diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
index 4112265585ff..ac6363f18ed4 100644
--- a/.github/workflows/security-scan.yml
+++ b/.github/workflows/security-scan.yml
@@ -52,14 +52,6 @@ jobs:
         with:
           path: consul
 
-      - name: Get target path
-        id: get-target-path
-        run: |
-          echo $PWD
-          pwd
-          ls -al "$PWD/consul"
-          if [ "$PWD/consul" ]; then echo "SCAN_TARGET_PATH=$PWD/consul" >> $GITHUB_OUTPUT; else echo "not found"; fi
-
       - name: Set up Go
         uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
         with:
@@ -73,20 +65,11 @@ jobs:
           path: security-scanner
           ref: main
 
-      # Work around scanner action bug caused when target repo isn't rooted at current working directory.
-      # See https://github.com/hashicorp/consul/actions/runs/10926448170/job/30330341123?pr=21657#step:7:46
-      # for example of issue. This causes the job to fail even though the scan completes successfully.
-      # Copying .git should allow the action to do what it wants w/ the target repo git config without
-      # corrupting the source repo's own tree, which is what would happen if we followed suit w/ other
-      # repos and cloned the scanner under the target repo root / current working directory.
-      - name: Copy consul/.git to working directory
-        run: cp -R consul/.git .
-
       - name: Scan
         id: scan
         uses: ./security-scanner
         with:
-          repository: ${{ steps.get-target-path.outputs.SCAN_TARGET_PATH }}
+          repository: "$PWD/consul"
           # See scan.hcl at repository root for config.
 
       - name: SARIF Output
diff --git a/.golangci.yml b/.golangci.yml
index a14724b93a9f..1608e41693e4 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -37,7 +37,7 @@ issues:
     - linters: [ staticcheck ]
       text: '(Dial|DialContext) is deprecated: use NewClient instead'
     - linters: [ staticcheck ]
-      text: '(WithBlock) is deprecated: this DialOption is not supported by NewClient'
+      text: 'WithBlock is deprecated: this DialOption is not supported by NewClient'
 
     # An argument that always receives the same value is often not a problem.
     - linters: [unparam]
diff --git a/go.mod b/go.mod
index 467949a3641c..9e09d608611d 100644
--- a/go.mod
+++ b/go.mod
@@ -2,7 +2,7 @@ module github.com/hashicorp/consul
 
 go 1.22.5
 
-toolchain go1.22.6
+toolchain go1.22.7
 
 exclude (
 	github.com/hashicorp/go-msgpack v1.1.5 // has breaking changes and must be avoided
diff --git a/go.work b/go.work
index c0c1f529775e..275d48924d9a 100644
--- a/go.work
+++ b/go.work
@@ -1,4 +1,6 @@
-go 1.22.6
+go 1.22.5
+
+toolchain go1.22.7
 
 // Note that the ./internal/tools/proto-gen-rpc-glue/e2e and ./internal/tools/proto-gen-rpc-glue/e2e/consul
 // modules are omitted because they cause problems due to the latter claiming to be the main consul module.
diff --git a/test/integration/consul-container/go.mod b/test/integration/consul-container/go.mod
index ceb2a2cabc0e..bd01aa8fa7ec 100644
--- a/test/integration/consul-container/go.mod
+++ b/test/integration/consul-container/go.mod
@@ -2,7 +2,7 @@ module github.com/hashicorp/consul/test/integration/consul-container
 
 go 1.22.5
 
-toolchain go1.22.6
+toolchain go1.22.7
 
 replace github.com/hashicorp/consul => ../../..