Update security scan config (and .go-version) (#771)

Updates security-scan.hcl to be more in line with Vault's, and relies
on the OSV vulnerability database for container scans instead of just
alpine_secdb/alpine_security. Use go 1.24.

Author: tvoran

.go-version

@@ -1 +1 @@
-1.23.6
+1.24.4

.release/security-scan.hcl

@@ -1,16 +1,22 @@
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: MPL-2.0
 
-container {
-	dependencies = true
-	alpine_secdb = true
-	secrets      = true
+binary {
+	go_stdlib  = true // Scan the Go standard library used to build the binary.
+	go_modules = true // Scan the Go modules included in the binary.
+	osv        = true // Use the OSV vulnerability database.
+	oss_index  = true // And use OSS Index vulnerability database.
+
+	secrets {
+		all = true
+	}
 }
 
-binary {
-	secrets      = true
-	go_modules   = true
-	osv          = true
-	oss_index    = false
-	nvd          = false
-}
+container {
+	dependencies = true // Scan any installed packages for vulnerabilities.
+	osv          = true // Use the OSV vulnerability database.
+
+	secrets {
+		all = true
+	}
+}

CHANGELOG.md

@@ -1,5 +1,8 @@
 ## Unreleased
 
+Changes:
+* Building with Go 1.24.4
+
 ## 1.6.2 (February 26, 2025)
 
 Changes:

go.mod

@@ -2,7 +2,7 @@ module github.com/hashicorp/vault-k8s
 
 go 1.24.0
 
-toolchain go1.24.1
+toolchain go1.24.4
 
 require (
 	github.com/cenkalti/backoff/v4 v4.3.0