Skip to content

🌱 Bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 in /hack/tools #1000

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from

:seedling: Bump github.com/golang-jwt/jwt/v4 in /hack/tools

0ca5bd4
Select commit
Loading
Failed to load commit list.
Open

🌱 Bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 in /hack/tools #1000

:seedling: Bump github.com/golang-jwt/jwt/v4 in /hack/tools
0ca5bd4
Select commit
Loading
Failed to load commit list.
Bulwark-SpectroCloud / security-scans/govulncheck failed Jan 14, 2026 in 2m 49s

Govulncheck scan completed

⚠️ GoVulnCheck scan found vulnerabilities:

  1. GO-2025-3754
    • Module: github.com/cloudflare/circl
    • Found in: v1.3.7
    • Fixed in: v1.6.1
    • Example Traces:
      1. test/helpers/kubernetesversions/template.go:37:2: kubernetesversions.init calls framework.init, which eventually calls ed448.init
      2. test/helpers/kubernetesversions/template.go:37:2: kubernetesversions.init calls framework.init, which eventually calls goldilocks.init
      3. test/helpers/kubernetesversions/template.go:37:2: kubernetesversions.init calls framework.init, which eventually calls x25519.init
      4. test/helpers/kubernetesversions/template.go:37:2: kubernetesversions.init calls framework.init, which eventually calls ed25519.init
      5. test/helpers/kubernetesversions/template.go:37:2: kubernetesversions.init calls framework.init, which eventually calls ed25519.init
  2. GO-2025-3595
    • Module: golang.org/x/net
    • Found in: v0.33.0
    • Fixed in: v0.38.0
    • Example Traces:
      1. pkg/rosa/externalauthproviders.go:52:35: rosa.UpdateExternalAuth calls v1.Send, which eventually calls bluemonday.sanitize
  3. GO-2025-3553
    • Module: github.com/golang-jwt/jwt/v4
    • Found in: v4.5.1
    • Fixed in: v4.5.2
    • Example Traces:
      1. pkg/rosa/client.go:51:70: rosa.NewOCMClient calls ocm.Build, which eventually calls authentication.Build
  4. GO-2025-4123
    • Module: github.com/dvsekhvalnov/jose2go
    • Found in: v1.6.0
    • Fixed in: v1.7.0
    • Example Traces:
      1. pkg/rosa/client.go:51:70: rosa.NewOCMClient calls ocm.Build, which eventually calls keyring.Get

Please review these findings and fix the issues before merging.

Click 'View more details' to see the workflow run and detailed results in the Bulwark repository.

View more details on Bulwark-SpectroCloud