diff --git a/.github/workflows/azwi-build.yaml b/.github/workflows/azwi-build.yaml
index b5539b6e..1e723f26 100644
--- a/.github/workflows/azwi-build.yaml
+++ b/.github/workflows/azwi-build.yaml
@@ -35,7 +35,7 @@ jobs:
           fetch-depth: 0
       - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: "1.22"
+          go-version: "1.23"
           check-latest: true
       - name: Build azwi
         run: |
diff --git a/.github/workflows/azwi-e2e.yaml b/.github/workflows/azwi-e2e.yaml
index 878e9b81..63cc6c77 100644
--- a/.github/workflows/azwi-e2e.yaml
+++ b/.github/workflows/azwi-e2e.yaml
@@ -37,7 +37,7 @@ jobs:
           fetch-depth: 0
       - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: "1.22"
+          go-version: "1.23"
           check-latest: true
       - name: Azure CLI
         run: |
diff --git a/.github/workflows/codecov.yaml b/.github/workflows/codecov.yaml
index bd546699..c2df2ab7 100644
--- a/.github/workflows/codecov.yaml
+++ b/.github/workflows/codecov.yaml
@@ -21,7 +21,7 @@ jobs:
       - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
       - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: "^1.22"
+          go-version: "^1.23"
           check-latest: true
       - name: Run tests
         run: make test
diff --git a/.github/workflows/create-release-pull-request.yaml b/.github/workflows/create-release-pull-request.yaml
index 5d1a0291..adbfb635 100644
--- a/.github/workflows/create-release-pull-request.yaml
+++ b/.github/workflows/create-release-pull-request.yaml
@@ -34,7 +34,7 @@ jobs:
           ref: "${{ github.event.inputs.based_on_branch }}"
       - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: "1.22"
+          go-version: "1.23"
           check-latest: true
       - run: make release-manifest
         env:
diff --git a/.github/workflows/create-release.yaml b/.github/workflows/create-release.yaml
index 7c161c0e..79eb7cb9 100644
--- a/.github/workflows/create-release.yaml
+++ b/.github/workflows/create-release.yaml
@@ -26,7 +26,7 @@ jobs:
           fetch-depth: 0
       - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: "1.22"
+          go-version: "1.23"
           check-latest: true
       - id: get-tag
         name: Get tag
diff --git a/.github/workflows/scan-vulns.yaml b/.github/workflows/scan-vulns.yaml
index 7fcc0cf9..0406afcd 100644
--- a/.github/workflows/scan-vulns.yaml
+++ b/.github/workflows/scan-vulns.yaml
@@ -25,6 +25,6 @@ jobs:
 
       - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: "1.22"
+          go-version: "1.23"
           check-latest: true
       - uses: golang/govulncheck-action@3a32958c2706f7048305d5a2e53633d7e37e97d0 # v1.0.2
diff --git a/.golangci.yml b/.golangci.yml
index 4fd58194..cdeaa888 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -1,6 +1,6 @@
 run:
   deadline: 20m
-  go-version: "1.22"
+  go-version: "1.23"
 
 linters:
   disable-all: true
@@ -28,6 +28,14 @@ linters:
   # Run with --fast=false for more extensive checks
   fast: true
 
+issues:
+  # default: 50
+  max-issues-per-linter: 0
+  exclude-rules:
+    - text: "unused-parameter: parameter '.*' seems to be unused, consider removing or renaming it as _"
+      linters:
+        - revive
+
 linters-settings:
   goimports:
     local-prefixes: github.com/Azure/azure-workload-identity
diff --git a/Makefile b/Makefile
index 89e53ab2..ec16ec5a 100644
--- a/Makefile
+++ b/Makefile
@@ -55,7 +55,7 @@ KUSTOMIZE_VER := v4.1.2
 KUSTOMIZE_BIN := kustomize
 KUSTOMIZE := $(TOOLS_BIN_DIR)/$(KUSTOMIZE_BIN)-$(KUSTOMIZE_VER)
 
-GOLANGCI_LINT_VER := v1.52.2
+GOLANGCI_LINT_VER := v1.61.0
 GOLANGCI_LINT_BIN := golangci-lint
 GOLANGCI_LINT := $(TOOLS_BIN_DIR)/$(GOLANGCI_LINT_BIN)-$(GOLANGCI_LINT_VER)
 
@@ -365,7 +365,7 @@ clean:
 
 .PHONY: lint
 lint: $(GOLANGCI_LINT)
-	$(GOLANGCI_LINT) run -v
+	$(GOLANGCI_LINT) run -v --timeout 5m
 
 .PHONY: helm-lint
 helm-lint: $(HELM)
diff --git a/docker/proxy-init.Dockerfile b/docker/proxy-init.Dockerfile
index 1c9eaa32..ee0377be 100644
--- a/docker/proxy-init.Dockerfile
+++ b/docker/proxy-init.Dockerfile
@@ -1,4 +1,4 @@
-FROM --platform=${TARGETPLATFORM:-linux/amd64} registry.k8s.io/build-image/distroless-iptables:v0.6.1
+FROM --platform=${TARGETPLATFORM:-linux/amd64} registry.k8s.io/build-image/distroless-iptables:v0.6.3
 
 COPY ./init/init-iptables.sh /bin/
 RUN chmod +x /bin/init-iptables.sh
diff --git a/docker/proxy.Dockerfile b/docker/proxy.Dockerfile
index 06e65b1f..2ceb6364 100644
--- a/docker/proxy.Dockerfile
+++ b/docker/proxy.Dockerfile
@@ -1,4 +1,4 @@
-FROM mcr.microsoft.com/oss/go/microsoft/golang:1.22-bookworm as builder
+FROM mcr.microsoft.com/oss/go/microsoft/golang:1.23-bookworm as builder
 
 ARG LDFLAGS
 
diff --git a/docker/webhook.Dockerfile b/docker/webhook.Dockerfile
index 7d93115a..97c9ad99 100644
--- a/docker/webhook.Dockerfile
+++ b/docker/webhook.Dockerfile
@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM mcr.microsoft.com/oss/go/microsoft/golang:1.22-bookworm as builder
+FROM mcr.microsoft.com/oss/go/microsoft/golang:1.23-bookworm as builder
 
 ARG LDFLAGS
 
diff --git a/examples/msal-go/Dockerfile b/examples/msal-go/Dockerfile
index 3d384667..9e50e0df 100644
--- a/examples/msal-go/Dockerfile
+++ b/examples/msal-go/Dockerfile
@@ -1,4 +1,4 @@
-FROM mcr.microsoft.com/oss/go/microsoft/golang:1.22-bookworm as builder
+FROM mcr.microsoft.com/oss/go/microsoft/golang:1.23-bookworm as builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests
diff --git a/go.mod b/go.mod
index 805e88f7..0b5b9149 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/Azure/azure-workload-identity
 
-go 1.22
+go 1.23.1
 
 require (
 	github.com/Azure/aad-pod-identity v1.8.17
diff --git a/pkg/cmd/podidentity/detect.go b/pkg/cmd/podidentity/detect.go
index df5334fc..ceed593c 100644
--- a/pkg/cmd/podidentity/detect.go
+++ b/pkg/cmd/podidentity/detect.go
@@ -60,7 +60,7 @@ func init() {
 type detectCmd struct {
 	namespace                     string
 	outputDir                     string
-	proxyPort                     int
+	proxyPort                     int32
 	serviceAccountTokenExpiration time.Duration
 	tenantID                      string
 	kubeClient                    client.Client
@@ -85,7 +85,7 @@ func newDetectCmd() *cobra.Command {
 	f := cmd.Flags()
 	f.StringVar(&detectCmd.namespace, "namespace", "default", "Namespace to detect the configuration")
 	f.StringVarP(&detectCmd.outputDir, "output-dir", "o", "", "Output directory to write the configuration files")
-	f.IntVarP(&detectCmd.proxyPort, "proxy-port", "p", 8000, "Proxy port to use for the proxy container")
+	f.Int32VarP(&detectCmd.proxyPort, "proxy-port", "p", 8000, "Proxy port to use for the proxy container")
 	f.DurationVar(&detectCmd.serviceAccountTokenExpiration, options.ServiceAccountTokenExpiration.Flag, time.Duration(webhook.DefaultServiceAccountTokenExpiration)*time.Second, options.ServiceAccountTokenExpiration.Description)
 	f.StringVar(&detectCmd.tenantID, "tenant-id", "", "Managed identity tenant id. If specified, the tenant id will be set as an annotation on the service account.")
 
@@ -349,7 +349,7 @@ func (dc *detectCmd) addProxyInitContainer(initContainers []corev1.Container) []
 		Env: []corev1.EnvVar{
 			{
 				Name:  "PROXY_PORT",
-				Value: strconv.Itoa(dc.proxyPort),
+				Value: strconv.FormatInt(int64(dc.proxyPort), 10),
 			},
 		},
 	}
@@ -381,7 +381,7 @@ func (dc *detectCmd) addProxyContainer(containers []corev1.Container) []corev1.C
 		},
 		Ports: []corev1.ContainerPort{
 			{
-				ContainerPort: int32(dc.proxyPort),
+				ContainerPort: dc.proxyPort,
 			},
 		},
 		Lifecycle: &corev1.Lifecycle{
diff --git a/pkg/webhook/consts.go b/pkg/webhook/consts.go
index 6dc2128c..e88cee91 100644
--- a/pkg/webhook/consts.go
+++ b/pkg/webhook/consts.go
@@ -28,7 +28,7 @@ const (
 	// This is the Kubernetes default value for projected service account token
 	DefaultServiceAccountTokenExpiration = int64(3600)
 	// DefaultProxySidecarPort is the default port for proxy sidecar
-	DefaultProxySidecarPort = int32(8000)
+	DefaultProxySidecarPort = 8000
 )
 
 const (
diff --git a/pkg/webhook/webhook.go b/pkg/webhook/webhook.go
index ca2e3ca4..830edda1 100644
--- a/pkg/webhook/webhook.go
+++ b/pkg/webhook/webhook.go
@@ -334,7 +334,7 @@ func getProxyPort(pod *corev1.Pod) (int32, error) {
 		return 0, errors.Wrap(err, "failed to parse proxy sidecar port")
 	}
 
-	return int32(parsed), nil
+	return int32(parsed), nil //nolint:gosec // disable G115
 }
 
 func validServiceAccountTokenExpiry(tokenExpiry int64) bool {
diff --git a/test/e2e/go.mod b/test/e2e/go.mod
index 7918fa2a..8a2f4531 100644
--- a/test/e2e/go.mod
+++ b/test/e2e/go.mod
@@ -1,6 +1,6 @@
 module github.com/Azure/azure-workload-identity/test/e2e
 
-go 1.22
+go 1.23.1
 
 replace (
 	k8s.io/api => k8s.io/api v0.29.4