diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 364115afd78..227ef3cdd5c 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -13,14 +13,14 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ master ]
+    branches:
+      - master
   pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ master ]
+    branches:
+      - master
   schedule:
     - cron: '44 8 * * 3'
 
-# Declare default permissions as read only.
 permissions: read-all
 
 jobs:
@@ -36,9 +36,6 @@ jobs:
       fail-fast: false
       matrix:
         language: [ 'go' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
-        # Learn more about CodeQL language support at
-        # https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks
 
     steps:
     - name: Harden Runner
@@ -58,20 +55,19 @@ jobs:
     - name: Checkout repository
       uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
 
+    - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+      with:
+        go-version: '1.22'
+        check-latest: true
+
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4
+      uses: github/codeql-action/init@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7
       with:
         languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        # queries: ./path/to/local/query, your-org/your-repo/queries@main
 
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4
+      uses: github/codeql-action/autobuild@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -85,4 +81,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4
+      uses: github/codeql-action/analyze@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index cb3e8dd3e79..c72e6f57f1f 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -17,7 +17,7 @@ jobs:
 
       - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: '1.21'
+          go-version: '1.22'
           check-latest: true
 
       - name: golangci-lint
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index a4e8a3c9bb0..bd04b9712fb 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -15,7 +15,7 @@ jobs:
     steps:
       - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: '1.21'
+          go-version: '1.22'
           check-latest: true
       - uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
       - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v3.5.2
@@ -32,7 +32,7 @@ jobs:
         uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
         if: "!contains(github.ref, 'refs/tags')"
         with:
-          args: release --clean --snapshot --skip sign
+          args: release --clean --snapshot --skip=sign
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
diff --git a/dependencies.yaml b/dependencies.yaml
index bc9482e120b..270aed9ee59 100644
--- a/dependencies.yaml
+++ b/dependencies.yaml
@@ -53,16 +53,20 @@ dependencies:
       match: "GO_MAJOR_VERSION: '\\d+.\\d+'"
 
   - name: "golang: 1.<major> (github workflows)"
-    version: 1.21
+    version: 1.22
     refPaths:
     - path: .github/workflows/release.yml
       match: "go-version: '\\d+.\\d+'"
 
   - name: "golang: go.mod"
-    version: 1.21
+    version: 1.22
     refPaths:
     - path: go.mod
       match: go \d+.\d+
+
+  - name: "golang: go.mod - go-runner"
+    version: 1.21
+    refPaths:
     - path: images/build/go-runner/go.mod
       match: go \d+.\d+
 
diff --git a/go.mod b/go.mod
index 1650919d559..b3f0dfda32b 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module k8s.io/release
 
-go 1.21
+go 1.22
 
 require (
 	cloud.google.com/go/storage v1.33.0