diff --git a/.golangci.yml b/.golangci.yml
index e4d0cf1..678beb5 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -9,7 +9,9 @@ run:
   modules-download-mode: readonly
 
 output:
-  format: tab
+  formats:
+    - format: tab
+      path: stdout
 
 issues:
   # This disables the included exclude-list in golangci-lint as that
@@ -29,11 +31,11 @@ linters:
     - bodyclose     # checks whether HTTP response body is closed successfully [fast: true, auto-fix: false]
     - containedctx  # containedctx is a linter that detects struct contained context.Context field [fast: true, auto-fix: false]
     - contextcheck  # check the function whether use a non-inherited context [fast: false, auto-fix: false]
+    - copyloopvar   # copyloopvar is a linter detects places where loop variables are copied [fast: true, auto-fix: false]
     - dogsled       # Checks assignments with too many blank identifiers (e.g. x, _, _, _, := f()) [fast: true, auto-fix: false]
     - durationcheck # check for two durations multiplied together [fast: false, auto-fix: false]
     - errcheck      # Errcheck is a program for checking for unchecked errors in go programs. These unchecked errors can be critical bugs in some cases [fast: false, auto-fix: false]
     - errchkjson    # Checks types passed to the json encoding functions. Reports unsupported types and optionally reports occations, where the check for the returned error can be omitted. [fast: false, auto-fix: false]
-    - exportloopref # checks for pointers to enclosing loop variables [fast: true, auto-fix: false]
     - forbidigo     # Forbids identifiers [fast: true, auto-fix: false]
     - funlen        # Tool for detection of long functions [fast: true, auto-fix: false]
     - gocognit      # Computes and checks the cognitive complexity of functions [fast: true, auto-fix: false]
@@ -44,12 +46,12 @@ linters:
     - gofmt         # Gofmt checks whether code was gofmt-ed. By default this tool runs with -s option to check for code simplification [fast: true, auto-fix: true]
     - gofumpt       # Gofumpt checks whether code was gofumpt-ed. [fast: true, auto-fix: true]
     - goimports     # Goimports does everything that gofmt does. Additionally it checks unused imports [fast: true, auto-fix: true]
-    - gomnd         # An analyzer to detect magic numbers. [fast: true, auto-fix: false]
     - gosec         # Inspects source code for security problems [fast: true, auto-fix: false]
     - gosimple      # Linter for Go source code that specializes in simplifying a code [fast: true, auto-fix: false]
     - govet         # Vet examines Go source code and reports suspicious constructs, such as Printf calls whose arguments do not align with the format string [fast: true, auto-fix: false]
     - ineffassign   # Detects when assignments to existing variables are not used [fast: true, auto-fix: false]
     - misspell      # Finds commonly misspelled English words in comments [fast: true, auto-fix: true]
+    - mnd           # An analyzer to detect magic numbers. [fast: true, auto-fix: false]
     - nakedret      # Finds naked returns in functions greater than a specified function length [fast: true, auto-fix: false]
     - nilerr        # Finds the code that returns nil even if it checks that the error is not nil. [fast: false, auto-fix: false]
     - nilnil        # Checks that there is no simultaneous return of `nil` error and an invalid value. [fast: false, auto-fix: false]
@@ -75,9 +77,7 @@ linters-settings:
     min-complexity: 15
 
   gomnd:
-    settings:
-      mnd:
-        ignored-functions: 'strconv.(?:Format|Parse)\B+'
+    ignored-functions: 'strconv.(?:Format|Parse)\B+'
 
   revive:
     rules:
diff --git a/api.go b/api.go
index 82de183..6911bb2 100644
--- a/api.go
+++ b/api.go
@@ -59,7 +59,7 @@ func (a apiServer) handleCreate(res http.ResponseWriter, r *http.Request) {
 		// As a safeguard against HUGE payloads behind a misconfigured
 		// proxy we take double the maximum secret size after which we
 		// just close the read and cut the connection to the sender.
-		r.Body = http.MaxBytesReader(res, r.Body, cust.MaxSecretSize*2) //nolint:gomnd
+		r.Body = http.MaxBytesReader(res, r.Body, cust.MaxSecretSize*2) //nolint:mnd
 	}
 
 	var (
diff --git a/ci/translate/main.go b/ci/translate/main.go
index 0e3d4ff..0b91b43 100644
--- a/ci/translate/main.go
+++ b/ci/translate/main.go
@@ -276,7 +276,7 @@ func saveTranslationFile(tf translationFile) error {
 	}
 
 	encoder := yaml.NewEncoder(f)
-	encoder.SetIndent(2) //nolint:gomnd
+	encoder.SetIndent(2) //nolint:mnd
 
 	if err = encoder.Encode(tf); err != nil {
 		f.Close() //nolint:errcheck,gosec,revive // Short-lived fd-leak
diff --git a/ci/translate/verify.go b/ci/translate/verify.go
index 80e2337..6c21eb9 100644
--- a/ci/translate/verify.go
+++ b/ci/translate/verify.go
@@ -11,8 +11,6 @@ import (
 var langKeyFormat = regexp.MustCompile(`^[a-z]{2}(-[A-Z]{2})?$`)
 
 func verify(tf translationFile) error {
-	var err error
-
 	if !langKeyFormat.MatchString(tf.Reference.LanguageKey) {
 		return errors.New("reference contains invalid languageKey")
 	}
@@ -29,7 +27,7 @@ func verify(tf translationFile) error {
 			tf.Reference.FormalTranslations,
 			tf.Reference.Translations,
 			false,
-		); err != nil {
+		) {
 			return errors.New("reference contains error in formalTranslations")
 		}
 	}
diff --git a/cmd/ots-cli/cmd_fetch.go b/cmd/ots-cli/cmd_fetch.go
index d777d92..b738164 100644
--- a/cmd/ots-cli/cmd_fetch.go
+++ b/cmd/ots-cli/cmd_fetch.go
@@ -72,7 +72,7 @@ func fetchRunE(cmd *cobra.Command, args []string) error {
 func storeAttachment(dir string, f client.SecretAttachment) error {
 	// First lets find a free file name to save the file as
 	var (
-		fileNameFragments = strings.SplitN(f.Name, ".", 2) //nolint:gomnd
+		fileNameFragments = strings.SplitN(f.Name, ".", 2) //nolint:mnd
 		i                 int
 		storeName         = path.Join(dir, f.Name)
 		storeNameTpl      string
diff --git a/pkg/client/client.go b/pkg/client/client.go
index 53a6bc3..cb7e7f6 100644
--- a/pkg/client/client.go
+++ b/pkg/client/client.go
@@ -40,7 +40,7 @@ var HTTPClient HTTPClientIntf = http.DefaultClient
 //
 // The corresponding settings are found in `/src/crypto.js` in the OTS
 // source code.
-var KeyDerivationFunc = openssl.NewPBKDF2Generator(sha512.New, 300000) //nolint:gomnd // that's the definition
+var KeyDerivationFunc = openssl.NewPBKDF2Generator(sha512.New, 300000) //nolint:mnd // that's the definition
 
 // Logger can be set to enable logging from the library. By default
 // all log-messages will be discarded.
@@ -158,7 +158,7 @@ func Fetch(secretURL string) (s Secret, err error) {
 	if err != nil {
 		return s, fmt.Errorf("unescaping fragment: %w", err)
 	}
-	fragmentParts := strings.SplitN(fragment, "|", 2) //nolint:gomnd
+	fragmentParts := strings.SplitN(fragment, "|", 2) //nolint:mnd
 
 	fetchURL := u.JoinPath(strings.Join([]string{".", "api", "get", fragmentParts[0]}, "/")).String()
 	ctx, cancel := context.WithTimeout(context.Background(), RequestTimeout)