fix(deps): update module github.com/golang-jwt/jwt/v4 to v4.5.1

This MR contains the following updates:

Package	Type	Update	Change
github.com/golang-jwt/jwt/v4	require	minor	v4.4.3 -> v4.5.1

---

Release Notes

golang-jwt/jwt

v4.5.1

Compare Source

Security

Unclear documentation of the error behavior in ParseWithClaims in <= 4.5.0 could lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by ParseWithClaims return both error codes. If users only check for the jwt.ErrTokenExpired using error.Is, they will ignore the embedded jwt.ErrTokenSignatureInvalid and thus potentially accept invalid tokens.

This issue was documented in https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r and fixed in this release.

Note: v5 was not affected by this issue. So upgrading to this release version is also recommended.

What's Changed

• Back-ported error-handling logic in ParseWithClaims from v5 branch. This fixes https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r.

Full Changelog: https://github.com/golang-jwt/jwt/compare/v4.5.0...v4.5.1

v4.5.0

Compare Source

What's Changed

• Allow strict base64 decoding by @​AlexanderYastrebov in https://github.com/golang-jwt/jwt/pull/259

Full Changelog: https://github.com/golang-jwt/jwt/compare/v4.4.3...v4.5.0

---

Configuration

📅 Schedule: "before 6am on Monday" in timezone Europe/Paris.

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

---

• If you want to rebase/retry this MR, click this checkbox.

---

This MR has been generated by Renovate Bot.