diff --git a/download/download_test.go b/download/download_test.go
index e5db61b54a..09080c1c7c 100644
--- a/download/download_test.go
+++ b/download/download_test.go
@@ -489,7 +489,7 @@ func TestTriggerManualWithTimeout(t *testing.T) {
 	}
 
 	d := New(config, fixture.client, "/bundles/test/bundle1").
-		WithCallback(func(_ context.Context, u Update) {
+		WithCallback(func(context.Context, Update) {
 			time.Sleep(3 * time.Second) // this should cause the context deadline to exceed
 		})
 
@@ -512,12 +512,12 @@ func TestTriggerManualWithTimeout(t *testing.T) {
 		t.Fatal("Expected error but got nil")
 	}
 
-	exp := "context deadline exceeded"
-	if ctx.Err().Error() != exp {
-		t.Fatalf("Expected error %v but got %v", exp, ctx.Err().Error())
+	exp := context.DeadlineExceeded
+	if ctx.Err() != exp {
+		t.Fatalf("Expected error %v but got %v", exp, ctx.Err())
 	}
 
-	d.Stop(ctx)
+	d.Stop(context.Background())
 }
 
 func TestDownloadLongPollNotModifiedOn304(t *testing.T) {
@@ -696,15 +696,14 @@ func (t *testFixture) oneShot(ctx context.Context, u Update) {
 }
 
 type testServer struct {
-	t                         *testing.T
-	expCode                   int
-	expEtag                   string
-	expAuth                   string
-	bundles                   map[string]bundle.Bundle
-	server                    *httptest.Server
-	etagInResponse            bool
-	longPoll                  bool
-	opaVendorMediaTypeEnabled bool
+	t              *testing.T
+	expCode        int
+	expEtag        string
+	expAuth        string
+	bundles        map[string]bundle.Bundle
+	server         *httptest.Server
+	etagInResponse bool
+	longPoll       bool
 }
 
 func (t *testServer) handle(w http.ResponseWriter, r *http.Request) {
diff --git a/plugins/rest/rest.go b/plugins/rest/rest.go
index 805409644d..385601c9af 100644
--- a/plugins/rest/rest.go
+++ b/plugins/rest/rest.go
@@ -31,8 +31,8 @@ const (
 // An HTTPAuthPlugin represents a mechanism to construct and configure HTTP authentication for a REST service
 type HTTPAuthPlugin interface {
 	// implementations can assume NewClient will be called before Prepare
-	NewClient(c Config) (*http.Client, error)
-	Prepare(req *http.Request) error
+	NewClient(Config) (*http.Client, error)
+	Prepare(*http.Request) error
 }
 
 // Config represents configuration for a REST client.
@@ -236,8 +236,7 @@ func (c Client) Do(ctx context.Context, method, path string) (*http.Response, er
 	var body io.Reader
 
 	if c.bytes != nil {
-		buf := bytes.NewBuffer(*c.bytes)
-		body = buf
+		body = bytes.NewReader(*c.bytes)
 	} else if c.json != nil {
 		var buf bytes.Buffer
 		if err := json.NewEncoder(&buf).Encode(*c.json); err != nil {
diff --git a/plugins/rest/rest_auth.go b/plugins/rest/rest_auth.go
index 3b718d41c0..4ee3e11486 100644
--- a/plugins/rest/rest_auth.go
+++ b/plugins/rest/rest_auth.go
@@ -90,7 +90,7 @@ func DefaultRoundTripperClient(t *tls.Config, timeout int64) *http.Client {
 // defaultAuthPlugin represents baseline 'no auth' behavior if no alternative plugin is specified for a service
 type defaultAuthPlugin struct{}
 
-func (ap *defaultAuthPlugin) NewClient(c Config) (*http.Client, error) {
+func (*defaultAuthPlugin) NewClient(c Config) (*http.Client, error) {
 	t, err := DefaultTLSConfig(c)
 	if err != nil {
 		return nil, err
@@ -98,7 +98,7 @@ func (ap *defaultAuthPlugin) NewClient(c Config) (*http.Client, error) {
 	return DefaultRoundTripperClient(t, *c.ResponseHeaderTimeoutSeconds), nil
 }
 
-func (ap *defaultAuthPlugin) Prepare(req *http.Request) error {
+func (*defaultAuthPlugin) Prepare(*http.Request) error {
 	return nil
 }