diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index 773bf4e..37d5147 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go-version: [1.20.x]
+        go-version: [1.22.x]
     steps:
     - name: Set up Go ${{ matrix.go-version }}
       uses: actions/setup-go@v2
@@ -33,7 +33,7 @@ jobs:
 
     - name: golangci-lint
       run: |
-        curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.51.2
+        curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin
         $(go env GOPATH)/bin/golangci-lint run --config ./.golangci.yml
 
   test:
@@ -41,7 +41,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        go-version: [1.18.x, 1.19.x, 1.20.x]
+        go-version: [1.21.x, 1.22.x]
         os: [ubuntu-latest, windows-latest, macos-latest]
     steps:
     - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
@@ -63,4 +63,4 @@ jobs:
       env:
         GO111MODULE: on
       run: |
-        go test -race ./...
\ No newline at end of file
+        go test -race ./...
diff --git a/.golangci.yml b/.golangci.yml
index 7c28294..dd2cc77 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -5,19 +5,26 @@ linters-settings:
   misspell:
     locale: US
 
+  staticcheck:
+    checks: ['all', '-SA6002']
+    
 linters:
   disable-all: true
   enable:
-    - typecheck
+    - durationcheck
+    - gocritic
+    - gofumpt
     - goimports
-    - misspell
+    - gomodguard
     - govet
     - ineffassign
-    - gosimple
-    - unused
-    - prealloc
-    - unconvert
+    - misspell
     - revive
+    - staticcheck
+    - tenv
+    - typecheck
+    - unconvert
+    - unused
 
 issues:
   exclude-use-default: false
@@ -25,5 +32,3 @@ issues:
       - should have a package comment
       - error strings should not be capitalized or end with punctuation or a newline
       - don't use ALL_CAPS in Go names
-service:
-  golangci-lint-version: 1.33.0 # use the fixed version to not introduce new linters unexpectedly
diff --git a/cmd/ncrypt/main.go b/cmd/ncrypt/main.go
index 769c2bc..a126e04 100644
--- a/cmd/ncrypt/main.go
+++ b/cmd/ncrypt/main.go
@@ -44,7 +44,7 @@ import (
 
 	"github.com/minio/sio"
 	"golang.org/x/crypto/scrypt"
-	"golang.org/x/crypto/ssh/terminal"
+	"golang.org/x/term"
 )
 
 const (
@@ -172,7 +172,7 @@ func parseIOArgs() (*os.File, *os.File) {
 			fmt.Fprintf(os.Stderr, "Failed to open '%s': %v\n", args[0], err)
 			exit(codeError)
 		}
-		cleanFn = append(cleanFn, func(code int) { in.Close() })
+		cleanFn = append(cleanFn, func(_ int) { in.Close() })
 		return in, os.Stdout
 	case 2:
 		in, err := os.Open(args[0])
@@ -196,21 +196,21 @@ func parseIOArgs() (*os.File, *os.File) {
 }
 
 func readPassword(src *os.File) []byte {
-	state, err := terminal.GetState(int(src.Fd()))
+	state, err := term.GetState(int(src.Fd()))
 	if err != nil {
 		fmt.Fprintln(os.Stderr, "Failed to read password:", err)
 		exit(codeError)
 	}
 	cleanFn = append(cleanFn, func(code int) {
-		stat, _ := terminal.GetState(int(src.Fd()))
+		stat, _ := term.GetState(int(src.Fd()))
 		if code == codeCancel && stat != nil && *stat != *state {
 			fmt.Fprintln(src, "\nFailed to read password: Interrupted")
 		}
-		terminal.Restore(int(src.Fd()), state)
+		term.Restore(int(src.Fd()), state)
 	})
 
 	fmt.Fprint(src, "Enter password:")
-	password, err := terminal.ReadPassword(int(src.Fd()))
+	password, err := term.ReadPassword(int(src.Fd()))
 	if err != nil {
 		fmt.Fprintln(os.Stderr, "Failed to read password:", err)
 		exit(codeError)
@@ -228,11 +228,12 @@ func deriveKey(dst, src *os.File) []byte {
 		password []byte
 		salt     = make([]byte, 32)
 	)
-	if passwordFlag != "" {
+	switch {
+	case passwordFlag != "":
 		password = []byte(passwordFlag)
-	} else if src == os.Stdin {
+	case src == os.Stdin:
 		password = readPassword(os.Stderr)
-	} else {
+	default:
 		password = readPassword(os.Stdin)
 	}
 	if decryptFlag {
diff --git a/dare.go b/dare.go
index cf785e0..8d8fe0c 100644
--- a/dare.go
+++ b/dare.go
@@ -31,7 +31,7 @@ func (h headerV10) SetVersion()                  { h[0] = Version10 }
 func (h headerV10) SetCipher(suite byte)         { h[1] = suite }
 func (h headerV10) SetLen(length int)            { binary.LittleEndian.PutUint16(h[2:], uint16(length-1)) }
 func (h headerV10) SetSequenceNumber(num uint32) { binary.LittleEndian.PutUint32(h[4:], num) }
-func (h headerV10) SetRand(randVal []byte)       { copy(h[8:headerSize], randVal[:]) }
+func (h headerV10) SetRand(randVal []byte)       { copy(h[8:headerSize], randVal) }
 func (h headerV10) Nonce() []byte                { return h[4:headerSize] }
 func (h headerV10) AddData() []byte              { return h[:4] }
 
@@ -256,7 +256,7 @@ func (ad *authDecV20) Open(dst, src []byte) error {
 		ad.finalized = true
 		refNonce[0] |= 0x80 // set final flag
 	}
-	if subtle.ConstantTimeCompare(header.Nonce(), refNonce[:]) != 1 {
+	if subtle.ConstantTimeCompare(header.Nonce(), refNonce) != 1 {
 		return errNonceMismatch
 	}
 
diff --git a/go.mod b/go.mod
index f7d66e6..02de0d0 100644
--- a/go.mod
+++ b/go.mod
@@ -1,10 +1,10 @@
 module github.com/minio/sio
 
 require (
-	golang.org/x/crypto v0.6.0
-	golang.org/x/sys v0.5.0
+	golang.org/x/crypto v0.23.0
+	golang.org/x/sys v0.20.0
 )
 
-require golang.org/x/term v0.5.0 // indirect
+require golang.org/x/term v0.20.0
 
 go 1.18
diff --git a/go.sum b/go.sum
index 7dc8bcc..e348395 100644
--- a/go.sum
+++ b/go.sum
@@ -1,6 +1,6 @@
-golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc=
-golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
-golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
-golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY=
-golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI=
+golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
+golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
+golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw=
+golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
diff --git a/sio_test.go b/sio_test.go
index 96bd8d9..dc25326 100644
--- a/sio_test.go
+++ b/sio_test.go
@@ -119,11 +119,9 @@ func TestDecryptBuffer(t *testing.T) {
 
 	for _, version := range versions {
 		t.Run(fmt.Sprintf("v-%x", version), func(t *testing.T) {
-
 			config.MinVersion, config.MaxVersion = version, version
 			for i, test := range ioTests {
 				t.Run(fmt.Sprintf("test-%d", i), func(t *testing.T) {
-
 					data := make([]byte, test.datasize)
 					if _, err := io.ReadFull(rand.Reader, data); err != nil {
 						t.Fatalf("Version %d: Test %d: Failed to generate random data: %v", version, i, err)
@@ -468,7 +466,7 @@ func testFile(t *testing.T, file string) {
 
 func TestFiles(t *testing.T) {
 	fileList := []string{}
-	err := filepath.Walk(".", func(path string, f os.FileInfo, err error) error {
+	err := filepath.Walk(".", func(path string, f os.FileInfo, _ error) error {
 		if !f.IsDir() {
 			fileList = append(fileList, path)
 		}