Cut a new (v0.10.1) release because v0.10.0 has a bad checksum

[StevenACoffman]

In #467 you tagged a new release (it looks like twice, actually), so there was a different checksum associated with the tag for a short period of time. This caused GOSUMDB to immutably record the older (first) checksum. Any project that now transitively depends (even indirectly) on this library will not be able to successfully run go mod verify, even though that is considered a security best practice.

It would be nice if you could just cut a new release called v0.10.1 even if it points to the exact same commit:

git tag -a v0.10.1 e4169070f0eb4f85b0a79f3dc0519f286f04bc36 -m v0.10.1
git push origin v0.10.1

Or pick a different commit. 🤷

In the meantime, the workaround for downstream libraries and applications is this:

go get -d github.com/envoyproxy/go-control-plane@main
go mod edit -exclude github.com/envoyproxy/go-control-plane@v0.10.0

[jpeach]

@alecholmez WDYT?

[alecholmez]

Sorry folks, been away for a bit, I'll fix this today I'm not sure how the release got messed up

[alecholmez]

All please verify that the issue has been resolved. I've got a v0.10.1. I've tested locally and it seems good on my end. Sorry for the inconvenience folks.

[StevenACoffman]

Yay! Thanks very much! Locally and in my CI, you are all good now. Thanks!

$ go get -d github.com/envoyproxy/go-control-plane@v0.10.1
go: downloading github.com/envoyproxy/go-control-plane v0.10.1
go get: upgraded github.com/envoyproxy/go-control-plane v0.10.1-0.20211110031357-aee70403ed9e => v0.10.1

steve@Stevens-MBP: ~/Documents/git/districts-jobs/pkg on improvelog [!]
$ go mod verify
all modules verified