chore: update Go version to 1.23 and improve security

[ilramdhan]

• Update Dockerfile to use golang:1.23-alpine
• Replace hardcoded credentials with template variables in Postman collection
• Remove unused imports from holiday handler tests
• Remove generate_password_hash.go utility script

Description

This PR updates the Go version to 1.23, improves security by replacing hardcoded credentials with template variables in the Postman collection, removes unused imports from tests, and cleans up by removing the password hash generator script.

Fixes # (issue number)

Type of Change

• 🐛 Bug fix (non-breaking change which fixes an issue)
• ✨ New feature (non-breaking change which adds functionality)
• 💥 Breaking change (fix or feature that would cause existing functionality to not work as expected)
• 📚 Documentation update
• 🎨 Code style/formatting
• ♻️ Code refactoring
• ⚡ Performance improvement
• 🧪 Test updates
• 🔧 Build/CI changes
• 📝 Other (please describe):

Changes Made

1. Update Dockerfile from golang:1.21-alpine to golang:1.23-alpine
2. Replace hardcoded credentials with template variables ({{username}}, {{password}}, etc.) in Postman collection
3. Remove unused imports (bytes, services) from holiday_handler_test.go
4. Remove scripts/generate_password_hash.go utility script

How Has This Been Tested?

• Unit tests
• Integration tests
• Manual testing
• Other (please describe):

Test Configuration:

• Go version: 1.23
• Operating System: Linux

Checklist

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published

Screenshots (if applicable)

Additional Notes

The Postman collection changes improve security by avoiding hardcoded credentials in the API documentation. The Dockerfile update ensures the project uses the latest stable Go version.

Related PRs

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

[kilo-code-bot]

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Files Reviewed (4 files)

• Dockerfile - Go version upgrade 1.21 → 1.23
• docs/HolidayAPI.postman_collection.json - Security improvement (removed hardcoded credentials)
• internal/handlers/holiday_handler_test.go - Code cleanup (removed unused imports)
• scripts/generate_password_hash.go - Removed redundant utility script

Summary

This PR contains clean improvements:

1. Go Version Upgrade (1.21 → 1.23): Brings performance improvements and security fixes
2. Security Fix: Replaced hardcoded credentials in Postman collection with variables
3. Code Cleanup: Removed unused imports from test file
4. Redundancy Removal: Deleted generate_password_hash.go as it's already covered by setup-admin.go

The repository uses Go (Golang) as its primary programming language. All changes follow best practices for this language.

[Copilot]

Pull request overview

Updates the build/runtime tooling and developer collateral to move the project to Go 1.23 and reduce accidental credential exposure in shared artifacts.

Changes:

• Bumps the Docker build stage to golang:1.23-alpine.
• Replaces hardcoded credentials in the Postman collection with template variables.
• Removes unused test imports and deletes a password-hash generator utility script.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.

File	Description
Dockerfile	Updates builder image to Go 1.23 for container builds.
docs/HolidayAPI.postman_collection.json	Removes hardcoded credentials by switching request bodies to Postman variables.
internal/handlers/holiday_handler_test.go	Cleans up unused imports in handler tests.
scripts/generate_password_hash.go	Removes a local utility that included a hardcoded password.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The change-password body now references {{old_password}} / {{new_password}}, but these variables are not defined in the collection’s variable section. Add them as collection variables (empty/default) or note that they must come from a Postman environment to avoid sending blank passwords.

[Copilot]

Consider pinning the Go builder image to a specific patch/alpine variant (e.g., golang:1.23.x-alpine3.y) instead of a floating 1.23-alpine tag. Floating tags can change underneath you and make builds non-reproducible, and can also introduce unexpected CVEs or behavior changes between builds.

Suggested change

	FROM golang:1.23-alpine AS builder
	FROM golang:1.23.0-alpine3.19 AS builder

[Copilot]

Dockerfile now builds with golang:1.23-alpine, but the repository go.mod specifies a toolchain directive (go1.24.5). With a 1.23 builder image, go may try to auto-download the toolchain during go build, which can break reproducible/offline builds and slow CI. Consider aligning the builder image tag with the toolchain version (or removing/adjusting the toolchain directive) so the container build uses the intended Go toolchain without network downloads.

Suggested change

	FROM golang:1.23-alpine AS builder
	FROM golang:1.24-alpine AS builder

[Copilot]

The collection request body now references {{username}} / {{password}}, but these variables are not defined in the collection-level variable list (only base_url, access_token, and refresh_token are). Add username and password as collection variables (with empty/default values and a description) or document that they must be provided via a Postman environment, otherwise the login request will send empty values.