diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 5fe8b02a..5423fbb6 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -11,7 +11,7 @@ jobs:
   lint:
     runs-on: ubuntu-latest
     env:
-      GOLANGCI_LINT_VERSION: v1.61.0
+      GOLANGCI_LINT_VERSION: v2.0.2
 
     steps:
       - uses: actions/checkout@v4
@@ -21,7 +21,7 @@ jobs:
           go-version-file: 'go.mod'
           cache: true
       - name: Lint code
-        uses: golangci/golangci-lint-action@v6
+        uses: golangci/golangci-lint-action@v7
         with:
           version: ${{ env.GOLANGCI_LINT_VERSION }}
 
diff --git a/.golangci.yml b/.golangci.yml
index 28e1c710..3ef376ad 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -1,86 +1,86 @@
+version: "2"
 run:
   tests: false
-  timeout: 5m
 
-linters-settings:
-  cyclop:
-    max-complexity: 12
-    skip-tests: true
-  errcheck:
-    exclude-functions:
-      - (*go.etcd.io/etcd/client/v3/concurrency.Mutex).Unlock
-      - (*go.etcd.io/etcd/client/v3/concurrency.Session).Close
-  gofumpt:
-    extra-rules: true
+formatters:
+  enable:
+    - gci
+    - gofmt
+    - gofumpt
+    - goimports
+  settings:
+    gofumpt:
+      extra-rules: true
+  exclusions:
+    generated: lax
 
 linters:
-  enable-all: true
+  default: all
   disable:
-    - perfsprint # new
-    - testifylint # new
-    - spancheck # new
-    - rowserrcheck # new
-    - mnd # new
-    - intrange # new
-    - depguard # new
-    - revive # new
-    - errcheck # new
+    - cyclop
+    - depguard
+    - err113
+    - errcheck
     - errchkjson
     - exhaustive
     - exhaustruct
-    - execinquery # deprecated
-    - exportloopref # deprecated
+    - forbidigo
     - forcetypeassert
     - funlen
     - gochecknoglobals
     - gochecknoinits
+    - gocognit
     - goconst
     - godox
-    - err113
-    - gomnd
+    - intrange
     - ireturn
     - lll
+    - mnd
     - musttag
     - nilnil
     - nlreturn
     - nonamedreturns
+    - perfsprint
+    - recvcheck
+    - revive
+    - rowserrcheck
+    - spancheck
     - tagliatelle
+    - testifylint
     - varnamelen
     - wrapcheck
     - wsl
-    - cyclop # TODO: turn this back on later
-    - gocognit # TODO: turn this back on later
-    - forbidigo # TODO: turn this back on later
-
-issues:
-  exclude-use-default: false
-  exclude:
-    - "package-comments: should have a package comment"
-    - "ST1000: at least one file in a package should have a package comment"
-    - "G204: Subprocess launched with a potential tainted input or cmd arguments"
-    - "G204: Subprocess launched with variable"
-    - "G402: TLS MinVersion too low."
-    - "const `op` is unused"
-    - "G115: integer overflow conversion int -> int32"
-  exclude-rules:
-    - path: cmd/proxy/main.go
-      text: "G108: Profiling endpoint is automatically exposed on /debug/pprof"
-    - path: pkg/stash/stasher.go
-      linters:
-        - contextcheck
-    - path: pkg/stash/with_azureblob.go # False positive
-      linters:
-        - bodyclose
-    - path: pkg/storage/azureblob/azureblob.go # False positive
-      linters:
-        - bodyclose
-    - path: pkg/storage/compliance/*
-      linters:
-        - thelper
-        - gosec
-        - errcheck
-    - path: pkg/index/compliance/*
-      linters:
-        - thelper
-        - gosec
-        - errcheck
+  settings:
+    cyclop:
+      max-complexity: 12
+    gosec:
+      excludes:
+        - G204
+        - G402
+  exclusions:
+    generated: lax
+    rules:
+      - path: cmd/proxy/main.go
+        text: 'G108: Profiling endpoint is automatically exposed on /debug/pprof'
+      - linters:
+          - contextcheck
+        path: pkg/stash/stasher.go
+      - linters:
+          - bodyclose
+        path: pkg/stash/with_azureblob.go
+      - linters:
+          - bodyclose
+        path: pkg/storage/azureblob/azureblob.go
+      - linters:
+          - gosec
+          - thelper
+        path: pkg/storage/compliance/*
+      - linters:
+          - thelper
+        path: pkg/index/compliance/*
+      - path: (.+)\.go$
+        text: 'package-comments: should have a package comment'
+      - path: (.+)\.go$
+        text: 'ST1000: at least one file in a package should have a package comment'
+      - path: (.+)\.go$
+        text: 'G115: integer overflow conversion int -> int32'
diff --git a/pkg/config/config.go b/pkg/config/config.go
index 0fb5fa8f..df4917b8 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -100,7 +100,6 @@ func (el *EnvList) Add(key, value string) {
 // See the below link for more information:
 // https://github.com/gomods/athens/issues/1404
 func (el *EnvList) Decode(value string) error {
-	const op errors.Op = "envList.Decode"
 	if value == "" {
 		return nil
 	}
diff --git a/pkg/index/mem/mem.go b/pkg/index/mem/mem.go
index e6d0bf7e..0eeca4a0 100644
--- a/pkg/index/mem/mem.go
+++ b/pkg/index/mem/mem.go
@@ -20,7 +20,7 @@ type indexer struct {
 	lines []*index.Line
 }
 
-func (i *indexer) Index(ctx context.Context, mod, ver string) error {
+func (i *indexer) Index(_ context.Context, mod, ver string) error {
 	const op errors.Op = "mem.Index"
 	i.mu.Lock()
 	defer i.mu.Unlock()
@@ -37,8 +37,7 @@ func (i *indexer) Index(ctx context.Context, mod, ver string) error {
 	return nil
 }
 
-func (i *indexer) Lines(ctx context.Context, since time.Time, limit int) ([]*index.Line, error) {
-	const op errors.Op = "mem.Lines"
+func (i *indexer) Lines(_ context.Context, since time.Time, limit int) ([]*index.Line, error) {
 	lines := []*index.Line{}
 	var count int
 	i.mu.RLock()
diff --git a/pkg/middleware/filter.go b/pkg/middleware/filter.go
index ea88b7c0..01337046 100644
--- a/pkg/middleware/filter.go
+++ b/pkg/middleware/filter.go
@@ -5,7 +5,6 @@ import (
 	"net/url"
 	"strings"
 
-	"github.com/gomods/athens/pkg/errors"
 	"github.com/gomods/athens/pkg/module"
 	"github.com/gomods/athens/pkg/paths"
 	"github.com/gorilla/mux"
@@ -14,7 +13,6 @@ import (
 // NewFilterMiddleware builds a middleware function that implements the
 // filters configured in the filter file.
 func NewFilterMiddleware(mf *module.Filter, upstreamEndpoint string) mux.MiddlewareFunc {
-	const op errors.Op = "actions.NewFilterMiddleware"
 	return func(h http.Handler) http.Handler {
 		f := func(w http.ResponseWriter, r *http.Request) {
 			mod, err := paths.GetModule(r)
diff --git a/pkg/middleware/validation.go b/pkg/middleware/validation.go
index 371b3df8..ce369479 100644
--- a/pkg/middleware/validation.go
+++ b/pkg/middleware/validation.go
@@ -16,7 +16,6 @@ import (
 // NewValidationMiddleware builds a middleware function that performs validation checks by calling
 // an external webhook.
 func NewValidationMiddleware(client *http.Client, validatorHook string) mux.MiddlewareFunc {
-	const op errors.Op = "actions.NewValidationMiddleware"
 	return func(h http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			mod, err := paths.GetModule(r)
diff --git a/pkg/storage/checker.go b/pkg/storage/checker.go
index 8f017b19..55b56ebf 100644
--- a/pkg/storage/checker.go
+++ b/pkg/storage/checker.go
@@ -26,7 +26,6 @@ type checker struct {
 }
 
 func (c *checker) Exists(ctx context.Context, module, version string) (bool, error) {
-	const op errors.Op = "checker.Exists"
 	_, err := c.strg.Info(ctx, module, version)
 	if err != nil {
 		if errors.Is(err, errors.KindNotFound) {
diff --git a/pkg/storage/gcp/saver.go b/pkg/storage/gcp/saver.go
index b430d64d..2378395c 100644
--- a/pkg/storage/gcp/saver.go
+++ b/pkg/storage/gcp/saver.go
@@ -156,8 +156,8 @@ func (s *Storage) upload(ctx context.Context, path string, stream io.Reader, fir
 	// We set this metadata only for the first of the three files uploaded,
 	// for use as a singleflight lock.
 	if first {
-		wc.ObjectAttrs.Metadata = make(map[string]string)
-		wc.ObjectAttrs.Metadata["in_progress"] = "true"
+		wc.Metadata = make(map[string]string)
+		wc.Metadata["in_progress"] = "true"
 	}
 
 	// NOTE: content type is auto detected on GCP side and ACL defaults to public