[Bug] scan-and-fix-repos: Go module dependency paths use colons instead of slashes in `go get` commands

[shre-yash]

Describe the bug

Description

When running scan-and-fix-repos on a Go project, Frogbot attempts to fix vulnerable
dependencies using go get, but the module paths contain colons (:) instead of
slashes (/), causing all fixes to fail with "malformed module path" errors.

Environment

• Git Provider: Bitbucket Server
• CI: Jenkins
• Language: Go 1.24
• OS: Linux (Jenkins agent)

Current behavior

go get go.opentelemetry.io:otel:sdk@v1.40.0
go get github.com:golang:go@v1.25.8

Reproduction steps

1. Configure Frogbot with scan-and-fix-repos for a Go project
2. Repository has vulnerable dependencies (e.g., go.opentelemetry.io/otel/sdk < v1.40.0)
3. Run ./frogbot scan-and-fix-repos

Expected behavior

go get go.opentelemetry.io/otel/sdk@v1.40.0
go get github.com/golang/go@v1.25.8

JFrog Frogbot version

v2.31.0

Package manager info

Go, go.mod

Git provider

Bitbucket Server

JFrog Frogbot configuration yaml file

# frogbot-config.yml
# Documentation: https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot/setup-frogbot/frogbot-configuration
- params:
    git:
      repoName: "<repo name>"
      branches:
        - "f/jf-auto-scan"
    scan:
      # Scan Go modules for vulnerabilities
      includeAllVulnerabilities: true
      # Also fix vulnerable dependencies (create PRs)
      fixableOnly: false
      projects:
        - workingDirs:
            - "."
          # Exclude vendor directory — contains Go vendored deps with stray
          # package.json / setup.py files that trigger false npm/pip scans
          pathExclusions:
            - "*vendor*"
    jfrogPlatform:
      jfrogProjectKey: "<key>"

Operating system type and version

Unix, Jenkins Agent

JFrog Xray version

No response