diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 036ceed..ce70c2f 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-22.04
     strategy:
       matrix:
-        go: ['1.23', '1.24']
+        go: ['1.24', '1.25']
     name: Go ${{ matrix.go }} test
     steps:
       - uses: actions/checkout@v6
diff --git a/go.mod b/go.mod
index 524216c..e8e9951 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/zitadel/saml
 
-go 1.23.7
+go 1.24.10
 
 require (
 	github.com/amdonov/xmlsig v0.1.0
diff --git a/pkg/provider/login.go b/pkg/provider/login.go
index 435f951..e156d7d 100644
--- a/pkg/provider/login.go
+++ b/pkg/provider/login.go
@@ -2,6 +2,7 @@ package provider
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"net/http"
 
@@ -66,25 +67,25 @@ func (p *IdentityProvider) callbackHandleFunc(w http.ResponseWriter, r *http.Req
 func (p *IdentityProvider) loginResponse(ctx context.Context, authRequest models.AuthRequestInt, response *Response) (*samlp.ResponseType, error) {
 	if !authRequest.Done() {
 		logging.Error(StatusCodeAuthNFailed)
-		return nil, fmt.Errorf(StatusCodeAuthNFailed)
+		return nil, errors.New(StatusCodeAuthNFailed)
 	}
 
 	attrs := &Attributes{}
 	if err := p.storage.SetUserinfoWithUserID(ctx, authRequest.GetApplicationID(), attrs, authRequest.GetUserID(), []int{}); err != nil {
 		logging.Error(err)
-		return nil, fmt.Errorf(StatusCodeInvalidAttrNameOrValue)
+		return nil, errors.New(StatusCodeInvalidAttrNameOrValue)
 	}
 
 	cert, key, err := getResponseCert(ctx, p.storage)
 	if err != nil {
 		logging.Error(err)
-		return nil, fmt.Errorf(StatusCodeInvalidAttrNameOrValue)
+		return nil, errors.New(StatusCodeInvalidAttrNameOrValue)
 	}
 
 	samlResponse := response.makeSuccessfulResponse(attrs, p.TimeFormat, p.Expiration)
 	if err := createSignature(response, samlResponse, key, cert, p.conf.SignatureAlgorithm); err != nil {
 		logging.Error(err)
-		return nil, fmt.Errorf(StatusCodeResponder)
+		return nil, errors.New(StatusCodeResponder)
 	}
 	return samlResponse, nil
 }
diff --git a/pkg/provider/response.go b/pkg/provider/response.go
index f868602..e03a321 100644
--- a/pkg/provider/response.go
+++ b/pkg/provider/response.go
@@ -13,7 +13,7 @@ import (
 	"github.com/zitadel/saml/pkg/provider/xml/samlp"
 )
 
-var (
+const (
 	StatusCodeSuccess                = "urn:oasis:names:tc:SAML:2.0:status:Success"
 	StatusCodeVersionMissmatch       = "urn:oasis:names:tc:SAML:2.0:status:VersionMismatch"
 	StatusCodeAuthNFailed            = "urn:oasis:names:tc:SAML:2.0:status:AuthnFailed"
diff --git a/pkg/provider/signature/certificates.go b/pkg/provider/signature/certificates.go
index 805abcc..6e25196 100644
--- a/pkg/provider/signature/certificates.go
+++ b/pkg/provider/signature/certificates.go
@@ -26,7 +26,7 @@ func ParseCertificates(certStrs []string) ([]*x509.Certificate, error) {
 		certStr = strings.TrimPrefix(strings.TrimSuffix(certStr, "-----ENDCERTIFICATE-----"), "-----BEGINCERTIFICATE-----")
 		certBytes, err := base64.StdEncoding.DecodeString(certStr)
 		if err != nil {
-			return nil, fmt.Errorf("failed to decode certificate:" + err.Error())
+			return nil, fmt.Errorf("failed to decode certificate: %v", err)
 		}
 		block, _ := pem.Decode(certBytes)
 		if block != nil {
@@ -34,7 +34,7 @@ func ParseCertificates(certStrs []string) ([]*x509.Certificate, error) {
 		}
 		parsedCert, err := x509.ParseCertificate(certBytes)
 		if err != nil {
-			return nil, fmt.Errorf("failed to parse certificate: " + err.Error())
+			return nil, fmt.Errorf("failed to parse certificate: %s", err)
 		}
 		certs[i] = parsedCert
 	}
diff --git a/pkg/provider/signature/signature_test.go b/pkg/provider/signature/signature_test.go
index 1dad5e1..ffb6ce7 100644
--- a/pkg/provider/signature/signature_test.go
+++ b/pkg/provider/signature/signature_test.go
@@ -250,18 +250,18 @@ func TestSignature_ValidateRedirect(t *testing.T) {
 
 			certBytes, err := base64.StdEncoding.DecodeString(certStr)
 			if err != nil {
-				t.Errorf("failed to parse PEM block containing the public key")
+				t.Error("failed to parse PEM block containing the public key")
 				return
 			}
 			parsedCert, err := x509.ParseCertificate(certBytes)
 			if err != nil {
-				t.Errorf("failed to parse certificate: " + err.Error())
+				t.Errorf("failed to parse certificate: %v", err)
 				return
 			}
 
 			signatureValue, err := base64.StdEncoding.DecodeString(tt.args.sig)
 			if err != nil {
-				t.Errorf("failed to decode sig: " + err.Error())
+				t.Errorf("failed to decode sig: %v", err)
 				return
 			}