diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index a875a072..4e1eac42 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -28,7 +28,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go-version: ['1.19', '1.20']
+        go-version: ['1.20', '1.21']
       fail-fast: true
     steps:
       - name: Checkout
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 10531148..4c8067d4 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -35,7 +35,7 @@ jobs:
       security-events: write
     strategy:
       matrix:
-        go-version: ['1.19', '1.20']
+        go-version: ['1.20', '1.21']
       fail-fast: false
     steps:
       - name: Checkout repository
diff --git a/README.md b/README.md
index 50bb3064..70662555 100644
--- a/README.md
+++ b/README.md
@@ -19,6 +19,9 @@ The ORAS Go library follows [Semantic Versioning](https://semver.org/), where br
 
 The version `2` is actively developed in the [`main`](https://github.com/oras-project/oras-go/tree/main) branch with all new features.
 
+> [!Note]
+> The `main` branch follows [Go's Security Policy](https://github.com/golang/go/security/policy) and supports the two latest versions of Go (currently `1.20` and `1.21`).
+
 Examples for common use cases can be found below:
 
 - [Copy examples](https://pkg.go.dev/oras.land/oras-go/v2#pkg-examples)
diff --git a/go.mod b/go.mod
index 747de6eb..01ffb2bf 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module oras.land/oras-go/v2
 
-go 1.19
+go 1.20
 
 require (
 	github.com/opencontainers/go-digest v1.0.0