Go Mod Checksum Mismatch
verifying github.com/hashicorp/go-getter@v1.5.1: checksum mismatch
downloaded: h1:LZ49OxqBBtdKJymlpX7oTyqGBQRg4xxQDyPW4hzoZqM=
go.sum: h1:lM9sM02nvEApQGFgkXxWbhfqtyN+AyhQmi+MaMdBDOI=
SECURITY ERROR
This download does NOT match an earlier download recorded in go.sum.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.
For more information, see 'go help module-auth'.
What does go help module-auth tell us?
$ go help module-auth
When the go command downloads a module zip file or go.mod file into the
module cache, it computes a cryptographic hash and compares it with a known
value to verify the file hasn't changed since it was first downloaded. Known
hashes are stored in a file in the module root directory named go.sum. Hashes
may also be downloaded from the checksum database depending on the values of
GOSUMDB, GOPRIVATE, and GONOSUMDB.
For details, see https://golang.org/ref/mod#authenticating.
In my case I had both changed the Go version and changed to a much more recent version of the code base I was interested in.
The -modcache flag causes clean to remove the entire module download cache, including unpacked source code of versioned dependencies.
go clean -modcache
add missing and remove unused modules
go mod tidy