Skip to content

Dependabot checksum mismatch in repo using gorm-crypto #19

Description

@julianbrust

Describe the bug
I encountered an issue with Dependabot being unable to resolve dependencies because it encounters a checksum mismatch with gorm-crypto.

updater | 2025/09/22 07:24:22 INFO <job_1054829> Handled error whilst updating golang.org/x/text: dependency_file_not_resolvable {message: "verifying github.com/pkasila/gorm-crypto@v1.0.3: checksum mismatch"}

I believe this mismatch is caused by commit a1976c0 which is not included in https://pkg.go.dev/github.com/pkasila/gorm-crypto@v1.0.3 but is tagged as v1.0.3.

I tried using the latest commit on main, and that resolved the Dependabot issue.

To Reproduce

  • create a repo with a go project
  • include gorm-crypto@v1.0.3
  • set up Dependabot in the repo and run a check

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions