diff --git a/.golangci.yml b/.golangci.yml
index 9af3fc36..47948b04 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -44,3 +44,4 @@ issues:
         - godox
         - noctx
         - wrapcheck
+        - goconst
diff --git a/authorization.go b/authorization.go
index bf1a059f..1a6dc595 100644
--- a/authorization.go
+++ b/authorization.go
@@ -28,6 +28,7 @@ type role int
 
 const (
 	defaultCookieName      = "mercureAuthorization"
+	bearerPrefix           = "Bearer "
 	roleSubscriber    role = iota
 	rolePublisher
 )
@@ -54,7 +55,7 @@ var (
 func authorize(r *http.Request, jwtConfig *jwtConfig, publishOrigins []string, cookieName string) (*claims, error) {
 	authorizationHeaders, headerExists := r.Header["Authorization"]
 	if headerExists {
-		if len(authorizationHeaders) != 1 || len(authorizationHeaders[0]) < 48 || authorizationHeaders[0][:7] != "Bearer " {
+		if len(authorizationHeaders) != 1 || len(authorizationHeaders[0]) < 48 || authorizationHeaders[0][:7] != bearerPrefix {
 			return nil, ErrInvalidAuthorizationHeader
 		}
 
diff --git a/authorization_test.go b/authorization_test.go
index 8c3c265c..9fadd88b 100644
--- a/authorization_test.go
+++ b/authorization_test.go
@@ -29,6 +29,7 @@ bCd7nPuNAyYHCOOHAgMBAAE=
 -----END PUBLIC KEY-----
 `
 
+//nolint:gosec
 const privateKeyRsa = `-----BEGIN RSA PRIVATE KEY-----
 MIICWwIBAAKBgHVwuJsFmzsFnOkGj+OgAp4lTNqRCF0RZSmjY+ECWOJ3sSEzQ8qt
 kJe61uSjr/PKmqvBxxex0YtUL7waSS4jvq3ws8BmWIxK2GqoAVjLjK8HzThSPQpg
@@ -70,8 +71,8 @@ func TestAuthorizeMultipleAuthorizationHeader(t *testing.T) {
 	r.Header.Add("Authorization", validEmptyHeader)
 
 	claims, err := authorize(r, &jwtConfig{[]byte{}, jwt.SigningMethodHS256}, []string{}, defaultCookieName)
-	assert.EqualError(t, err, "invalid \"Authorization\" HTTP header")
-	assert.Nil(t, claims)
+	require.Error(t, err, `invalid "Authorization" HTTP header`)
+	require.Nil(t, claims)
 }
 
 func TestAuthorizeMultipleAuthorizationHeaderRsa(t *testing.T) {
@@ -80,8 +81,8 @@ func TestAuthorizeMultipleAuthorizationHeaderRsa(t *testing.T) {
 	r.Header.Add("Authorization", validEmptyHeaderRsa)
 
 	claims, err := authorize(r, &jwtConfig{[]byte{}, jwt.SigningMethodRS256}, []string{}, defaultCookieName)
-	assert.EqualError(t, err, "invalid \"Authorization\" HTTP header")
-	assert.Nil(t, claims)
+	require.Error(t, err, `invalid "Authorization" HTTP header`)
+	require.Nil(t, claims)
 }
 
 func TestAuthorizeAuthorizationHeaderTooShort(t *testing.T) {
@@ -89,8 +90,8 @@ func TestAuthorizeAuthorizationHeaderTooShort(t *testing.T) {
 	r.Header.Add("Authorization", "Bearer x")
 
 	claims, err := authorize(r, &jwtConfig{[]byte{}, jwt.SigningMethodHS256}, []string{}, defaultCookieName)
-	assert.EqualError(t, err, "invalid \"Authorization\" HTTP header")
-	assert.Nil(t, claims)
+	require.Error(t, err, `invalid "Authorization" HTTP header`)
+	require.Nil(t, claims)
 }
 
 func TestAuthorizeAuthorizationHeaderNoBearer(t *testing.T) {
@@ -98,8 +99,8 @@ func TestAuthorizeAuthorizationHeaderNoBearer(t *testing.T) {
 	r.Header.Add("Authorization", "Greater "+validEmptyHeader)
 
 	claims, err := authorize(r, &jwtConfig{[]byte{}, jwt.SigningMethodHS256}, []string{}, defaultCookieName)
-	assert.EqualError(t, err, "invalid \"Authorization\" HTTP header")
-	assert.Nil(t, claims)
+	require.EqualError(t, err, `invalid "Authorization" HTTP header`)
+	require.Nil(t, claims)
 }
 
 func TestAuthorizeAuthorizationHeaderNoBearerRsa(t *testing.T) {
@@ -107,103 +108,103 @@ func TestAuthorizeAuthorizationHeaderNoBearerRsa(t *testing.T) {
 	r.Header.Add("Authorization", "Greater "+validEmptyHeaderRsa)
 
 	claims, err := authorize(r, &jwtConfig{[]byte{}, jwt.SigningMethodRS256}, []string{}, defaultCookieName)
-	assert.EqualError(t, err, "invalid \"Authorization\" HTTP header")
-	assert.Nil(t, claims)
+	require.EqualError(t, err, `invalid "Authorization" HTTP header`)
+	require.Nil(t, claims)
 }
 
 func TestAuthorizeAuthorizationHeaderInvalidAlg(t *testing.T) {
 	r, _ := http.NewRequest(http.MethodGet, defaultHubURL, nil)
-	r.Header.Add("Authorization", "Bearer "+createDummyNoneSignedJWT())
+	r.Header.Add("Authorization", bearerPrefix+createDummyNoneSignedJWT())
 
 	claims, err := authorize(r, &jwtConfig{[]byte{}, jwt.SigningMethodHS256}, []string{}, defaultCookieName)
-	assert.EqualError(t, err, "unable to parse JWT: 'none' signature type is not allowed")
-	assert.Nil(t, claims)
+	require.EqualError(t, err, "unable to parse JWT: 'none' signature type is not allowed")
+	require.Nil(t, claims)
 }
 
 func TestAuthorizeAuthorizationHeaderInvalidKey(t *testing.T) {
 	r, _ := http.NewRequest(http.MethodGet, defaultHubURL, nil)
-	r.Header.Add("Authorization", "Bearer "+validEmptyHeader)
+	r.Header.Add("Authorization", bearerPrefix+validEmptyHeader)
 
 	claims, err := authorize(r, &jwtConfig{[]byte{}, jwt.SigningMethodHS256}, []string{}, defaultCookieName)
-	assert.EqualError(t, err, "unable to parse JWT: signature is invalid")
-	assert.Nil(t, claims)
+	require.EqualError(t, err, "unable to parse JWT: signature is invalid")
+	require.Nil(t, claims)
 }
 
 func TestAuthorizeAuthorizationHeaderInvalidKeyRsa(t *testing.T) {
 	r, _ := http.NewRequest(http.MethodGet, defaultHubURL, nil)
-	r.Header.Add("Authorization", "Bearer "+validEmptyHeaderRsa)
+	r.Header.Add("Authorization", bearerPrefix+validEmptyHeaderRsa)
 
 	claims, err := authorize(r, &jwtConfig{[]byte{}, jwt.SigningMethodRS256}, []string{}, defaultCookieName)
-	assert.EqualError(t, err, "unable to parse JWT: unable to parse RSA public key: invalid key: Key must be a PEM encoded PKCS1 or PKCS8 key")
-	assert.Nil(t, claims)
+	require.EqualError(t, err, "unable to parse JWT: unable to parse RSA public key: invalid key: Key must be a PEM encoded PKCS1 or PKCS8 key")
+	require.Nil(t, claims)
 }
 
 func TestAuthorizeAuthorizationHeaderNoContent(t *testing.T) {
 	r, _ := http.NewRequest(http.MethodGet, defaultHubURL, nil)
-	r.Header.Add("Authorization", "Bearer "+validEmptyHeader)
+	r.Header.Add("Authorization", bearerPrefix+validEmptyHeader)
 
 	claims, err := authorize(r, &jwtConfig{[]byte("!ChangeMe!"), jwt.SigningMethodHS256}, []string{}, defaultCookieName)
-	require.Nil(t, err)
-	assert.Nil(t, claims.Mercure.Publish)
-	assert.Nil(t, claims.Mercure.Subscribe)
+	require.NoError(t, err)
+	require.Nil(t, claims.Mercure.Publish)
+	require.Nil(t, claims.Mercure.Subscribe)
 }
 
 func TestAuthorizeAuthorizationHeaderNoContentRsa(t *testing.T) {
 	r, _ := http.NewRequest(http.MethodGet, defaultHubURL, nil)
-	r.Header.Add("Authorization", "Bearer "+validEmptyHeaderRsa)
+	r.Header.Add("Authorization", bearerPrefix+validEmptyHeaderRsa)
 
 	claims, err := authorize(r, &jwtConfig{[]byte(publicKeyRsa), jwt.SigningMethodRS256}, []string{}, defaultCookieName)
-	require.Nil(t, err)
-	assert.Nil(t, claims.Mercure.Publish)
-	assert.Nil(t, claims.Mercure.Subscribe)
+	require.NoError(t, err)
+	require.Nil(t, claims.Mercure.Publish)
+	require.Nil(t, claims.Mercure.Subscribe)
 }
 
 func TestAuthorizeAuthorizationHeader(t *testing.T) {
 	r, _ := http.NewRequest(http.MethodGet, defaultHubURL, nil)
-	r.Header.Add("Authorization", "Bearer "+validFullHeader)
+	r.Header.Add("Authorization", bearerPrefix+validFullHeader)
 
 	claims, err := authorize(r, &jwtConfig{[]byte("!ChangeMe!"), jwt.SigningMethodHS256}, []string{}, defaultCookieName)
-	require.Nil(t, err)
+	require.NoError(t, err)
 	assert.Equal(t, []string{"foo", "bar"}, claims.Mercure.Publish)
 	assert.Equal(t, []string{"foo", "baz"}, claims.Mercure.Subscribe)
 }
 
 func TestAuthorizeAuthorizationHeaderRsa(t *testing.T) {
 	r, _ := http.NewRequest(http.MethodGet, defaultHubURL, nil)
-	r.Header.Add("Authorization", "Bearer "+validFullHeaderRsa)
+	r.Header.Add("Authorization", bearerPrefix+validFullHeaderRsa)
 
 	claims, err := authorize(r, &jwtConfig{[]byte(publicKeyRsa), jwt.SigningMethodRS256}, []string{}, defaultCookieName)
-	require.Nil(t, err)
+	require.NoError(t, err)
 	assert.Equal(t, []string{"foo", "bar"}, claims.Mercure.Publish)
 	assert.Equal(t, []string{"foo", "baz"}, claims.Mercure.Subscribe)
 }
 
 func TestAuthorizeAuthorizationHeaderNamespacedRsa(t *testing.T) {
 	r, _ := http.NewRequest(http.MethodGet, defaultHubURL, nil)
-	r.Header.Add("Authorization", "Bearer "+validFullHeaderNamespacedRsa)
+	r.Header.Add("Authorization", bearerPrefix+validFullHeaderNamespacedRsa)
 
 	claims, err := authorize(r, &jwtConfig{[]byte(publicKeyRsa), jwt.SigningMethodRS256}, []string{}, defaultCookieName)
-	require.Nil(t, err)
+	require.NoError(t, err)
 	assert.Equal(t, []string{"foo", "bar"}, claims.Mercure.Publish)
 	assert.Equal(t, []string{"foo", "baz"}, claims.Mercure.Subscribe)
 }
 
 func TestAuthorizeAuthorizationHeaderRsaWithCert(t *testing.T) {
 	r, _ := http.NewRequest(http.MethodGet, defaultHubURL, nil)
-	r.Header.Add("Authorization", "Bearer "+validFullHeaderRsaForCert)
+	r.Header.Add("Authorization", bearerPrefix+validFullHeaderRsaForCert)
 
 	claims, err := authorize(r, &jwtConfig{[]byte(certificateRsa), jwt.SigningMethodRS256}, []string{}, defaultCookieName)
-	require.Nil(t, err)
+	require.NoError(t, err)
 	assert.Equal(t, []string{"foo", "bar"}, claims.Mercure.Publish)
 	assert.Equal(t, []string{"foo", "baz"}, claims.Mercure.Subscribe)
 }
 
 func TestAuthorizeAuthorizationHeaderWrongAlgorithm(t *testing.T) {
 	r, _ := http.NewRequest(http.MethodGet, defaultHubURL, nil)
-	r.Header.Add("Authorization", "Bearer "+validFullHeaderRsa)
+	r.Header.Add("Authorization", bearerPrefix+validFullHeaderRsa)
 
 	claims, err := authorize(r, &jwtConfig{[]byte(publicKeyRsa), nil}, []string{}, defaultCookieName)
-	assert.EqualError(t, err, "unable to parse JWT: <nil>: unexpected signing method")
+	require.EqualError(t, err, "unable to parse JWT: <nil>: unexpected signing method")
 	assert.Nil(t, claims)
 }
 
@@ -214,8 +215,8 @@ func TestAuthorizeAuthorizationQueryTooShort(t *testing.T) {
 	r.URL.RawQuery = query.Encode()
 
 	claims, err := authorize(r, &jwtConfig{[]byte{}, jwt.SigningMethodHS256}, []string{}, defaultCookieName)
-	assert.EqualError(t, err, "invalid \"authorization\" Query parameter")
-	assert.Nil(t, claims)
+	require.EqualError(t, err, `invalid "authorization" Query parameter`)
+	require.Nil(t, claims)
 }
 
 func TestAuthorizeAuthorizationQueryInvalidAlg(t *testing.T) {
@@ -225,8 +226,8 @@ func TestAuthorizeAuthorizationQueryInvalidAlg(t *testing.T) {
 	r.URL.RawQuery = query.Encode()
 
 	claims, err := authorize(r, &jwtConfig{[]byte{}, jwt.SigningMethodHS256}, []string{}, defaultCookieName)
-	assert.EqualError(t, err, "unable to parse JWT: 'none' signature type is not allowed")
-	assert.Nil(t, claims)
+	require.EqualError(t, err, "unable to parse JWT: 'none' signature type is not allowed")
+	require.Nil(t, claims)
 }
 
 func TestAuthorizeAuthorizationQueryInvalidKey(t *testing.T) {
@@ -236,8 +237,8 @@ func TestAuthorizeAuthorizationQueryInvalidKey(t *testing.T) {
 	r.URL.RawQuery = query.Encode()
 
 	claims, err := authorize(r, &jwtConfig{[]byte{}, jwt.SigningMethodHS256}, []string{}, defaultCookieName)
-	assert.EqualError(t, err, "unable to parse JWT: signature is invalid")
-	assert.Nil(t, claims)
+	require.EqualError(t, err, "unable to parse JWT: signature is invalid")
+	require.Nil(t, claims)
 }
 
 func TestAuthorizeAuthorizationQueryInvalidKeyRsa(t *testing.T) {
@@ -247,8 +248,8 @@ func TestAuthorizeAuthorizationQueryInvalidKeyRsa(t *testing.T) {
 	r.URL.RawQuery = query.Encode()
 
 	claims, err := authorize(r, &jwtConfig{[]byte{}, jwt.SigningMethodRS256}, []string{}, defaultCookieName)
-	assert.EqualError(t, err, "unable to parse JWT: unable to parse RSA public key: invalid key: Key must be a PEM encoded PKCS1 or PKCS8 key")
-	assert.Nil(t, claims)
+	require.EqualError(t, err, "unable to parse JWT: unable to parse RSA public key: invalid key: Key must be a PEM encoded PKCS1 or PKCS8 key")
+	require.Nil(t, claims)
 }
 
 func TestAuthorizeAuthorizationQueryNoContent(t *testing.T) {
@@ -258,9 +259,9 @@ func TestAuthorizeAuthorizationQueryNoContent(t *testing.T) {
 	r.URL.RawQuery = query.Encode()
 
 	claims, err := authorize(r, &jwtConfig{[]byte("!ChangeMe!"), jwt.SigningMethodHS256}, []string{}, defaultCookieName)
-	require.Nil(t, err)
-	assert.Nil(t, claims.Mercure.Publish)
-	assert.Nil(t, claims.Mercure.Subscribe)
+	require.NoError(t, err)
+	require.Nil(t, claims.Mercure.Publish)
+	require.Nil(t, claims.Mercure.Subscribe)
 }
 
 func TestAuthorizeAuthorizationQueryNoContentRsa(t *testing.T) {
@@ -270,9 +271,9 @@ func TestAuthorizeAuthorizationQueryNoContentRsa(t *testing.T) {
 	r.URL.RawQuery = query.Encode()
 
 	claims, err := authorize(r, &jwtConfig{[]byte(publicKeyRsa), jwt.SigningMethodRS256}, []string{}, defaultCookieName)
-	require.Nil(t, err)
-	assert.Nil(t, claims.Mercure.Publish)
-	assert.Nil(t, claims.Mercure.Subscribe)
+	require.NoError(t, err)
+	require.Nil(t, claims.Mercure.Publish)
+	require.Nil(t, claims.Mercure.Subscribe)
 }
 
 func TestAuthorizeAuthorizationQuery(t *testing.T) {
@@ -282,7 +283,7 @@ func TestAuthorizeAuthorizationQuery(t *testing.T) {
 	r.URL.RawQuery = query.Encode()
 
 	claims, err := authorize(r, &jwtConfig{[]byte("!ChangeMe!"), jwt.SigningMethodHS256}, []string{}, defaultCookieName)
-	require.Nil(t, err)
+	require.NoError(t, err)
 	assert.Equal(t, []string{"foo", "bar"}, claims.Mercure.Publish)
 	assert.Equal(t, []string{"foo", "baz"}, claims.Mercure.Subscribe)
 }
@@ -294,7 +295,7 @@ func TestAuthorizeAuthorizationQueryRsa(t *testing.T) {
 	r.URL.RawQuery = query.Encode()
 
 	claims, err := authorize(r, &jwtConfig{[]byte(publicKeyRsa), jwt.SigningMethodRS256}, []string{}, defaultCookieName)
-	require.Nil(t, err)
+	require.NoError(t, err)
 	assert.Equal(t, []string{"foo", "bar"}, claims.Mercure.Publish)
 	assert.Equal(t, []string{"foo", "baz"}, claims.Mercure.Subscribe)
 }
@@ -306,7 +307,7 @@ func TestAuthorizeAuthorizationQueryNamespacedRsa(t *testing.T) {
 	r.URL.RawQuery = query.Encode()
 
 	claims, err := authorize(r, &jwtConfig{[]byte(publicKeyRsa), jwt.SigningMethodRS256}, []string{}, defaultCookieName)
-	require.Nil(t, err)
+	require.NoError(t, err)
 	assert.Equal(t, []string{"foo", "bar"}, claims.Mercure.Publish)
 	assert.Equal(t, []string{"foo", "baz"}, claims.Mercure.Subscribe)
 }
@@ -318,7 +319,7 @@ func TestAuthorizeAuthorizationQueryRsaWithCert(t *testing.T) {
 	r.URL.RawQuery = query.Encode()
 
 	claims, err := authorize(r, &jwtConfig{[]byte(certificateRsa), jwt.SigningMethodRS256}, []string{}, defaultCookieName)
-	require.Nil(t, err)
+	require.NoError(t, err)
 	assert.Equal(t, []string{"foo", "bar"}, claims.Mercure.Publish)
 	assert.Equal(t, []string{"foo", "baz"}, claims.Mercure.Subscribe)
 }
@@ -330,8 +331,8 @@ func TestAuthorizeAuthorizationQueryWrongAlgorithm(t *testing.T) {
 	r.URL.RawQuery = query.Encode()
 
 	claims, err := authorize(r, &jwtConfig{[]byte(publicKeyRsa), nil}, []string{}, defaultCookieName)
-	assert.EqualError(t, err, "unable to parse JWT: <nil>: unexpected signing method")
-	assert.Nil(t, claims)
+	require.EqualError(t, err, "unable to parse JWT: <nil>: unexpected signing method")
+	require.Nil(t, claims)
 }
 
 func TestAuthorizeCookieInvalidAlg(t *testing.T) {
@@ -339,8 +340,8 @@ func TestAuthorizeCookieInvalidAlg(t *testing.T) {
 	r.AddCookie(&http.Cookie{Name: defaultCookieName, Value: createDummyNoneSignedJWT()})
 
 	claims, err := authorize(r, &jwtConfig{[]byte{}, jwt.SigningMethodHS256}, []string{}, defaultCookieName)
-	assert.EqualError(t, err, "unable to parse JWT: 'none' signature type is not allowed")
-	assert.Nil(t, claims)
+	require.EqualError(t, err, "unable to parse JWT: 'none' signature type is not allowed")
+	require.Nil(t, claims)
 }
 
 func TestAuthorizeCookieInvalidKey(t *testing.T) {
@@ -348,8 +349,8 @@ func TestAuthorizeCookieInvalidKey(t *testing.T) {
 	r.AddCookie(&http.Cookie{Name: defaultCookieName, Value: validEmptyHeader})
 
 	claims, err := authorize(r, &jwtConfig{[]byte{}, jwt.SigningMethodHS256}, []string{}, defaultCookieName)
-	assert.EqualError(t, err, "unable to parse JWT: signature is invalid")
-	assert.Nil(t, claims)
+	require.EqualError(t, err, "unable to parse JWT: signature is invalid")
+	require.Nil(t, claims)
 }
 
 func TestAuthorizeCookieEmptyKeyRsa(t *testing.T) {
@@ -357,8 +358,8 @@ func TestAuthorizeCookieEmptyKeyRsa(t *testing.T) {
 	r.AddCookie(&http.Cookie{Name: defaultCookieName, Value: validEmptyHeaderRsa})
 
 	claims, err := authorize(r, &jwtConfig{[]byte{}, jwt.SigningMethodRS256}, []string{}, defaultCookieName)
-	assert.EqualError(t, err, "unable to parse JWT: unable to parse RSA public key: invalid key: Key must be a PEM encoded PKCS1 or PKCS8 key")
-	assert.Nil(t, claims)
+	require.EqualError(t, err, "unable to parse JWT: unable to parse RSA public key: invalid key: Key must be a PEM encoded PKCS1 or PKCS8 key")
+	require.Nil(t, claims)
 }
 
 func TestAuthorizeCookieInvalidKeyRsa(t *testing.T) {
@@ -366,9 +367,9 @@ func TestAuthorizeCookieInvalidKeyRsa(t *testing.T) {
 	r.AddCookie(&http.Cookie{Name: defaultCookieName, Value: validEmptyHeaderRsa})
 
 	claims, err := authorize(r, &jwtConfig{[]byte(privateKeyRsa), jwt.SigningMethodRS256}, []string{}, defaultCookieName)
-	assert.Error(t, err)
+	require.Error(t, err)
+	require.Nil(t, claims)
 	assert.Contains(t, err.Error(), "unable to parse JWT: unable to parse RSA public key") // The error message changed in Go 1.17
-	assert.Nil(t, claims)
 }
 
 func TestAuthorizeCookieNoContent(t *testing.T) {
@@ -376,9 +377,9 @@ func TestAuthorizeCookieNoContent(t *testing.T) {
 	r.AddCookie(&http.Cookie{Name: defaultCookieName, Value: validEmptyHeader})
 
 	claims, err := authorize(r, &jwtConfig{[]byte("!ChangeMe!"), jwt.SigningMethodHS256}, []string{}, defaultCookieName)
-	require.Nil(t, err)
-	assert.Nil(t, claims.Mercure.Publish)
-	assert.Nil(t, claims.Mercure.Subscribe)
+	require.NoError(t, err)
+	require.Nil(t, claims.Mercure.Publish)
+	require.Nil(t, claims.Mercure.Subscribe)
 }
 
 func TestAuthorizeCookieNoContentRsa(t *testing.T) {
@@ -386,9 +387,9 @@ func TestAuthorizeCookieNoContentRsa(t *testing.T) {
 	r.AddCookie(&http.Cookie{Name: defaultCookieName, Value: validEmptyHeaderRsa})
 
 	claims, err := authorize(r, &jwtConfig{[]byte(publicKeyRsa), jwt.SigningMethodRS256}, []string{}, defaultCookieName)
-	require.Nil(t, err)
-	assert.Nil(t, claims.Mercure.Publish)
-	assert.Nil(t, claims.Mercure.Subscribe)
+	require.NoError(t, err)
+	require.Nil(t, claims.Mercure.Publish)
+	require.Nil(t, claims.Mercure.Subscribe)
 }
 
 func TestAuthorizeCookie(t *testing.T) {
@@ -396,7 +397,7 @@ func TestAuthorizeCookie(t *testing.T) {
 	r.AddCookie(&http.Cookie{Name: defaultCookieName, Value: validFullHeader})
 
 	claims, err := authorize(r, &jwtConfig{[]byte("!ChangeMe!"), jwt.SigningMethodHS256}, []string{}, defaultCookieName)
-	require.Nil(t, err)
+	require.NoError(t, err)
 	assert.Equal(t, []string{"foo", "bar"}, claims.Mercure.Publish)
 	assert.Equal(t, []string{"foo", "baz"}, claims.Mercure.Subscribe)
 }
@@ -406,7 +407,7 @@ func TestAuthorizeCookieRsa(t *testing.T) {
 	r.AddCookie(&http.Cookie{Name: defaultCookieName, Value: validFullHeaderRsa})
 
 	claims, err := authorize(r, &jwtConfig{[]byte(publicKeyRsa), jwt.SigningMethodRS256}, []string{}, defaultCookieName)
-	require.Nil(t, err)
+	require.NoError(t, err)
 	assert.Equal(t, []string{"foo", "bar"}, claims.Mercure.Publish)
 	assert.Equal(t, []string{"foo", "baz"}, claims.Mercure.Subscribe)
 }
@@ -416,8 +417,8 @@ func TestAuthorizeCookieNoOriginNoReferer(t *testing.T) {
 	r.AddCookie(&http.Cookie{Name: defaultCookieName, Value: validFullHeader})
 
 	claims, err := authorize(r, &jwtConfig{[]byte("!ChangeMe!"), jwt.SigningMethodHS256}, []string{}, defaultCookieName)
-	assert.EqualError(t, err, "an \"Origin\" or a \"Referer\" HTTP header must be present to use the cookie-based authorization mechanism")
-	assert.Nil(t, claims)
+	require.EqualError(t, err, `an "Origin" or a "Referer" HTTP header must be present to use the cookie-based authorization mechanism`)
+	require.Nil(t, claims)
 }
 
 func TestAuthorizeCookieNoOriginNoRefererRsa(t *testing.T) {
@@ -425,8 +426,8 @@ func TestAuthorizeCookieNoOriginNoRefererRsa(t *testing.T) {
 	r.AddCookie(&http.Cookie{Name: defaultCookieName, Value: validFullHeaderRsa})
 
 	claims, err := authorize(r, &jwtConfig{[]byte(publicKeyRsa), jwt.SigningMethodRS256}, []string{}, defaultCookieName)
-	assert.EqualError(t, err, "an \"Origin\" or a \"Referer\" HTTP header must be present to use the cookie-based authorization mechanism")
-	assert.Nil(t, claims)
+	require.EqualError(t, err, `an "Origin" or a "Referer" HTTP header must be present to use the cookie-based authorization mechanism`)
+	require.Nil(t, claims)
 }
 
 func TestAuthorizeCookieOriginNotAllowed(t *testing.T) {
@@ -435,8 +436,8 @@ func TestAuthorizeCookieOriginNotAllowed(t *testing.T) {
 	r.AddCookie(&http.Cookie{Name: defaultCookieName, Value: validFullHeader})
 
 	claims, err := authorize(r, &jwtConfig{[]byte("!ChangeMe!"), jwt.SigningMethodHS256}, []string{"http://example.net"}, defaultCookieName)
-	assert.EqualError(t, err, `"http://example.com": origin not allowed to post updates`)
-	assert.Nil(t, claims)
+	require.EqualError(t, err, `"http://example.com": origin not allowed to post updates`)
+	require.Nil(t, claims)
 }
 
 func TestAuthorizeCookieOriginNotAllowedRsa(t *testing.T) {
@@ -445,8 +446,8 @@ func TestAuthorizeCookieOriginNotAllowedRsa(t *testing.T) {
 	r.AddCookie(&http.Cookie{Name: defaultCookieName, Value: validFullHeaderRsa})
 
 	claims, err := authorize(r, &jwtConfig{[]byte(publicKeyRsa), jwt.SigningMethodRS256}, []string{"http://example.net"}, defaultCookieName)
-	assert.EqualError(t, err, `"http://example.com": origin not allowed to post updates`)
-	assert.Nil(t, claims)
+	require.EqualError(t, err, `"http://example.com": origin not allowed to post updates`)
+	require.Nil(t, claims)
 }
 
 func TestAuthorizeCookieRefererNotAllowed(t *testing.T) {
@@ -455,8 +456,8 @@ func TestAuthorizeCookieRefererNotAllowed(t *testing.T) {
 	r.AddCookie(&http.Cookie{Name: defaultCookieName, Value: validFullHeader})
 
 	claims, err := authorize(r, &jwtConfig{[]byte("!ChangeMe!"), jwt.SigningMethodHS256}, []string{"http://example.net"}, defaultCookieName)
-	assert.EqualError(t, err, `"http://example.com": origin not allowed to post updates`)
-	assert.Nil(t, claims)
+	require.EqualError(t, err, `"http://example.com": origin not allowed to post updates`)
+	require.Nil(t, claims)
 }
 
 func TestAuthorizeCookieRefererNotAllowedRsa(t *testing.T) {
@@ -465,8 +466,8 @@ func TestAuthorizeCookieRefererNotAllowedRsa(t *testing.T) {
 	r.AddCookie(&http.Cookie{Name: defaultCookieName, Value: validFullHeaderRsa})
 
 	claims, err := authorize(r, &jwtConfig{[]byte(publicKeyRsa), jwt.SigningMethodRS256}, []string{"http://example.net"}, defaultCookieName)
-	assert.EqualError(t, err, `"http://example.com": origin not allowed to post updates`)
-	assert.Nil(t, claims)
+	require.EqualError(t, err, `"http://example.com": origin not allowed to post updates`)
+	require.Nil(t, claims)
 }
 
 func TestAuthorizeCookieInvalidReferer(t *testing.T) {
@@ -475,8 +476,8 @@ func TestAuthorizeCookieInvalidReferer(t *testing.T) {
 	r.AddCookie(&http.Cookie{Name: defaultCookieName, Value: validFullHeader})
 
 	claims, err := authorize(r, &jwtConfig{[]byte("!ChangeMe!"), jwt.SigningMethodHS256}, []string{"http://example.net"}, defaultCookieName)
-	assert.EqualError(t, err, `unable to parse referer: parse "http://192.168.0.%31/": invalid URL escape "%31"`)
-	assert.Nil(t, claims)
+	require.EqualError(t, err, `unable to parse referer: parse "http://192.168.0.%31/": invalid URL escape "%31"`)
+	require.Nil(t, claims)
 }
 
 func TestAuthorizeCookieInvalidRefererRsa(t *testing.T) {
@@ -485,8 +486,8 @@ func TestAuthorizeCookieInvalidRefererRsa(t *testing.T) {
 	r.AddCookie(&http.Cookie{Name: defaultCookieName, Value: validFullHeaderRsa})
 
 	claims, err := authorize(r, &jwtConfig{[]byte(publicKeyRsa), jwt.SigningMethodRS256}, []string{"http://example.net"}, defaultCookieName)
-	assert.EqualError(t, err, `unable to parse referer: parse "http://192.168.0.%31/": invalid URL escape "%31"`)
-	assert.Nil(t, claims)
+	require.EqualError(t, err, `unable to parse referer: parse "http://192.168.0.%31/": invalid URL escape "%31"`)
+	require.Nil(t, claims)
 }
 
 func TestAuthorizeCookieOriginHasPriority(t *testing.T) {
@@ -496,7 +497,7 @@ func TestAuthorizeCookieOriginHasPriority(t *testing.T) {
 	r.AddCookie(&http.Cookie{Name: defaultCookieName, Value: validFullHeader})
 
 	claims, err := authorize(r, &jwtConfig{[]byte("!ChangeMe!"), jwt.SigningMethodHS256}, []string{"http://example.net"}, defaultCookieName)
-	require.Nil(t, err)
+	require.NoError(t, err)
 	assert.Equal(t, []string{"foo", "bar"}, claims.Mercure.Publish)
 	assert.Equal(t, []string{"foo", "baz"}, claims.Mercure.Subscribe)
 }
@@ -508,7 +509,7 @@ func TestAuthorizeCookieOriginHasPriorityRsa(t *testing.T) {
 	r.AddCookie(&http.Cookie{Name: defaultCookieName, Value: validFullHeaderRsa})
 
 	claims, err := authorize(r, &jwtConfig{[]byte(publicKeyRsa), jwt.SigningMethodRS256}, []string{"http://example.net"}, defaultCookieName)
-	require.Nil(t, err)
+	require.NoError(t, err)
 	assert.Equal(t, []string{"foo", "bar"}, claims.Mercure.Publish)
 	assert.Equal(t, []string{"foo", "baz"}, claims.Mercure.Subscribe)
 }
@@ -519,7 +520,7 @@ func TestAuthorizeAllOriginsAllowed(t *testing.T) {
 	r.AddCookie(&http.Cookie{Name: defaultCookieName, Value: validFullHeader})
 
 	_, err := authorize(r, &jwtConfig{[]byte("!ChangeMe!"), jwt.SigningMethodHS256}, []string{"*"}, defaultCookieName)
-	require.Nil(t, err)
+	require.NoError(t, err)
 }
 
 func TestAuthorizeCustomCookieNane(t *testing.T) {
@@ -528,7 +529,7 @@ func TestAuthorizeCustomCookieNane(t *testing.T) {
 	r.AddCookie(&http.Cookie{Name: "foo", Value: validFullHeader})
 
 	_, err := authorize(r, &jwtConfig{[]byte("!ChangeMe!"), jwt.SigningMethodHS256}, []string{"*"}, "foo")
-	require.Nil(t, err)
+	require.NoError(t, err)
 }
 
 func TestCanReceive(t *testing.T) {
diff --git a/bolt_transport_test.go b/bolt_transport_test.go
index 196076fd..5dfaca49 100644
--- a/bolt_transport_test.go
+++ b/bolt_transport_test.go
@@ -38,7 +38,7 @@ func TestBoltTransportHistory(t *testing.T) {
 	s := NewSubscriber("8", transport.logger)
 	s.SetTopics(topics, nil)
 
-	require.Nil(t, transport.AddSubscriber(s))
+	require.NoError(t, transport.AddSubscriber(s))
 
 	var count int
 	for {
@@ -71,7 +71,7 @@ func TestBoltTransportLogsBogusLastEventID(t *testing.T) {
 	s := NewSubscriber("711131", logger)
 	s.SetTopics(topics, nil)
 
-	require.Nil(t, transport.AddSubscriber(s))
+	require.NoError(t, transport.AddSubscriber(s))
 
 	log := sink.String()
 	assert.Contains(t, log, `"LastEventID":"711131"`)
@@ -90,7 +90,7 @@ func TestBoltTopicSelectorHistory(t *testing.T) {
 	s := NewSubscriber(EarliestLastEventID, transport.logger)
 	s.SetTopics([]string{"http://example.com/subscribed", "http://example.com/subscribed-public-only"}, []string{"http://example.com/subscribed"})
 
-	require.Nil(t, transport.AddSubscriber(s))
+	require.NoError(t, transport.AddSubscriber(s))
 
 	assert.Equal(t, "1", (<-s.Receive()).ID)
 	assert.Equal(t, "4", (<-s.Receive()).ID)
@@ -111,7 +111,7 @@ func TestBoltTransportRetrieveAllHistory(t *testing.T) {
 
 	s := NewSubscriber(EarliestLastEventID, transport.logger)
 	s.SetTopics(topics, nil)
-	require.Nil(t, transport.AddSubscriber(s))
+	require.NoError(t, transport.AddSubscriber(s))
 
 	var count int
 	for {
@@ -141,7 +141,7 @@ func TestBoltTransportHistoryAndLive(t *testing.T) {
 
 	s := NewSubscriber("8", transport.logger)
 	s.SetTopics(topics, nil)
-	require.Nil(t, transport.AddSubscriber(s))
+	require.NoError(t, transport.AddSubscriber(s))
 
 	var wg sync.WaitGroup
 	wg.Add(1)
@@ -192,13 +192,13 @@ func TestBoltTransportPurgeHistory(t *testing.T) {
 func TestNewBoltTransport(t *testing.T) {
 	u, _ := url.Parse("bolt://test.db?bucket_name=demo")
 	transport, err := NewBoltTransport(u, zap.NewNop())
-	assert.Nil(t, err)
+	require.NoError(t, err)
 	require.NotNil(t, transport)
 	transport.Close()
 
 	u, _ = url.Parse("bolt://")
 	_, err = NewBoltTransport(u, zap.NewNop())
-	assert.EqualError(t, err, `"bolt:": invalid transport: missing path`)
+	require.EqualError(t, err, `"bolt:": invalid transport: missing path`)
 
 	u, _ = url.Parse("bolt:///test.db")
 	_, err = NewBoltTransport(u, zap.NewNop())
@@ -208,11 +208,11 @@ func TestNewBoltTransport(t *testing.T) {
 
 	u, _ = url.Parse("bolt://test.db?cleanup_frequency=invalid")
 	_, err = NewBoltTransport(u, zap.NewNop())
-	assert.EqualError(t, err, `"bolt://test.db?cleanup_frequency=invalid": invalid "cleanup_frequency" parameter "invalid": invalid transport: strconv.ParseFloat: parsing "invalid": invalid syntax`)
+	require.EqualError(t, err, `"bolt://test.db?cleanup_frequency=invalid": invalid "cleanup_frequency" parameter "invalid": invalid transport: strconv.ParseFloat: parsing "invalid": invalid syntax`)
 
 	u, _ = url.Parse("bolt://test.db?size=invalid")
 	_, err = NewBoltTransport(u, zap.NewNop())
-	assert.EqualError(t, err, `"bolt://test.db?size=invalid": invalid "size" parameter "invalid": invalid transport: strconv.ParseUint: parsing "invalid": invalid syntax`)
+	require.EqualError(t, err, `"bolt://test.db?size=invalid": invalid "size" parameter "invalid": invalid transport: strconv.ParseUint: parsing "invalid": invalid syntax`)
 }
 
 func TestBoltTransportDoNotDispatchUntilListen(t *testing.T) {
@@ -222,7 +222,7 @@ func TestBoltTransportDoNotDispatchUntilListen(t *testing.T) {
 	assert.Implements(t, (*Transport)(nil), transport)
 
 	s := NewSubscriber("", transport.logger)
-	require.Nil(t, transport.AddSubscriber(s))
+	require.NoError(t, transport.AddSubscriber(s))
 
 	var wg sync.WaitGroup
 	wg.Add(1)
@@ -248,21 +248,21 @@ func TestBoltTransportDispatch(t *testing.T) {
 	s := NewSubscriber("", transport.logger)
 	s.SetTopics([]string{"https://example.com/foo", "https://example.com/private"}, []string{"https://example.com/private"})
 
-	require.Nil(t, transport.AddSubscriber(s))
+	require.NoError(t, transport.AddSubscriber(s))
 
 	notSubscribed := &Update{Topics: []string{"not-subscribed"}}
-	require.Nil(t, transport.Dispatch(notSubscribed))
+	require.NoError(t, transport.Dispatch(notSubscribed))
 
 	subscribedNotAuthorized := &Update{Topics: []string{"https://example.com/foo"}, Private: true}
-	require.Nil(t, transport.Dispatch(subscribedNotAuthorized))
+	require.NoError(t, transport.Dispatch(subscribedNotAuthorized))
 
 	public := &Update{Topics: s.SubscribedTopics}
-	require.Nil(t, transport.Dispatch(public))
+	require.NoError(t, transport.Dispatch(public))
 
 	assert.Equal(t, public, <-s.Receive())
 
 	private := &Update{Topics: s.AllowedPrivateTopics, Private: true}
-	require.Nil(t, transport.Dispatch(private))
+	require.NoError(t, transport.Dispatch(private))
 
 	assert.Equal(t, private, <-s.Receive())
 }
@@ -276,10 +276,10 @@ func TestBoltTransportClosed(t *testing.T) {
 
 	s := NewSubscriber("", transport.logger)
 	s.SetTopics([]string{"https://example.com/foo"}, nil)
-	require.Nil(t, transport.AddSubscriber(s))
+	require.NoError(t, transport.AddSubscriber(s))
 
-	require.Nil(t, transport.Close())
-	require.NotNil(t, transport.AddSubscriber(s))
+	require.NoError(t, transport.Close())
+	require.Error(t, transport.AddSubscriber(s))
 
 	assert.Equal(t, transport.Dispatch(&Update{Topics: s.SubscribedTopics}), ErrClosedTransport)
 
@@ -295,11 +295,11 @@ func TestBoltCleanDisconnectedSubscribers(t *testing.T) {
 
 	s1 := NewSubscriber("", transport.logger)
 	s1.SetTopics([]string{"foo"}, []string{})
-	require.Nil(t, transport.AddSubscriber(s1))
+	require.NoError(t, transport.AddSubscriber(s1))
 
 	s2 := NewSubscriber("", transport.logger)
 	s2.SetTopics([]string{"foo"}, []string{})
-	require.Nil(t, transport.AddSubscriber(s2))
+	require.NoError(t, transport.AddSubscriber(s2))
 
 	assert.Equal(t, 2, transport.subscribers.Len())
 
@@ -319,30 +319,31 @@ func TestBoltGetSubscribers(t *testing.T) {
 	defer os.Remove("test.db")
 
 	s1 := NewSubscriber("", transport.logger)
-	require.Nil(t, transport.AddSubscriber(s1))
+	require.NoError(t, transport.AddSubscriber(s1))
 
 	s2 := NewSubscriber("", transport.logger)
-	require.Nil(t, transport.AddSubscriber(s2))
+	require.NoError(t, transport.AddSubscriber(s2))
 
 	lastEventID, subscribers, err := transport.GetSubscribers()
+	require.NoError(t, err)
+
 	assert.Equal(t, EarliestLastEventID, lastEventID)
 	assert.Len(t, subscribers, 2)
 	assert.Contains(t, subscribers, s1)
 	assert.Contains(t, subscribers, s2)
-	assert.Nil(t, err)
 }
 
 func TestBoltLastEventID(t *testing.T) {
 	db, err := bolt.Open("test.db", 0o600, nil)
 	defer os.Remove("test.db")
-	require.Nil(t, err)
+	require.NoError(t, err)
 
 	db.Update(func(tx *bolt.Tx) error {
 		bucket, err := tx.CreateBucketIfNotExists([]byte(defaultBoltBucketName))
-		require.Nil(t, err)
+		require.NoError(t, err)
 
 		seq, err := bucket.NextSequence()
-		require.Nil(t, err)
+		require.NoError(t, err)
 
 		prefix := make([]byte, 8)
 		binary.BigEndian.PutUint64(prefix, seq)
@@ -355,7 +356,7 @@ func TestBoltLastEventID(t *testing.T) {
 
 		return bucket.Put(key, []byte("invalid"))
 	})
-	require.Nil(t, db.Close())
+	require.NoError(t, db.Close())
 
 	transport := createBoltTransport("bolt://test.db")
 	require.NotNil(t, transport)
diff --git a/caddy/caddy_test.go b/caddy/caddy_test.go
index f67fdfa2..f5c6d56f 100644
--- a/caddy/caddy_test.go
+++ b/caddy/caddy_test.go
@@ -82,7 +82,7 @@ func TestMercure(t *testing.T) {
 	req, err := http.NewRequest(http.MethodPost, "http://localhost:9080/.well-known/mercure", strings.NewReader(body.Encode()))
 	require.Nil(t, err)
 	req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
-	req.Header.Add("Authorization", "Bearer "+publisherJWT)
+	req.Header.Add("Authorization", bearerPrefix+publisherJWT)
 
 	resp := tester.AssertResponseCode(req, http.StatusOK)
 	resp.Body.Close()
@@ -155,7 +155,7 @@ func TestJWTPlaceholders(t *testing.T) {
 	req, err := http.NewRequest(http.MethodPost, "http://localhost:9080/.well-known/mercure", strings.NewReader(body.Encode()))
 	require.Nil(t, err)
 	req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
-	req.Header.Add("Authorization", "Bearer "+publisherJWTRSA)
+	req.Header.Add("Authorization", bearerPrefix+publisherJWTRSA)
 
 	resp := tester.AssertResponseCode(req, http.StatusOK)
 	resp.Body.Close()
diff --git a/common/version_test.go b/common/version_test.go
index 678eb1a3..6d352d10 100644
--- a/common/version_test.go
+++ b/common/version_test.go
@@ -17,8 +17,8 @@ func TestVersionInfo(t *testing.T) {
 		Architecture: "amd64",
 	}
 
-	assert.Equal(t, v.Shortline(), "dev")
-	assert.Equal(t, v.ChangelogURL(), "https://github.com/dunglas/mercure/releases/latest")
+	assert.Equal(t, "dev", v.Shortline())
+	assert.Equal(t, "https://github.com/dunglas/mercure/releases/latest", v.ChangelogURL())
 }
 
 func TestVersionInfoWithBuildDate(t *testing.T) {
@@ -31,8 +31,8 @@ func TestVersionInfoWithBuildDate(t *testing.T) {
 		Architecture: "amd64",
 	}
 
-	assert.Equal(t, v.Shortline(), "1.0.0, built at 2020-05-03T18:42:44Z")
-	assert.Equal(t, v.ChangelogURL(), "https://github.com/dunglas/mercure/releases/tag/v1.0.0")
+	assert.Equal(t, "1.0.0, built at 2020-05-03T18:42:44Z", v.Shortline())
+	assert.Equal(t, "https://github.com/dunglas/mercure/releases/tag/v1.0.0", v.ChangelogURL())
 }
 
 func TestVersionInfoWithCommit(t *testing.T) {
@@ -45,8 +45,8 @@ func TestVersionInfoWithCommit(t *testing.T) {
 		Architecture: "amd64",
 	}
 
-	assert.Equal(t, v.Shortline(), "1.0.0, commit 96ee2b9")
-	assert.Equal(t, v.ChangelogURL(), "https://github.com/dunglas/mercure/releases/tag/v1.0.0")
+	assert.Equal(t, "1.0.0, commit 96ee2b9", v.Shortline())
+	assert.Equal(t, "https://github.com/dunglas/mercure/releases/tag/v1.0.0", v.ChangelogURL())
 }
 
 func TestVersionInfoWithBuildDateAndCommit(t *testing.T) {
@@ -59,8 +59,8 @@ func TestVersionInfoWithBuildDateAndCommit(t *testing.T) {
 		Architecture: "amd64",
 	}
 
-	assert.Equal(t, v.Shortline(), "1.0.0, commit 96ee2b9, built at 2020-05-03T18:42:44Z")
-	assert.Equal(t, v.ChangelogURL(), "https://github.com/dunglas/mercure/releases/tag/v1.0.0")
+	assert.Equal(t, "1.0.0, commit 96ee2b9, built at 2020-05-03T18:42:44Z", v.Shortline())
+	assert.Equal(t, "https://github.com/dunglas/mercure/releases/tag/v1.0.0", v.ChangelogURL())
 }
 
 func TestVersionMetricsCollectorInitialization(t *testing.T) {
@@ -95,5 +95,5 @@ func TestVersionMetricsCollectorInitialization(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	assert.Equal(t, 1.0, *metricOut.Gauge.Value)
+	assert.Equal(t, 1.0, metricOut.GetGauge().GetValue()) //nolint:testifylint
 }
diff --git a/config_test.go b/config_test.go
index c7386275..8313b82f 100644
--- a/config_test.go
+++ b/config_test.go
@@ -7,11 +7,12 @@ import (
 	"github.com/spf13/pflag"
 	"github.com/spf13/viper"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestMissingConfig(t *testing.T) {
 	err := ValidateConfig(viper.New())
-	assert.EqualError(t, err, `invalid config: one of "jwt_key" or "publisher_jwt_key" configuration parameter must be defined`)
+	require.EqualError(t, err, `invalid config: one of "jwt_key" or "publisher_jwt_key" configuration parameter must be defined`)
 }
 
 func TestMissingKeyFile(t *testing.T) {
@@ -20,7 +21,7 @@ func TestMissingKeyFile(t *testing.T) {
 	v.Set("cert_file", "foo")
 
 	err := ValidateConfig(v)
-	assert.EqualError(t, err, `invalid config: if the "cert_file" configuration parameter is defined, "key_file" must be defined too`)
+	require.EqualError(t, err, `invalid config: if the "cert_file" configuration parameter is defined, "key_file" must be defined too`)
 }
 
 func TestMissingCertFile(t *testing.T) {
@@ -29,7 +30,7 @@ func TestMissingCertFile(t *testing.T) {
 	v.Set("key_file", "foo")
 
 	err := ValidateConfig(v)
-	assert.EqualError(t, err, `invalid config: if the "key_file" configuration parameter is defined, "cert_file" must be defined too`)
+	require.EqualError(t, err, `invalid config: if the "key_file" configuration parameter is defined, "cert_file" must be defined too`)
 }
 
 func TestSetFlags(t *testing.T) {
diff --git a/demo.go b/demo.go
index c8956359..4789eb62 100644
--- a/demo.go
+++ b/demo.go
@@ -9,6 +9,8 @@ import (
 	"time"
 )
 
+const linkSuffix = `>; rel="mercure"`
+
 // uiContent is our static web server content.
 //
 //go:embed public
@@ -29,7 +31,7 @@ func (h *Hub) Demo(w http.ResponseWriter, r *http.Request) {
 	body := query.Get("body")
 	jwt := query.Get("jwt")
 
-	hubLink := "<" + defaultHubURL + ">; rel=\"mercure\""
+	hubLink := "<" + defaultHubURL + linkSuffix
 	if h.cookieName != defaultCookieName {
 		hubLink = hubLink + "; cookie-name=\"" + h.cookieName + "\""
 	}
diff --git a/demo_test.go b/demo_test.go
index 543f0430..4e4d6b1e 100644
--- a/demo_test.go
+++ b/demo_test.go
@@ -19,7 +19,7 @@ func TestEmptyBodyAndJWT(t *testing.T) {
 
 	resp := w.Result()
 	assert.Equal(t, "application/ld+json", resp.Header.Get("Content-Type"))
-	assert.Equal(t, []string{"<" + defaultHubURL + ">; rel=\"mercure\"", "<http://example.com/demo/foo.jsonld>; rel=\"self\""}, resp.Header["Link"])
+	assert.Equal(t, []string{"<" + defaultHubURL + linkSuffix, "<http://example.com/demo/foo.jsonld>; rel=\"self\""}, resp.Header["Link"])
 
 	cookie := resp.Cookies()[0]
 	assert.Equal(t, "mercureAuthorization", cookie.Name)
@@ -40,7 +40,7 @@ func TestBodyAndJWT(t *testing.T) {
 
 	resp := w.Result()
 	assert.Contains(t, resp.Header.Get("Content-Type"), "xml") // Before Go 1.17, the charset wasn't set
-	assert.Equal(t, []string{"<" + defaultHubURL + ">; rel=\"mercure\"", "<http://example.com/demo/foo/bar.xml?body=<hello/>&jwt=token>; rel=\"self\""}, resp.Header["Link"])
+	assert.Equal(t, []string{"<" + defaultHubURL + linkSuffix, "<http://example.com/demo/foo/bar.xml?body=<hello/>&jwt=token>; rel=\"self\""}, resp.Header["Link"])
 
 	cookie := resp.Cookies()[0]
 	assert.Equal(t, "mercureAuthorization", cookie.Name)
diff --git a/hub_test.go b/hub_test.go
index 2936b64c..507ee63b 100644
--- a/hub_test.go
+++ b/hub_test.go
@@ -1,7 +1,6 @@
 package mercure
 
 import (
-	"errors"
 	"fmt"
 	"net/http"
 	"net/http/httptest"
@@ -41,7 +40,7 @@ func TestNewHubWithConfig(t *testing.T) {
 		WithSubscriberJWT([]byte("bar"), jwt.SigningMethodHS256.Name),
 	)
 	require.NotNil(t, h)
-	require.Nil(t, err)
+	require.NoError(t, err)
 }
 
 func TestNewHubValidationError(t *testing.T) {
@@ -72,7 +71,7 @@ func TestStartCrash(t *testing.T) {
 	err := cmd.Run()
 
 	var e *exec.ExitError
-	require.True(t, errors.As(err, &e))
+	require.ErrorAs(t, err, &e)
 	assert.False(t, e.Success())
 }
 
@@ -123,7 +122,7 @@ func TestWithProtocolVersionCompatibility(t *testing.T) {
 	assert.False(t, op.isBackwardCompatiblyEnabledWith(7))
 
 	o := WithProtocolVersionCompatibility(7)
-	require.Nil(t, o(op))
+	require.NoError(t, o(op))
 	assert.Equal(t, 7, op.protocolVersionCompatibility)
 	assert.True(t, op.isBackwardCompatiblyEnabledWith(7))
 	assert.True(t, op.isBackwardCompatiblyEnabledWith(8))
@@ -148,7 +147,7 @@ func TestWithProtocolVersionCompatibilityVersions(t *testing.T) {
 			o := WithProtocolVersionCompatibility(tc.version)
 
 			if tc.ok {
-				require.Nil(t, o(op))
+				require.NoError(t, o(op))
 			} else {
 				require.Error(t, o(op))
 			}
@@ -187,18 +186,18 @@ func TestOriginsValidator(t *testing.T) {
 
 	for _, origins := range validOrigins {
 		o := WithPublishOrigins(origins)
-		require.Nil(t, o(op), "error while not expected for %#v", origins)
+		require.NoError(t, o(op), "error while not expected for %#v", origins)
 
 		o = WithCORSOrigins(origins)
-		require.Nil(t, o(op), "error while not expected for %#v", origins)
+		require.NoError(t, o(op), "error while not expected for %#v", origins)
 	}
 
 	for _, origins := range invalidOrigins {
 		o := WithPublishOrigins(origins)
-		require.NotNil(t, o(op), "no error while expected for %#v", origins)
+		require.Error(t, o(op), "no error while expected for %#v", origins)
 
 		o = WithCORSOrigins(origins)
-		require.NotNil(t, o(op), "no error while expected for %#v", origins)
+		require.Error(t, o(op), "no error while expected for %#v", origins)
 	}
 }
 
diff --git a/local_transport_test.go b/local_transport_test.go
index 3f72dca0..15852bfa 100644
--- a/local_transport_test.go
+++ b/local_transport_test.go
@@ -17,11 +17,11 @@ func TestLocalTransportDoNotDispatchUntilListen(t *testing.T) {
 
 	u := &Update{Topics: []string{"http://example.com/books/1"}}
 	err := transport.Dispatch(u)
-	require.Nil(t, err)
+	require.NoError(t, err)
 
 	s := NewSubscriber("", zap.NewNop())
 	s.SetTopics(u.Topics, nil)
-	require.Nil(t, transport.AddSubscriber(s))
+	require.NoError(t, transport.AddSubscriber(s))
 
 	var wg sync.WaitGroup
 	wg.Add(1)
@@ -43,10 +43,10 @@ func TestLocalTransportDispatch(t *testing.T) {
 
 	s := NewSubscriber("", zap.NewNop())
 	s.SetTopics([]string{"http://example.com/foo"}, nil)
-	assert.Nil(t, transport.AddSubscriber(s))
+	require.NoError(t, transport.AddSubscriber(s))
 
 	u := &Update{Topics: s.SubscribedTopics}
-	require.Nil(t, transport.Dispatch(u))
+	require.NoError(t, transport.Dispatch(u))
 	assert.Equal(t, u, <-s.Receive())
 }
 
@@ -56,9 +56,8 @@ func TestLocalTransportClosed(t *testing.T) {
 	assert.Implements(t, (*Transport)(nil), transport)
 
 	s := NewSubscriber("", zap.NewNop())
-	require.Nil(t, transport.AddSubscriber(s))
-
-	assert.Nil(t, transport.Close())
+	require.NoError(t, transport.AddSubscriber(s))
+	require.NoError(t, transport.Close())
 	assert.Equal(t, transport.AddSubscriber(NewSubscriber("", zap.NewNop())), ErrClosedTransport)
 	assert.Equal(t, transport.Dispatch(&Update{}), ErrClosedTransport)
 
@@ -72,10 +71,10 @@ func TestLiveCleanDisconnectedSubscribers(t *testing.T) {
 	defer transport.Close()
 
 	s1 := NewSubscriber("", zap.NewNop())
-	require.Nil(t, transport.AddSubscriber(s1))
+	require.NoError(t, transport.AddSubscriber(s1))
 
 	s2 := NewSubscriber("", zap.NewNop())
-	require.Nil(t, transport.AddSubscriber(s2))
+	require.NoError(t, transport.AddSubscriber(s2))
 
 	assert.Equal(t, 2, transport.subscribers.Len())
 
@@ -95,10 +94,10 @@ func TestLiveReading(t *testing.T) {
 
 	s := NewSubscriber("", zap.NewNop())
 	s.SetTopics([]string{"https://example.com"}, nil)
-	require.Nil(t, transport.AddSubscriber(s))
+	require.NoError(t, transport.AddSubscriber(s))
 
 	u := &Update{Topics: s.SubscribedTopics}
-	assert.Nil(t, transport.Dispatch(u))
+	require.NoError(t, transport.Dispatch(u))
 
 	receivedUpdate := <-s.Receive()
 	assert.Equal(t, u, receivedUpdate)
@@ -110,15 +109,15 @@ func TestLocalTransportGetSubscribers(t *testing.T) {
 	require.NotNil(t, transport)
 
 	s1 := NewSubscriber("", zap.NewNop())
-	require.Nil(t, transport.AddSubscriber(s1))
+	require.NoError(t, transport.AddSubscriber(s1))
 
 	s2 := NewSubscriber("", zap.NewNop())
-	require.Nil(t, transport.AddSubscriber(s2))
+	require.NoError(t, transport.AddSubscriber(s2))
 
 	lastEventID, subscribers, err := transport.(TransportSubscribers).GetSubscribers()
+	require.NoError(t, err)
 	assert.Equal(t, EarliestLastEventID, lastEventID)
 	assert.Len(t, subscribers, 2)
 	assert.Contains(t, subscribers, s1)
 	assert.Contains(t, subscribers, s2)
-	assert.Nil(t, err)
 }
diff --git a/log.go b/log.go
index cc3bcc3b..1e1c9efd 100644
--- a/log.go
+++ b/log.go
@@ -27,6 +27,6 @@ type CheckedEntry = zapcore.CheckedEntry
 type Logger interface {
 	Info(msg string, fields ...LogField)
 	Error(msg string, fields ...LogField)
-	Check(Level, string) *CheckedEntry
+	Check(level Level, msg string) *CheckedEntry
 	Level() Level
 }
diff --git a/metrics.go b/metrics.go
index 9271d67b..e73bc9d7 100644
--- a/metrics.go
+++ b/metrics.go
@@ -9,6 +9,8 @@ import (
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 )
 
+const metricsPath = "/metrics"
+
 type Metrics interface {
 	// SubscriberConnected collects metrics about subscriber connections.
 	SubscriberConnected(s *Subscriber)
@@ -79,7 +81,7 @@ func (m *PrometheusMetrics) Register(r *mux.Router) {
 	// Go-unrelated process metrics (memory usage, file descriptors, etc.).
 	m.registry.MustRegister(prometheus.NewProcessCollector(prometheus.ProcessCollectorOpts{}))
 
-	r.Handle("/metrics", promhttp.HandlerFor(m.registry.(*prometheus.Registry), promhttp.HandlerOpts{})).Methods(http.MethodGet)
+	r.Handle(metricsPath, promhttp.HandlerFor(m.registry.(*prometheus.Registry), promhttp.HandlerOpts{})).Methods(http.MethodGet)
 }
 
 func (m *PrometheusMetrics) SubscriberConnected(_ *Subscriber) {
diff --git a/metrics_test.go b/metrics_test.go
index f4564aae..ca183b34 100644
--- a/metrics_test.go
+++ b/metrics_test.go
@@ -75,7 +75,7 @@ func assertGaugeValue(t *testing.T, v float64, g prometheus.Gauge) {
 		t.Fatal(err)
 	}
 
-	assert.Equal(t, v, *metricOut.Gauge.Value)
+	assert.Equal(t, v, metricOut.GetGauge().GetValue()) //nolint:testifylint
 }
 
 func assertCounterValue(t *testing.T, v float64, c prometheus.Counter) {
@@ -86,5 +86,5 @@ func assertCounterValue(t *testing.T, v float64, c prometheus.Counter) {
 		t.Fatal(err)
 	}
 
-	assert.Equal(t, v, *metricOut.Counter.Value)
+	assert.Equal(t, v, metricOut.GetCounter().GetValue()) // nolint:testifylint
 }
diff --git a/publish_test.go b/publish_test.go
index 399e0341..842f5d95 100644
--- a/publish_test.go
+++ b/publish_test.go
@@ -33,7 +33,7 @@ func TestPublishUnauthorizedJWT(t *testing.T) {
 	hub := createDummy()
 
 	req := httptest.NewRequest(http.MethodPost, defaultHubURL, nil)
-	req.Header.Add("Authorization", "Bearer "+createDummyUnauthorizedJWT())
+	req.Header.Add("Authorization", bearerPrefix+createDummyUnauthorizedJWT())
 	w := httptest.NewRecorder()
 	hub.PublishHandler(w, req)
 
@@ -48,7 +48,7 @@ func TestPublishInvalidAlgJWT(t *testing.T) {
 	hub := createDummy()
 
 	req := httptest.NewRequest(http.MethodPost, defaultHubURL, nil)
-	req.Header.Add("Authorization", "Bearer "+createDummyNoneSignedJWT())
+	req.Header.Add("Authorization", bearerPrefix+createDummyNoneSignedJWT())
 	w := httptest.NewRecorder()
 	hub.PublishHandler(w, req)
 
@@ -63,7 +63,7 @@ func TestPublishBadContentType(t *testing.T) {
 	hub := createDummy()
 
 	req := httptest.NewRequest(http.MethodPost, defaultHubURL, nil)
-	req.Header.Add("Authorization", "Bearer "+createDummyAuthorizedJWT(hub, rolePublisher, []string{"*"}))
+	req.Header.Add("Authorization", bearerPrefix+createDummyAuthorizedJWT(hub, rolePublisher, []string{"*"}))
 	req.Header.Add("Content-Type", "text/plain; boundary=")
 	w := httptest.NewRecorder()
 	hub.PublishHandler(w, req)
@@ -78,7 +78,7 @@ func TestPublishNoTopic(t *testing.T) {
 	hub := createDummy()
 
 	req := httptest.NewRequest(http.MethodPost, defaultHubURL, nil)
-	req.Header.Add("Authorization", "Bearer "+createDummyAuthorizedJWT(hub, rolePublisher, []string{"*"}))
+	req.Header.Add("Authorization", bearerPrefix+createDummyAuthorizedJWT(hub, rolePublisher, []string{"*"}))
 	w := httptest.NewRecorder()
 	hub.PublishHandler(w, req)
 
@@ -99,7 +99,7 @@ func TestPublishInvalidRetry(t *testing.T) {
 
 	req := httptest.NewRequest(http.MethodPost, defaultHubURL, strings.NewReader(form.Encode()))
 	req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
-	req.Header.Add("Authorization", "Bearer "+createDummyAuthorizedJWT(hub, rolePublisher, []string{"*"}))
+	req.Header.Add("Authorization", bearerPrefix+createDummyAuthorizedJWT(hub, rolePublisher, []string{"*"}))
 
 	w := httptest.NewRecorder()
 	hub.PublishHandler(w, req)
@@ -121,7 +121,7 @@ func TestPublishNotAuthorizedTopicSelector(t *testing.T) {
 
 	req := httptest.NewRequest(http.MethodPost, defaultHubURL, strings.NewReader(form.Encode()))
 	req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
-	req.Header.Add("Authorization", "Bearer "+createDummyAuthorizedJWT(hub, rolePublisher, []string{"foo"}))
+	req.Header.Add("Authorization", bearerPrefix+createDummyAuthorizedJWT(hub, rolePublisher, []string{"foo"}))
 
 	w := httptest.NewRecorder()
 	hub.PublishHandler(w, req)
@@ -140,7 +140,7 @@ func TestPublishEmptyTopicSelector(t *testing.T) {
 
 	req := httptest.NewRequest(http.MethodPost, defaultHubURL, strings.NewReader(form.Encode()))
 	req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
-	req.Header.Add("Authorization", "Bearer "+createDummyAuthorizedJWT(hub, rolePublisher, []string{}))
+	req.Header.Add("Authorization", bearerPrefix+createDummyAuthorizedJWT(hub, rolePublisher, []string{}))
 
 	w := httptest.NewRecorder()
 	hub.PublishHandler(w, req)
@@ -159,7 +159,7 @@ func TestPublishLegacyAuthorization(t *testing.T) {
 
 	req := httptest.NewRequest(http.MethodPost, defaultHubURL, strings.NewReader(form.Encode()))
 	req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
-	req.Header.Add("Authorization", "Bearer "+createDummyAuthorizedJWT(hub, rolePublisher, []string{}))
+	req.Header.Add("Authorization", bearerPrefix+createDummyAuthorizedJWT(hub, rolePublisher, []string{}))
 
 	w := httptest.NewRecorder()
 	hub.PublishHandler(w, req)
@@ -178,7 +178,7 @@ func TestPublishOK(t *testing.T) {
 	s.SetTopics(topics, topics)
 	s.Claims = &claims{Mercure: mercureClaim{Subscribe: topics}}
 
-	require.Nil(t, hub.transport.AddSubscriber(s))
+	require.NoError(t, hub.transport.AddSubscriber(s))
 
 	var wg sync.WaitGroup
 	wg.Add(1)
@@ -201,7 +201,7 @@ func TestPublishOK(t *testing.T) {
 
 	req := httptest.NewRequest(http.MethodPost, defaultHubURL, strings.NewReader(form.Encode()))
 	req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
-	req.Header.Add("Authorization", "Bearer "+createDummyAuthorizedJWT(hub, rolePublisher, s.SubscribedTopics))
+	req.Header.Add("Authorization", bearerPrefix+createDummyAuthorizedJWT(hub, rolePublisher, s.SubscribedTopics))
 
 	w := httptest.NewRecorder()
 	hub.PublishHandler(w, req)
@@ -224,7 +224,7 @@ func TestPublishNoData(t *testing.T) {
 
 	req := httptest.NewRequest(http.MethodPost, defaultHubURL, strings.NewReader(form.Encode()))
 	req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
-	req.Header.Add("Authorization", "Bearer "+createDummyAuthorizedJWT(hub, rolePublisher, []string{"*"}))
+	req.Header.Add("Authorization", bearerPrefix+createDummyAuthorizedJWT(hub, rolePublisher, []string{"*"}))
 
 	w := httptest.NewRecorder()
 	hub.PublishHandler(w, req)
@@ -241,7 +241,7 @@ func TestPublishGenerateUUID(t *testing.T) {
 	s := NewSubscriber("", zap.NewNop())
 	s.SetTopics([]string{"http://example.com/books/1"}, s.SubscribedTopics)
 
-	require.Nil(t, h.transport.AddSubscriber(s))
+	require.NoError(t, h.transport.AddSubscriber(s))
 
 	var wg sync.WaitGroup
 	wg.Add(1)
@@ -251,7 +251,7 @@ func TestPublishGenerateUUID(t *testing.T) {
 		require.NotNil(t, u)
 
 		_, err := uuid.FromString(strings.TrimPrefix(u.ID, "urn:uuid:"))
-		assert.Nil(t, err)
+		require.NoError(t, err)
 	}()
 
 	form := url.Values{}
@@ -260,7 +260,7 @@ func TestPublishGenerateUUID(t *testing.T) {
 
 	req := httptest.NewRequest(http.MethodPost, defaultHubURL, strings.NewReader(form.Encode()))
 	req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
-	req.Header.Add("Authorization", "Bearer "+createDummyAuthorizedJWT(h, rolePublisher, []string{"*"}))
+	req.Header.Add("Authorization", bearerPrefix+createDummyAuthorizedJWT(h, rolePublisher, []string{"*"}))
 
 	w := httptest.NewRecorder()
 	h.PublishHandler(w, req)
@@ -273,7 +273,7 @@ func TestPublishGenerateUUID(t *testing.T) {
 	body := string(bodyBytes)
 
 	_, err := uuid.FromString(strings.TrimPrefix(body, "urn:uuid:"))
-	assert.Nil(t, err)
+	require.NoError(t, err)
 
 	wg.Wait()
 }
@@ -296,7 +296,7 @@ func TestPublishWithErrorInTransport(t *testing.T) {
 
 	req := httptest.NewRequest(http.MethodPost, defaultHubURL, strings.NewReader(form.Encode()))
 	req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
-	req.Header.Add("Authorization", "Bearer "+createDummyAuthorizedJWT(hub, rolePublisher, []string{"foo", "http://example.com/books/1"}))
+	req.Header.Add("Authorization", bearerPrefix+createDummyAuthorizedJWT(hub, rolePublisher, []string{"foo", "http://example.com/books/1"}))
 
 	w := httptest.NewRecorder()
 	hub.PublishHandler(w, req)
@@ -311,7 +311,7 @@ func TestPublishWithErrorInTransport(t *testing.T) {
 
 func FuzzPublish(f *testing.F) {
 	hub := createDummy()
-	authorizationHeader := "Bearer " + createDummyAuthorizedJWT(hub, rolePublisher, []string{"*"})
+	authorizationHeader := bearerPrefix + createDummyAuthorizedJWT(hub, rolePublisher, []string{"*"})
 
 	testCases := [][]interface{}{
 		{"https://localhost/foo/bar", "baz", "", "", "", "", ""},
diff --git a/server_test.go b/server_test.go
index 8c5fccd2..a2d14cdc 100644
--- a/server_test.go
+++ b/server_test.go
@@ -22,8 +22,11 @@ import (
 )
 
 const (
-	testURL       = "http://" + testAddr + defaultHubURL
-	testSecureURL = "https://" + testAddr + defaultHubURL
+	testURLscheme = "http://"
+	testURL       = testURLscheme + testAddr + defaultHubURL
+
+	testSecureURLScheme = "https://"
+	testSecureURL       = testSecureURLScheme + testAddr + defaultHubURL
 )
 
 func TestForwardedHeaders(t *testing.T) {
@@ -46,10 +49,10 @@ func TestForwardedHeaders(t *testing.T) {
 	req, _ := http.NewRequest(http.MethodPost, testURL, strings.NewReader(body.Encode()))
 	req.Header.Add("X-Forwarded-For", "192.0.2.1")
 	req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
-	req.Header.Add("Authorization", "Bearer "+createDummyAuthorizedJWT(h, rolePublisher, []string{"*"}))
+	req.Header.Add("Authorization", bearerPrefix+createDummyAuthorizedJWT(h, rolePublisher, []string{"*"}))
 
 	resp2, err := client.Do(req)
-	require.Nil(t, err)
+	require.NoError(t, err)
 	defer resp2.Body.Close()
 
 	assert.Equal(t, 1, logs.FilterField(zap.String("remote_addr", "192.0.2.1")).Len())
@@ -97,7 +100,7 @@ func TestSecurityOptions(t *testing.T) {
 	resp2.Body.Close()
 
 	// Subscriptions
-	req, _ = http.NewRequest(http.MethodGet, testSecureURL+"/subscriptions", nil)
+	req, _ = http.NewRequest(http.MethodGet, testSecureURL+subscriptionsPath, nil)
 	resp3, _ := client.Do(req)
 	require.NotNil(t, resp3)
 	assert.Equal(t, http.StatusUnauthorized, resp3.StatusCode)
@@ -134,7 +137,7 @@ func TestSecurityOptionsWithCorsOrigin(t *testing.T) {
 
 	req, _ := http.NewRequest(http.MethodOptions, testSecureURL, nil)
 
-	req.Header.Add("Authorization", "Bearer "+createDummyAuthorizedJWT(h, roleSubscriber, []string{}))
+	req.Header.Add("Authorization", bearerPrefix+createDummyAuthorizedJWT(h, roleSubscriber, []string{}))
 	req.Header.Add("Content-Type", "text/plain; boundary=")
 	req.Header.Add("Origin", "https://subscriber.com")
 	req.Header.Add("Host", "subscriber.com")
@@ -162,15 +165,15 @@ func TestServe(t *testing.T) {
 	var resp *http.Response
 	client := http.Client{Timeout: 100 * time.Millisecond}
 	for resp == nil {
-		resp, _ = client.Get("http://" + testAddr + "/") //nolint:bodyclose
+		resp, _ = client.Get(testURLscheme + testAddr + "/") //nolint:bodyclose
 	}
 	defer resp.Body.Close()
 
 	hpBody, _ := io.ReadAll(resp.Body)
 	assert.Contains(t, string(hpBody), "Mercure Hub")
 
-	respHealthz, err := client.Get("http://" + testAddr + "/healthz")
-	require.Nil(t, err)
+	respHealthz, err := client.Get(testURLscheme + testAddr + "/healthz")
+	require.NoError(t, err)
 	defer respHealthz.Body.Close()
 	healthzBody, _ := io.ReadAll(respHealthz.Body)
 	assert.Contains(t, string(healthzBody), "ok")
@@ -182,7 +185,7 @@ func TestServe(t *testing.T) {
 	go func() {
 		defer wgTested.Done()
 		resp, err := client.Get(testURL + "?topic=http%3A%2F%2Fexample.com%2Ffoo%2F1")
-		require.Nil(t, err)
+		require.NoError(t, err)
 		wgConnected.Done()
 
 		defer resp.Body.Close()
@@ -194,7 +197,7 @@ func TestServe(t *testing.T) {
 	go func() {
 		defer wgTested.Done()
 		resp, err := client.Get(testURL + "?topic=http%3A%2F%2Fexample.com%2Falt%2F1")
-		require.Nil(t, err)
+		require.NoError(t, err)
 		wgConnected.Done()
 
 		defer resp.Body.Close()
@@ -208,10 +211,10 @@ func TestServe(t *testing.T) {
 	body := url.Values{"topic": {"http://example.com/foo/1", "http://example.com/alt/1"}, "data": {"hello"}, "id": {"first"}}
 	req, _ := http.NewRequest(http.MethodPost, testURL, strings.NewReader(body.Encode()))
 	req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
-	req.Header.Add("Authorization", "Bearer "+createDummyAuthorizedJWT(h, rolePublisher, []string{"*"}))
+	req.Header.Add("Authorization", bearerPrefix+createDummyAuthorizedJWT(h, rolePublisher, []string{"*"}))
 
 	resp2, err := client.Do(req)
-	require.Nil(t, err)
+	require.NoError(t, err)
 	defer resp2.Body.Close()
 
 	h.server.Shutdown(context.Background())
@@ -231,7 +234,7 @@ func TestClientClosesThenReconnects(t *testing.T) {
 	var resp *http.Response
 	client := http.Client{Timeout: 10 * time.Second}
 	for resp == nil {
-		resp, _ = client.Get("http://" + testAddr + "/") //nolint:bodyclose
+		resp, _ = client.Get(testURLscheme + testAddr + "/") //nolint:bodyclose
 	}
 	resp.Body.Close()
 
@@ -242,7 +245,7 @@ func TestClientClosesThenReconnects(t *testing.T) {
 		req, _ := http.NewRequest(http.MethodGet, testURL+"?topic=http%3A%2F%2Fexample.com%2Ffoo%2F1", nil)
 		req = req.WithContext(cx)
 		resp, err := http.DefaultClient.Do(req)
-		require.Nil(t, err)
+		require.NoError(t, err)
 
 		var receivedBody strings.Builder
 		buf := make([]byte, 1024)
@@ -276,12 +279,12 @@ func TestClientClosesThenReconnects(t *testing.T) {
 
 		body := url.Values{"topic": {"http://example.com/foo/1"}, "data": {data}, "id": {data}}
 		req, err := http.NewRequest(http.MethodPost, testURL, strings.NewReader(body.Encode()))
-		require.Nil(t, err)
+		require.NoError(t, err)
 		req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
-		req.Header.Add("Authorization", "Bearer "+createDummyAuthorizedJWT(h, rolePublisher, []string{"*"}))
+		req.Header.Add("Authorization", bearerPrefix+createDummyAuthorizedJWT(h, rolePublisher, []string{"*"}))
 
 		resp, err := client.Do(req)
-		require.Nil(t, err)
+		require.NoError(t, err)
 		require.Equal(t, http.StatusOK, resp.StatusCode)
 		resp.Body.Close()
 
@@ -343,7 +346,7 @@ func TestServeAcme(t *testing.T) {
 	resp.Body.Close()
 
 	resp, err := client.Get("http://0.0.0.0:8080/.well-known/acme-challenge/does-not-exists")
-	assert.Nil(t, err)
+	require.NoError(t, err)
 	require.NotNil(t, resp)
 	defer resp.Body.Close()
 
@@ -355,12 +358,12 @@ func TestMetricsAccess(t *testing.T) {
 	server := newTestServer(t)
 	defer server.shutdown()
 
-	resp, err := server.client.Get("http://" + testMetricsAddr + "/metrics")
-	require.Nil(t, err)
+	resp, err := server.client.Get(testURLscheme + testMetricsAddr + metricsPath)
+	require.NoError(t, err)
 	defer resp.Body.Close()
 
-	resp, err = server.client.Get("http://" + testMetricsAddr + "/healthz")
-	require.Nil(t, err)
+	resp, err = server.client.Get(testURLscheme + testMetricsAddr + "/healthz")
+	require.NoError(t, err)
 	defer resp.Body.Close()
 
 	assert.Equal(t, 200, resp.StatusCode)
@@ -391,12 +394,12 @@ func TestMetricsVersionIsAccessible(t *testing.T) {
 	server := newTestServer(t)
 	defer server.shutdown()
 
-	resp, err := server.client.Get("http://" + testMetricsAddr + "/metrics")
-	assert.Nil(t, err)
+	resp, err := server.client.Get(testURLscheme + testMetricsAddr + metricsPath)
+	require.NoError(t, err)
 	defer resp.Body.Close()
 
 	b, err := io.ReadAll(resp.Body)
-	assert.Nil(t, err)
+	require.NoError(t, err)
 
 	pattern := "mercure_version_info{architecture=\".+\",built_at=\".*\",commit=\".*\",go_version=\".+\",os=\".+\",version=\"dev\"} 1"
 	assert.Regexp(t, regexp.MustCompile(pattern), string(b))
@@ -424,7 +427,7 @@ func newTestServer(t *testing.T) testServer {
 	var resp *http.Response
 	client := http.Client{Timeout: 100 * time.Millisecond}
 	for resp == nil {
-		resp, _ = client.Get("http://" + testAddr + "/") //nolint:bodyclose
+		resp, _ = client.Get(testURLscheme + testAddr + "/") //nolint:bodyclose
 	}
 	defer resp.Body.Close()
 
@@ -455,7 +458,7 @@ func (s *testServer) newSubscriber(topic string, keepAlive bool) {
 	go func() {
 		defer s.wgTested.Done()
 		resp, err := s.client.Get(testURL + "?topic=" + url.QueryEscape(topic))
-		require.Nil(s.t, err)
+		require.NoError(s.t, err)
 		defer resp.Body.Close()
 		s.wgConnected.Done()
 
@@ -468,10 +471,10 @@ func (s *testServer) newSubscriber(topic string, keepAlive bool) {
 func (s *testServer) publish(body url.Values) {
 	req, _ := http.NewRequest(http.MethodPost, testURL, strings.NewReader(body.Encode()))
 	req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
-	req.Header.Add("Authorization", "Bearer "+createDummyAuthorizedJWT(s.h, rolePublisher, []string{"*"}))
+	req.Header.Add("Authorization", bearerPrefix+createDummyAuthorizedJWT(s.h, rolePublisher, []string{"*"}))
 
 	resp, err := s.client.Do(req)
-	require.Nil(s.t, err)
+	require.NoError(s.t, err)
 	defer resp.Body.Close()
 }
 
@@ -480,12 +483,12 @@ func (s *testServer) waitSubscribers() {
 }
 
 func (s *testServer) assertMetric(metric string) {
-	resp, err := s.client.Get("http://" + testMetricsAddr + "/metrics")
-	assert.Nil(s.t, err)
+	resp, err := s.client.Get(testURLscheme + testMetricsAddr + metricsPath)
+	require.NoError(s.t, err)
 	defer resp.Body.Close()
 
 	b, err := io.ReadAll(resp.Body)
-	assert.Nil(s.t, err)
+	require.NoError(s.t, err)
 
 	assert.Contains(s.t, string(b), metric)
 }
diff --git a/subscribe_test.go b/subscribe_test.go
index 7c4ae6b5..d2962e37 100644
--- a/subscribe_test.go
+++ b/subscribe_test.go
@@ -583,7 +583,7 @@ func TestSubscribeAll(t *testing.T) {
 
 	ctx, cancel := context.WithCancel(context.Background())
 	req := httptest.NewRequest(http.MethodGet, defaultHubURL+"?topic=http://example.com/reviews/{id}", nil).WithContext(ctx)
-	req.Header.Add("Authorization", "Bearer "+createDummyAuthorizedJWT(hub, roleSubscriber, []string{"random", "*"}))
+	req.Header.Add("Authorization", bearerPrefix+createDummyAuthorizedJWT(hub, roleSubscriber, []string{"random", "*"}))
 
 	w := &responseTester{
 		expectedStatusCode: http.StatusOK,
@@ -928,10 +928,10 @@ func TestSubscribeExpires(t *testing.T) {
 	}
 
 	jwt, err := token.SignedString(hub.subscriberJWT.key)
-	require.Nil(t, err)
+	require.NoError(t, err)
 
 	req := httptest.NewRequest(http.MethodGet, defaultHubURL+"?topic=foo", nil)
-	req.Header.Add("Authorization", "Bearer "+jwt)
+	req.Header.Add("Authorization", bearerPrefix+jwt)
 
 	w := newSubscribeRecorder()
 	hub.SubscribeHandler(w, req)
diff --git a/subscription.go b/subscription.go
index ddcddcb3..65127e4a 100644
--- a/subscription.go
+++ b/subscription.go
@@ -31,9 +31,10 @@ type subscriptionCollection struct {
 }
 
 const (
-	subscriptionURL          = defaultHubURL + "/subscriptions/{topic}/{subscriber}"
-	subscriptionsForTopicURL = defaultHubURL + "/subscriptions/{topic}"
-	subscriptionsURL         = defaultHubURL + "/subscriptions"
+	subscriptionsPath        = "/subscriptions"
+	subscriptionURL          = defaultHubURL + subscriptionsPath + "/{topic}/{subscriber}"
+	subscriptionsForTopicURL = defaultHubURL + subscriptionsPath + "/{topic}"
+	subscriptionsURL         = defaultHubURL + subscriptionsPath
 )
 
 func (h *Hub) SubscriptionsHandler(w http.ResponseWriter, r *http.Request) {
diff --git a/subscription_test.go b/subscription_test.go
index 65d5a311..acd936e0 100644
--- a/subscription_test.go
+++ b/subscription_test.go
@@ -31,7 +31,7 @@ func TestSubscriptionsHandlerAccessDenied(t *testing.T) {
 	assert.Equal(t, http.StatusUnauthorized, res.StatusCode)
 	res.Body.Close()
 
-	req = httptest.NewRequest(http.MethodGet, defaultHubURL+"/subscriptions/bar", nil)
+	req = httptest.NewRequest(http.MethodGet, defaultHubURL+subscriptionsPath+"/bar", nil)
 	req.AddCookie(&http.Cookie{Name: "mercureAuthorization", Value: createDummyAuthorizedJWT(hub, roleSubscriber, []string{"/.well-known/mercure/subscriptions/foo{/subscriber}"})})
 	w = httptest.NewRecorder()
 	hub.SubscriptionsHandler(w, req)
@@ -43,14 +43,14 @@ func TestSubscriptionsHandlerAccessDenied(t *testing.T) {
 func TestSubscriptionHandlerAccessDenied(t *testing.T) {
 	hub := createDummy()
 
-	req := httptest.NewRequest(http.MethodGet, defaultHubURL+"/subscriptions/bar/baz", nil)
+	req := httptest.NewRequest(http.MethodGet, defaultHubURL+subscriptionsPath+"/bar/baz", nil)
 	w := httptest.NewRecorder()
 	hub.SubscriptionHandler(w, req)
 	res := w.Result()
 	assert.Equal(t, http.StatusUnauthorized, res.StatusCode)
 	res.Body.Close()
 
-	req = httptest.NewRequest(http.MethodGet, defaultHubURL+"/subscriptions/bar/baz", nil)
+	req = httptest.NewRequest(http.MethodGet, defaultHubURL+subscriptionsPath+"/bar/baz", nil)
 	req.AddCookie(&http.Cookie{Name: "mercureAuthorization", Value: createDummyAuthorizedJWT(hub, roleSubscriber, []string{"/.well-known/mercure/subscriptions/foo{/subscriber}"})})
 	w = httptest.NewRecorder()
 	hub.SubscriptionHandler(w, req)
@@ -62,7 +62,7 @@ func TestSubscriptionHandlerAccessDenied(t *testing.T) {
 func TestSubscriptionHandlersETag(t *testing.T) {
 	hub := createDummy()
 
-	req := httptest.NewRequest(http.MethodGet, defaultHubURL+"/subscriptions", nil)
+	req := httptest.NewRequest(http.MethodGet, defaultHubURL+subscriptionsPath, nil)
 	req.Header.Add("If-None-Match", EarliestLastEventID)
 	req.AddCookie(&http.Cookie{Name: "mercureAuthorization", Value: createDummyAuthorizedJWT(hub, roleSubscriber, []string{"/.well-known/mercure/subscriptions"})})
 	w := httptest.NewRecorder()
@@ -71,7 +71,7 @@ func TestSubscriptionHandlersETag(t *testing.T) {
 	assert.Equal(t, http.StatusNotModified, res.StatusCode)
 	res.Body.Close()
 
-	req = httptest.NewRequest(http.MethodGet, defaultHubURL+"/subscriptions/foo/bar", nil)
+	req = httptest.NewRequest(http.MethodGet, defaultHubURL+subscriptionsPath+"/foo/bar", nil)
 	req.Header.Add("If-None-Match", EarliestLastEventID)
 	req.AddCookie(&http.Cookie{Name: "mercureAuthorization", Value: createDummyAuthorizedJWT(hub, roleSubscriber, []string{"/.well-known/mercure/subscriptions/foo/bar"})})
 	w = httptest.NewRecorder()
@@ -86,13 +86,13 @@ func TestSubscriptionsHandler(t *testing.T) {
 
 	s1 := NewSubscriber("", zap.NewNop())
 	s1.SetTopics([]string{"http://example.com/foo"}, nil)
-	require.Nil(t, hub.transport.AddSubscriber(s1))
+	require.NoError(t, hub.transport.AddSubscriber(s1))
 
 	s2 := NewSubscriber("", zap.NewNop())
 	s2.SetTopics([]string{"http://example.com/bar"}, nil)
-	require.Nil(t, hub.transport.AddSubscriber(s2))
+	require.NoError(t, hub.transport.AddSubscriber(s2))
 
-	req := httptest.NewRequest(http.MethodGet, defaultHubURL+"/subscriptions", nil)
+	req := httptest.NewRequest(http.MethodGet, defaultHubURL+subscriptionsPath, nil)
 	req.AddCookie(&http.Cookie{Name: "mercureAuthorization", Value: createDummyAuthorizedJWT(hub, roleSubscriber, []string{"/.well-known/mercure/subscriptions"})})
 	w := httptest.NewRecorder()
 	hub.SubscriptionsHandler(w, req)
@@ -125,11 +125,11 @@ func TestSubscriptionsHandlerForTopic(t *testing.T) {
 
 	s1 := NewSubscriber("", zap.NewNop())
 	s1.SetTopics([]string{"http://example.com/foo"}, nil)
-	require.Nil(t, hub.transport.AddSubscriber(s1))
+	require.NoError(t, hub.transport.AddSubscriber(s1))
 
 	s2 := NewSubscriber("", zap.NewNop())
 	s2.SetTopics([]string{"http://example.com/bar"}, nil)
-	require.Nil(t, hub.transport.AddSubscriber(s2))
+	require.NoError(t, hub.transport.AddSubscriber(s2))
 
 	escapedBarTopic := url.QueryEscape("http://example.com/bar")
 
@@ -138,7 +138,7 @@ func TestSubscriptionsHandlerForTopic(t *testing.T) {
 	router.SkipClean(true)
 	router.HandleFunc(subscriptionsForTopicURL, hub.SubscriptionsHandler)
 
-	req := httptest.NewRequest(http.MethodGet, defaultHubURL+"/subscriptions/"+s2.EscapedTopics[0], nil)
+	req := httptest.NewRequest(http.MethodGet, defaultHubURL+subscriptionsPath+"/"+s2.EscapedTopics[0], nil)
 	req.AddCookie(&http.Cookie{Name: "mercureAuthorization", Value: createDummyAuthorizedJWT(hub, roleSubscriber, []string{"/.well-known/mercure/subscriptions/" + s2.EscapedTopics[0]})})
 	w := httptest.NewRecorder()
 	hub.SubscriptionsHandler(w, req)
@@ -150,7 +150,7 @@ func TestSubscriptionsHandlerForTopic(t *testing.T) {
 	json.Unmarshal(w.Body.Bytes(), &subscriptions)
 
 	assert.Equal(t, "https://mercure.rocks/", subscriptions.Context)
-	assert.Equal(t, defaultHubURL+"/subscriptions/"+escapedBarTopic, subscriptions.ID)
+	assert.Equal(t, defaultHubURL+subscriptionsPath+"/"+escapedBarTopic, subscriptions.ID)
 	assert.Equal(t, "Subscriptions", subscriptions.Type)
 
 	lastEventID, subscribers, _ := hub.transport.(TransportSubscribers).GetSubscribers()
@@ -170,18 +170,18 @@ func TestSubscriptionHandler(t *testing.T) {
 
 	otherS := NewSubscriber("", zap.NewNop())
 	otherS.SetTopics([]string{"http://example.com/other"}, nil)
-	require.Nil(t, hub.transport.AddSubscriber(otherS))
+	require.NoError(t, hub.transport.AddSubscriber(otherS))
 
 	s := NewSubscriber("", zap.NewNop())
 	s.SetTopics([]string{"http://example.com/other", "http://example.com/{foo}"}, nil)
-	require.Nil(t, hub.transport.AddSubscriber(s))
+	require.NoError(t, hub.transport.AddSubscriber(s))
 
 	router := mux.NewRouter()
 	router.UseEncodedPath()
 	router.SkipClean(true)
 	router.HandleFunc(subscriptionURL, hub.SubscriptionHandler)
 
-	req := httptest.NewRequest(http.MethodGet, defaultHubURL+"/subscriptions/"+s.EscapedTopics[1]+"/"+s.EscapedID, nil)
+	req := httptest.NewRequest(http.MethodGet, defaultHubURL+subscriptionsPath+"/"+s.EscapedTopics[1]+"/"+s.EscapedID, nil)
 	req.AddCookie(&http.Cookie{Name: "mercureAuthorization", Value: createDummyAuthorizedJWT(hub, roleSubscriber, []string{"/.well-known/mercure/subscriptions{/topic}{/subscriber}"})})
 	w := httptest.NewRecorder()
 	router.ServeHTTP(w, req)
@@ -195,7 +195,7 @@ func TestSubscriptionHandler(t *testing.T) {
 	expectedSub.LastEventID, _, _ = hub.transport.(TransportSubscribers).GetSubscribers()
 	assert.Equal(t, expectedSub, subscription)
 
-	req = httptest.NewRequest(http.MethodGet, defaultHubURL+"/subscriptions/notexist/"+s.EscapedID, nil)
+	req = httptest.NewRequest(http.MethodGet, defaultHubURL+subscriptionsPath+"/notexist/"+s.EscapedID, nil)
 	req.AddCookie(&http.Cookie{Name: "mercureAuthorization", Value: createDummyAuthorizedJWT(hub, roleSubscriber, []string{"/.well-known/mercure/subscriptions{/topic}{/subscriber}"})})
 	w = httptest.NewRecorder()
 	router.ServeHTTP(w, req)
diff --git a/topic_selector.go b/topic_selector.go
index 98c549d9..09f74eb6 100644
--- a/topic_selector.go
+++ b/topic_selector.go
@@ -8,8 +8,8 @@ import (
 )
 
 type TopicSelectorStoreCache interface {
-	Get(interface{}) (interface{}, bool)
-	Set(interface{}, interface{}, int64) bool
+	Get(key interface{}) (interface{}, bool)
+	Set(key interface{}, value interface{}, n int64) bool
 }
 
 // TopicSelectorStore caches compiled templates to improve memory and CPU usage.
diff --git a/topic_selector_lru_test.go b/topic_selector_lru_test.go
index f2d8d52d..d0cb158a 100644
--- a/topic_selector_lru_test.go
+++ b/topic_selector_lru_test.go
@@ -9,7 +9,7 @@ import (
 
 func TestMatchLRU(t *testing.T) {
 	tss, err := NewTopicSelectorStoreLRU(DefaultTopicSelectorStoreLRUMaxEntriesPerShard, DefaultTopicSelectorStoreLRUMaxEntriesPerShard)
-	require.Nil(t, err)
+	require.NoError(t, err)
 
 	assert.False(t, tss.match("foo", "bar"))
 
diff --git a/update_test.go b/update_test.go
index c34722e8..65f74cc8 100644
--- a/update_test.go
+++ b/update_test.go
@@ -6,6 +6,7 @@ import (
 
 	"github.com/gofrs/uuid"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 	"go.uber.org/zap"
 )
 
@@ -23,7 +24,7 @@ func TestAssignUUID(t *testing.T) {
 	assert.True(t, strings.HasPrefix(u.ID, "urn:uuid:"))
 
 	_, err := uuid.FromString(strings.TrimPrefix(u.ID, "urn:uuid:"))
-	assert.Nil(t, err)
+	require.NoError(t, err)
 }
 
 func TestLogUpdate(t *testing.T) {