diff --git a/bazel/toolchains/ci_deps.bzl b/bazel/toolchains/ci_deps.bzl
index 81237f57e..6dcbf7799 100644
--- a/bazel/toolchains/ci_deps.bzl
+++ b/bazel/toolchains/ci_deps.bzl
@@ -223,45 +223,45 @@ def _golangci_lint_deps():
         name = "com_github_golangci_golangci_lint_linux_amd64",
         build_file = "//bazel/toolchains:BUILD.golangci.bazel",
         urls = [
-            "https://cdn.confidential.cloud/constellation/cas/sha256/c9cf72d12058a131746edd409ed94ccd578fbd178899d1ed41ceae3ce5f54501",
-            "https://github.com/golangci/golangci-lint/releases/download/v1.52.2/golangci-lint-1.52.2-linux-amd64.tar.gz",
+            "https://cdn.confidential.cloud/constellation/cas/sha256/2298f73b9bc03b88b91fee06c5d519fc7f9d7f328e2c388615bbd7e85a9d6cae",
+            "https://github.com/golangci/golangci-lint/releases/download/v1.53.2/golangci-lint-1.53.2-linux-amd64.tar.gz",
         ],
-        strip_prefix = "golangci-lint-1.52.2-linux-amd64",
+        strip_prefix = "golangci-lint-1.53.2-linux-amd64",
         type = "tar.gz",
-        sha256 = "c9cf72d12058a131746edd409ed94ccd578fbd178899d1ed41ceae3ce5f54501",
+        sha256 = "2298f73b9bc03b88b91fee06c5d519fc7f9d7f328e2c388615bbd7e85a9d6cae",
     )
     http_archive(
         name = "com_github_golangci_golangci_lint_linux_arm64",
         build_file = "//bazel/toolchains:BUILD.golangci.bazel",
         urls = [
-            "https://cdn.confidential.cloud/constellation/cas/sha256/fc09a97f8888809fab83a316f7da70c8ed74d4863b7eed7d872cec41911a55e8",
-            "https://github.com/golangci/golangci-lint/releases/download/v1.52.2/golangci-lint-1.52.2-linux-arm64.tar.gz",
+            "https://cdn.confidential.cloud/constellation/cas/sha256/c9308fac5217ab83de0966291e119f9643cd185ca9901fde9c67f61641da49e5",
+            "https://github.com/golangci/golangci-lint/releases/download/v1.53.2/golangci-lint-1.53.2-linux-arm64.tar.gz",
         ],
-        strip_prefix = "golangci-lint-1.52.2-linux-arm64",
+        strip_prefix = "golangci-lint-1.53.2-linux-arm64",
         type = "tar.gz",
-        sha256 = "fc09a97f8888809fab83a316f7da70c8ed74d4863b7eed7d872cec41911a55e8",
+        sha256 = "c9308fac5217ab83de0966291e119f9643cd185ca9901fde9c67f61641da49e5",
     )
     http_archive(
         name = "com_github_golangci_golangci_lint_darwin_amd64",
         build_file = "//bazel/toolchains:BUILD.golangci.bazel",
         urls = [
-            "https://cdn.confidential.cloud/constellation/cas/sha256/e57f2599de73c4da1d36d5255b9baec63f448b3d7fb726ebd3cd64dabbd3ee4a",
-            "https://github.com/golangci/golangci-lint/releases/download/v1.52.2/golangci-lint-1.52.2-darwin-amd64.tar.gz",
+            "https://cdn.confidential.cloud/constellation/cas/sha256/a4e83f5bfe52f42134c9783aa68ba31104c36e2ad4c221a3c77510dda66ae81c",
+            "https://github.com/golangci/golangci-lint/releases/download/v1.53.2/golangci-lint-1.53.2-darwin-amd64.tar.gz",
         ],
-        strip_prefix = "golangci-lint-1.52.2-darwin-amd64",
+        strip_prefix = "golangci-lint-1.53.2-darwin-amd64",
         type = "tar.gz",
-        sha256 = "e57f2599de73c4da1d36d5255b9baec63f448b3d7fb726ebd3cd64dabbd3ee4a",
+        sha256 = "a4e83f5bfe52f42134c9783aa68ba31104c36e2ad4c221a3c77510dda66ae81c",
     )
     http_archive(
         name = "com_github_golangci_golangci_lint_darwin_arm64",
         build_file = "//bazel/toolchains:BUILD.golangci.bazel",
         urls = [
-            "https://cdn.confidential.cloud/constellation/cas/sha256/89e523d45883903cfc472ab65621073f850abd4ffbb7720bbdd7ba66ee490bc8",
-            "https://github.com/golangci/golangci-lint/releases/download/v1.52.2/golangci-lint-1.52.2-darwin-arm64.tar.gz",
+            "https://cdn.confidential.cloud/constellation/cas/sha256/63f6c3dab479dac20f39d4a91c4a2c019c054968e2d044f03ee47a3e41253623",
+            "https://github.com/golangci/golangci-lint/releases/download/v1.53.2/golangci-lint-1.53.2-darwin-arm64.tar.gz",
         ],
-        strip_prefix = "golangci-lint-1.52.2-darwin-arm64",
+        strip_prefix = "golangci-lint-1.53.2-darwin-arm64",
         type = "tar.gz",
-        sha256 = "89e523d45883903cfc472ab65621073f850abd4ffbb7720bbdd7ba66ee490bc8",
+        sha256 = "63f6c3dab479dac20f39d4a91c4a2c019c054968e2d044f03ee47a3e41253623",
     )
 
 def _buf_deps():
diff --git a/internal/attestation/gcp/issuer.go b/internal/attestation/gcp/issuer.go
index 22d9c805a..4dc36ba0d 100644
--- a/internal/attestation/gcp/issuer.go
+++ b/internal/attestation/gcp/issuer.go
@@ -58,7 +58,7 @@ func getGCEInstanceInfo(client gcpMetadataClient) func(context.Context, io.ReadW
 			return nil, errors.New("unable to fetch instance name")
 		}
 
-		return json.Marshal(attest.GCEInstanceInfo{
+		return json.Marshal(&attest.GCEInstanceInfo{
 			Zone:         zone,
 			ProjectId:    projectID,
 			InstanceName: instanceName,
diff --git a/internal/attestation/gcp/validator_test.go b/internal/attestation/gcp/validator_test.go
index e78aa23dc..09b9ade4a 100644
--- a/internal/attestation/gcp/validator_test.go
+++ b/internal/attestation/gcp/validator_test.go
@@ -91,7 +91,7 @@ Y+t5OxL3kL15VzY1Ob0d5cMCAwEAAQ==
 		wantErr      bool
 	}{
 		"success": {
-			instanceInfo: mustMarshal(attest.GCEInstanceInfo{}, require.New(t)),
+			instanceInfo: mustMarshal(&attest.GCEInstanceInfo{}, require.New(t)),
 			getClient: prepareFakeClient(&computepb.ShieldedInstanceIdentity{
 				SigningKey: &computepb.ShieldedInstanceIdentityEntry{
 					EkPub: proto.String(testPubK),
@@ -109,12 +109,12 @@ Y+t5OxL3kL15VzY1Ob0d5cMCAwEAAQ==
 			wantErr: true,
 		},
 		"empty signing key": {
-			instanceInfo: mustMarshal(attest.GCEInstanceInfo{}, require.New(t)),
+			instanceInfo: mustMarshal(&attest.GCEInstanceInfo{}, require.New(t)),
 			getClient:    prepareFakeClient(&computepb.ShieldedInstanceIdentity{}, nil, nil),
 			wantErr:      true,
 		},
 		"new client error": {
-			instanceInfo: mustMarshal(attest.GCEInstanceInfo{}, require.New(t)),
+			instanceInfo: mustMarshal(&attest.GCEInstanceInfo{}, require.New(t)),
 			getClient: prepareFakeClient(&computepb.ShieldedInstanceIdentity{
 				SigningKey: &computepb.ShieldedInstanceIdentityEntry{
 					EkPub: proto.String(testPubK),
@@ -123,7 +123,7 @@ Y+t5OxL3kL15VzY1Ob0d5cMCAwEAAQ==
 			wantErr: true,
 		},
 		"GetShieldedInstanceIdentity error": {
-			instanceInfo: mustMarshal(attest.GCEInstanceInfo{}, require.New(t)),
+			instanceInfo: mustMarshal(&attest.GCEInstanceInfo{}, require.New(t)),
 			getClient: prepareFakeClient(&computepb.ShieldedInstanceIdentity{
 				SigningKey: &computepb.ShieldedInstanceIdentityEntry{
 					EkPub: proto.String(testPubK),
@@ -132,7 +132,7 @@ Y+t5OxL3kL15VzY1Ob0d5cMCAwEAAQ==
 			wantErr: true,
 		},
 		"Decode error": {
-			instanceInfo: mustMarshal(attest.GCEInstanceInfo{}, require.New(t)),
+			instanceInfo: mustMarshal(&attest.GCEInstanceInfo{}, require.New(t)),
 			getClient: prepareFakeClient(&computepb.ShieldedInstanceIdentity{
 				SigningKey: &computepb.ShieldedInstanceIdentityEntry{
 					EkPub: proto.String("Not a public key"),
@@ -164,7 +164,7 @@ Y+t5OxL3kL15VzY1Ob0d5cMCAwEAAQ==
 	}
 }
 
-func mustMarshal(in any, require *require.Assertions) []byte {
+func mustMarshal(in *attest.GCEInstanceInfo, require *require.Assertions) []byte {
 	out, err := json.Marshal(in)
 	require.NoError(err)
 	return out