Updating go version to fix vulnerability

.github/workflows/ci.yml

@@ -3,18 +3,22 @@ name: Checkmarx One CLI
 on:
   pull_request:
 
+env:
+  GO_VERSION: '1.21.0-rc.4'
+
 jobs:
   unit-tests:
     runs-on: ubuntu-latest
     env:
       GOPRIVATE: "github.com/checkmarxDev/*"
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v2.3.4
-      - name: Set up Go 1.17.x
-        uses: actions/setup-go@v2
+        uses: actions/checkout@v4
+      - name: Set up Go version
+        uses: actions/setup-go@v4
         with:
-          go-version: 1.17.x
+          go-version: ${{ env.GO_VERSION }}
+      - run: go version
       - name: Setup git
         run: git config --global url."https://${{ secrets.PERSONAL_ACCESS_TOKEN }}:@github.com/".insteadOf "https://github.com"
       - name: go test with coverage
@@ -40,13 +44,14 @@ jobs:
       GOPRIVATE: "github.com/checkmarxDev/*"
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v4
       - name: Setup git
         run: git config --global url."https://${{ secrets.PERSONAL_ACCESS_TOKEN }}:@github.com/".insteadOf "https://github.com"
-      - name: Set up Go 1.17.x
-        uses: actions/setup-go@v2
+      - name: Set up Go version
+        uses: actions/setup-go@v4
         with:
-          go-version: 1.17.x
+          go-version: ${{ env.GO_VERSION }}
+      - run: go version
       - name: Go Build
         run: go build -o ./bin/cx ./cmd
       - name: Go Integration test
@@ -58,7 +63,7 @@ jobs:
           CX_BASE_AUTH_URI: ${{ secrets.CX_BASE_AUTH_URI }}
           CX_AST_USERNAME: ${{ secrets.CX_AST_USERNAME }}
           CX_AST_PASSWORD: ${{ secrets.CX_AST_PASSWORD }}
-          CX_APIKEY:  ${{ secrets.CX_APIKEY }}
+          CX_APIKEY: ${{ secrets.CX_APIKEY }}
           CX_TENANT: ${{ secrets.CX_TENANT }}
           CX_SCAN_SSH_KEY: ${{ secrets.CX_SCAN_SSH_KEY }}
           PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
@@ -109,11 +114,12 @@ jobs:
     env:
       GOPRIVATE: "github.com/checkmarxDev/*"
     steps:
-      - uses: actions/checkout@v2.3.4
-      - name: Set up Go 1.17.x
+      - uses: actions/checkout@v4
+      - name: Set up Go version
         uses: actions/setup-go@v4
         with:
-          go-version: 1.17.x
+          go-version: ${{ env.GO_VERSION }}
+      - run: go version
       - name: Setup git
         run: git config --global url."https://${{ secrets.PERSONAL_ACCESS_TOKEN }}:@github.com/".insteadOf "https://github.com"
       - name: golangci-lint
@@ -122,3 +128,12 @@ jobs:
           version: v1.54.2
           args: -c .golangci.yml
           only-new-issues: true
+  govulncheck:
+    runs-on: ubuntu-latest
+    name: govulncheck
+    steps:
+      - id: govulncheck
+        uses: golang/govulncheck-action@v1
+        with:
+          go-version-input: '1.21.0-rc.4'
+          go-package: ./...

.golangci.yml

@@ -106,9 +106,11 @@ run:
     - internal/cache
     - internal/renameio
     - internal/robustio
+  go: '1.21'
+
 # golangci.com configuration
 # https://github.com/golangci/golangci/wiki/Configuration
 service:
-  golangci-lint-version: 1.28.1 # use the fixed version to not introduce new linters unexpectedly
+  golangci-lint-version: 1.54.2 # use the fixed version to not introduce new linters unexpectedly
   prepare:
     - echo "here I can run custom commands, but no preparation needed for this repo"

go.mod

@@ -1,6 +1,6 @@
 module github.com/checkmarx/ast-cli
 
-go 1.17
+go 1.21rc4
 
 require (
 	github.com/MakeNowJust/heredoc v1.0.0
@@ -15,7 +15,7 @@ require (
 	github.com/spf13/cobra v1.7.0
 	github.com/spf13/viper v1.16.0
 	github.com/tomnomnom/linkheader v0.0.0-20180905144013-02ca5825eb80
-	golang.org/x/crypto v0.12.0
+	golang.org/x/crypto v0.13.0
 	gotest.tools v2.2.0+incompatible
 )
 
@@ -33,8 +33,8 @@ require (
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/subosito/gotenv v1.4.2 // indirect
 	github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 // indirect
-	golang.org/x/sys v0.11.0 // indirect
-	golang.org/x/text v0.12.0 // indirect
+	golang.org/x/sys v0.12.0 // indirect
+	golang.org/x/text v0.13.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )