Vulnerability fix (#114)

mohanmanikanta2299 · web-flow · commit 87b93e541e25 · 2025-01-20T09:55:57.000+05:30
* IND-1809 Vulnerabilities Remediation
diff --git a/.go-version b/.go-version
@@ -1 +1 @@
-1.18
+1.21
diff --git a/addlicense/main.go b/addlicense/main.go
@@ -22,7 +22,6 @@ import (
 	"errors"
 	"flag"
 	"fmt"
-	"io/ioutil"
 	"log"
 	"os"
 	"path/filepath"
@@ -321,7 +320,7 @@ func addLicense(path string, fmode os.FileMode, tmpl *template.Template, data Li
 		return false, err
 	}
 
-	b, err := ioutil.ReadFile(path)
+	b, err := os.ReadFile(path)
 	if err != nil {
 		return false, err
 	}
@@ -338,12 +337,12 @@ func addLicense(path string, fmode os.FileMode, tmpl *template.Template, data Li
 		lic = append(line, lic...)
 	}
 	b = append(lic, b...)
-	return true, ioutil.WriteFile(path, b, fmode)
+	return true, os.WriteFile(path, b, fmode)
 }
 
 // fileHasLicense reports whether the file at path contains a license header.
 func fileHasLicense(path string) (bool, error) {
-	b, err := ioutil.ReadFile(path)
+	b, err := os.ReadFile(path)
 	if err != nil {
 		return false, err
 	}
diff --git a/addlicense/main_test.go b/addlicense/main_test.go
@@ -15,7 +15,6 @@
 package addlicense
 
 import (
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -33,7 +32,7 @@ func run(t *testing.T, name string, args ...string) {
 }
 
 func tempDir(t *testing.T) string {
-	dir, err := ioutil.TempDir("", "addlicense")
+	dir, err := os.MkdirTemp("", "addlicense")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -209,12 +208,12 @@ func TestMPL(t *testing.T) {
 }
 
 func createTempFile(contents string, pattern string) (*os.File, error) {
-	f, err := ioutil.TempFile("", pattern)
+	f, err := os.CreateTemp("", pattern)
 	if err != nil {
 		return nil, err
 	}
 
-	if err := ioutil.WriteFile(f.Name(), []byte(contents), 0644); err != nil {
+	if err := os.WriteFile(f.Name(), []byte(contents), 0644); err != nil {
 		return nil, err
 	}
 
@@ -275,7 +274,7 @@ func TestAddLicense(t *testing.T) {
 		if updated != tt.wantUpdated {
 			t.Errorf("addLicense with contents %q returned updated: %t, want %t", tt.contents, updated, tt.wantUpdated)
 		}
-		gotContents, err := ioutil.ReadFile(f.Name())
+		gotContents, err := os.ReadFile(f.Name())
 		if err != nil {
 			t.Error(err)
 		}
diff --git a/addlicense/tmpl.go b/addlicense/tmpl.go
@@ -18,7 +18,7 @@ import (
 	"bufio"
 	"bytes"
 	"fmt"
-	"io/ioutil"
+	"os"
 	"strings"
 	"text/template"
 	"unicode"
@@ -55,7 +55,7 @@ func fetchTemplate(license string, templateFile string, spdx spdxFlag) (string,
 	if spdx == spdxOnly {
 		t = tmplSPDX
 	} else if templateFile != "" {
-		d, err := ioutil.ReadFile(templateFile)
+		d, err := os.ReadFile(templateFile)
 		if err != nil {
 			return "", fmt.Errorf("license file: %w", err)
 		}
diff --git a/github/repo.go b/github/repo.go
@@ -7,7 +7,7 @@ import (
 	"context"
 	"fmt"
 
-	ghcli "github.com/cli/go-gh"
+	"github.com/cli/go-gh/v2/pkg/repository"
 	"github.com/google/go-github/v45/github"
 )
 
@@ -24,14 +24,14 @@ type GHRepo struct {
 // associated with the given folder. This can happen if multiple git upstreams
 // defined.
 func DiscoverRepo() (GHRepo, error) {
-	repo, err := ghcli.CurrentRepository()
+	repo, err := repository.Current()
 	if err != nil {
 		return GHRepo{}, fmt.Errorf("unable to determine if the current directory relates to a GitHub repo: %v", err)
 	}
 
 	return GHRepo{
-		Name:  repo.Name(),
-		Owner: repo.Owner(),
+		Name:  repo.Name,
+		Owner: repo.Owner,
 	}, nil
 }
 
diff --git a/go.mod b/go.mod
@@ -1,15 +1,17 @@
 module github.com/hashicorp/copywrite
 
-go 1.18
+go 1.21
+
+toolchain go1.23.1
 
 require (
-	github.com/AlecAivazis/survey/v2 v2.3.6
+	github.com/AlecAivazis/survey/v2 v2.3.7
 	github.com/bmatcuk/doublestar/v4 v4.6.0
 	github.com/bradleyfalzon/ghinstallation/v2 v2.5.0
 	github.com/hashicorp/go-hclog v1.5.0
 	github.com/jedib0t/go-pretty/v6 v6.4.6
 	github.com/knadh/koanf v1.5.0
-	github.com/mattn/go-isatty v0.0.19
+	github.com/mattn/go-isatty v0.0.20
 	github.com/mergestat/timediff v0.0.3
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/mitchellh/mapstructure v1.5.0
@@ -19,54 +21,49 @@ require (
 	github.com/stretchr/testify v1.8.2
 	github.com/thanhpk/randstr v1.0.4
 	golang.org/x/oauth2 v0.8.0
-	golang.org/x/sync v0.1.0
+	golang.org/x/sync v0.10.0
 )
 
 require (
 	github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef // indirect
 	github.com/cli/safeexec v1.0.0 // indirect
-	github.com/cli/shurcooL-graphql v0.0.2 // indirect
-	github.com/cloudflare/circl v1.3.3 // indirect
+	github.com/cloudflare/circl v1.3.7 // indirect
 	github.com/fatih/color v1.13.0 // indirect
 	github.com/fsnotify/fsnotify v1.5.4 // indirect
 	github.com/go-openapi/errors v0.20.2 // indirect
 	github.com/go-openapi/strfmt v0.21.3 // indirect
-	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
+	github.com/golang-jwt/jwt/v4 v4.5.1 // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/go-github/v53 v53.0.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
-	github.com/henvic/httpretty v0.0.6 // indirect
 	github.com/inconshreveable/mousetrap v1.0.1 // indirect
 	github.com/joho/godotenv v1.3.0 // indirect
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
 	github.com/kr/pretty v0.3.0 // indirect
-	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-runewidth v0.0.13 // indirect
+	github.com/mattn/go-runewidth v0.0.15 // indirect
 	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
-	github.com/muesli/termenv v0.12.0 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
-	github.com/rivo/uniseg v0.2.0 // indirect
-	github.com/thlib/go-timezone-local v0.0.0-20210907160436-ef149e42d28e // indirect
+	github.com/rivo/uniseg v0.4.7 // indirect
 	go.mongodb.org/mongo-driver v1.10.0 // indirect
-	golang.org/x/crypto v0.7.0 // indirect
+	golang.org/x/crypto v0.31.0 // indirect
 	golang.org/x/exp v0.0.0-20220303212507-bbda1eaf7a17 // indirect
-	golang.org/x/net v0.10.0 // indirect
-	golang.org/x/sys v0.8.0 // indirect
-	golang.org/x/term v0.8.0 // indirect
-	golang.org/x/text v0.9.0 // indirect
+	golang.org/x/net v0.33.0 // indirect
+	golang.org/x/sys v0.28.0 // indirect
+	golang.org/x/term v0.27.0 // indirect
+	golang.org/x/text v0.21.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/protobuf v1.28.0 // indirect
 	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
 )
 
 require (
-	github.com/cli/go-gh v1.2.1
+	github.com/cli/go-gh/v2 v2.11.2
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/google/go-github/v45 v45.2.0
 	github.com/jedib0t/go-pretty v4.3.0+incompatible
diff --git a/go.sum b/go.sum

Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,6 @@ import (`
`22`	`22`	`"errors"`
`23`	`23`	`"flag"`
`24`	`24`	`"fmt"`
`25`		`- "io/ioutil"`
`26`	`25`	`"log"`
`27`	`26`	`"os"`
`28`	`27`	`"path/filepath"`
`@@ -321,7 +320,7 @@ func addLicense(path string, fmode os.FileMode, tmpl *template.Template, data Li`
`321`	`320`	`return false, err`
`322`	`321`	`}`
`323`	`322`
`324`		`- b, err := ioutil.ReadFile(path)`
	`323`	`+ b, err := os.ReadFile(path)`
`325`	`324`	`if err != nil {`
`326`	`325`	`return false, err`
`327`	`326`	`}`
`@@ -338,12 +337,12 @@ func addLicense(path string, fmode os.FileMode, tmpl *template.Template, data Li`
`338`	`337`	`lic = append(line, lic...)`
`339`	`338`	`}`
`340`	`339`	`b = append(lic, b...)`
`341`		`- return true, ioutil.WriteFile(path, b, fmode)`
	`340`	`+ return true, os.WriteFile(path, b, fmode)`
`342`	`341`	`}`
`343`	`342`
`344`	`343`	`// fileHasLicense reports whether the file at path contains a license header.`
`345`	`344`	`func fileHasLicense(path string) (bool, error) {`
`346`		`- b, err := ioutil.ReadFile(path)`
	`345`	`+ b, err := os.ReadFile(path)`
`347`	`346`	`if err != nil {`
`348`	`347`	`return false, err`
`349`	`348`	`}`
Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,6 @@`
`15`	`15`	`package addlicense`
`16`	`16`
`17`	`17`	`import (`
`18`		`- "io/ioutil"`
`19`	`18`	`"os"`
`20`	`19`	`"os/exec"`
`21`	`20`	`"path/filepath"`
`@@ -33,7 +32,7 @@ func run(t *testing.T, name string, args ...string) {`
`33`	`32`	`}`
`34`	`33`
`35`	`34`	`func tempDir(t *testing.T) string {`
`36`		`- dir, err := ioutil.TempDir("", "addlicense")`
	`35`	`+ dir, err := os.MkdirTemp("", "addlicense")`
`37`	`36`	`if err != nil {`
`38`	`37`	`t.Fatal(err)`
`39`	`38`	`}`
`@@ -209,12 +208,12 @@ func TestMPL(t *testing.T) {`
`209`	`208`	`}`
`210`	`209`
`211`	`210`	`func createTempFile(contents string, pattern string) (*os.File, error) {`
`212`		`- f, err := ioutil.TempFile("", pattern)`
	`211`	`+ f, err := os.CreateTemp("", pattern)`
`213`	`212`	`if err != nil {`
`214`	`213`	`return nil, err`
`215`	`214`	`}`
`216`	`215`
`217`		`- if err := ioutil.WriteFile(f.Name(), []byte(contents), 0644); err != nil {`
	`216`	`+ if err := os.WriteFile(f.Name(), []byte(contents), 0644); err != nil {`
`218`	`217`	`return nil, err`
`219`	`218`	`}`
`220`	`219`
`@@ -275,7 +274,7 @@ func TestAddLicense(t *testing.T) {`
`275`	`274`	`if updated != tt.wantUpdated {`
`276`	`275`	`t.Errorf("addLicense with contents %q returned updated: %t, want %t", tt.contents, updated, tt.wantUpdated)`
`277`	`276`	`}`
`278`		`- gotContents, err := ioutil.ReadFile(f.Name())`
	`277`	`+ gotContents, err := os.ReadFile(f.Name())`
`279`	`278`	`if err != nil {`
`280`	`279`	`t.Error(err)`
`281`	`280`	`}`