search

penglongli / gin-metrics

gin-gonic/gin metrics for prometheus.
MIT License
255 stars 61 forks source link

The new version triggers a security error #8

Closed furio closed 3 years ago

furio commented 3 years ago

If i try to get the new version i receive a version that is without the latest fix, if i skip the proxy i get this:

GOPROXY=direct go get -d github.com/penglongli/gin-metrics@v0.1.3
go: downloading github.com/penglongli/gin-metrics v0.1.3
verifying github.com/penglongli/gin-metrics@v0.1.3: checksum mismatch
        downloaded: h1:V9UZzIqmsIrYLVQbsScBe9r7UlxbN1SdjS3qFOyP9lE=
        go.sum:     h1:IxbEwCtybuq8weteK0AYpE+afxj2U1+qCYIcumy0eaQ=

SECURITY ERROR
This download does NOT match an earlier download recorded in go.sum.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.

Is it possible that v0.1.3 was already tagged somewhere?

Edit: Doing

GONOSUMDB=github.com/penglongli GOPROXY=direct go get -d

It works (skipping the securitiy for v0.1.3)

penglongli commented 3 years ago

Yeah...I once create a wrong release with v0.1.3 and i deleted it.

Now i create a v0.1.4 release version, try it again.

furio commented 3 years ago

With v0.1.4 works fine! Thanks!