Vulnerability fix (#114)

* IND-1809 Vulnerabilities Remediation

.go-version

@@ -1 +1 @@
-1.18
+1.21

addlicense/main.go

@@ -22,7 +22,6 @@ import (
 	"errors"
 	"flag"
 	"fmt"
-	"io/ioutil"
 	"log"
 	"os"
 	"path/filepath"
@@ -321,7 +320,7 @@ func addLicense(path string, fmode os.FileMode, tmpl *template.Template, data Li
 		return false, err
 	}
 
-	b, err := ioutil.ReadFile(path)
+	b, err := os.ReadFile(path)
 	if err != nil {
 		return false, err
 	}
@@ -338,12 +337,12 @@ func addLicense(path string, fmode os.FileMode, tmpl *template.Template, data Li
 		lic = append(line, lic...)
 	}
 	b = append(lic, b...)
-	return true, ioutil.WriteFile(path, b, fmode)
+	return true, os.WriteFile(path, b, fmode)
 }
 
 // fileHasLicense reports whether the file at path contains a license header.
 func fileHasLicense(path string) (bool, error) {
-	b, err := ioutil.ReadFile(path)
+	b, err := os.ReadFile(path)
 	if err != nil {
 		return false, err
 	}

addlicense/main_test.go

@@ -15,7 +15,6 @@
 package addlicense
 
 import (
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -33,7 +32,7 @@ func run(t *testing.T, name string, args ...string) {
 }
 
 func tempDir(t *testing.T) string {
-	dir, err := ioutil.TempDir("", "addlicense")
+	dir, err := os.MkdirTemp("", "addlicense")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -209,12 +208,12 @@ func TestMPL(t *testing.T) {
 }
 
 func createTempFile(contents string, pattern string) (*os.File, error) {
-	f, err := ioutil.TempFile("", pattern)
+	f, err := os.CreateTemp("", pattern)
 	if err != nil {
 		return nil, err
 	}
 
-	if err := ioutil.WriteFile(f.Name(), []byte(contents), 0644); err != nil {
+	if err := os.WriteFile(f.Name(), []byte(contents), 0644); err != nil {
 		return nil, err
 	}
 
@@ -275,7 +274,7 @@ func TestAddLicense(t *testing.T) {
 		if updated != tt.wantUpdated {
 			t.Errorf("addLicense with contents %q returned updated: %t, want %t", tt.contents, updated, tt.wantUpdated)
 		}
-		gotContents, err := ioutil.ReadFile(f.Name())
+		gotContents, err := os.ReadFile(f.Name())
 		if err != nil {
 			t.Error(err)
 		}

addlicense/tmpl.go

@@ -18,7 +18,7 @@ import (
 	"bufio"
 	"bytes"
 	"fmt"
-	"io/ioutil"
+	"os"
 	"strings"
 	"text/template"
 	"unicode"
@@ -55,7 +55,7 @@ func fetchTemplate(license string, templateFile string, spdx spdxFlag) (string,
 	if spdx == spdxOnly {
 		t = tmplSPDX
 	} else if templateFile != "" {
-		d, err := ioutil.ReadFile(templateFile)
+		d, err := os.ReadFile(templateFile)
 		if err != nil {
 			return "", fmt.Errorf("license file: %w", err)
 		}

github/repo.go

@@ -7,7 +7,7 @@ import (
 	"context"
 	"fmt"
 
-	ghcli "github.com/cli/go-gh"
+	"github.com/cli/go-gh/v2/pkg/repository"
 	"github.com/google/go-github/v45/github"
 )
 
@@ -24,14 +24,14 @@ type GHRepo struct {
 // associated with the given folder. This can happen if multiple git upstreams
 // defined.
 func DiscoverRepo() (GHRepo, error) {
-	repo, err := ghcli.CurrentRepository()
+	repo, err := repository.Current()
 	if err != nil {
 		return GHRepo{}, fmt.Errorf("unable to determine if the current directory relates to a GitHub repo: %v", err)
 	}
 
 	return GHRepo{
-		Name:  repo.Name(),
-		Owner: repo.Owner(),
+		Name:  repo.Name,
+		Owner: repo.Owner,
 	}, nil
 }
 

go.mod

@@ -1,15 +1,17 @@
 module github.com/hashicorp/copywrite
 
-go 1.18
+go 1.21
+
+toolchain go1.23.1
 
 require (
-	github.com/AlecAivazis/survey/v2 v2.3.6
+	github.com/AlecAivazis/survey/v2 v2.3.7
 	github.com/bmatcuk/doublestar/v4 v4.6.0
 	github.com/bradleyfalzon/ghinstallation/v2 v2.5.0
 	github.com/hashicorp/go-hclog v1.5.0
 	github.com/jedib0t/go-pretty/v6 v6.4.6
 	github.com/knadh/koanf v1.5.0
-	github.com/mattn/go-isatty v0.0.19
+	github.com/mattn/go-isatty v0.0.20
 	github.com/mergestat/timediff v0.0.3
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/mitchellh/mapstructure v1.5.0
@@ -19,54 +21,49 @@ require (
 	github.com/stretchr/testify v1.8.2
 	github.com/thanhpk/randstr v1.0.4
 	golang.org/x/oauth2 v0.8.0
-	golang.org/x/sync v0.1.0
+	golang.org/x/sync v0.10.0
 )
 
 require (
 	github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef // indirect
 	github.com/cli/safeexec v1.0.0 // indirect
-	github.com/cli/shurcooL-graphql v0.0.2 // indirect
-	github.com/cloudflare/circl v1.3.3 // indirect
+	github.com/cloudflare/circl v1.3.7 // indirect
 	github.com/fatih/color v1.13.0 // indirect
 	github.com/fsnotify/fsnotify v1.5.4 // indirect
 	github.com/go-openapi/errors v0.20.2 // indirect
 	github.com/go-openapi/strfmt v0.21.3 // indirect
-	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
+	github.com/golang-jwt/jwt/v4 v4.5.1 // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/go-github/v53 v53.0.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
-	github.com/henvic/httpretty v0.0.6 // indirect
 	github.com/inconshreveable/mousetrap v1.0.1 // indirect
 	github.com/joho/godotenv v1.3.0 // indirect
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
 	github.com/kr/pretty v0.3.0 // indirect
-	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-runewidth v0.0.13 // indirect
+	github.com/mattn/go-runewidth v0.0.15 // indirect
 	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
-	github.com/muesli/termenv v0.12.0 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
-	github.com/rivo/uniseg v0.2.0 // indirect
-	github.com/thlib/go-timezone-local v0.0.0-20210907160436-ef149e42d28e // indirect
+	github.com/rivo/uniseg v0.4.7 // indirect
 	go.mongodb.org/mongo-driver v1.10.0 // indirect
-	golang.org/x/crypto v0.7.0 // indirect
+	golang.org/x/crypto v0.31.0 // indirect
 	golang.org/x/exp v0.0.0-20220303212507-bbda1eaf7a17 // indirect
-	golang.org/x/net v0.10.0 // indirect
-	golang.org/x/sys v0.8.0 // indirect
-	golang.org/x/term v0.8.0 // indirect
-	golang.org/x/text v0.9.0 // indirect
+	golang.org/x/net v0.33.0 // indirect
+	golang.org/x/sys v0.28.0 // indirect
+	golang.org/x/term v0.27.0 // indirect
+	golang.org/x/text v0.21.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/protobuf v1.28.0 // indirect
 	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
 )
 
 require (
-	github.com/cli/go-gh v1.2.1
+	github.com/cli/go-gh/v2 v2.11.2
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/google/go-github/v45 v45.2.0
 	github.com/jedib0t/go-pretty v4.3.0+incompatible