diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 0858d6e5..049ab53c 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -25,7 +25,7 @@ env:
   PRE_RELEASE: ${{ github.ref == 'refs/heads/main' && 'main' || '' }}
   GO_VERSION: "1.26"
   GO_RELEASER_VERSION: "v2.14.1"
-  GO_LANGCI_LINT_VERSION: "v2.10.1"
+  GO_LANGCI_LINT_VERSION: "v2.11.4"
   GO_TESTSUM_VERSION: "1.13.0"
   SYFT_VERSION: "v1.13.0"
 
@@ -47,20 +47,20 @@ jobs:
           gotestsum_version: ${{ env.GO_TESTSUM_VERSION }}
       -
         name: Setup QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@v4
       - 
         name: Setup Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v4
       -
         name: Login to GitHub Packages Docker Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           registry: https://ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
       -
         name: Build
-        uses: goreleaser/goreleaser-action@v6
+        uses: goreleaser/goreleaser-action@v7
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           DOCKER_CLI_EXPERIMENTAL: "enabled"
@@ -76,7 +76,7 @@ jobs:
           args: --timeout=30m
       -
         name: Test Snapshot
-        uses: goreleaser/goreleaser-action@v6
+        uses: goreleaser/goreleaser-action@v7
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           DOCKER_CLI_EXPERIMENTAL: "enabled"
@@ -129,13 +129,13 @@ jobs:
           go-version: ${{ env.GO_VERSION }}
       -
         name: Setup QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@v4
       - 
         name: Setup Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v4
       -
         name: Login to GitHub Packages Docker Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           registry: https://ghcr.io
           username: ${{ github.actor }}
@@ -147,7 +147,7 @@ jobs:
           syft-version: ${{ env.SYFT_VERSION }}
       -
         name: Push image to GitHub Container Registry
-        uses: goreleaser/goreleaser-action@v6
+        uses: goreleaser/goreleaser-action@v7
         with:
           distribution: goreleaser
           version: ${{ env.GO_RELEASER_VERSION }}
@@ -175,13 +175,13 @@ jobs:
           go-version: ${{ env.GO_VERSION }}
       -
         name: Setup QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@v4
       - 
         name: Setup Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v4
       -
         name: Login to GitHub Packages Docker Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           registry: https://ghcr.io
           username: ${{ github.actor }}
@@ -193,7 +193,7 @@ jobs:
           syft-version: ${{ env.SYFT_VERSION }}
       -
         name: Release
-        uses: goreleaser/goreleaser-action@v6
+        uses: goreleaser/goreleaser-action@v7
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           HOMEBREW_TAP: ${{ secrets.RELEASE_TOKEN }}
diff --git a/makefile b/makefile
index c08d37c4..50ea8e8d 100644
--- a/makefile
+++ b/makefile
@@ -25,7 +25,7 @@ EXT_TMP_DIR        := ${EXT_DIR}/tmp
 GO_VER             := 1.26
 SVU_VER            := 3.3.0
 GOTESTSUM_VER      := 1.13.0
-GOLANGCI-LINT_VER  := 2.10.1
+GOLANGCI-LINT_VER  := 2.11.4
 GORELEASER_VER     := 2.14.1
 SYFT_VER           := 1.13.0
 
diff --git a/topaz/clients/authorizer/client.go b/topaz/clients/authorizer/client.go
index a7f99e04..09482487 100644
--- a/topaz/clients/authorizer/client.go
+++ b/topaz/clients/authorizer/client.go
@@ -14,7 +14,7 @@ import (
 
 type Config struct {
 	Host      string            `flag:"host" short:"H" default:"${authorizer_svc}" env:"TOPAZ_AUTHORIZER_SVC" help:"authorizer service address"`
-	APIKey    string            `flag:"api-key" short:"k" default:"${authorizer_key}" env:"TOPAZ_AUTHORIZER_KEY" help:"authorizer API key"` //nolint:gosec,lll // G117
+	APIKey    string            `flag:"api-key" short:"k" default:"${authorizer_key}" env:"TOPAZ_AUTHORIZER_KEY" help:"authorizer API key"`
 	Token     string            `flag:"token" default:"${authorizer_token}" env:"TOPAZ_AUTHORIZER_TOKEN" help:"authorizer OAuth2.0 token" hidden:""`
 	Insecure  bool              `flag:"insecure" short:"i" default:"${insecure}" env:"TOPAZ_INSECURE" help:"skip TLS verification"`
 	Plaintext bool              `flag:"plaintext" short:"P" default:"${plaintext}" env:"TOPAZ_PLAINTEXT" help:"use plain-text HTTP/2 (no TLS)"`
diff --git a/topaz/clients/directory/client.go b/topaz/clients/directory/client.go
index 663f017f..700e6fdd 100644
--- a/topaz/clients/directory/client.go
+++ b/topaz/clients/directory/client.go
@@ -19,7 +19,7 @@ import (
 
 type Config struct {
 	Host      string            `flag:"host" short:"H" default:"${directory_svc}" env:"TOPAZ_DIRECTORY_SVC" help:"directory service address"`
-	APIKey    string            `flag:"api-key" short:"k" default:"${directory_key}" env:"TOPAZ_DIRECTORY_KEY" help:"directory API key"` //nolint:gosec,lll // G117
+	APIKey    string            `flag:"api-key" short:"k" default:"${directory_key}" env:"TOPAZ_DIRECTORY_KEY" help:"directory API key"`
 	Token     string            `flag:"token" default:"${directory_token}" env:"TOPAZ_DIRECTORY_TOKEN" help:"directory OAuth2.0 token" hidden:""`
 	Insecure  bool              `flag:"insecure" short:"i" default:"${insecure}" env:"TOPAZ_INSECURE" help:"skip TLS verification"`
 	Plaintext bool              `flag:"plaintext" short:"P" default:"${plaintext}" env:"TOPAZ_PLAINTEXT" help:"use plain-text HTTP/2 (no TLS)"`
diff --git a/topazd/app/handlers/authorizer.go b/topazd/app/handlers/authorizer.go
index e52a6df1..ff3439f4 100644
--- a/topazd/app/handlers/authorizer.go
+++ b/topazd/app/handlers/authorizer.go
@@ -10,7 +10,7 @@ func AuthorizersHandler(confServices *TopazCfg) func(w http.ResponseWriter, r *h
 		type AuthorizerInstance struct {
 			Name   string `json:"name"`
 			URL    string `json:"url"`
-			APIKey string `json:"apiKey"` //nolint:gosec // G117
+			APIKey string `json:"apiKey"`
 		}
 
 		type authorizersResult struct {
diff --git a/topazd/authorizer/impl/jwt.go b/topazd/authorizer/impl/jwt.go
index 1eedce7f..b6b50425 100644
--- a/topazd/authorizer/impl/jwt.go
+++ b/topazd/authorizer/impl/jwt.go
@@ -167,7 +167,7 @@ func (s *AuthorizerServer) jwksURL(ctx context.Context, baseURL string) (*url.UR
 
 	client := &http.Client{}
 
-	resp, err := client.Do(req) //nolint:gosec // G704: SSRF via taint analysis
+	resp, err := client.Do(req)
 	if err == nil {
 		defer func() { _ = resp.Body.Close() }()
 
diff --git a/topazd/authorizer/plugins/edge/plugin.go b/topazd/authorizer/plugins/edge/plugin.go
index f4df9086..09eb389e 100644
--- a/topazd/authorizer/plugins/edge/plugin.go
+++ b/topazd/authorizer/plugins/edge/plugin.go
@@ -48,7 +48,7 @@ const (
 type Config struct {
 	Enabled           bool              `json:"enabled"`             //
 	Addr              string            `json:"addr"`                //
-	APIKey            string            `json:"apikey"`              //nolint:gosec // G117
+	APIKey            string            `json:"apikey"`              //
 	Timeout           int               `json:"timeout"`             // timeout in seconds.
 	SyncInterval      int               `json:"sync_interval"`       // interval in minutes.
 	Insecure          bool              `json:"insecure"`            //