dependency update to go 1.22.7

[codeboten]

Description

Updating the packages to the latest version of the go SDK libraries and saw that the minimum version of go was bumped from 1.22 to 1.22.7 in the dependency change 5e9da3a. Is this intentional? It's causing the collector to need to bump its minimum version as well

Expected behavior

Expected to be able to bump otel-go dependencies without requiring a bump in minimum go version

[pellared]

I do see requiring to bump a patch version of Go as a bug. We are still supporting the same versions of Go as currently supported by the Go team. I find the changes in https://github.com/grpc/grpc-go/releases/tag/v1.68.0 quite important.

From https://github.com/open-telemetry/opentelemetry-go?tab=readme-ov-file#compatibility:

OpenTelemetry-Go ensures compatibility with the current supported versions of the Go language:

Each major Go release is supported until there are two newer major releases. For example, Go 1.5 was supported until the Go 1.7 release, and Go 1.6 was supported until the Go 1.8 release.

[codeboten]

There was a change to revert that bump grpc/grpc-go@3db86e2

[pellared]

There was a change to revert that bump grpc/grpc-go@3db86e2

I still do not see requiring to patch Go as a bug. However, if there would be a new go-grpc release that reverts the Go requirements and there will be a considerable pushback to do the same here, then I think we can consider also doing a patch release for OTel Go as well.

[codeboten]

@pellared is updating the requirement to 1.22.7 not breaking the requirement to support the two newest versions?

Each major Go release is supported until there are two newer major releases. For example, Go 1.5 was supported until the Go 1.7 release, and Go 1.6 was supported until the Go 1.8 release.

If that's not the case, then I agree this is not a bug. In the collector we tend to support the lowest patch version of the last 2 go releases

[pellared]

Yes. That is my interpretation. However, I added this issue as a topic to next SIG meeting agenda as I do (or at least try to) not blindly trust my own judgement.

[pellared]

Per grpc/grpc-go#7831 we will be able to downgrade back after a new release of grpc-go is published.

[pellared]

@codeboten, I am not sure if fixing it would be that easy. Our other dependencies (e.g. https://github.com/grpc-ecosystem/grpc-gateway/blob/main/go.mod) did the same thing. Everyone would need to now fix this. I am not sure if it will happen. My guess is that we will have to live with it until we stop supporting 1.22 and start requiring 1.23. Go 1.24 is expected to be released in February 2025. I am leaning towards closing this issue. WDYT?

[codeboten]

@pellared it looks like that dep also downgraded back down to 1.22.0, not sure if there's a way to address this or not though. i don't have time to dig down on all the other deps that may have the same issue, but if it's just grpc-gateway, then it should be addressed with their next release

[pellared]

@codeboten, thanks a lot for the heads up. I can look after January 7. Unassigning myself as maybe someone else would have time to take a look before I am back.