diff --git a/.github/workflows/golangci-lint.yaml b/.github/workflows/golangci-lint.yaml
index 61a7363..3b2c86f 100644
--- a/.github/workflows/golangci-lint.yaml
+++ b/.github/workflows/golangci-lint.yaml
@@ -24,7 +24,7 @@ jobs:
           go-version: "1.20"
 
       - name: Run golangci-lint
-        uses: golangci/golangci-lint-action@v3
+        uses: golangci/golangci-lint-action@v8
         with:
-          # https://github.com/golangci/golangci-lint/releases/tag/v1.52.2
-          version: v1.52.2
+          # https://github.com/golangci/golangci-lint/releases/tag/v2.6.0
+          version: v2.6.0
diff --git a/.golangci.yaml b/.golangci.yaml
index d8eb660..3077817 100644
--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -1,37 +1,39 @@
-issues:
-  exclude-use-default: false
+version: "2"
 
-linters:
-  enable-all: true
-  disable:
-    # Linters that are deprecated.
-    - exhaustivestruct
-    - scopelint
-    - interfacer
-    - maligned
-    - golint
-    - ifshort
-    - structcheck
-    - nosnakecase
-    - deadcode
-    - varcheck
+formatters:
+  enable:
+    - gci
+    - gofmt
+    - gofumpt
+    - goimports
+
+  settings:
+    gci:
+      sections:
+        - standard
+        - default
+        - prefix(github.com/joshdk/aws-console)
 
-    # Linters that are disabled because of generics.
-    - rowserrcheck
-    - sqlclosecheck
-    - wastedassign
+linters:
+  default: all
 
-    # Linters that are not used for this project.
+  disable:
+    # Linters which are not used for this project:
+    - depguard
+    - err113
     - exhaustruct
-    - funlen
     - lll
+    - noinlineerr
     - tagliatelle
     - wrapcheck
 
-linters-settings:
-  goheader:
-    template: |-
-      Copyright Josh Komoroske. All rights reserved.
-      Use of this source code is governed by the MIT license,
-      a copy of which can be found in the LICENSE.txt file.
-      SPDX-License-Identifier: MIT
+    # Linters which are deprecated:
+    - wsl
+
+  settings:
+    goheader:
+      template: |-
+        Copyright Josh Komoroske. All rights reserved.
+        Use of this source code is governed by the MIT license,
+        a copy of which can be found in the LICENSE.txt file.
+        SPDX-License-Identifier: MIT
diff --git a/cmd/command.go b/cmd/command.go
index 62e1068..af55f61 100644
--- a/cmd/command.go
+++ b/cmd/command.go
@@ -13,12 +13,13 @@ import (
 
 	"github.com/atotto/clipboard"
 	"github.com/aws/aws-sdk-go/service/sts"
-	"github.com/joshdk/aws-console/console"
-	"github.com/joshdk/aws-console/credentials"
-	"github.com/joshdk/aws-console/qr"
 	"github.com/pkg/browser"
 	"github.com/spf13/cobra"
 	"jdk.sh/meta"
+
+	"github.com/joshdk/aws-console/console"
+	"github.com/joshdk/aws-console/credentials"
+	"github.com/joshdk/aws-console/qr"
 )
 
 type flags struct {
@@ -62,7 +63,7 @@ type flags struct {
 }
 
 // Command returns a complete handler for the aws-console cli.
-func Command() *cobra.Command { //nolint:cyclop
+func Command() *cobra.Command { //nolint:cyclop,funlen
 	var flags flags
 
 	cmd := &cobra.Command{
@@ -83,9 +84,12 @@ func Command() *cobra.Command { //nolint:cyclop
 
 		RunE: func(*cobra.Command, []string) error {
 			// Obtain credentials from either STDIN or a named AWS cli profile.
-			var creds *sts.Credentials
-			var err error
-			var region string
+			var (
+				creds  *sts.Credentials
+				err    error
+				region string
+			)
+
 			if flags.profile == "-" {
 				// Retrieve credentials from JSON via STDIN.
 				creds, err = credentials.FromReader(os.Stdin)
@@ -93,6 +97,7 @@ func Command() *cobra.Command { //nolint:cyclop
 				// Retrieve credentials from the AWS cli config files.
 				creds, region, err = credentials.FromConfig(flags.profile)
 			}
+
 			if err != nil {
 				return err
 			}
@@ -107,10 +112,11 @@ func Command() *cobra.Command { //nolint:cyclop
 				region = "us-east-1"
 			}
 
+			federatePolicy := resolvePolicyAlias(flags.federatePolicy)
+
 			// If the named profile was configured with user credentials
 			// (opposed to a role), then the user must be federated before an
 			// AWS Console login url can be generated.
-			federatePolicy := resolvePolicyAlias(flags.federatePolicy)
 			creds, err = credentials.FederateUser(creds, flags.federateName, federatePolicy, flags.duration, flags.userAgent)
 			if err != nil {
 				return err
@@ -120,7 +126,7 @@ func Command() *cobra.Command { //nolint:cyclop
 			// service in the AWS Console.
 			location, ok := resolveLocationAlias(flags.location, region)
 			if !ok {
-				return fmt.Errorf("could not resolve location %q", flags.location) //nolint:goerr113
+				return fmt.Errorf("could not resolve location %q", flags.location)
 			}
 
 			// Generate a login URL for the AWS Console.
@@ -206,7 +212,7 @@ func Command() *cobra.Command { //nolint:cyclop
 
 	// Define -s/--qr-size flag.
 	cmd.Flags().IntVarP(&flags.qrSize, "qr-size", "s",
-		780, //nolint:gomnd
+		780, //nolint:mnd
 		"width in pixels of QR code")
 
 	// Define -r/--region flag.
@@ -264,7 +270,7 @@ func Command() *cobra.Command { //nolint:cyclop
 
 // versionFmt returns the given literal, as well as a formatted string if
 // version metadata is set.
-func versionFmt(literal, format string, a ...interface{}) string {
+func versionFmt(literal, format string, a ...any) string {
 	if meta.Version() == "" {
 		return literal
 	}
diff --git a/console/console.go b/console/console.go
index 1f08319..5414025 100644
--- a/console/console.go
+++ b/console/console.go
@@ -68,6 +68,7 @@ func GenerateLoginURL(creds *sts.Credentials, duration time.Duration, location,
 	if err != nil {
 		return nil, err
 	}
+
 	req.Header.Set("User-Agent", userAgent) //nolint:wsl
 
 	// Perform the actual API request.
@@ -79,7 +80,7 @@ func GenerateLoginURL(creds *sts.Credentials, duration time.Duration, location,
 
 	// Verify that we received an HTTP 200 OK status code.
 	if resp.StatusCode != http.StatusOK {
-		return nil, fmt.Errorf("request failed: %s", resp.Status) //nolint:goerr113
+		return nil, fmt.Errorf("request failed: %s", resp.Status)
 	}
 
 	// Extract a signin token from the response body.
diff --git a/credentials/credentials.go b/credentials/credentials.go
index 9534f8c..c37e3c3 100644
--- a/credentials/credentials.go
+++ b/credentials/credentials.go
@@ -9,7 +9,7 @@ package credentials
 
 import (
 	"encoding/json"
-	"fmt"
+	"errors"
 	"io"
 	"time"
 
@@ -90,14 +90,14 @@ func FromReader(reader io.Reader) (*sts.Credentials, error) {
 	var result creds
 
 	if err := json.Unmarshal(body, &result); err == nil && result.Credentials.AccessKeyID != "" && result.Credentials.SecretAccessKey != "" {
-		// Credentials were unmarshaled into the entire struct.
+		// Credentials were unmarshalled into the entire struct.
 		return &sts.Credentials{
 			AccessKeyId:     aws.String(result.Credentials.AccessKeyID),
 			SecretAccessKey: aws.String(result.Credentials.SecretAccessKey),
 			SessionToken:    aws.String(result.Credentials.SessionToken),
 		}, nil
 	} else if err := json.Unmarshal(body, &result.Credentials); err == nil && result.Credentials.AccessKeyID != "" && result.Credentials.SecretAccessKey != "" {
-		// Credentials were unmarshaled into part of the struct.
+		// Credentials were unmarshalled into part of the struct.
 		return &sts.Credentials{
 			AccessKeyId:     aws.String(result.Credentials.AccessKeyID),
 			SecretAccessKey: aws.String(result.Credentials.SecretAccessKey),
@@ -105,8 +105,8 @@ func FromReader(reader io.Reader) (*sts.Credentials, error) {
 		}, nil
 	}
 
-	// Credentials could not be fully unmarshaled.
-	return nil, fmt.Errorf("failed to parse credentials") //nolint:goerr113
+	// Credentials could not be fully unmarshalled.
+	return nil, errors.New("failed to parse credentials")
 }
 
 // FederateUser will federate the given user credentials by calling STS