What happened:
Tried to run Grype using go run ... or install it using go install ...

What you expected to happen:
Expected Go to download all needed modules, compile the main binary and run or install it.

How to reproduce it (as minimally and precisely as possible):

$ go run github.com/anchore/grype/cmd/grype@latest
go: github.com/anchore/grype/cmd/grype@latest (in github.com/anchore/grype@v0.95.0):
        The go.mod file for the module providing named packages contains one or
        more replace directives. It must not contain directives that would cause
        it to be interpreted differently than if it were the main module.
$ go install github.com/anchore/grype/cmd/grype@latest
go: github.com/anchore/grype/cmd/grype@latest (in github.com/anchore/grype@v0.95.0):
        The go.mod file for the module providing named packages contains one or
        more replace directives. It must not contain directives that would cause
        it to be interpreted differently than if it were the main module.

Anything else we need to know?:

The offending replace directive in go.mod file of v0.95.0:

has no other effect at all, because the Go docs: https://go.dev/ref/mod#go-mod-file-replace specify:

If a version is present on the left side of the arrow (=>), only that specific version of the module is replaced; other versions will be accessed normally. If the left version is omitted, all versions of the module are replaced.

And the referenced version is different

Either the replace directive should be removed or updated with correct versions if it is still needed (unlikely, since redirect had no effect in few last releases and v v1.33.0 was retracted in https://gitlab.com/cznic/sqlite/-/commit/ad49d64f87afece63ad1c34869fe805c8962e1dd ).

Environment:

• Output of grype version: N/A (didn't run, but tried to use latest which meant v0.95.0 at the time)
• OS (e.g: cat /etc/os-release or similar): N/A