fix: replace hashicorp/go-version with golang.org/x/mod/semver

[mwbrooks]

Changelog

• N/A

Summary

This pull request fixes a Synk license policy issue by removing the direct dependency on github.com/hashicorp/go-version (MPL-2.0 license).

We now use golang.org/x/mod/semver, which is already a direct dependency. The go-version remains as an indirect dependency through the linter tooling, but is no longer flagged by Snyk.

Preview

• N/A

Testing

$ lack --version
# → Confirm the version is shown as "v4.0.1-XX-gXXXX" (e.g. v4.0.1-43-gbd5075f)

$ lack upgrade
# → Confirm the upgrade prompt is displayed for the dev build
# → Note: I think I may have a follow-up that disables showing the upgrade prompt on dev builds :thinking:

Requirements

• I've read and understood the Contributing Guidelines and have done my best effort to follow them.
• I've read and agree to the Code of Conduct.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 71.31%. Comparing base (96ea244) to head (f152325).

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #532      +/-   ##
==========================================
+ Coverage   71.26%   71.31%   +0.04%     
==========================================
  Files         222      222              
  Lines       18698    18706       +8     
==========================================
+ Hits        13326    13341      +15     
+ Misses       4189     4186       -3     
+ Partials     1183     1179       -4     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[zimeg]

@mwbrooks LGTM and will be fun to have for next release-

[zimeg]

⚠️ thought: This might be surfaced in verbose logs too but I'm concerned that not wrapping this error can cause a less meaningful message for debugging?

[mwbrooks]

🧠 I could update this with a verbose log.

I had the same concern about not wrapping the error, but there is no error returned anymore. We could manually create a descriptive error, I suppose. But the ErrInvalidSemVer already captures the core essence.

[zimeg]

@mwbrooks Not blocking at all! I meant to suggest a "message" change with this but was also stumped about what'd be meaningful to include:

Suggested change

	return false, slackerror.New(slackerror.ErrInvalidSemVer)
	return false, slackerror.New(slackerror.ErrInvalidSemVer).
	WithMessage("Value %s is not a semantic versioning", r)

[mwbrooks]

I like it! Commit f152325 adds the .WithMessage to each clause.

[zimeg]

🚀 praise: RC? Release candidate?

[mwbrooks]

Thanks for the review @zimeg! 🎉 It'll be nice to have one less dependency and to get Snyk off our back about a license policy.