Skip to content

Bump Go version to indicate correct minimum requirement #452

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jul 30, 2025
Merged

Bump Go version to indicate correct minimum requirement #452

merged 4 commits into from
Jul 30, 2025

Conversation

oxisto
Copy link
Collaborator

@oxisto oxisto commented Jul 23, 2025

The minimum requirement that we have was silently bumped to 1.21 in #441 because of the slices package. It seems that we did not update the go.mod when we updated our CI range, because CI did not fail because it was not testing older versions.

We probably should just update the go.mod when we update the CI target in the future? Although we could theoretically stay at 1.21 in terms of the code base.

@oxisto
Bump Go version to indicate correct minimum requirement
8129799 
The minimum requirement that we have was silently bumped to 1.21 in #441 because of the `slices` package. It seems that we did not update the `go.mod` when we updated our CI range, because CI did not fail because it was not testing older versions.

We probably should just update the `go.mod` when we update the CI target in the future? Although we could theoretically stay at 1.21 in terms of the code base.
@oxisto oxisto requested a review from mfridman as a code owner July 23, 2025 06:05
@mfridman
Copy link
Member

What's up with the go1.22 failures, do we have some old build tags we can get rid of now?

@oxisto
Copy link
Collaborator Author

oxisto commented Jul 23, 2025

What's up with the go1.22 failures, do we have some old build tags we can get rid of now?

https://github.com/golang-jwt/jwt/blame/3839817bf313f2cfe58853dcbe542ffd06300831/rsa_pss.go#L1-L2

I think we can just remove those two build tags. They were probably from a time when Go 1.4 was new. But I think we still have some other build tags for the errors, don't we?

@mfridman
Copy link
Member

I think we can just remove those two build tags. They were probably from a time when Go 1.4 was new. But I think we still have some other build tags for the errors, don't we?

Yep, that's what I was thinking. Remove those very old build tags entirely.

@oxisto
Copy link
Collaborator Author

oxisto commented Jul 23, 2025
edited
Loading

I think we can just remove those two build tags. They were probably from a time when Go 1.4 was new. But I think we still have some other build tags for the errors, don't we?

Yep, that's what I was thinking. Remove those very old build tags entirely.

The error handling ones are Go 1.20 build tags, which technically we would also not need anymore when we bump the minimum version to Go 1.21. I am not a BIG fan of doing this now within a major version but we (I) accidentically already released the latest v5 version which needs 1.21 without bumping it (nor realizing that it needs Go 1.21) so I guess the damage is done already :(

@mfridman
Copy link
Member

mfridman commented Jul 23, 2025
edited
Loading

It's probably defensible to bump the minimum Go version at some point. We probably don't need to keep up with the latest 2 versions like the Go team does.

We do call out that we keep up with the supported versions. And we rarely (if ever) pull in new features. Basically, I think it's fine as it is for now. Any concerns?

The alternative is to remove slices usage and release a version that's compatible with go1.18? But tbh I'm not overly bothered by bumping it up to go1.21.

@oxisto
Copy link
Collaborator Author

oxisto commented Jul 24, 2025

It's probably defensible to bump the minimum Go version at some point. We probably don't need to keep up with the latest 2 versions like the Go team does.

Agree

We do call out that we keep up with the supported versions. And we rarely (if ever) pull in new features. Basically, I think it's fine as it is for now. Any concerns?

100 % agree, no concerns from my side then.

The alternative is to remove slices usage and release a version that's compatible with go1.18? But tbh I'm not overly bothered by bumping it up to go1.21.

No, let's go forward, not backwards. I'll clean it up and remove the remaining code for Go < 1.21.

@oxisto
Copy link
Collaborator Author

oxisto commented Jul 24, 2025

@mfridman please have another look, I cleaned up the errors.go file. I also added Go 1.21 to our build matrix, just to be safe so that we will catch something like this in the future.

Should we retract v5.2.3 and publish a v5.2.4 with the proper go.mod indicating it needs Go 1.21?

mfridman
mfridman approved these changes Jul 30, 2025
View reviewed changes
Copy link
Member

@mfridman mfridman left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we need to retract the existing version. Rolling forward is good enough; if there were issues, I think more folks would have filed.

@oxisto oxisto linked an issue Jul 30, 2025 that may be closed by this pull request
go get failed #451
Closed
@oxisto oxisto merged commit e9547a1 into main Jul 30, 2025
9 checks passed
@oxisto oxisto deleted the go-121 branch July 30, 2025 13:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mfridman mfridman mfridman approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

go get failed
2 participants
@oxisto @mfridman