diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index 4d1e67d..b312255 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -34,16 +34,10 @@ jobs:
     strategy:
       matrix:
         go-version:
-          - '1.11.4'
-          - '1.12'
-          - '1.13'
-          - '1.14'
-          - '1.15'
-          - '1.16'
-          - '1.17'
           - '1.18'
           - '1.19'
           - '1.20'
+          - '1.21'
     steps:
       - name: Checkout Repository
         uses: actions/checkout@v4
diff --git a/README.md b/README.md
index b7af04f..24105ff 100644
--- a/README.md
+++ b/README.md
@@ -101,3 +101,15 @@ BenchmarkSecureZeroMemory1048576-8         52404             22442 ns/op       4
 PASS
 ok      github.com/matthewhartstonge/argon2     18.481s
 ```
+
+## Versioning Strategy
+
+The API is stable and has been running in production for many years now, therefore won't be changing.
+
+This library has a single dependency on `golang.org/x/crypto`. This means that as the version of Go is updated there, this library will roll up it's version to a new minor.
+Any CVEs/security patches that come through via dependabot, without a resulting Go version update, will become a patch release.
+
+For example:
+
+- If a version of `/x/crypto` now requires `go@1.28`, `argon2` will go from `v1.0.0` -> `v1.1.0`.
+- If `x/crypto` releases a version that resolves CVEs with no requirement to upgrade Go, then `argon2` will go from `v1.0.0` -> `v1.0.1`.
\ No newline at end of file
diff --git a/go.mod b/go.mod
index 2f16b82..f0c8911 100644
--- a/go.mod
+++ b/go.mod
@@ -2,6 +2,6 @@ module github.com/matthewhartstonge/argon2
 
 go 1.18
 
-require golang.org/x/crypto v0.13.0
+require golang.org/x/crypto v0.16.0
 
-require golang.org/x/sys v0.12.0 // indirect
+require golang.org/x/sys v0.15.0 // indirect
diff --git a/go.sum b/go.sum
index a8dfcdf..1bc566e 100644
--- a/go.sum
+++ b/go.sum
@@ -1,4 +1,4 @@
-golang.org/x/crypto v0.13.0 h1:mvySKfSWJ+UKUii46M40LOvyWfN0s2U+46/jDd0e6Ck=
-golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
-golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o=
-golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY=
+golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
+golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=