v1.4.3 has incorrect checksum in sum.golang.org

[popsu]

Issue description

Just notifying here in case someone else had similar issue.

We got a dependabot PR bumping some versions and it had an incorrect hash in go.sum for gosnowflake@v1.4.3. Seems like it's related to #429 and the tag got moved after that fix.

We fixed the incorrect hash by just checking out the PR, deleting go.sum file and ran go mod tidy that then got the 'correct' (based on sum.golang.org) v1.4.3 version.

Example code

GOPATH=$(mktemp -d) GOPROXY=direct go mod download -json github.com/snowflakedb/gosnowflake@v1.4.3

Error log

{
        "Path": "github.com/snowflakedb/gosnowflake",
        "Version": "v1.4.3",
        "Error": "github.com/snowflakedb/gosnowflake@v1.4.3: verifying module: checksum mismatch\n\tdownloaded: h1:+tTibBTNcJbaLxJjo7Gca23WzXM3n2dILCmMYhnk4Cg=\n\tsum.golang.org: h1:I+Ro+NAjusFWjamEB9cxJ1TLUd/nNyl15AoaqCZCk34=\n\nSECURITY ERROR\nThis download does NOT match the one reported by the checksum server.\nThe bits may have been replaced on the origin server, or an attacker may\nhave intercepted the download attempt.\n\nFor more information, see 'go help module-auth'.\n",
        "Info": "/tmp/tmp.H4dOVPHsZz/pkg/mod/cache/download/github.com/snowflakedb/gosnowflake/@v/v1.4.3.info",
        "GoMod": "/tmp/tmp.H4dOVPHsZz/pkg/mod/cache/download/github.com/snowflakedb/gosnowflake/@v/v1.4.3.mod",
        "GoModSum": "h1:1kyg2XEduwti88V11PKRHImhXLK5WpGiayY6lFNYb98="
}

[sfc-gh-jbahk]

Thank you for bringing this up. Unfortunately v1.4.3 has already been released and the check sum isn't something we can change after the fact. We will be more mindful of this moving forward.