diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index 1ad8f45..586748d 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -16,7 +16,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@v3
       with:
-        go-version: 1.22
+        go-version: "1.23"
 
     - name: Test
       run: make test
diff --git a/jwk_test.go b/jwk_test.go
index 5d5ccdd..d7ac9b1 100644
--- a/jwk_test.go
+++ b/jwk_test.go
@@ -53,7 +53,10 @@ func TestJWK(t *testing.T) {
 		},
 	} {
 		server := httptest.NewUnstartedServer(jwkEndpoint(tc.Name))
-		server.TLS = &tls.Config{Certificates: []tls.Certificate{cert}}
+		server.TLS = &tls.Config{
+			Certificates: []tls.Certificate{cert},
+			MinVersion:   tls.VersionTLS13,
+		}
 		server.StartTLS()
 
 		secretProvidr, err := SecretProvider(SecretProviderConfig{URI: server.URL, LocalCA: "cert.pem"}, nil)
@@ -228,7 +231,10 @@ func TestJWK_cache(t *testing.T) {
 	} {
 		var hits uint32
 		server := httptest.NewUnstartedServer(jwkEndpointWithCounter(tc.Name, &hits))
-		server.TLS = &tls.Config{Certificates: []tls.Certificate{cert}}
+		server.TLS = &tls.Config{
+			Certificates: []tls.Certificate{cert},
+			MinVersion:   tls.VersionTLS13,
+		}
 		server.StartTLS()
 
 		cfg := SecretProviderConfig{
diff --git a/secrets/cypher.go b/secrets/cypher.go
index 3f4a43a..88d4389 100644
--- a/secrets/cypher.go
+++ b/secrets/cypher.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"crypto/aes"
 	"crypto/cipher"
-	"crypto/md5"
+	"crypto/md5" // skipcq: GSC-G501
 	"crypto/rand"
 	"encoding/hex"
 	"io"
@@ -73,7 +73,7 @@ func (c *Cypher) Close() {
 }
 
 func createHash(key []byte) string {
-	hasher := md5.New()
+	hasher := md5.New() // skipcq: GO-S1023, GSC-G401
 	hasher.Write(key)
 	return hex.EncodeToString(hasher.Sum(nil))
 }