diff --git a/docs/e2e-tests.md b/docs/e2e-tests.md
index c45b1e72c..398304c57 100644
--- a/docs/e2e-tests.md
+++ b/docs/e2e-tests.md
@@ -716,7 +716,7 @@ Do not try to edit it manually.
 
 ### [[Flag] watch namespace selector](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/namespace_selector.go#L30)
 
-- [should ingore Ingress of namespace without label foo=bar and accept those of namespace with label foo=bar](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/namespace_selector.go#L63)
+- [should ignore Ingress of namespace without label foo=bar and accept those of namespace with label foo=bar](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/namespace_selector.go#L63)
 
 ### [[Security] no-auth-locations](https://github.com/kubernetes/ingress-nginx/tree/main/test/e2e/settings/no_auth_locations.go#L33)
 
diff --git a/internal/ingress/annotations/alias/main_test.go b/internal/ingress/annotations/alias/main_test.go
index a7a29343b..f1d68c1f7 100644
--- a/internal/ingress/annotations/alias/main_test.go
+++ b/internal/ingress/annotations/alias/main_test.go
@@ -65,6 +65,9 @@ func TestParse(t *testing.T) {
 		if testCase.skipValidation {
 			parser.EnableAnnotationValidation = false
 		}
+		t.Cleanup(func() {
+			parser.EnableAnnotationValidation = true
+		})
 		result, err := ap.Parse(ing)
 		if (err != nil) != testCase.wantErr {
 			t.Errorf("ParseAliasAnnotation() annotation: %s, error = %v, wantErr %v", testCase.annotations, err, testCase.wantErr)
@@ -73,6 +76,4 @@ func TestParse(t *testing.T) {
 			t.Errorf("expected %v but returned %v, annotations: %s", testCase.expected, result, testCase.annotations)
 		}
 	}
-
-	parser.EnableAnnotationValidation = true
 }
diff --git a/internal/ingress/annotations/annotations.go b/internal/ingress/annotations/annotations.go
index 5212b7c36..38843c2db 100644
--- a/internal/ingress/annotations/annotations.go
+++ b/internal/ingress/annotations/annotations.go
@@ -86,37 +86,36 @@ type Ingress struct {
 	CorsConfig           cors.Config
 	CustomHTTPErrors     []int
 	DefaultBackend       *apiv1.Service
-	// TODO: Change this back into an error when https://github.com/imdario/mergo/issues/100 is resolved
-	FastCGI            fastcgi.Config
-	Denied             *string
-	ExternalAuth       authreq.Config
-	EnableGlobalAuth   bool
-	HTTP2PushPreload   bool
-	Opentracing        opentracing.Config
-	Opentelemetry      opentelemetry.Config
-	Proxy              proxy.Config
-	ProxySSL           proxyssl.Config
-	RateLimit          ratelimit.Config
-	GlobalRateLimit    globalratelimit.Config
-	Redirect           redirect.Config
-	Rewrite            rewrite.Config
-	Satisfy            string
-	ServerSnippet      string
-	ServiceUpstream    bool
-	SessionAffinity    sessionaffinity.Config
-	SSLPassthrough     bool
-	UsePortInRedirects bool
-	UpstreamHashBy     upstreamhashby.Config
-	LoadBalancing      string
-	UpstreamVhost      string
-	Denylist           ipdenylist.SourceRange
-	XForwardedPrefix   string
-	SSLCipher          sslcipher.Config
-	Logs               log.Config
-	ModSecurity        modsecurity.Config
-	Mirror             mirror.Config
-	StreamSnippet      string
-	Allowlist          ipallowlist.SourceRange
+	FastCGI              fastcgi.Config
+	Denied               *string
+	ExternalAuth         authreq.Config
+	EnableGlobalAuth     bool
+	HTTP2PushPreload     bool
+	Opentracing          opentracing.Config
+	Opentelemetry        opentelemetry.Config
+	Proxy                proxy.Config
+	ProxySSL             proxyssl.Config
+	RateLimit            ratelimit.Config
+	GlobalRateLimit      globalratelimit.Config
+	Redirect             redirect.Config
+	Rewrite              rewrite.Config
+	Satisfy              string
+	ServerSnippet        string
+	ServiceUpstream      bool
+	SessionAffinity      sessionaffinity.Config
+	SSLPassthrough       bool
+	UsePortInRedirects   bool
+	UpstreamHashBy       upstreamhashby.Config
+	LoadBalancing        string
+	UpstreamVhost        string
+	Denylist             ipdenylist.SourceRange
+	XForwardedPrefix     string
+	SSLCipher            sslcipher.Config
+	Logs                 log.Config
+	ModSecurity          modsecurity.Config
+	Mirror               mirror.Config
+	StreamSnippet        string
+	Allowlist            ipallowlist.SourceRange
 }
 
 // Extractor defines the annotation parsers to be used in the extraction of annotations
diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go
index ecef78fde..19576bc77 100644
--- a/internal/ingress/controller/controller.go
+++ b/internal/ingress/controller/controller.go
@@ -195,7 +195,7 @@ func (n *NGINXController) syncIngress(interface{}) error {
 
 		pcfg.ConfigurationChecksum = fmt.Sprintf("%v", hash)
 
-		err := n.OnUpdate(pcfg)
+		err := n.OnUpdate(*pcfg)
 		if err != nil {
 			n.metricCollector.IncReloadErrorCount()
 			n.metricCollector.ConfigSuccess(hash, false)
@@ -410,7 +410,7 @@ func (n *NGINXController) CheckIngress(ing *networking.Ingress) error {
 		testedSize = 1
 	}
 
-	content, err := n.generateTemplate(&cfg, pcfg)
+	content, err := n.generateTemplate(cfg, *pcfg)
 	if err != nil {
 		n.metricCollector.IncCheckErrorCount(ing.ObjectMeta.Namespace, ing.Name)
 		return err
@@ -530,7 +530,7 @@ func (n *NGINXController) getStreamServices(configmapName string, proto apiv1.Pr
 			klog.V(3).Infof("Searching Endpoints with %v port number %d for Service %q", proto, targetPort, nsName)
 			for i := range svc.Spec.Ports {
 				sp := svc.Spec.Ports[i]
-				//nolint:gosec // Ingore G109 error
+				//nolint:gosec // Ignore G109 error
 				if sp.Port == int32(targetPort) {
 					if sp.Protocol == proto {
 						endps = getEndpointsFromSlices(svc, &sp, proto, zone, n.store.GetServiceEndpointsSlices)
@@ -1750,7 +1750,7 @@ func externalNamePorts(name string, svc *apiv1.Service) *apiv1.ServicePort {
 	}
 
 	for _, svcPort := range svc.Spec.Ports {
-		//nolint:gosec // Ingore G109 error
+		//nolint:gosec // Ignore G109 error
 		if svcPort.Port != int32(port) {
 			continue
 		}
@@ -1770,7 +1770,7 @@ func externalNamePorts(name string, svc *apiv1.Service) *apiv1.ServicePort {
 	// ExternalName without port
 	return &apiv1.ServicePort{
 		Protocol: "TCP",
-		//nolint:gosec // Ingore G109 error
+		//nolint:gosec // Ignore G109 error
 		Port:       int32(port),
 		TargetPort: intstr.FromInt(port),
 	}
diff --git a/internal/ingress/controller/nginx.go b/internal/ingress/controller/nginx.go
index d9810e6ad..8ba8d913b 100644
--- a/internal/ingress/controller/nginx.go
+++ b/internal/ingress/controller/nginx.go
@@ -438,7 +438,9 @@ func (n *NGINXController) DefaultEndpoint() ingress.Endpoint {
 }
 
 // generateTemplate returns the nginx configuration file content
-func (n *NGINXController) generateTemplate(cfg *ngx_config.Configuration, ingressCfg *ingress.Configuration) ([]byte, error) {
+//
+//nolint:gocritic // the cfg shouldn't be changed, and shouldn't be mutated by other processes while being rendered.
+func (n *NGINXController) generateTemplate(cfg ngx_config.Configuration, ingressCfg ingress.Configuration) ([]byte, error) {
 	if n.cfg.EnableSSLPassthrough {
 		servers := []*tcpproxy.TCPServer{}
 		for _, pb := range ingressCfg.PassthroughBackends {
@@ -598,7 +600,7 @@ func (n *NGINXController) generateTemplate(cfg *ngx_config.Configuration, ingres
 		Servers:                  ingressCfg.Servers,
 		TCPBackends:              ingressCfg.TCPEndpoints,
 		UDPBackends:              ingressCfg.UDPEndpoints,
-		Cfg:                      *cfg,
+		Cfg:                      cfg,
 		IsIPV6Enabled:            n.isIPV6Enabled && !cfg.DisableIpv6,
 		NginxStatusIpv4Whitelist: cfg.NginxStatusIpv4Whitelist,
 		NginxStatusIpv6Whitelist: cfg.NginxStatusIpv6Whitelist,
@@ -658,11 +660,13 @@ Error: %v
 // changes were detected. The received backend Configuration is merged with the
 // configuration ConfigMap before generating the final configuration file.
 // Returns nil in case the backend was successfully reloaded.
-func (n *NGINXController) OnUpdate(ingressCfg *ingress.Configuration) error {
+//
+//nolint:gocritic // the cfg shouldn't be changed, and shouldn't be mutated by other processes while being rendered.
+func (n *NGINXController) OnUpdate(ingressCfg ingress.Configuration) error {
 	cfg := n.store.GetBackendConfiguration()
 	cfg.Resolver = n.resolver
 
-	content, err := n.generateTemplate(&cfg, ingressCfg)
+	content, err := n.generateTemplate(cfg, ingressCfg)
 	if err != nil {
 		return err
 	}
diff --git a/internal/ingress/status/status.go b/internal/ingress/status/status.go
index 4e371984b..074543878 100644
--- a/internal/ingress/status/status.go
+++ b/internal/ingress/status/status.go
@@ -44,7 +44,7 @@ import (
 // which the status should check if an update is required.
 var UpdateInterval = 60
 
-// Syncer syncer
+// Syncer is an interface that implements syncer
 type Syncer interface {
 	Run(chan struct{})
 
@@ -56,7 +56,7 @@ type ingressLister interface {
 	ListIngresses() []*ingress.Ingress
 }
 
-// Config config
+// Config is a structure that implements Client interfaces
 type Config struct {
 	Client clientset.Interface
 
diff --git a/test/e2e/settings/namespace_selector.go b/test/e2e/settings/namespace_selector.go
index ff3c99035..1da62ee86 100644
--- a/test/e2e/settings/namespace_selector.go
+++ b/test/e2e/settings/namespace_selector.go
@@ -59,7 +59,7 @@ var _ = framework.IngressNginxDescribeSerial("[Flag] watch namespace selector",
 	})
 
 	ginkgo.Context("With specific watch-namespace-selector flags", func() {
-		ginkgo.It("should ingore Ingress of namespace without label foo=bar and accept those of namespace with label foo=bar", func() {
+		ginkgo.It("should ignore Ingress of namespace without label foo=bar and accept those of namespace with label foo=bar", func() {
 			f.WaitForNginxConfiguration(func(cfg string) bool {
 				return !strings.Contains(cfg, "server_name bar") &&
 					strings.Contains(cfg, "server_name foo")