diff --git a/.golangci.yaml b/.golangci.yaml
index 3219d361f6..5b19c6cf04 100644
--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -22,6 +22,7 @@ linters:
     - govet
     - importas
     - misspell
+    - modernize
     - noctx
     - perfsprint
     - revive
@@ -121,6 +122,11 @@ linters:
         - pkg: github.com/argoproj/argo-cd/v3/util/io
           alias: utilio
 
+    modernize:
+      disable:
+        # Suggest replacing omitempty with omitzero for struct fields.
+        - omitzero
+
     nolintlint:
       require-specific: true
 
diff --git a/util/argo/managedfields/managed_fields.go b/util/argo/managedfields/managed_fields.go
index bafd4c8060..abd1678306 100644
--- a/util/argo/managedfields/managed_fields.go
+++ b/util/argo/managedfields/managed_fields.go
@@ -3,6 +3,7 @@ package managedfields
 import (
 	"bytes"
 	"fmt"
+	"slices"
 
 	log "github.com/sirupsen/logrus"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -39,7 +40,7 @@ func Normalize(live, config *unstructured.Unstructured, trustedManagers []string
 	}
 
 	for _, mf := range live.GetManagedFields() {
-		if trustedManager(mf.Manager, trustedManagers) {
+		if slices.Contains(trustedManagers, mf.Manager) {
 			err := normalize(mf, results)
 			if err != nil {
 				return nil, nil, fmt.Errorf("error normalizing manager %s: %w", mf.Manager, err)
@@ -114,14 +115,3 @@ func newTypedResults(live, config *unstructured.Unstructured, pt *typed.Parseabl
 		comparison: comparison,
 	}, nil
 }
-
-// trustedManager will return true if trustedManagers contains curManager.
-// Returns false otherwise.
-func trustedManager(curManager string, trustedManagers []string) bool {
-	for _, m := range trustedManagers {
-		if m == curManager {
-			return true
-		}
-	}
-	return false
-}
diff --git a/util/db/cluster_test.go b/util/db/cluster_test.go
index e78ebaa299..2da2f2387b 100644
--- a/util/db/cluster_test.go
+++ b/util/db/cluster_test.go
@@ -717,7 +717,7 @@ func TestClusterRaceConditionClusterSecrets(t *testing.T) {
 	}()
 	// yes, we will take 15 seconds to run this test
 	// but it reliably triggered the race condition
-	for i := 0; i < 30; i++ {
+	for range 30 {
 		// create a copy so we don't act on the same argo cluster
 		clusterCopy := cluster.DeepCopy()
 		_, _ = db.UpdateCluster(ctx, clusterCopy)
diff --git a/util/guard/guard_test.go b/util/guard/guard_test.go
index 19f5365775..0d2f9caa88 100644
--- a/util/guard/guard_test.go
+++ b/util/guard/guard_test.go
@@ -79,7 +79,7 @@ func TestRun_ConcurrentPanicsLogged(t *testing.T) {
 	const n = 10
 	var wg sync.WaitGroup
 	wg.Add(n)
-	for i := 0; i < n; i++ {
+	for i := range n {
 		go func(i int) {
 			defer wg.Done()
 			RecoverAndLog(func() { panic(fmt.Sprintf("boom-%d", i)) }, r, "msg")
diff --git a/util/helm/creds.go b/util/helm/creds.go
index a203bb6ad1..d320e00ef1 100644
--- a/util/helm/creds.go
+++ b/util/helm/creds.go
@@ -277,7 +277,7 @@ func (creds AzureWorkloadIdentityCreds) challengeAzureContainerRegistry(ctx cont
 
 	tokenParams := make(map[string]string)
 
-	for _, token := range strings.Split(tokens[1], ",") {
+	for token := range strings.SplitSeq(tokens[1], ",") {
 		kvPair := strings.Split(token, "=")
 		tokenParams[kvPair[0]] = strings.Trim(kvPair[1], "\"")
 	}
diff --git a/util/http/http.go b/util/http/http.go
index 3adcbe52a4..bcd8e0e83a 100644
--- a/util/http/http.go
+++ b/util/http/http.go
@@ -58,10 +58,7 @@ func splitCookie(key, value, attributes string) []string {
 
 	var end int
 	for i, j := 0, 0; i < valueLength; i, j = i+maxValueLength, j+1 {
-		end = i + maxValueLength
-		if end > valueLength {
-			end = valueLength
-		}
+		end = min(i+maxValueLength, valueLength)
 
 		var cookie string
 		switch {
diff --git a/util/kube/util.go b/util/kube/util.go
index a2d3afc003..7e1a094153 100644
--- a/util/kube/util.go
+++ b/util/kube/util.go
@@ -2,6 +2,7 @@ package kube
 
 import (
 	"context"
+	"maps"
 
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
@@ -84,9 +85,7 @@ func (ku *kubeUtil) CreateOrUpdateSecretData(ns string, name string, data map[st
 		if !merge || new {
 			s.Data = data
 		} else {
-			for key, val := range data {
-				s.Data[key] = val
-			}
+			maps.Copy(s.Data, data)
 		}
 		return nil
 	})
diff --git a/util/tls/tls.go b/util/tls/tls.go
index 4e671c631c..36b9e3909b 100644
--- a/util/tls/tls.go
+++ b/util/tls/tls.go
@@ -87,7 +87,7 @@ func getTLSCipherSuitesByString(cipherSuites string) ([]uint16, error) {
 		suiteMap[s.Name] = s.ID
 	}
 	allowedSuites := make([]uint16, 0)
-	for _, s := range strings.Split(cipherSuites, ":") {
+	for s := range strings.SplitSeq(cipherSuites, ":") {
 		id, ok := suiteMap[strings.TrimSpace(s)]
 		if !ok {
 			return nil, fmt.Errorf("invalid cipher suite specified: %s", s)