diff --git a/hmacsig.go b/hmacsig.go
index 186063e..5eb3ba8 100644
--- a/hmacsig.go
+++ b/hmacsig.go
@@ -8,7 +8,7 @@ import (
 	"crypto/sha1"
 	"crypto/sha256"
 	"encoding/hex"
-	"io/ioutil"
+	"io"
 	"net/http"
 )
 
@@ -153,7 +153,7 @@ func SHA256Validator(body []byte, sig, secret string) bool {
 }
 
 func (xh *hmacSig) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	b, err := ioutil.ReadAll(r.Body)
+	b, err := io.ReadAll(r.Body)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		return
@@ -172,7 +172,7 @@ func (xh *hmacSig) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	}
 
 	r.Body.Close()
-	r.Body = ioutil.NopCloser(bytes.NewBuffer(b))
+	r.Body = io.NopCloser(bytes.NewBuffer(b))
 
 	xh.h.ServeHTTP(w, r)
 }
diff --git a/hmacsig_test.go b/hmacsig_test.go
index 41e5be4..9ddfbf8 100644
--- a/hmacsig_test.go
+++ b/hmacsig_test.go
@@ -2,7 +2,7 @@ package hmacsig
 
 import (
 	"bytes"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/http/httptest"
 	"strings"
@@ -37,7 +37,7 @@ func TestInvalidHeaders(t *testing.T) {
 			t.Errorf("expected status Forbidden; got %v", res.Status)
 		}
 
-		body, _ := ioutil.ReadAll(res.Body)
+		body, _ := io.ReadAll(res.Body)
 		sbody := strings.TrimSpace(string(body))
 		if sbody != tc.msg {
 			t.Errorf("expected message '%v'; got '%v'", tc.msg, sbody)
@@ -68,7 +68,7 @@ func TestValidHMAC(t *testing.T) {
 		rec := httptest.NewRecorder()
 
 		x := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			b, err := ioutil.ReadAll(r.Body)
+			b, err := io.ReadAll(r.Body)
 			if err != nil {
 				t.Error(err)
 			}
@@ -90,7 +90,7 @@ func TestValidHMAC(t *testing.T) {
 			t.Errorf("expected status OK; got %v", res.Status)
 		}
 
-		body, _ := ioutil.ReadAll(res.Body)
+		body, _ := io.ReadAll(res.Body)
 		sbody := strings.TrimSpace(string(body))
 		if sbody != tc.msg {
 			t.Errorf("expected message '%v'; got '%v'", tc.msg, sbody)