diff --git a/.golangci.toml b/.golangci.toml
index d7688cd4f38..9dd31bd6a2d 100644
--- a/.golangci.toml
+++ b/.golangci.toml
@@ -20,6 +20,7 @@ packages = ["io/ioutil"]
 [[linters-settings.depguard.packages-with-error-message]]
 "io/ioutil" = "Deprecated: As of Go 1.16, the same functionality is now provided by package io or package os, and those implementations should be preferred in new code. See the specific function documentation for details."
 "gopkg.in/yaml.v2" = "Grafana packages are not allowed to depend on gopkg.in/yaml.v2 as gopkg.in/yaml.v3 is now available"
+"github.com/pkg/errors" = "Deprecated: Go 1.13 supports the functionality provided by pkg/errors in the standard library."
 
 [linters-settings.gocritic]
 enabled-checks = ["ruleguard"]
diff --git a/go.mod b/go.mod
index a2dbd161cba..f7c49a73871 100644
--- a/go.mod
+++ b/go.mod
@@ -91,7 +91,7 @@ require (
 	github.com/opentracing/opentracing-go v1.2.0
 	github.com/patrickmn/go-cache v2.1.0+incompatible
 	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
-	github.com/pkg/errors v0.9.1
+	github.com/pkg/errors v0.9.1 // indirect
 	github.com/prometheus/alertmanager v0.25.0
 	github.com/prometheus/client_golang v1.14.0
 	github.com/prometheus/client_model v0.3.0
diff --git a/go.sum b/go.sum
index 007de343782..ea74d050877 100644
--- a/go.sum
+++ b/go.sum
@@ -1283,8 +1283,6 @@ github.com/grafana/saml v0.4.13-0.20230203140620-5f476db5c00a h1:aWSTt/pTOI4uGY9
 github.com/grafana/saml v0.4.13-0.20230203140620-5f476db5c00a/go.mod h1:igEejV+fihTIlHXYP8zOec3V5A8y3lws5bQBFsTm4gA=
 github.com/grafana/sqlds/v2 v2.3.10 h1:HWKhE0vR6LoEiE+Is8CSZOgaB//D1yqb2ntkass9Fd4=
 github.com/grafana/sqlds/v2 v2.3.10/go.mod h1:c6ibxnxRVGxV/0YkEgvy7QpQH/lyifFyV7K/14xvdIs=
-github.com/grafana/thema v0.0.0-20230223160728-4226e958935a h1:5DSEQFi/pr7pYokTEvhVe94n5s6p771+PKD/GjaoP+s=
-github.com/grafana/thema v0.0.0-20230223160728-4226e958935a/go.mod h1:T6q1RVzq5fzVbm+QBeIsTmVzuXlMaArp4wxfLvcaMV0=
 github.com/grafana/thema v0.0.0-20230224141623-cb20887cb028 h1:6DXb3CmghXpjtd0VjK1FDEjvHhNcXfYSxUcEfxyMx9w=
 github.com/grafana/thema v0.0.0-20230224141623-cb20887cb028/go.mod h1:T6q1RVzq5fzVbm+QBeIsTmVzuXlMaArp4wxfLvcaMV0=
 github.com/grafana/xorm v0.8.3-0.20220614223926-2fcda7565af6 h1:I9dh1MXGX0wGyxdV/Sl7+ugnki4Dfsy8lv2s5Yf887o=
diff --git a/pkg/extensions/main.go b/pkg/extensions/main.go
index ebec1e887d3..ff130b6c654 100644
--- a/pkg/extensions/main.go
+++ b/pkg/extensions/main.go
@@ -19,7 +19,6 @@ import (
 	_ "github.com/jung-kurt/gofpdf"
 	_ "github.com/linkedin/goavro/v2"
 	_ "github.com/m3db/prometheus_remote_client_golang/promremote"
-	_ "github.com/pkg/errors"
 	_ "github.com/robfig/cron/v3"
 	_ "github.com/russellhaering/goxmldsig"
 	_ "github.com/stretchr/testify/require"
diff --git a/pkg/services/apikey/apikeyimpl/xorm_store.go b/pkg/services/apikey/apikeyimpl/xorm_store.go
index 61b521a0b56..457e495ff6c 100644
--- a/pkg/services/apikey/apikeyimpl/xorm_store.go
+++ b/pkg/services/apikey/apikeyimpl/xorm_store.go
@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/pkg/errors"
 	"xorm.io/xorm"
 
 	"github.com/grafana/grafana/pkg/infra/db"
@@ -132,7 +131,7 @@ func (ss *sqlStore) AddAPIKey(ctx context.Context, cmd *apikey.AddCommand) error
 		}
 
 		if _, err := sess.Insert(&t); err != nil {
-			return errors.Wrap(err, "failed to insert token")
+			return fmt.Errorf("%s: %w", "failed to insert token", err)
 		}
 		cmd.Result = &t
 		return nil
diff --git a/pkg/services/ngalert/api/util.go b/pkg/services/ngalert/api/util.go
index cdb5c170216..799b8aec7e8 100644
--- a/pkg/services/ngalert/api/util.go
+++ b/pkg/services/ngalert/api/util.go
@@ -3,6 +3,7 @@ package api
 import (
 	"bytes"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"io"
 	"net/http"
@@ -11,7 +12,6 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/pkg/errors"
 	"gopkg.in/yaml.v3"
 
 	"github.com/grafana/grafana/pkg/api/response"
@@ -206,13 +206,15 @@ func messageExtractor(resp *response.NormalResponse) (interface{}, error) {
 // ErrorResp creates a response with a visible error
 func ErrResp(status int, err error, msg string, args ...interface{}) *response.NormalResponse {
 	if msg != "" {
-		err = errors.WithMessagef(err, msg, args...)
+		formattedMsg := fmt.Sprintf(msg, args...)
+		err = fmt.Errorf("%s: %w", formattedMsg, err)
 	}
 	return response.Error(status, err.Error(), err)
 }
 
 // accessForbiddenResp creates a response of forbidden access.
 func accessForbiddenResp() response.Response {
+	//nolint:stylecheck // Grandfathered capitalization of error.
 	return ErrResp(http.StatusForbidden, errors.New("Permission denied"), "")
 }
 
diff --git a/pkg/services/secrets/kvstore/plugin.go b/pkg/services/secrets/kvstore/plugin.go
index d04578bc47d..d1b96771007 100644
--- a/pkg/services/secrets/kvstore/plugin.go
+++ b/pkg/services/secrets/kvstore/plugin.go
@@ -243,7 +243,7 @@ func GetNamespacedKVStore(kv kvstore.KVStore) *kvstore.NamespacedKVStore {
 func IsPluginStartupErrorFatal(ctx context.Context, kvstore *kvstore.NamespacedKVStore) (bool, error) {
 	_, exists, err := kvstore.Get(ctx, QuitOnPluginStartupFailureKey)
 	if err != nil {
-		return false, errors.New(fmt.Sprint("error retrieving key ", QuitOnPluginStartupFailureKey, " from kvstore. error: ", err.Error()))
+		return false, fmt.Errorf("error retrieving key %s from kvstore. error: %w", QuitOnPluginStartupFailureKey, err)
 	}
 	return exists, nil
 }
diff --git a/pkg/services/serviceaccounts/database/token_store.go b/pkg/services/serviceaccounts/database/token_store.go
index 2965ed337a4..abfc08ed24b 100644
--- a/pkg/services/serviceaccounts/database/token_store.go
+++ b/pkg/services/serviceaccounts/database/token_store.go
@@ -2,8 +2,8 @@ package database
 
 import (
 	"context"
-
-	"github.com/pkg/errors"
+	"errors"
+	"fmt"
 
 	"github.com/grafana/grafana/pkg/infra/db"
 	"github.com/grafana/grafana/pkg/services/apikey"
@@ -33,7 +33,10 @@ func (s *ServiceAccountsStoreImpl) ListTokens(
 		sess = sess.Join("inner", quotedUser, quotedUser+".id = api_key.service_account_id").
 			Asc("api_key.name")
 
-		return errors.Wrapf(sess.Find(&result), "list token error")
+		if err := sess.Find(&result); err != nil {
+			return fmt.Errorf("%s: %w", "list token error", err)
+		}
+		return nil
 	})
 	return result, err
 }
diff --git a/pkg/services/serviceaccounts/secretscan/client.go b/pkg/services/serviceaccounts/secretscan/client.go
index 96b6b9f50f3..533a25d3a4c 100644
--- a/pkg/services/serviceaccounts/secretscan/client.go
+++ b/pkg/services/serviceaccounts/secretscan/client.go
@@ -5,13 +5,12 @@ import (
 	"context"
 	"crypto/tls"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"net"
 	"net/http"
 	"strings"
 	"time"
-
-	"github.com/pkg/errors"
 )
 
 const timeout = 4 * time.Second
@@ -100,7 +99,7 @@ func (c *client) checkTokens(ctx context.Context, keyHashes []string) ([]Token,
 
 	jsonValue, err := json.Marshal(values)
 	if err != nil {
-		return nil, errors.Wrap(err, "failed to make http request")
+		return nil, fmt.Errorf("%s: %w", "failed to make http request", err)
 	}
 
 	// Build URL
@@ -109,7 +108,7 @@ func (c *client) checkTokens(ctx context.Context, keyHashes []string) ([]Token,
 	req, err := http.NewRequestWithContext(ctx, http.MethodPost,
 		url, bytes.NewReader(jsonValue))
 	if err != nil {
-		return nil, errors.Wrap(err, "failed to make http request")
+		return nil, fmt.Errorf("%s: %w", "failed to make http request", err)
 	}
 
 	// Set headers
@@ -120,7 +119,7 @@ func (c *client) checkTokens(ctx context.Context, keyHashes []string) ([]Token,
 	// make http POST request to check for leaked tokens.
 	resp, err := c.httpClient.Do(req)
 	if err != nil {
-		return nil, errors.Wrap(err, "failed to do http request")
+		return nil, fmt.Errorf("%s: %w", "failed to do http request", err)
 	}
 
 	defer func() { _ = resp.Body.Close() }()
@@ -132,7 +131,7 @@ func (c *client) checkTokens(ctx context.Context, keyHashes []string) ([]Token,
 	// decode response body
 	var tokens []Token
 	if err := json.NewDecoder(resp.Body).Decode(&tokens); err != nil {
-		return nil, errors.Wrap(err, "failed to decode response body")
+		return nil, fmt.Errorf("%s: %w", "failed to decode response body", err)
 	}
 
 	return tokens, nil
diff --git a/pkg/services/serviceaccounts/secretscan/webhook.go b/pkg/services/serviceaccounts/secretscan/webhook.go
index fb05bf281eb..ce1a0c81d2e 100644
--- a/pkg/services/serviceaccounts/secretscan/webhook.go
+++ b/pkg/services/serviceaccounts/secretscan/webhook.go
@@ -5,6 +5,7 @@ import (
 	"context"
 	"crypto/tls"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"net"
 	"net/http"
@@ -12,7 +13,6 @@ import (
 	"time"
 
 	"github.com/google/uuid"
-	"github.com/pkg/errors"
 )
 
 var errWebHookURL = errors.New("webhook url must be https")
@@ -76,7 +76,7 @@ func (wClient *webHookClient) Notify(ctx context.Context,
 
 	jsonValue, err := json.Marshal(values)
 	if err != nil {
-		return errors.Wrap(err, "failed to marshal webhook request")
+		return fmt.Errorf("%s: %w", "failed to marshal webhook request", err)
 	}
 
 	// Build URL
@@ -84,7 +84,7 @@ func (wClient *webHookClient) Notify(ctx context.Context,
 	req, err := http.NewRequestWithContext(ctx, http.MethodPost,
 		wClient.url, bytes.NewReader(jsonValue))
 	if err != nil {
-		return errors.Wrap(err, "failed to make http request")
+		return fmt.Errorf("%s: %w", "failed to make http request", err)
 	}
 
 	// Set headers
@@ -95,7 +95,7 @@ func (wClient *webHookClient) Notify(ctx context.Context,
 	// make http POST request to check for leaked tokens.
 	resp, err := wClient.httpClient.Do(req)
 	if err != nil {
-		return errors.Wrap(err, "failed to webhook request")
+		return fmt.Errorf("%s: %w", "failed to webhook request", err)
 	}
 
 	defer func() { _ = resp.Body.Close() }()