diff --git a/pkg/arch/hook.go b/pkg/arch/hook.go
index e4099da..9c2ba3d 100644
--- a/pkg/arch/hook.go
+++ b/pkg/arch/hook.go
@@ -6,7 +6,6 @@ import (
 	"fmt"
 	"net/http"
 	"slices"
-	"sort"
 	"strings"
 	"time"
 
@@ -633,7 +632,7 @@ func keys(set map[string]struct{}) []string {
 	for k := range set {
 		r = append(r, k)
 	}
-	sort.Sort(sort.StringSlice(r))
+	slices.Sort(r)
 	return r
 }
 
diff --git a/pkg/registry/login.go b/pkg/registry/login.go
index db34eb6..d1730dd 100644
--- a/pkg/registry/login.go
+++ b/pkg/registry/login.go
@@ -7,7 +7,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"net/http"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -228,41 +227,6 @@ func (r RegistryAuthenticator) getAuthCandidates(ctx context.Context, cfg Docker
 	return candidates
 }
 
-// TODO: change to handle www-authenticate for HTTP/1.1 401 Unauthorized responses
-// Www-Authenticate: Bearer realm="https://ghcr.io/token",service="ghcr.io",scope="repository:user/image:pull"
-// Www-Authenticate: Bearer realm="https://auth.ipv6.docker.com/token",service="registry.docker.io"
-func getDockerHubToken(ctx context.Context, registry, image, tag, token string) string {
-	authHost := registry
-	if authHost == "docker.io" {
-		authHost = "auth.docker.io"
-		registry = "registry." + registry
-	}
-
-	req, err := http.NewRequest("GET", fmt.Sprintf("https://%s/token?service=%s&scope=repository:%s:pull", authHost, registry, image), nil)
-	if err != nil {
-		return token
-	}
-	req = req.WithContext(ctx)
-	if token != "" {
-		req.Header.Set("Authorization", "Basic "+token)
-	}
-
-	resp, err := http.DefaultClient.Do(req)
-	if err != nil {
-		return ""
-	}
-	defer resp.Body.Close()
-	if resp.StatusCode != http.StatusOK {
-		return ""
-	}
-	authResponse := registryAuthResponse{}
-	err = json.NewDecoder(resp.Body).Decode(&authResponse)
-	if err != nil {
-		return ""
-	}
-	return authResponse.Token
-}
-
 func (r RegistryAuthenticator) tryAllCandidates(ctx context.Context, cfg DockerConfig, registry, image, tag string, candidates chan AuthenticationToken) {
 	for auth := range r.getAuthCandidates(ctx, cfg, registry, image) {
 		select {
diff --git a/pkg/registry/registry_test.go b/pkg/registry/registry_test.go
index 08d8c8f..bedfa18 100644
--- a/pkg/registry/registry_test.go
+++ b/pkg/registry/registry_test.go
@@ -3,7 +3,7 @@ package registry
 import (
 	"context"
 	"encoding/base64"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
@@ -174,7 +174,7 @@ func TestListArchsWithAuthenticationAndManifestListV2(t *testing.T) {
 				assert.Equal(t, "repository:my/image:pull", req.URL.Query().Get("scope"))
 				return &http.Response{
 					StatusCode: http.StatusOK,
-					Body:       ioutil.NopCloser(strings.NewReader(`{"token":"my-token"}`)),
+					Body:       io.NopCloser(strings.NewReader(`{"token":"my-token"}`)),
 				}, nil
 			case "registry.company.corp":
 				switch req.URL.Path {
@@ -184,7 +184,7 @@ func TestListArchsWithAuthenticationAndManifestListV2(t *testing.T) {
 					return &http.Response{
 						StatusCode: http.StatusOK,
 						Header:     headers,
-						Body: ioutil.NopCloser(strings.NewReader(`{
+						Body: io.NopCloser(strings.NewReader(`{
 							"manifests":[
 								{
 									"platform":{
@@ -249,7 +249,7 @@ func TestListArchsWithAuthenticationAndManifestIndexV1(t *testing.T) {
 				assert.Equal(t, "repository:my/image:pull", req.URL.Query().Get("scope"))
 				return &http.Response{
 					StatusCode: http.StatusOK,
-					Body:       ioutil.NopCloser(strings.NewReader(`{"token":"my-token"}`)),
+					Body:       io.NopCloser(strings.NewReader(`{"token":"my-token"}`)),
 				}, nil
 			case "registry.company.corp":
 				switch req.URL.Path {
@@ -259,7 +259,7 @@ func TestListArchsWithAuthenticationAndManifestIndexV1(t *testing.T) {
 					return &http.Response{
 						StatusCode: http.StatusOK,
 						Header:     headers,
-						Body: ioutil.NopCloser(strings.NewReader(`{
+						Body: io.NopCloser(strings.NewReader(`{
 							"manifests":[
 								{
 									"platform":{
@@ -329,7 +329,7 @@ func TestListArchsWithAuthenticationAndPlainManifest(t *testing.T) {
 				assert.Equal(t, "repository:my/image:pull", req.URL.Query().Get("scope"))
 				return &http.Response{
 					StatusCode: http.StatusOK,
-					Body:       ioutil.NopCloser(strings.NewReader(`{"token":"my-token"}`)),
+					Body:       io.NopCloser(strings.NewReader(`{"token":"my-token"}`)),
 				}, nil
 			case "registry.company.corp":
 				switch req.URL.Path {
@@ -339,7 +339,7 @@ func TestListArchsWithAuthenticationAndPlainManifest(t *testing.T) {
 					return &http.Response{
 						StatusCode: http.StatusOK,
 						Header:     headers,
-						Body: ioutil.NopCloser(strings.NewReader(`{
+						Body: io.NopCloser(strings.NewReader(`{
 							"architecture": "amd64"
 						}`)),
 					}, nil