fix: upgrade cloudevents to latest if on go1.18 or later (#248)

go1.11-go1.17 are deprecated cloud functions runtimes (https://cloud.google.com/functions/docs/runtime-support#go), and will be decomissioned in January 2025. Additionally, cloudevents hasn't supported go earlier than 1.18 for a while. Upgrading cloudevents fixes a vulnerability in jackson. So, upgrade everything.

Fixes #247

.github/workflows/buildpack-integration-test.yml

@@ -23,8 +23,8 @@ jobs:
       cloudevent-builder-source: 'testdata/conformance/function'
       cloudevent-builder-target: 'declarativeCloudEvent'
       prerun: ${{format('testdata/conformance/prerun.sh {0} testdata/conformance/function', github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha )}}
-      builder-runtime: 'go113'
-      builder-runtime-version: '1.13'
+      builder-runtime: 'go118'
+      builder-runtime-version: '1.18'
       builder-url: gcr.io/gae-runtimes/buildpacks/google-gae-22/go/builder:latest
   go116-buildpack-test:
     if: github.event.pull_request.head.repo.full_name == github.repository
@@ -35,8 +35,8 @@ jobs:
       cloudevent-builder-source: 'testdata/conformance/function'
       cloudevent-builder-target: 'declarativeCloudEvent'
       prerun:  ${{format('testdata/conformance/prerun.sh {0} testdata/conformance/function', github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha )}}
-      builder-runtime: 'go116'
-      builder-runtime-version: '1.16'
+      builder-runtime: 'go120'
+      builder-runtime-version: '1.20'
       builder-url: gcr.io/gae-runtimes/buildpacks/google-gae-22/go/builder:latest
   non-declarative-buildpack-test:
     if: github.event.pull_request.head.repo.full_name == github.repository
@@ -47,6 +47,6 @@ jobs:
       cloudevent-builder-source: 'testdata/conformance/nondeclarative'
       cloudevent-builder-target: 'CloudEvent'
       prerun:  ${{format('testdata/conformance/prerun.sh {0} testdata/conformance/nondeclarative', github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha )}}
-      builder-runtime: 'go116'
-      builder-runtime-version: '1.16'
-      builder-url: gcr.io/gae-runtimes/buildpacks/google-gae-22/go/builder:latest
+      builder-runtime: 'go118'
+      builder-runtime-version: '1.18'
+      builder-url: gcr.io/gae-runtimes/buildpacks/google-gae-22/go/builder:latest

.github/workflows/conformance.yml

@@ -50,7 +50,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go-version: [1.13, 1.16, 1.18]
+        go-version: ['1.18', '1.20']
     steps:
     - name: Harden Runner
       uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
@@ -120,4 +120,4 @@ jobs:
             -buildpacks=false \
             -start-delay=5 \
             -cmd="go run testdata/conformance/cmd/declarative/main.go" \
-            -validate-concurrency=true
+            -validate-concurrency=true

.github/workflows/lint.yml

@@ -12,11 +12,8 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        go: ['1.13', '1.16', '1.18']
+        go: ['1.18', '1.20', '1.20']
         os: [ubuntu-latest, macos-latest] # windows-latest doesn't support find -wholename
-        exclude:
-          - os: macos-latest
-            go: 1.13
     steps:
     - name: Harden Runner
       uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0

.github/workflows/unit.yml

@@ -12,11 +12,8 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        go: ['1.13' ,'1.16', '1.18', '1.19', '1.20', '1.21']
+        go: ['1.18', '1.19', '1.20', '1.21']
         os: [ubuntu-latest, macos-latest, windows-latest]
-        exclude:
-          - os: macos-latest
-            go: 1.13
     steps:
     - name: Harden Runner
       uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0

README.md

@@ -1,6 +1,6 @@
 # Functions Framework for Go
 
-[![GoDoc](https://godoc.org/github.com/GoogleCloudPlatform/functions-framework-go?status.svg)](http://godoc.org/github.com/GoogleCloudPlatform/functions-framework-go) [![Go version](https://img.shields.io/badge/go-v1.11+-blue)](https://golang.org/dl/#stable)
+[![GoDoc](https://godoc.org/github.com/GoogleCloudPlatform/functions-framework-go?status.svg)](http://godoc.org/github.com/GoogleCloudPlatform/functions-framework-go) [![Go version](https://img.shields.io/badge/go-v1.18+-blue)](https://golang.org/dl/#stable)
 
 [![Go unit CI][ff_go_unit_img]][ff_go_unit_link] [![Go lint CI][ff_go_lint_img]][ff_go_lint_link] [![Go conformace CI][ff_go_conformance_img]][ff_go_conformance_link]  ![Security Scorecard](https://api.securityscorecards.dev/projects/github.com/GoogleCloudPlatform/functions-framework-go/badge)
 
@@ -44,7 +44,7 @@ handling logic.
 
 ## Quickstart: Hello, World on your local machine
 
-1. Install Go 1.11+.
+1. Install Go 1.18+.
 
 1. Create a Go module:
 	```sh

go.mod

@@ -1,10 +1,19 @@
 module github.com/GoogleCloudPlatform/functions-framework-go
 
-go 1.11
+go 1.18
 
 require (
 	cloud.google.com/go/functions v1.16.2
-	cloud.google.com/go/logging v1.10.0 // indirect
-	github.com/cloudevents/sdk-go/v2 v2.14.0
+	github.com/cloudevents/sdk-go/v2 v2.15.2
 	github.com/google/go-cmp v0.6.0
 )
+
+require (
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/json-iterator/go v1.1.10 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421 // indirect
+	github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742 // indirect
+	go.uber.org/atomic v1.4.0 // indirect
+	go.uber.org/multierr v1.1.0 // indirect
+	go.uber.org/zap v1.10.0 // indirect
+)