Insecure dependency, or a security attack

[bogdandrutu]

Welcome

• Yes, I'm using a binary release within 2 latest major releases. Only such installations are supported.
• Yes, I've searched similar issues on GitHub and didn't find any.
• Yes, I've included all information below (version, config, etc).
• Yes, I've tried with the standalone linter if available. (https://golangci-lint.run/usage/linters/)

Description of the problem

Security issue with one dependency:

go.opentelemetry.io/collector/internal/tools imports
        github.com/golangci/golangci-lint/cmd/golangci-lint imports
        github.com/golangci/golangci-lint/pkg/commands imports
        github.com/golangci/golangci-lint/pkg/lint/lintersdb imports
        github.com/golangci/golangci-lint/pkg/golinters imports
        github.com/blizzy78/varnamelen: github.com/blizzy78/varnamelen@v0.6.1: verifying module: checksum mismatch
        downloaded: h1:iYAU/3A6cpfRm2ZI0P/lece4jsc7GEbzsxTu+vBCChQ=
        sum.golang.org: h1:kttPCLzXFa+0nt++Cw9fb7GrSSM4KkyIAoX/vXsbuqA=

SECURITY ERROR
This download does NOT match the one reported by the checksum server.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.

Version of golangci-lint

$ golangci-lint --version
# Paste output here

v1.45.2 - cannot put the output here since I cannot run `go mod tidy` on my tools directory.

Configuration file

$ cat .golangci.yml
# paste output here

# paste output here

Go environment

$ go version && go env
# paste output here

go version go1.18 darwin/amd64

Verbose output of running

$ golangci-lint cache clean
$ golangci-lint run -v
# paste output here

# NO DERAILS

Code example or link to a public repository

// add your code here
No CODE

[boring-cyborg]

Hey, thank you for opening your first Issue ! 🙂 If you would like to contribute we have a guide for contributors.

[bogdandrutu]

Already done.

[ldez]

duplicate of #2683