diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 702a4c5d7..3c38e1cae 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -12,7 +12,7 @@ jobs:
           check-latest: true
       - uses: golangci/golangci-lint-action@v6
         with:
-          version: v1.54.2
+          version: v1.59
       - name: Run go vet
         run: |
           go vet ./...
diff --git a/.golangci.yml b/.golangci.yml
index 0ec7162a7..f7f07deeb 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -11,12 +11,11 @@ linters:
   enable-all: true
   disable:
     - cyclop
-    - deadcode # deprecated
     - depguard
     - dupl
     - exhaustive
-    - exhaustivestruct
     - errorlint
+    - err113
     - funlen
     - gci
     - gochecknoglobals
@@ -26,31 +25,26 @@ linters:
     - gocyclo
     - godot
     - godox
-    - goerr113
     - gofumpt
-    - golint #deprecated
     - gomnd
     - gosec
     - govet
-    - interfacer # deprecated
-    - ifshort
+    - inamedparam # oh, sod off
     - ireturn # No, I _LIKE_ returning interfaces
     - lll
     - maintidx # Do this in code review
-    - maligned # deprecated
     - makezero
+    - mnd
     - nakedret
     - nestif
     - nlreturn
     - nonamedreturns # visit this back later
-    - nosnakecase
     - paralleltest
-    - scopelint # deprecated
-    - structcheck # deprecated
+    - perfsprint
     - tagliatelle
+    - testifylint # TODO: revisit when we have the chance
     - testpackage
     - thelper    # Tests are fine
-    - varcheck # deprecated
     - varnamelen # Short names are ok
     - wrapcheck
     - wsl
@@ -92,6 +86,10 @@ issues:
     - path: cmd/jwx/jwx.go
       linters:
         - forbidigo
+    - path: /*_test.go
+      text: "var-naming: "
+      litners:
+        - revive
 
   # Maximum issues count per one linter. Set to 0 to disable. Default is 50.
   max-issues-per-linter: 0
diff --git a/go.mod b/go.mod
index 3db422afe..b46182bf1 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/lestrrat-go/jwx/v2
 
-go 1.18
+go 1.19
 
 require (
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0
diff --git a/jwe/compress.go b/jwe/compress.go
index 45b666132..bc55841bb 100644
--- a/jwe/compress.go
+++ b/jwe/compress.go
@@ -34,7 +34,6 @@ func uncompress(src []byte, maxBufferSize int64) ([]byte, error) {
 
 		if readErr != nil {
 			// if it got here, then readErr == io.EOF, we're done
-			//nolint:nilerr
 			return dst.Bytes(), nil
 		}
 	}
diff --git a/jwk/jwk_test.go b/jwk/jwk_test.go
index 9ed60d370..2f6c9cd35 100644
--- a/jwk/jwk_test.go
+++ b/jwk/jwk_test.go
@@ -1890,7 +1890,7 @@ func TestFetch(t *testing.T) {
 		return
 	}
 
-	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
 		w.WriteHeader(http.StatusOK)
 		w.Write(expected)
 	}))
@@ -2011,7 +2011,7 @@ func TestGH567(t *testing.T) {
   ]
 }`
 
-	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
 		w.Header().Set(`Content-Type`, `application/json`)
 		w.WriteHeader(http.StatusOK)
 
diff --git a/jwk/refresh_test.go b/jwk/refresh_test.go
index 101bf9bdb..f7eba22cc 100644
--- a/jwk/refresh_test.go
+++ b/jwk/refresh_test.go
@@ -67,7 +67,7 @@ func TestCache(t *testing.T) {
 			}
 		}
 
-		srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
 			hdrs := w.Header()
 			hdrs.Set(`Content-Type`, `application/json`)
 			hdrs.Set(`Cache-Control`, `max-age=5`)
@@ -125,7 +125,7 @@ func TestCache(t *testing.T) {
 		defer cancel()
 
 		var accessCount int
-		srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
 			accessCount++
 
 			key := map[string]interface{}{
@@ -184,7 +184,7 @@ func TestCache(t *testing.T) {
 		defer cancel()
 
 		var accessCount int
-		srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
 			accessCount++
 
 			key := map[string]interface{}{
@@ -248,7 +248,7 @@ func TestCache(t *testing.T) {
 		defer cancel()
 
 		var accessCount int
-		srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
 			accessCount++
 			if accessCount > 1 && accessCount < 4 {
 				http.Error(w, "wait for it....", http.StatusForbidden)
@@ -426,7 +426,7 @@ func TestErrorSink(t *testing.T) {
 					})),
 				}
 			},
-			Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			Handler: http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
 				w.WriteHeader(http.StatusOK)
 				json.NewEncoder(w).Encode(k)
 			}),
diff --git a/jws/jws_test.go b/jws/jws_test.go
index 7c5ba4fba..cca85f602 100644
--- a/jws/jws_test.go
+++ b/jws/jws_test.go
@@ -1261,7 +1261,7 @@ func TestJKU(t *testing.T) {
 	require.NoError(t, err, `jwk.PublicKeyOf should succeed`)
 	set := jwk.NewSet()
 	set.AddKey(pubkey)
-	srv := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	srv := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
 		w.WriteHeader(http.StatusOK)
 		json.NewEncoder(w).Encode(set)
 	}))
@@ -1384,7 +1384,7 @@ func TestJKU(t *testing.T) {
 			require.Equal(t, pubkey.KeyID(), key.KeyID(), `key ID should be populated`)
 			set.AddKey(pubkey)
 		}
-		srv := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		srv := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
 			w.WriteHeader(http.StatusOK)
 			json.NewEncoder(w).Encode(set)
 		}))
diff --git a/jwt/jwt_test.go b/jwt/jwt_test.go
index 04379c306..4283b4e27 100644
--- a/jwt/jwt_test.go
+++ b/jwt/jwt_test.go
@@ -808,6 +808,7 @@ func TestCustomField(t *testing.T) {
 
 func TestParseRequest(t *testing.T) {
 	const u = "https://github.com/lestrrat-gow/jwx/jwt"
+	const xauth = "X-Authorization"
 
 	privkey, _ := jwxtest.GenerateEcdsaJwk()
 	privkey.Set(jwk.AlgorithmKey, jwa.ES256)
@@ -835,7 +836,7 @@ func TestParseRequest(t *testing.T) {
 			Parse: func(req *http.Request) (jwt.Token, error) {
 				return jwt.ParseRequest(req,
 					jwt.WithHeaderKey("Authorization"),
-					jwt.WithHeaderKey("x-authorization"),
+					jwt.WithHeaderKey(xauth),
 					jwt.WithFormKey("access_token"),
 					jwt.WithFormKey("token"),
 					jwt.WithCookieKey("cookie"),
@@ -885,30 +886,30 @@ func TestParseRequest(t *testing.T) {
 				return req
 			},
 			Parse: func(req *http.Request) (jwt.Token, error) {
-				return jwt.ParseRequest(req, jwt.WithHeaderKey("x-authorization"), jwt.WithKey(jwa.ES256, pubkey))
+				return jwt.ParseRequest(req, jwt.WithHeaderKey(xauth), jwt.WithKey(jwa.ES256, pubkey))
 			},
 			Error: true,
 		},
 		{
-			Name: "Token in x-authorization header (w/ option)",
+			Name: fmt.Sprintf("Token in %s header (w/ option)", xauth),
 			Request: func() *http.Request {
 				req := httptest.NewRequest(http.MethodGet, u, nil)
-				req.Header.Add("x-authorization", string(signed))
+				req.Header.Add(xauth, string(signed))
 				return req
 			},
 			Parse: func(req *http.Request) (jwt.Token, error) {
-				return jwt.ParseRequest(req, jwt.WithHeaderKey("x-authorization"), jwt.WithKey(jwa.ES256, pubkey))
+				return jwt.ParseRequest(req, jwt.WithHeaderKey(xauth), jwt.WithKey(jwa.ES256, pubkey))
 			},
 		},
 		{
-			Name: "Invalid token in x-authorization header",
+			Name: fmt.Sprintf("Invalid token in %s header", xauth),
 			Request: func() *http.Request {
 				req := httptest.NewRequest(http.MethodGet, u, nil)
-				req.Header.Add("x-authorization", string(signed)+"foobarbaz")
+				req.Header.Add(xauth, string(signed)+"foobarbaz")
 				return req
 			},
 			Parse: func(req *http.Request) (jwt.Token, error) {
-				return jwt.ParseRequest(req, jwt.WithHeaderKey("x-authorization"), jwt.WithKey(jwa.ES256, pubkey))
+				return jwt.ParseRequest(req, jwt.WithHeaderKey(xauth), jwt.WithKey(jwa.ES256, pubkey))
 			},
 			Error: true,
 		},
diff --git a/jwt/openid/openid_test.go b/jwt/openid/openid_test.go
index 15aba8e20..7d9a60096 100644
--- a/jwt/openid/openid_test.go
+++ b/jwt/openid/openid_test.go
@@ -478,10 +478,10 @@ func TestOpenIDClaims(t *testing.T) {
 		t.Run(token.Name, func(t *testing.T) {
 			for _, value := range base {
 				value := value
-				t.Run(value.Key, func(t *testing.T) {
+				t.Run(value.Key, func(_ *testing.T) {
 					value.Check(token.Token)
 				})
-				t.Run(value.Key+" via Get()", func(t *testing.T) {
+				t.Run(value.Key+" via Get()", func(_ *testing.T) {
 					expected := value.Value
 					if expf := value.Expected; expf != nil {
 						expected = expf(value.Value)