Previously, we were manually modifying `go.mod` for the dep we wanted to
bump, then running `go get` to update `go.sum` and run the MVS algorithm
to determine if any other changes needed to be made to `go.mod`.

However, this caused a few problems:
* the `go` docs/comments on github issues consistently recommend _not_
editing `go.mod` directly, but instead use `go get` to update it.
* We have to copy/paste in private methods from upstream, and it's a
pain to keep those in sync: #3580
* When `go get` sees that `go.mod` is in a state that has a version
which it can't find in `go.sum`, then it _appears_ (although I'm not
100% certain) to try to recover by doing a bunch of additional checks to
ensure it fixes the dep graph correctly. I saw @bcmills mention
something along these lines in a github issue although I'm afraid I
can't find the exact reference now. Compare to if `go get` is run
against a `go.mod` that has a matching (`tidy`'d) `go.sum`, it appears
to skip those checks. That seems to be the root cause of #3526 where
those checks result in an impossible-to-recover-from-situation. (Side
note: that problem looks like it will get resolved in `go 1.17` via the
new [lazy module loading](http://golang.org/design/36460-lazy-module-loading).)
* In some cases, we're doing an unecessary write to disk since `go.mod`
gets written by us and then re-written by `go get`. That could be a
single write.

Instead of doing all this munging, we can simply pass our desired
version to `go get -d <dep>@<version>` and it will handle updating
`go.mod` and `go.sum`.

Experimenting locally, this fixes #3526 which I was previously hitting
in multiple repos. They all work now.

It also lets us do some code cleanup, skip an uneccessary write-to-disk,
become more idiomatic, and reduce the risk of our logic for updating
`go.mod` from diverging from upstream.

…o-get-mutate-go.mod

This is tricky.
*
aa67f7d
removed catching the error, because `go mod tidy` didn't flag it.
* #3233 put it back
because in `go 1.16`, `go get -d` started flagging the error again.
* Now that we're switching from `go get -d` to `go get -d
<dep>@<version>` this error is no longer thrown. Instead the
`go.mod` file gets updated.

…o-get-mutate-go.mod

…er.rb


Relax the regex to match both `go get` and `go mod` errors. Discussion here: https://github.com/dependabot/dependabot-core/pull/3590/files#r623710361

…o-get-mutate-go.mod

This was resolved in
5bfdf42#diff-491ccbbf0ae3cfe37dca8fba172104cc5466631d946daf9639deac37b014692eR44.

…o-get-mutate-go.mod