diff --git a/auditing/meilisearch.go b/auditing/meilisearch.go
index 2a7ef71..7ce8ad3 100644
--- a/auditing/meilisearch.go
+++ b/auditing/meilisearch.go
@@ -61,7 +61,11 @@ func New(c Config) (Auditing, error) {
 }
 
 func (a *meiliAuditing) Flush() error {
-	taskResult, err := a.client.GetTasks(&meilisearch.TasksQuery{Statuses: []string{"enqueued", "processing"}, Limit: 100})
+	taskStatuses := []meilisearch.TaskStatus{
+		meilisearch.TaskStatusEnqueued,
+		meilisearch.TaskStatusProcessing,
+	}
+	taskResult, err := a.client.GetTasks(&meilisearch.TasksQuery{Statuses: taskStatuses, Limit: 100})
 	if err != nil {
 		return err
 	}
diff --git a/auth/auth_test.go b/auth/auth_test.go
index 5a69921..2ccb773 100644
--- a/auth/auth_test.go
+++ b/auth/auth_test.go
@@ -7,6 +7,7 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 const testCloudContextName123 = "ctx123"
@@ -65,13 +66,13 @@ func Test_NewUpdateKubeConfigHandler(t *testing.T) {
 	var b bytes.Buffer
 	thf := NewUpdateKubeConfigHandler(file.Name(), &b)
 	err = thf(tokenInfo)
-	assert.NoError(t, err)
+	require.NoError(t, err)
 
 	_, err = GetAuthContext(file.Name(), "xyz")
-	assert.EqualError(t, err, "no contexts, name=xyz found")
+	require.EqualError(t, err, "no contexts, name=xyz found")
 
 	authCtx, err := GetAuthContext(file.Name(), cloudContext)
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	assert.Equal(t, "123", authCtx.IDToken)
 }
 
@@ -92,12 +93,12 @@ func Test_NewUpdateKubeConfigHandlerWithContext(t *testing.T) {
 	var b bytes.Buffer
 	thf := NewUpdateKubeConfigHandler(file.Name(), &b, WithContextName("ctx123"))
 	err = thf(tokenInfo)
-	assert.NoError(t, err)
+	require.NoError(t, err)
 
 	_, err = GetAuthContext(file.Name(), "cloudctl-xyz")
-	assert.EqualError(t, err, "no contexts, name=cloudctl-xyz found")
+	require.EqualError(t, err, "no contexts, name=cloudctl-xyz found")
 
 	authCtx, err := GetAuthContext(file.Name(), testCloudContextName123)
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	assert.Equal(t, "123", authCtx.IDToken)
 }
diff --git a/auth/kubeconfig_test.go b/auth/kubeconfig_test.go
index 37d0367..5c34590 100644
--- a/auth/kubeconfig_test.go
+++ b/auth/kubeconfig_test.go
@@ -241,10 +241,8 @@ var demoToken2 = TokenInfo{
 
 func TestUpdateUserNewFile(t *testing.T) {
 
-	asserter := require.New(t)
-
 	tmpFile, err := os.CreateTemp("", "this_file_must_not_exist_*")
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	tmpfileName := tmpFile.Name()
 
 	// delete file, just to be sure
@@ -253,36 +251,33 @@ func TestUpdateUserNewFile(t *testing.T) {
 	// "Update" -> create new file
 	ti := demoToken
 	_, err = UpdateKubeConfig(tmpfileName, ti, ExtractEMail)
-	assert.NoError(t, err)
+	require.NoError(t, err)
 
 	defer os.Remove(tmpfileName)
 
 	// check it is written
-	asserter.FileExists(tmpfileName, "expected file to exist")
+	require.FileExists(t, tmpfileName, "expected file to exist")
 
 	// check contents
 	diffFiles(t, "./testdata/createdDemoConfig", tmpfileName)
 
 	authContext, err := CurrentAuthContext(tmpfileName)
-	assert.NoError(t, err)
+	require.NoError(t, err)
 
-	asserter.Equal(authContext.User, demoToken.TokenClaims.EMail, "User")
-	asserter.Equal(authContext.IDToken, demoToken.IDToken, "IDToken")
-	asserter.Equal(authContext.AuthProviderName, "oidc", "AuthProvider")
-	asserter.Equal(authContext.Ctx, testCloudContextName, "Context")
-	asserter.Equal(authContext.ClientID, demoToken.ClientID, "ClientID")
-	asserter.Equal(authContext.ClientSecret, demoToken.ClientSecret, "ClientSecret")
-	asserter.Equal(authContext.IssuerURL, demoToken.IssuerURL, "Issuer")
-	asserter.Equal(authContext.IssuerCA, demoToken.IssuerCA, "IssuerCA")
+	require.Equal(t, authContext.User, demoToken.TokenClaims.EMail, "User")
+	require.Equal(t, authContext.IDToken, demoToken.IDToken, "IDToken")
+	require.Equal(t, "oidc", authContext.AuthProviderName, "AuthProvider")
+	require.Equal(t, testCloudContextName, authContext.Ctx, "Context")
+	require.Equal(t, authContext.ClientID, demoToken.ClientID, "ClientID")
+	require.Equal(t, authContext.ClientSecret, demoToken.ClientSecret, "ClientSecret")
+	require.Equal(t, authContext.IssuerURL, demoToken.IssuerURL, "Issuer")
+	require.Equal(t, authContext.IssuerCA, demoToken.IssuerCA, "IssuerCA")
 
 }
 
 func TestUpdateUserWithNameExtractorNewFile(t *testing.T) {
-
-	asserter := require.New(t)
-
 	tmpFile, err := os.CreateTemp("", "this_file_must_not_exist_*")
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	tmpfileName := tmpFile.Name()
 
 	// delete file, just to be sure
@@ -291,27 +286,27 @@ func TestUpdateUserWithNameExtractorNewFile(t *testing.T) {
 	// "Update" -> create new file
 	ti := demoToken
 	_, err = UpdateKubeConfig(tmpfileName, ti, ExtractName)
-	assert.NoError(t, err)
+	require.NoError(t, err)
 
 	defer os.Remove(tmpfileName)
 
 	// check it is written
-	asserter.FileExists(tmpfileName, "expected file to ")
+	require.FileExists(t, tmpfileName, "expected file to ")
 
 	// check contents
 	diffFiles(t, "./testdata/createdDemoConfigName", tmpfileName)
 
 	authContext, err := CurrentAuthContext(tmpfileName)
-	assert.NoError(t, err)
-
-	asserter.Equal(authContext.User, demoToken.TokenClaims.Username(), "User")
-	asserter.Equal(authContext.IDToken, demoToken.IDToken, "IDToken")
-	asserter.Equal(authContext.ClientID, demoToken.ClientID, "ClientID")
-	asserter.Equal(authContext.ClientSecret, demoToken.ClientSecret, "ClientSecret")
-	asserter.Equal(authContext.IssuerURL, demoToken.IssuerURL, "Issuer")
-	asserter.Equal(authContext.IssuerCA, demoToken.IssuerCA, "IssuerCA")
-	asserter.Equal(authContext.AuthProviderName, "oidc", "AuthProvider")
-	asserter.Equal(authContext.Ctx, testCloudContextName, "Context")
+	require.NoError(t, err)
+
+	require.Equal(t, authContext.User, demoToken.TokenClaims.Username(), "User")
+	require.Equal(t, authContext.IDToken, demoToken.IDToken, "IDToken")
+	require.Equal(t, authContext.ClientID, demoToken.ClientID, "ClientID")
+	require.Equal(t, authContext.ClientSecret, demoToken.ClientSecret, "ClientSecret")
+	require.Equal(t, authContext.IssuerURL, demoToken.IssuerURL, "Issuer")
+	require.Equal(t, demoToken.IssuerCA, authContext.IssuerCA, "IssuerCA")
+	require.Equal(t, "oidc", authContext.AuthProviderName, "AuthProvider")
+	require.Equal(t, testCloudContextName, authContext.Ctx, "Context")
 }
 
 func TestLoadExistingConfigWithOIDC(t *testing.T) {
@@ -326,8 +321,8 @@ func TestLoadExistingConfigWithOIDC(t *testing.T) {
 	require.Equal(t, authContext.ClientSecret, demoToken.ClientSecret, "ClientSecret")
 	require.Equal(t, authContext.IssuerURL, demoToken.IssuerURL, "Issuer")
 	require.Equal(t, authContext.IssuerCA, demoToken.IssuerCA, "IssuerCA")
-	require.Equal(t, authContext.AuthProviderName, "oidc", "AuthProvider")
-	require.Equal(t, authContext.Ctx, testCloudContextName, "Context")
+	require.Equal(t, "oidc", authContext.AuthProviderName, "AuthProvider")
+	require.Equal(t, testCloudContextName, authContext.Ctx, "Context")
 }
 
 func TestUpdateUserExistingConfig(t *testing.T) {
@@ -420,7 +415,7 @@ func TestManipulateEncodeKubeconfig(t *testing.T) {
 
 	clusters, err := GetClusterNames(cfg)
 	require.NoError(t, err)
-	require.Equal(t, 1, len(clusters))
+	require.Len(t, clusters, 1)
 
 	err = AddContext(cfg, "myContext", clusters[0], "username")
 	require.NoError(t, err)
@@ -469,7 +464,7 @@ func TestKubeconfigFromEnv(t *testing.T) {
 	defer os.Setenv(RecommendedConfigPathEnvVar, "")
 
 	_, filename, isDefault, err := LoadKubeConfig("")
-	require.Nil(t, err)
+	require.NoError(t, err)
 	require.Equal(t, tmpfile.Name(), filename)
 	require.False(t, isDefault)
 }
@@ -483,7 +478,7 @@ func TestAuthContextFromEnv(t *testing.T) {
 	defer os.Setenv(RecommendedConfigPathEnvVar, "")
 
 	authCtx, err := GetAuthContext("", testCloudContextName)
-	require.Nil(t, err)
+	require.NoError(t, err)
 	require.Equal(t, testCloudContextName, authCtx.Ctx)
 	require.Equal(t, "email@provider.de", authCtx.User)
 }
@@ -502,7 +497,7 @@ func TestKubeconfigFromEnvDoesNotExist(t *testing.T) {
 	defer os.Setenv(RecommendedConfigPathEnvVar, "")
 
 	authCtx, filename, isDefault, err := LoadKubeConfig("")
-	require.Nil(t, err)
+	require.NoError(t, err)
 	require.Equal(t, "/tmp/path/to/kubeconfig", filename)
 	require.NotNil(t, authCtx)
 	require.False(t, isDefault)
@@ -517,7 +512,7 @@ func TestAuthContextFromEnvDoesNotExist(t *testing.T) {
 	defer os.Setenv(RecommendedConfigPathEnvVar, "")
 
 	_, err := CurrentAuthContext("")
-	require.Nil(t, err)
+	require.NoError(t, err)
 }
 
 func TestKubeconfigFromEnvMultiplePaths(t *testing.T) {
diff --git a/auth/kubedefaults_test.go b/auth/kubedefaults_test.go
index 3d99f68..bcb04a3 100644
--- a/auth/kubedefaults_test.go
+++ b/auth/kubedefaults_test.go
@@ -1,9 +1,10 @@
 package auth
 
 import (
-	"github.com/stretchr/testify/assert"
 	"os"
 	"testing"
+
+	"github.com/stretchr/testify/assert"
 )
 
 func TestFromEnvMultiplePath(t *testing.T) {
@@ -31,5 +32,5 @@ func TestFromEnvEmpty(t *testing.T) {
 	os.Setenv(RecommendedConfigPathEnvVar, "")
 
 	s := fromEnv()
-	assert.Len(t, s, 0)
+	assert.Empty(t, s)
 }
diff --git a/go.mod b/go.mod
index 104406a..c522c56 100644
--- a/go.mod
+++ b/go.mod
@@ -3,11 +3,11 @@ module github.com/metal-stack/metal-lib
 go 1.21
 
 require (
-	connectrpc.com/connect v1.11.1
+	connectrpc.com/connect v1.12.0
 	github.com/Masterminds/semver/v3 v3.2.1
 	github.com/Masterminds/sprig/v3 v3.2.3
 	github.com/avast/retry-go/v4 v4.5.0
-	github.com/coreos/go-oidc/v3 v3.6.0
+	github.com/coreos/go-oidc/v3 v3.7.0
 	github.com/emicklei/go-restful-openapi/v2 v2.9.1
 	github.com/emicklei/go-restful/v3 v3.10.2
 	github.com/fatih/color v1.15.0
@@ -19,7 +19,7 @@ require (
 	github.com/icza/dyno v0.0.0-20230330125955-09f820a8d9c0
 	github.com/jszwec/csvutil v1.8.0
 	github.com/mattn/go-isatty v0.0.19
-	github.com/meilisearch/meilisearch-go v0.25.0
+	github.com/meilisearch/meilisearch-go v0.26.0
 	github.com/metal-stack/security v0.6.6
 	github.com/metal-stack/v v1.0.3
 	github.com/nsqio/go-nsq v1.1.0
@@ -31,7 +31,7 @@ require (
 	github.com/stretchr/testify v1.8.4
 	github.com/testcontainers/testcontainers-go v0.23.0
 	go.uber.org/zap v1.25.0
-	golang.org/x/oauth2 v0.11.0
+	golang.org/x/oauth2 v0.13.0
 	golang.org/x/sync v0.3.0
 	google.golang.org/grpc v1.57.0
 	google.golang.org/protobuf v1.31.0
@@ -133,7 +133,7 @@ require (
 	github.com/mitchellh/go-ps v1.0.0 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
-	github.com/moby/patternmatcher v0.5.0 // indirect
+	github.com/moby/patternmatcher v0.6.0 // indirect
 	github.com/moby/sys/sequential v0.5.0 // indirect
 	github.com/moby/term v0.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
@@ -173,19 +173,19 @@ require (
 	go.uber.org/multierr v1.11.0 // indirect
 	go4.org/mem v0.0.0-20220726221520-4f986261bf13 // indirect
 	go4.org/netipx v0.0.0-20230728180743-ad4cb58a6516 // indirect
-	golang.org/x/crypto v0.12.0
+	golang.org/x/crypto v0.14.0
 	golang.org/x/exp v0.0.0-20230811145659-89c5cff77bcb // indirect
 	golang.org/x/mod v0.12.0 // indirect
-	golang.org/x/net v0.14.0 // indirect
-	golang.org/x/sys v0.11.0 // indirect
-	golang.org/x/term v0.11.0
-	golang.org/x/text v0.12.0 // indirect
+	golang.org/x/net v0.17.0 // indirect
+	golang.org/x/sys v0.13.0 // indirect
+	golang.org/x/term v0.13.0
+	golang.org/x/text v0.13.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.12.0 // indirect
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
 	golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect
 	golang.zx2c4.com/wireguard/windows v0.5.3 // indirect
-	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20230720185612-659f7aaaa771 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
diff --git a/go.sum b/go.sum
index 7212901..0c79aaa 100644
--- a/go.sum
+++ b/go.sum
@@ -35,8 +35,8 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo=
-connectrpc.com/connect v1.11.1 h1:dqRwblixqkVh+OFBOOL1yIf1jS/yP0MSJLijRj29bFg=
-connectrpc.com/connect v1.11.1/go.mod h1:3AGaO6RRGMx5IKFfqbe3hvK1NqLosFNP2BxDYTPmNPo=
+connectrpc.com/connect v1.12.0 h1:HwKdOY0lGhhoHdsza+hW55aqHEC64pYpObRNoAgn70g=
+connectrpc.com/connect v1.12.0/go.mod h1:3AGaO6RRGMx5IKFfqbe3hvK1NqLosFNP2BxDYTPmNPo=
 dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
 dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
@@ -129,8 +129,8 @@ github.com/containerd/containerd v1.7.3 h1:cKwYKkP1eTj54bP3wCdXXBymmKRQMrWjkLSWZ
 github.com/containerd/containerd v1.7.3/go.mod h1:32FOM4/O0RkNg7AjQj3hDzN9cUGtu+HMvaKUNiqCZB8=
 github.com/coreos/go-iptables v0.6.0 h1:is9qnZMPYjLd8LYqmm/qlE+wwEgJIkTYdhV3rfZo4jk=
 github.com/coreos/go-iptables v0.6.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q=
-github.com/coreos/go-oidc/v3 v3.6.0 h1:AKVxfYw1Gmkn/w96z0DbT/B/xFnzTd3MkZvWLjF4n/o=
-github.com/coreos/go-oidc/v3 v3.6.0/go.mod h1:ZpHUsHBucTUj6WOkrP4E20UPynbLZzhTQ1XKCXkxyPc=
+github.com/coreos/go-oidc/v3 v3.7.0 h1:FTdj0uexT4diYIPlF4yoFVI5MRO1r5+SEcIpEw9vC0o=
+github.com/coreos/go-oidc/v3 v3.7.0/go.mod h1:yQzSCqBnK3e6Fs5l+f5i0F8Kwf0zpH9bPEsbY00KanM=
 github.com/cpuguy83/dockercfg v0.3.1 h1:/FpZ+JaygUR/lZP2NlFI2DVfrOEMAIKP5wWEJdoYe9E=
 github.com/cpuguy83/dockercfg v0.3.1/go.mod h1:sugsbF4//dDlL/i+S+rtpIWp+5h0BHJHfjj5/jFyUJc=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
@@ -268,6 +268,7 @@ github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QD
 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
 github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
@@ -420,8 +421,8 @@ github.com/mdlayher/sdnotify v1.0.0 h1:Ma9XeLVN/l0qpyx1tNeMSeTjCPH6NtuD6/N9XdTlQ
 github.com/mdlayher/sdnotify v1.0.0/go.mod h1:HQUmpM4XgYkhDLtd+Uad8ZFK1T9D5+pNxnXQjCeJlGE=
 github.com/mdlayher/socket v0.4.1 h1:eM9y2/jlbs1M615oshPQOHZzj6R6wMT7bX5NPiQvn2U=
 github.com/mdlayher/socket v0.4.1/go.mod h1:cAqeGjoufqdxWkD7DkpyS+wcefOtmu5OQ8KuoJGIReA=
-github.com/meilisearch/meilisearch-go v0.25.0 h1:xIp+8YWterHuDvpdYlwQ4Qp7im3JlRHmSKiP0NvjyXs=
-github.com/meilisearch/meilisearch-go v0.25.0/go.mod h1:SxuSqDcPBIykjWz1PX+KzsYzArNLSCadQodWs8extS0=
+github.com/meilisearch/meilisearch-go v0.26.0 h1:6IdFC9S53gEp7FMkt99swIFyEZE+4TwJAgen3eQdw40=
+github.com/meilisearch/meilisearch-go v0.26.0/go.mod h1:SxuSqDcPBIykjWz1PX+KzsYzArNLSCadQodWs8extS0=
 github.com/metal-stack/security v0.6.6 h1:KSPNN8YZd2EJEjsJ0xCBcd5o53uU0iFupahHA9Twuh0=
 github.com/metal-stack/security v0.6.6/go.mod h1:WchPm3+2Xjj1h7AxM+DsnR9EWgLw+ktoGCl/0gcmgSA=
 github.com/metal-stack/v v1.0.3 h1:Sh2oBlnxrCUD+mVpzfC8HiqL045YWkxs0gpTvkjppqs=
@@ -438,8 +439,8 @@ github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RR
 github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
 github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
 github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
-github.com/moby/patternmatcher v0.5.0 h1:YCZgJOeULcxLw1Q+sVR636pmS7sPEn1Qo2iAN6M7DBo=
-github.com/moby/patternmatcher v0.5.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc=
+github.com/moby/patternmatcher v0.6.0 h1:GmP9lR19aU5GqSSFko+5pRqHi+Ohk1O69aFiKkVGiPk=
+github.com/moby/patternmatcher v0.6.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc=
 github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5lXtc=
 github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWKGRYaaV5ZZlo=
 github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0=
@@ -605,8 +606,8 @@ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0=
-golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk=
-golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
+golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -686,8 +687,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
-golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14=
-golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI=
+golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
+golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -697,8 +698,8 @@ golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.11.0 h1:vPL4xzxBM4niKCW6g9whtaWVXTJf1U5e4aZxxFx/gbU=
-golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk=
+golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY=
+golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -770,15 +771,15 @@ golang.org/x/sys v0.4.1-0.20230131160137-e7d7f63158de/go.mod h1:oPkhp1MJrh7nUepC
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM=
-golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
+golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
-golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0=
-golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU=
+golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
+golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -791,8 +792,8 @@ golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc=
-golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
+golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -886,8 +887,9 @@ google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7
 google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
 google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
 google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
+google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
diff --git a/jwt/jwt/token_test.go b/jwt/jwt/token_test.go
index a4e7afd..fff3678 100644
--- a/jwt/jwt/token_test.go
+++ b/jwt/jwt/token_test.go
@@ -16,7 +16,7 @@ func TestGenerateSimpleToken(t *testing.T) {
 	alg := jose.RS256
 
 	publicKey, privateKey, err := security.CreateWebkeyPair(alg, "sig", 0)
-	assert.NoError(t, err, "error creating keypair")
+	require.NoError(t, err, "error creating keypair")
 
 	cl := jwt.Claims{
 		Subject:   "subject",
@@ -29,14 +29,14 @@ func TestGenerateSimpleToken(t *testing.T) {
 	signer := security.MustMakeSigner(alg, privateKey)
 
 	token, err := CreateToken(signer, cl)
-	assert.NoError(t, err, "error creating token")
+	require.NoError(t, err, "error creating token")
 	assert.NotEmpty(t, token)
 
 	parsedClaims := &jwt.Claims{}
 	webToken, err := jwt.ParseSigned(token)
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	err = webToken.Claims(publicKey, parsedClaims)
-	assert.NoError(t, err, "error parsing claims")
+	require.NoError(t, err, "error parsing claims")
 	require.Equal(t, "subject", parsedClaims.Subject)
 	require.Equal(t, "issuer", parsedClaims.Issuer)
 }
@@ -46,7 +46,7 @@ func TestGenerateFullToken(t *testing.T) {
 	alg := jose.RS256
 
 	publicKey, privateKey, err := security.CreateWebkeyPair(alg, "sig", 0)
-	assert.NoError(t, err, "error creating keypair")
+	require.NoError(t, err, "error creating keypair")
 
 	cl := jwt.Claims{
 		Issuer:   "https://dex.test.metal-stack.io/dex",
@@ -78,24 +78,24 @@ func TestGenerateFullToken(t *testing.T) {
 	signer := security.MustMakeSigner(alg, privateKey)
 
 	token, err := CreateToken(signer, cl, privateClaims)
-	assert.NoError(t, err, "error creating token")
+	require.NoError(t, err, "error creating token")
 	assert.NotEmpty(t, token)
 
 	fmt.Println(token)
 	bytes, err := publicKey.MarshalJSON()
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	fmt.Println(string(bytes))
 
 	webToken, err := jwt.ParseSigned(token)
-	assert.NoError(t, err)
+	require.NoError(t, err)
 
 	parsedClaims := &jwt.Claims{}
 	extendedClaims := &ExtendedClaims{}
 	err = webToken.Claims(publicKey, parsedClaims, extendedClaims)
-	assert.NoError(t, err, "error parsing claims")
+	require.NoError(t, err, "error parsing claims")
 	assert.Equal(t, "achim", parsedClaims.Subject)
 	assert.Equal(t, "achim.admin@tenant.de", extendedClaims.EMail)
 	assert.Equal(t, "tenant_ldap_openldap", extendedClaims.FederatedClaims["connector_id"])
 	assert.Equal(t, "cn=achim.admin,ou=People,dc=tenant,dc=de", extendedClaims.FederatedClaims["user_id"])
-	assert.Equal(t, 6, len(extendedClaims.Groups))
+	assert.Len(t, extendedClaims.Groups, 6)
 }
diff --git a/rest/health_test.go b/rest/health_test.go
index 89da9ec..3144d59 100644
--- a/rest/health_test.go
+++ b/rest/health_test.go
@@ -35,7 +35,7 @@ func (e *failingCheck) Check(ctx context.Context) (HealthStatus, error) {
 
 func TestNewHealth(t *testing.T) {
 	logger, err := zap.NewDevelopment()
-	require.Nil(t, err)
+	require.NoError(t, err)
 
 	type args struct {
 		log      *zap.Logger
diff --git a/rest/middleware_test.go b/rest/middleware_test.go
index a359bb5..cd7f0cf 100644
--- a/rest/middleware_test.go
+++ b/rest/middleware_test.go
@@ -123,7 +123,7 @@ func TestRequestLoggerFilter(t *testing.T) {
 
 			assert.NotEmpty(t, requestLog.RequestID)
 			_, err = uuid.Parse(requestLog.RequestID)
-			assert.NoError(t, err)
+			require.NoError(t, err)
 
 			if tt.wantBody {
 				assert.NotEmpty(t, requestLog.Body)
@@ -139,7 +139,7 @@ func TestRequestLoggerFilter(t *testing.T) {
 
 			assert.NotEmpty(t, closingLog.RequestID)
 			_, err = uuid.Parse(closingLog.RequestID)
-			assert.NoError(t, err)
+			require.NoError(t, err)
 
 			d, err := time.ParseDuration(closingLog.Duration)
 			require.NoError(t, err)