This module requires Go 1.21 to build, but go.mod file declares Go 1.19 as minimum version

[hansgylling]

The go directive in the go.mod file isn't correct regarding the minimum version needed to build commands from the taint module, as demonstrated in the following shell sessions. It's the same problem for the logi, sqli, taint, and xss commands, but not for ssadump. I'm using sqli as an example, because that's the one I've been using.

With Go 1.20:

$ go version
go version go1.20.13 linux/amd64
$ go install -trimpath -a github.com/picatz/taint/cmd/sqli@latest
pkg/mod/github.com/picatz/taint@v0.0.0-20240114134754-40d21f79898b/callgraphutil/csv.go:103:34: n.Func.Pkg.Pkg.GoVersion undefined (type *types.Package has no field or method GoVersion)

With Go 1.21:

$ go version
go version go1.21.6 linux/amd64
$ go install -trimpath -a github.com/picatz/taint/cmd/sqli@latest
# No problem installing sqli.

You should change either the code or the version in go.mod to be consistent with each other.

I also suggest that the CI job for this module should also use the oldest Go version that taint supports. If you also want to run with a newer version you can use a matrix of versions to run the same job with different Go versions: https://docs.github.com/en/actions/using-jobs/using-a-matrix-for-your-jobs

[picatz]

👋 Hello @hansgylling, thank you for opening this issue! I plan to take a look later this week to get this sorted out.

[picatz]

Thank you again for reporting this @hansgylling! I decided to take the easy route here, and specify 1.21 as the minimum Go version. But, happy to revisit that in the future if needed.