Minimum Go version for library consumers

[ldez]

Environment details

• Programming language: Go
• OS: Linux
• Language runtime version: go1.25
• Package version: v0.3.16

Steps to reproduce

1. go get github.com/googleapis/enterprise-certificate-proxy@v0.3.16

---

Since go1.21, the Go version used inside the go.mod is the minimum Go version, and it's a hard requirement.

googleapis/enterprise-certificate-proxy is used as a library, each time you update the minimum Go version, you are forcing all the library consumers to update their minimum Go version.

This update of the min Go version is problematic because it also forces googleapis/google-api-go-client to update its min Go version.

This impact all the modules that depends on googleapis/enterprise-certificate-proxy or googleapis/google-api-go-client.

This will force the propagation of this min Go version.

A library should avoid doing that.

The minimum Go version defines the version of the language used to write the code.

The Go version inside toolchain defines the Go version used to compile a binary or run the tests, and doesn't affect lib consumers.

The Go team maintains the 2 latest minor versions: currently go1.25 and go1.26.

As a library, updating the min version doesn't fix any CVE related to Go.

Could you downgrade the minimum Go version to at least go1.25.0?

Related to #193
Related to googleapis/google-api-go-client#3605

[ldez]

@nolanleastin The min go version is spreading quickly, please can you downgrade?

• https://github.com/googleapis/google-cloud-go/blob/c781a7535f87377bb7d0b47fc82ad0bb330faf29/auth/go.mod#L3

[arjan-bal]

We noticed the Go minor version bump while updating dependencies for gRPC Go. To avoid causing problems for dependents of gRPC, we're holding off on bumping the versions of github.com/googleapis/enterprise-certificate-proxy and google.golang.org/api until the minor version is dropped here.