diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index 2b3053d..c2a6614 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -58,7 +58,7 @@ jobs:
     - name: Setup Go
       uses: actions/setup-go@v5
       with:
-        go-version: '1.25'
+        go-version: '1.23'
 
     - name: Run Go vulnerability scan
       run: |
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index ef350d5..7b6abde 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -27,7 +27,7 @@ jobs:
     - name: Setup Go
       uses: actions/setup-go@v5
       with:
-        go-version: '1.25'
+        go-version: '1.23'
 
     - name: Setup Terraform
       uses: hashicorp/setup-terraform@v3
@@ -60,7 +60,7 @@ jobs:
     - name: Setup Go
       uses: actions/setup-go@v5
       with:
-        go-version: '1.25'
+        go-version: '1.23'
 
     - name: Setup Terraform
       uses: hashicorp/setup-terraform@v3
@@ -104,7 +104,7 @@ jobs:
     - name: Setup Go
       uses: actions/setup-go@v5
       with:
-        go-version: '1.25'
+        go-version: '1.23'
 
     - name: Setup Terraform
       uses: hashicorp/setup-terraform@v3
diff --git a/renovate.json b/renovate.json
index aeb57ce..e342245 100644
--- a/renovate.json
+++ b/renovate.json
@@ -38,7 +38,20 @@
       "enabled": true,
       "schedule": [
         "before 9am on monday"
-      ]
+      ],
+      "ignoreUnstable": true
+    },
+    {
+      "matchDatasources": ["golang-version"],
+      "ignoreUnstable": true,
+      "enabled": true
+    },
+    {
+      "matchDepTypes": ["action"],
+      "matchPackageNames": ["actions/setup-go"],
+      "extractVersion": "^v(?<version>.*)$",
+      "versioning": "go-mod-directive",
+      "ignoreUnstable": true
     },
     {
       "matchDatasources": [