At this moment, Artifactory is using the last update timestamp for local Go repositories when populating the version list. The issue with that is that older pseudo-versions of dependencies that are pushed to Artifactory using the JFrog CLI can show up as being newer. Here is one example from GoCenter:
There we have a pseudo-version from 2013 shows as the latest. This will cause the Go client to fail to resolve the latest version of a module when there are no tagged releases available (that is the scenario where it compares the timestamps to get to the latest version)
Since the JFrog CLI can upload the .info file as part of the Go Module publish operation and that this file contains the proper timestamp calculated by the Go client (usually the commit date) we should use that information when serving the list of versions.