diff --git a/.github/pipeline-version b/.github/pipeline-version
index ebeef2f..5edffce 100644
--- a/.github/pipeline-version
+++ b/.github/pipeline-version
@@ -1 +1 @@
-1.38.0
+1.39.0
diff --git a/.github/workflows/pb-create-package.yml b/.github/workflows/pb-create-package.yml
index 86e3ac3..c00f745 100644
--- a/.github/workflows/pb-create-package.yml
+++ b/.github/workflows/pb-create-package.yml
@@ -25,7 +25,7 @@ jobs:
                 username: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_USERNAME }}
             - uses: actions/setup-go@v5
               with:
-                go-version: "1.20"
+                go-version: "1.22"
             - name: Install create-package
               run: |
                 #!/usr/bin/env bash
@@ -33,9 +33,9 @@ jobs:
                 set -euo pipefail
 
                 go install -ldflags="-s -w" github.com/paketo-buildpacks/libpak/cmd/create-package@latest
-            - uses: buildpacks/github-actions/setup-tools@v5.5.3
+            - uses: buildpacks/github-actions/setup-tools@v5.6.0
               with:
-                crane-version: 0.19.0
+                crane-version: 0.19.1
                 yj-version: 5.1.0
             - name: Install pack
               run: |
@@ -219,7 +219,7 @@ jobs:
                 DIGEST: ${{ steps.package.outputs.digest }}
                 GITHUB_TOKEN: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
             - if: ${{ true }}
-              uses: docker://ghcr.io/buildpacks/actions/registry/request-add-entry:5.5.3
+              uses: docker://ghcr.io/buildpacks/actions/registry/request-add-entry:5.6.0
               with:
                 address: docker.io/paketobuildpacks/encrypt-at-rest@${{ steps.package.outputs.digest }}
                 id: paketo-buildpacks/encrypt-at-rest
diff --git a/.github/workflows/pb-tests.yml b/.github/workflows/pb-tests.yml
index d0a9087..3f2fddb 100644
--- a/.github/workflows/pb-tests.yml
+++ b/.github/workflows/pb-tests.yml
@@ -17,7 +17,7 @@ jobs:
         steps:
             - uses: actions/setup-go@v5
               with:
-                go-version: "1.20"
+                go-version: "1.22"
             - name: Install create-package
               run: |
                 #!/usr/bin/env bash
@@ -178,6 +178,7 @@ jobs:
               env:
                 FORMAT: image
                 PACKAGES: test
+                TTL_SH_PUBLISH: "false"
                 VERSION: ${{ steps.version.outputs.version }}
     unit:
         name: Unit Test
@@ -192,7 +193,7 @@ jobs:
                 restore-keys: ${{ runner.os }}-go-
             - uses: actions/setup-go@v5
               with:
-                go-version: "1.20"
+                go-version: "1.22"
             - name: Install richgo
               run: |
                 #!/usr/bin/env bash
diff --git a/.github/workflows/pb-update-go.yml b/.github/workflows/pb-update-go.yml
index abfb882..8f93e8e 100644
--- a/.github/workflows/pb-update-go.yml
+++ b/.github/workflows/pb-update-go.yml
@@ -11,7 +11,7 @@ jobs:
         steps:
             - uses: actions/setup-go@v5
               with:
-                go-version: "1.20"
+                go-version: "1.22"
             - uses: actions/checkout@v4
             - name: Update Go Version & Modules
               id: update-go
@@ -49,7 +49,7 @@ jobs:
                 echo "commit-body=${COMMIT_BODY}" >> "$GITHUB_OUTPUT"
                 echo "commit-semver=${COMMIT_SEMVER}" >> "$GITHUB_OUTPUT"
               env:
-                GO_VERSION: "1.20"
+                GO_VERSION: "1.22"
             - uses: peter-evans/create-pull-request@v6
               with:
                 author: ${{ secrets.JAVA_GITHUB_USERNAME }} <${{ secrets.JAVA_GITHUB_USERNAME }}@users.noreply.github.com>
diff --git a/.github/workflows/pb-update-pipeline.yml b/.github/workflows/pb-update-pipeline.yml
index b22b7a3..2c05223 100644
--- a/.github/workflows/pb-update-pipeline.yml
+++ b/.github/workflows/pb-update-pipeline.yml
@@ -16,7 +16,7 @@ jobs:
         steps:
             - uses: actions/setup-go@v5
               with:
-                go-version: "1.20"
+                go-version: "1.22"
             - name: Install octo
               run: |
                 #!/usr/bin/env bash
diff --git a/dare/build_test.go b/dare/build_test.go
index 30fdfd4..ed4cf9e 100644
--- a/dare/build_test.go
+++ b/dare/build_test.go
@@ -1,5 +1,5 @@
 /*
- * Copyright 2018-2020 the original author or authors.
+ * Copyright 2018-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,7 +17,6 @@
 package dare_test
 
 import (
-	"io/ioutil"
 	"os"
 	"testing"
 
@@ -41,10 +40,7 @@ func testBuild(t *testing.T, context spec.G, it spec.S) {
 	)
 
 	it.Before(func() {
-		var err error
-
-		ctx.Application.Path, err = ioutil.TempDir("", "build")
-		Expect(err).NotTo(HaveOccurred())
+		ctx.Application.Path = t.TempDir()
 
 		kp = &mocks.KeyProvider{}
 		build.KeyProviders = append(build.KeyProviders, kp)
diff --git a/dare/encrypt.go b/dare/encrypt.go
index f092d3e..317d5d1 100644
--- a/dare/encrypt.go
+++ b/dare/encrypt.go
@@ -1,5 +1,5 @@
 /*
- * Copyright 2018-2020 the original author or authors.
+ * Copyright 2018-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,7 +21,6 @@ import (
 	"crypto/sha256"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 
@@ -68,7 +67,7 @@ func (e Encrypt) Contribute(layer libcnb.Layer) (libcnb.Layer, error) {
 
 		e.Logger.Body("Writing salt")
 		file := filepath.Join(layer.Path, "salt")
-		if err := ioutil.WriteFile(file, salt[:], 0644); err != nil {
+		if err := os.WriteFile(file, salt[:], 0644); err != nil {
 			return libcnb.Layer{}, fmt.Errorf("unable to write %s\n%w", file, err)
 		}
 		layer.LaunchEnvironment.Default("BPI_EAR_SALT_PATH", file)
@@ -110,7 +109,7 @@ func (e Encrypt) Contribute(layer libcnb.Layer) (libcnb.Layer, error) {
 	}
 
 	e.Logger.Header("Removing source code")
-	cs, err := ioutil.ReadDir(e.ApplicationPath)
+	cs, err := os.ReadDir(e.ApplicationPath)
 	if err != nil {
 		return libcnb.Layer{}, fmt.Errorf("unable to list children of %s\n%w", e.ApplicationPath, err)
 	}
diff --git a/dare/encrypt_test.go b/dare/encrypt_test.go
index 3d3d749..4771bc1 100644
--- a/dare/encrypt_test.go
+++ b/dare/encrypt_test.go
@@ -1,5 +1,5 @@
 /*
- * Copyright 2018-2020 the original author or authors.
+ * Copyright 2018-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,7 +21,6 @@ import (
 	"crypto/sha256"
 	"encoding/hex"
 	"io"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"testing"
@@ -43,13 +42,8 @@ func testEncrypt(t *testing.T, context spec.G, it spec.S) {
 	)
 
 	it.Before(func() {
-		var err error
-
-		ctx.Application.Path, err = ioutil.TempDir("", "encrypt-application")
-		Expect(err).NotTo(HaveOccurred())
-
-		ctx.Layers.Path, err = ioutil.TempDir("", "encrypt-layers")
-		Expect(err).NotTo(HaveOccurred())
+		ctx.Application.Path = t.TempDir()
+		ctx.Layers.Path = t.TempDir()
 	})
 
 	it.After(func() {
@@ -58,7 +52,7 @@ func testEncrypt(t *testing.T, context spec.G, it spec.S) {
 	})
 
 	it("contributes encrypt", func() {
-		Expect(ioutil.WriteFile(filepath.Join(ctx.Application.Path, "fixture-marker"), []byte{}, 0644)).To(Succeed())
+		Expect(os.WriteFile(filepath.Join(ctx.Application.Path, "fixture-marker"), []byte{}, 0644)).To(Succeed())
 
 		master, err := hex.DecodeString("E48F0660412A993E62FB11CA086C2D353C95359AD3A3480E778FBA43DB694E60")
 		Expect(err).NotTo(HaveOccurred())
@@ -81,7 +75,7 @@ func testEncrypt(t *testing.T, context spec.G, it spec.S) {
 
 		Expect(layer.LaunchEnvironment["BPI_EAR_DECRYPTED_APPLICATION.default"]).To(Equal(ctx.Application.Path))
 
-		salt, err := ioutil.ReadFile(filepath.Join(layer.Path, "salt"))
+		salt, err := os.ReadFile(filepath.Join(layer.Path, "salt"))
 		Expect(err).NotTo(HaveOccurred())
 
 		var key [32]byte
diff --git a/helper/decrypt.go b/helper/decrypt.go
index 5dc1a2e..6045334 100644
--- a/helper/decrypt.go
+++ b/helper/decrypt.go
@@ -1,5 +1,5 @@
 /*
- * Copyright 2018-2020 the original author or authors.
+ * Copyright 2018-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,7 +21,6 @@ import (
 	"encoding/hex"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 
 	"github.com/minio/sio"
@@ -50,7 +49,7 @@ func (d Decrypt) Execute() (map[string]string, error) {
 	if !ok {
 		return nil, fmt.Errorf("$BPI_EAR_SALT_PATH must be set")
 	}
-	salt, err := ioutil.ReadFile(file)
+	salt, err := os.ReadFile(file)
 	if err != nil {
 		return nil, fmt.Errorf("unable to open %s\n%w", file, err)
 	}
@@ -70,7 +69,7 @@ func (d Decrypt) Execute() (map[string]string, error) {
 		return nil, fmt.Errorf("$BPI_EAR_DECRYPTED_APPLICATION must be set")
 	}
 	if unix.Access(file, unix.W_OK) != nil {
-		d.Logger.Info("ERROR: Unable to decrypt application because %s is not writable", file)
+		d.Logger.Infof("ERROR: Unable to decrypt application because %s is not writable", file)
 		return nil, fmt.Errorf("unable to write to %s", file)
 	}
 	out := file
@@ -86,7 +85,7 @@ func (d Decrypt) Execute() (map[string]string, error) {
 		return nil, fmt.Errorf("unable to create encrypted reader\n%w", err)
 	}
 
-	if err := crush.ExtractTar(r, out, 0); err != nil {
+	if err := crush.Extract(r, out, 0); err != nil {
 		return nil, fmt.Errorf("unable to extract TAR %s to %s\n%w", in.Name(), out, err)
 	}
 
diff --git a/helper/decrypt_test.go b/helper/decrypt_test.go
index 7b2d362..a9e236d 100644
--- a/helper/decrypt_test.go
+++ b/helper/decrypt_test.go
@@ -1,5 +1,5 @@
 /*
- * Copyright 2018-2020 the original author or authors.
+ * Copyright 2018-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -22,7 +22,6 @@ import (
 	"encoding/hex"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"testing"
@@ -50,17 +49,16 @@ func testDecrypt(t *testing.T, context spec.G, it spec.S) {
 	it.Before(func() {
 		var err error
 
-		decryptedPath, err = ioutil.TempDir("", "decrypt-decrypted")
-		Expect(err).NotTo(HaveOccurred())
+		decryptedPath = t.TempDir()
 
-		f, err := ioutil.TempFile("", "decrypt-encrypted")
+		f, err := os.CreateTemp("", "decrypt-encrypted")
 		Expect(err).NotTo(HaveOccurred())
 		Expect(f.Close()).To(Succeed())
 		encryptedPath = f.Name()
 
 		key = "E48F0660412A993E62FB11CA086C2D353C95359AD3A3480E778FBA43DB694E60"
 
-		f, err = ioutil.TempFile("", "decrypt-salt")
+		f, err = os.CreateTemp("", "decrypt-salt")
 		Expect(err).NotTo(HaveOccurred())
 		Expect(f.Close()).To(Succeed())
 		saltPath = f.Name()
@@ -138,7 +136,7 @@ func testDecrypt(t *testing.T, context spec.G, it spec.S) {
 						var salt [32]byte
 						_, err = io.ReadFull(rand.Reader, salt[:])
 						Expect(err).NotTo(HaveOccurred())
-						Expect(ioutil.WriteFile(saltPath, salt[:], 0644)).To(Succeed())
+						Expect(os.WriteFile(saltPath, salt[:], 0644)).To(Succeed())
 
 						var key [32]byte
 						kdf := hkdf.New(sha256.New, primary, salt[:], nil)
@@ -152,7 +150,7 @@ func testDecrypt(t *testing.T, context spec.G, it spec.S) {
 						Expect(err).NotTo(HaveOccurred())
 
 						file := filepath.Join(decryptedPath, "fixture-marker")
-						Expect(ioutil.WriteFile(file, []byte{}, 0644)).To(Succeed())
+						Expect(os.WriteFile(file, []byte{}, 0644)).To(Succeed())
 						Expect(crush.CreateTar(w, decryptedPath)).To(Succeed())
 						Expect(os.RemoveAll(file)).To(Succeed())