You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Our Dependabot jobs have started failing after updating Package Manager to rskey v0.5.2. Our builds run fine locally and in Jenkins, but Dependabot seems to get a different checksum.
I'm not sure if this is a bug in Dependabot, or an issue with how rskey's release process. I did find a few related issues:
updater | 2024/04/07 11:22:56 INFO <job_810900612> Failed to `go mod tidy`: go: downloading github.com/rstudio/rskey v0.5.2
updater | go: downloading github.com/rstudio/package-manager-rpackagerewriter v0.8.1
updater | verifying github.com/rstudio/[email protected]: checksum mismatch
updater | downloaded: h1:tXpyiEpd4PQf7ScIAMAOJ8c0cpjx4F5Vav9Yjc7oKHE=
updater | go.sum: h1:ux+HuTtUMSbC7RIpsK6LyOCoFvEUY32nflxwvX7VKhA=
updater |
updater | SECURITY ERROR
updater | This download does NOT match an earlier download recorded in go.sum.
updater | The bits may have been replaced on the origin server, or an attacker may
updater | have intercepted the download attempt.
updater |
updater | For more information, see 'go help module-auth'.
updater |
proxy | 2024/04/07 11:22:58 [170] GET https://proxy.golang.org:443/golang.org/x/sys/@v/list
proxy | 2024/04/07 11:22:58 [170] 200 https://proxy.golang.org:443/golang.org/x/sys/@v/list
updater | 2024/04/07 11:22:57 INFO <job_810900612> Handled error whilst updating golang.org/x/net: dependency_file_not_resolvable {:message=>"verifying github.com/rstudio/[email protected]: checksum mismatch"}
updater | 2024/04/07 11:22:58 INFO <job_810900612> Checking if golang.org/x/sys 0.18.0 needs updating
updater | 2024/04/07 11:22:58 INFO <job_810900612> Latest version is 0.19.0
updater | 2024/04/07 11:22:58 INFO <job_810900612> Requirements to unlock own
updater | 2024/04/07 11:22:58 INFO <job_810900612> Requirements update strategy
updater | 2024/04/07 11:22:58 INFO <job_810900612> Updating golang.org/x/sys from 0.18.0 to 0.19.0
proxy | 2024/04/07 11:22:58 [172] GET https://proxy.golang.org:443/golang.org/x/sys/@v/list
proxy | 2024/04/07 11:22:58 [172] 200 https://proxy.golang.org:443/golang.org/x/sys/@v/list
updater | 2024/04/07 11:22:58 INFO <job_810900612> Failed to `go mod tidy`: go: downloading github.com/rstudio/rskey v0.5.2
updater | go: downloading github.com/rstudio/package-manager-rpackagerewriter v0.8.1
updater | verifying github.com/rstudio/[email protected]: checksum mismatch
updater | downloaded: h1:tXpyiEpd4PQf7ScIAMAOJ8c0cpjx4F5Vav9Yjc7oKHE=
updater | go.sum: h1:ux+HuTtUMSbC7RIpsK6LyOCoFvEUY32nflxwvX7VKhA=
updater |
updater | SECURITY ERROR
updater | This download does NOT match an earlier download recorded in go.sum.
updater | The bits may have been replaced on the origin server, or an attacker may
updater | have intercepted the download attempt.
updater |
updater | For more information, see 'go help module-auth'.
updater |
proxy | 2024/04/07 11:22:59 [177] GET https://proxy.golang.org:443/golang.org/x/text/@v/list
updater | 2024/04/07 11:22:59 INFO <job_810900612> Handled error whilst updating golang.org/x/sys: dependency_file_not_resolvable {:message=>"verifying github.com/rstudio/[email protected]: checksum mismatch"}
Our Dependabot jobs have started failing after updating Package Manager to rskey v0.5.2. Our builds run fine locally and in Jenkins, but Dependabot seems to get a different checksum.
I'm not sure if this is a bug in Dependabot, or an issue with how rskey's release process. I did find a few related issues:
Example failing workflow: https://github.com/rstudio/package-manager/network/updates/810900612
The text was updated successfully, but these errors were encountered: