:889885d7cc1275935e3f9920aabadc5fadbe873f633d92a746f1bc401dd40f69 AS go-builder

 ARG TARGETOS
 ARG TARGETARCH
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:1

 # Stage 1: Build
-FROM --platform=${BUILDPLATFORM} docker.io/library/golang:1.25.5-trixie@sha256:8e8f9c84609b6005af0a4a8227cee53d6226aab1c6dcb22daf5aeeb8b05480e1 AS builder
+FROM --platform=${BUILDPLATFORM} docker.io/library/golang:1.26.0-trixie@sha256:889885d7cc1275935e3f9920aabadc5fadbe873f633d92a746f1bc401dd40f69 AS builder

 ARG TARGETOS
 ARG TARGETARCH
@@ -17,7 +17,7 @@ COPY web .
 RUN npm run build-proxy

 # Stage 2: Build
-FROM --platform=${BUILDPLATFORM} docker.io/library/golang:1.25.5-trixie@sha256:8e8f9c84609b6005af0a4a8227cee53d6226aab1c6dcb22daf5aeeb8b05480e1 AS builder
+FROM --platform=${BUILDPLATFORM} docker.io/library/golang:1.26.0-trixie@sha256:889885d7cc1275935e3f9920aabadc5fadbe873f633d92a746f1bc401dd40f69 AS builder

 ARG TARGETOS
 ARG TARGETARCH
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:1

 # Stage 1: Build
-FROM --platform=${BUILDPLATFORM} docker.io/library/golang:1.25.5-trixie@sha256:8e8f9c84609b6005af0a4a8227cee53d6226aab1c6dcb22daf5aeeb8b05480e1 AS builder
+FROM --platform=${BUILDPLATFORM} docker.io/library/golang:1.26.0-trixie@sha256:889885d7cc1275935e3f9920aabadc5fadbe873f633d92a746f1bc401dd40f69 AS builder

 ARG TARGETOS
 ARG TARGETARCH
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:1

 # Stage 1: Build
-FROM --platform=${BUILDPLATFORM} docker.io/library/golang:1.25.5-trixie@sha256:8e8f9c84609b6005af0a4a8227cee53d6226aab1c6dcb22daf5aeeb8b05480e1 AS builder
+FROM --platform=${BUILDPLATFORM} docker.io/library/golang:1.26.0-trixie@sha256:889885d7cc1275935e3f9920aabadc5fadbe873f633d92a746f1bc401dd40f69 AS builder

 ARG TARGETOS
 ARG TARGETARCH
@@ -18,7 +18,7 @@ Before you begin, ensure you have the following tools installed. You can run the

 - [Python](https://www.python.org/) (3.14)
 - [uv](https://docs.astral.sh/uv/getting-started/installation/) (Latest stable release)
- [Go](https://go.dev/) (1.24 or later)
+- [Go](https://go.dev/) (1.26 or later)
 - [Node.js](https://nodejs.org/en) (24 or later)
 - [PostgreSQL](https://www.postgresql.org/) (16 or later)
 - [Docker](https://www.docker.com/) (Latest Community Edition or Docker Desktop)