diff --git a/klone.yaml b/klone.yaml
index 5c957f9bd..d5191ba92 100644
--- a/klone.yaml
+++ b/klone.yaml
@@ -10,46 +10,46 @@ targets:
     - folder_name: boilerplate
       repo_url: https://github.com/cert-manager/makefile-modules.git
       repo_ref: main
-      repo_hash: 684d99b0a6378fb3625c188bc5a0081ae9d2bbdc
+      repo_hash: 66c701b603b3136524e923ab55fb5885b3377cf3
       repo_path: modules/boilerplate
     - folder_name: generate-verify
       repo_url: https://github.com/cert-manager/makefile-modules.git
       repo_ref: main
-      repo_hash: 684d99b0a6378fb3625c188bc5a0081ae9d2bbdc
+      repo_hash: 66c701b603b3136524e923ab55fb5885b3377cf3
       repo_path: modules/generate-verify
     - folder_name: go
       repo_url: https://github.com/cert-manager/makefile-modules.git
       repo_ref: main
-      repo_hash: 684d99b0a6378fb3625c188bc5a0081ae9d2bbdc
+      repo_hash: 66c701b603b3136524e923ab55fb5885b3377cf3
       repo_path: modules/go
     - folder_name: help
       repo_url: https://github.com/cert-manager/makefile-modules.git
       repo_ref: main
-      repo_hash: 684d99b0a6378fb3625c188bc5a0081ae9d2bbdc
+      repo_hash: 66c701b603b3136524e923ab55fb5885b3377cf3
       repo_path: modules/help
     - folder_name: klone
       repo_url: https://github.com/cert-manager/makefile-modules.git
       repo_ref: main
-      repo_hash: 684d99b0a6378fb3625c188bc5a0081ae9d2bbdc
+      repo_hash: 66c701b603b3136524e923ab55fb5885b3377cf3
       repo_path: modules/klone
     - folder_name: licenses
       repo_url: https://github.com/cert-manager/makefile-modules.git
       repo_ref: main
-      repo_hash: 684d99b0a6378fb3625c188bc5a0081ae9d2bbdc
+      repo_hash: 66c701b603b3136524e923ab55fb5885b3377cf3
       repo_path: modules/licenses
     - folder_name: repository-base
       repo_url: https://github.com/cert-manager/makefile-modules.git
       repo_ref: main
-      repo_hash: 684d99b0a6378fb3625c188bc5a0081ae9d2bbdc
+      repo_hash: 66c701b603b3136524e923ab55fb5885b3377cf3
       repo_path: modules/repository-base
     - folder_name: tools
       repo_url: https://github.com/cert-manager/makefile-modules.git
       repo_ref: main
-      repo_hash: 684d99b0a6378fb3625c188bc5a0081ae9d2bbdc
+      repo_hash: 66c701b603b3136524e923ab55fb5885b3377cf3
       repo_path: modules/tools
   make/_shared_new:
     - folder_name: helm
       repo_url: https://github.com/cert-manager/makefile-modules.git
       repo_ref: main
-      repo_hash: 684d99b0a6378fb3625c188bc5a0081ae9d2bbdc
+      repo_hash: 66c701b603b3136524e923ab55fb5885b3377cf3
       repo_path: modules/helm
diff --git a/make/_shared/go/01_mod.mk b/make/_shared/go/01_mod.mk
index 226dc0f7a..41a2f678d 100644
--- a/make/_shared/go/01_mod.mk
+++ b/make/_shared/go/01_mod.mk
@@ -58,6 +58,7 @@ generate-go-mod-tidy: | $(NEEDS_GO)
 shared_generate_targets += generate-go-mod-tidy
 
 default_govulncheck_generate_base_dir := $(dir $(lastword $(MAKEFILE_LIST)))/base/
+
 # The base directory used to copy the govulncheck GH action from. This can be
 # overwritten with an action with extra authentication or with a totally different
 # pipeline (eg. a GitLab pipeline).
@@ -67,6 +68,10 @@ govulncheck_generate_base_dir ?= $(default_govulncheck_generate_base_dir)
 # being run on every fork of the repo.
 govulncheck_generate_org ?= cert-manager
 
+# Any closed-source or inaccessible Go modules that should be ignored by govulncheck; not needed
+# for most open-source projects.
+govulncheck_goprivate ?=
+
 .PHONY: generate-govulncheck
 ## Generate base files in the repository
 ## @category [shared] Generate/ Verify
@@ -96,7 +101,7 @@ verify-govulncheck: | $(NEEDS_GOVULNCHECK)
 				target=$$(dirname $${d}); \
 				echo "Running 'GOTOOLCHAIN=go$(VENDORED_GO_VERSION) $(bin_dir)/tools/govulncheck ./...' in directory '$${target}'"; \
 				pushd "$${target}" >/dev/null; \
-				GOTOOLCHAIN=go$(VENDORED_GO_VERSION) $(GOVULNCHECK) ./... || exit; \
+				GOPRIVATE=$(govulncheck_goprivate) GOTOOLCHAIN=go$(VENDORED_GO_VERSION) $(GOVULNCHECK) ./... || exit; \
 				popd >/dev/null; \
 				echo ""; \
 			done
diff --git a/make/_shared/tools/00_mod.mk b/make/_shared/tools/00_mod.mk
index 6a2e298ab..b298f3407 100644
--- a/make/_shared/tools/00_mod.mk
+++ b/make/_shared/tools/00_mod.mk
@@ -172,7 +172,7 @@ ADDITIONAL_TOOLS ?=
 tools += $(ADDITIONAL_TOOLS)
 
 # https://go.dev/dl/
-VENDORED_GO_VERSION := 1.24.5
+VENDORED_GO_VERSION := 1.24.6
 
 # Print the go version which can be used in GH actions
 .PHONY: print-go-version
@@ -394,10 +394,10 @@ $(call for_each_kv,go_dependency,$(go_dependencies))
 # File downloads #
 ##################
 
-go_linux_amd64_SHA256SUM=10ad9e86233e74c0f6590fe5426895de6bf388964210eac34a6d83f38918ecdc
-go_linux_arm64_SHA256SUM=0df02e6aeb3d3c06c95ff201d575907c736d6c62cfa4b6934c11203f1d600ffa
-go_darwin_amd64_SHA256SUM=2fe5f3866b8fbcd20625d531f81019e574376b8a840b0a096d8a2180308b1672
-go_darwin_arm64_SHA256SUM=92d30a678f306c327c544758f2d2fa5515aa60abe9dba4ca35fbf9b8bfc53212
+go_linux_amd64_SHA256SUM=bbca37cc395c974ffa4893ee35819ad23ebb27426df87af92e93a9ec66ef8712
+go_linux_arm64_SHA256SUM=124ea6033a8bf98aa9fbab53e58d134905262d45a022af3a90b73320f3c3afd5
+go_darwin_amd64_SHA256SUM=4a8d7a32052f223e71faab424a69430455b27b3fff5f4e651f9d97c3e51a8746
+go_darwin_arm64_SHA256SUM=4e29202c49573b953be7cc3500e1f8d9e66ddd12faa8cf0939a4951411e09a2a
 
 .PRECIOUS: $(DOWNLOAD_DIR)/tools/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz
 $(DOWNLOAD_DIR)/tools/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz: | $(DOWNLOAD_DIR)/tools