That said, that kind of coordinated release is really
unpleasant, so this is one of the motivating problems for https://golang.org/issue/36460
(which I've been actively working on since basically the start of 2020).
I'm fairly confident that it will finally land in Go 1.17. After that — when the dependencies of the affected modules become lazy, all of the irrelevant dependencies of older-than-selected versions will just melt away! (A gleaming future lies ahead!)
We also made some more targeted fixes to `exclude` directives in Go 1.16, so that the excluded dependencies are completely expunged from the module dependency graph rather than dynamically upgraded to the next-higher release. So for now, the best workaround is probably: (1) upgrade to Go 1.16, (2) notch out the problematic dependency with an `exclude` directive, and (3) wait for the long-term fix to (finally!) land in the `go` command.
I understand that this is all very inconvenient, and I'm sorry that we weren't able to land the long-term fix in 1.16. 😞