Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change the version of dependnecy 'go-swagger/go-swagger' #3263

Open
HappyHacker123 opened this issue Aug 27, 2024 · 0 comments
Open

Change the version of dependnecy 'go-swagger/go-swagger' #3263

HappyHacker123 opened this issue Aug 27, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@HappyHacker123
Copy link

HappyHacker123 commented Aug 27, 2024

Is your feature request related to a problem? Please describe.

Currently argo-events depends on go-swagger/[email protected]. But go-swagger may have retagged version v0.31.0, so the checksum from the code in github does not match the checksum saved in sum.golang.org.
So when trying to download go-swagger directly from Github, the following error will occur.

root@iZj6c5flh0q5ax3d1ttfuhZ:~/temp# GOPROXY=direct go get github.com/go-swagger/[email protected]
go: downloading github.com/go-swagger/go-swagger v0.31.0
go: github.com/go-swagger/[email protected]: verifying module: checksum mismatch
        downloaded: h1:s/T8gKzyNAUMFMyTWew6Vz3+rpT2MYKQD6ez1FlkRrs=
        sum.golang.org: h1:H8eOYQnY2u7vNKWDNykv2xJP3pBhRG/R+SOCAmKrLlc=

SECURITY ERROR
This download does NOT match the one reported by the checksum server.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.

For more information, see 'go help module-auth'.

Describe the solution you'd like
It seems that go-swagger haven't released a fix yet, so downgrade version might be the way to avoid this. AFAIK, dependabot automatic upgrades go-swagger from v0.30.4 to v0.31.0, so downgrade to v0.30.4 might be a good choice.


Message from the maintainers:

If you wish to see this enhancement implemented please add a 👍 reaction to this issue! We often sort issues this way to know what to prioritize.

@HappyHacker123 HappyHacker123 added the enhancement New feature or request label Aug 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

1 participant