You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Just notifying here in case someone else had similar issue.
We got a dependabot PR bumping some versions and it had an incorrect hash in go.sum for gosnowflake@v1.4.3. Seems like it's related to #429 and the tag got moved after that fix.
We fixed the incorrect hash by just checking out the PR, deleting go.sum file and ran go mod tidy that then got the 'correct' (based on sum.golang.org) v1.4.3 version.
Example code
GOPATH=$(mktemp -d) GOPROXY=direct go mod download -json github.com/snowflakedb/gosnowflake@v1.4.3
Error log
{
"Path": "github.com/snowflakedb/gosnowflake",
"Version": "v1.4.3",
"Error": "github.com/snowflakedb/gosnowflake@v1.4.3: verifying module: checksum mismatch\n\tdownloaded: h1:+tTibBTNcJbaLxJjo7Gca23WzXM3n2dILCmMYhnk4Cg=\n\tsum.golang.org: h1:I+Ro+NAjusFWjamEB9cxJ1TLUd/nNyl15AoaqCZCk34=\n\nSECURITY ERROR\nThis download does NOT match the one reported by the checksum server.\nThe bits may have been replaced on the origin server, or an attacker may\nhave intercepted the download attempt.\n\nFor more information, see 'go help module-auth'.\n",
"Info": "/tmp/tmp.H4dOVPHsZz/pkg/mod/cache/download/github.com/snowflakedb/gosnowflake/@v/v1.4.3.info",
"GoMod": "/tmp/tmp.H4dOVPHsZz/pkg/mod/cache/download/github.com/snowflakedb/gosnowflake/@v/v1.4.3.mod",
"GoModSum": "h1:1kyg2XEduwti88V11PKRHImhXLK5WpGiayY6lFNYb98="
}
The text was updated successfully, but these errors were encountered:
Thank you for bringing this up. Unfortunately v1.4.3 has already been released and the check sum isn't something we can change after the fact. We will be more mindful of this moving forward.
Issue description
Just notifying here in case someone else had similar issue.
We got a dependabot PR bumping some versions and it had an incorrect hash in
go.sum
for gosnowflake@v1.4.3. Seems like it's related to #429 and the tag got moved after that fix.We fixed the incorrect hash by just checking out the PR, deleting
go.sum
file and rango mod tidy
that then got the 'correct' (based on sum.golang.org) v1.4.3 version.Example code
GOPATH=$(mktemp -d) GOPROXY=direct go mod download -json github.com/snowflakedb/gosnowflake@v1.4.3
Error log
The text was updated successfully, but these errors were encountered: