You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
Currently argo-events depends on go-swagger/[email protected]. But go-swagger may have retagged version v0.31.0, so the checksum from the code in github does not match the checksum saved in sum.golang.org.
So when trying to download go-swagger directly from Github, the following error will occur.
root@iZj6c5flh0q5ax3d1ttfuhZ:~/temp# GOPROXY=direct go get github.com/go-swagger/[email protected]
go: downloading github.com/go-swagger/go-swagger v0.31.0
go: github.com/go-swagger/[email protected]: verifying module: checksum mismatch
downloaded: h1:s/T8gKzyNAUMFMyTWew6Vz3+rpT2MYKQD6ez1FlkRrs=
sum.golang.org: h1:H8eOYQnY2u7vNKWDNykv2xJP3pBhRG/R+SOCAmKrLlc=
SECURITY ERROR
This download does NOT match the one reported by the checksum server.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.
For more information, see 'go help module-auth'.
Describe the solution you'd like
It seems that go-swagger haven't released a fix yet, so downgrade version might be the way to avoid this. AFAIK, dependabot automatic upgrades go-swagger from v0.30.4 to v0.31.0, so downgrade to v0.30.4 might be a good choice.
Message from the maintainers:
If you wish to see this enhancement implemented please add a 👍 reaction to this issue! We often sort issues this way to know what to prioritize.
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
Currently
argo-events
depends ongo-swagger/[email protected]
. Butgo-swagger
may have retagged version v0.31.0, so the checksum from the code in github does not match the checksum saved in sum.golang.org.So when trying to download
go-swagger
directly from Github, the following error will occur.Describe the solution you'd like
It seems that go-swagger haven't released a fix yet, so downgrade version might be the way to avoid this. AFAIK, dependabot automatic upgrades go-swagger from v0.30.4 to v0.31.0, so downgrade to v0.30.4 might be a good choice.
Message from the maintainers:
If you wish to see this enhancement implemented please add a 👍 reaction to this issue! We often sort issues this way to know what to prioritize.
The text was updated successfully, but these errors were encountered: