[🐸 Frogbot] Update version of github.com/golang-jwt/jwt/v4 to 4.5.2

[github-actions]

📦 Vulnerable Dependencies

Severity	ID	Contextual Analysis	Direct Dependencies	Impacted Dependency	Fixed Versions
High	CVE-2025-30204	Missing Context	github.com/jfrog/jfrog-cli-security:v1.14.1 github.com/jfrog/jfrog-client-go:v1.49.1 github.com/golang-jwt/jwt/v4:v4.5.1 github.com/jfrog/jfrog-cli-core/v2:v2.57.7	github.com/golang-jwt/jwt/v4 v4.5.1	[4.5.2]

🔖 Details

Vulnerability Details

Jfrog Research Severity:	Medium
Contextual Analysis:	Missing Context
Direct Dependencies:	github.com/jfrog/jfrog-cli-security:v1.14.1, github.com/jfrog/jfrog-client-go:v1.49.1, github.com/golang-jwt/jwt/v4:v4.5.1, github.com/jfrog/jfrog-cli-core/v2:v2.57.7
Impacted Dependency:	github.com/golang-jwt/jwt/v4:v4.5.1
Fixed Versions:	[4.5.2]
CVSS V3:	7.5

Unbounded resource consumption in golang-jwt can lead to denial of service when an attacker client sends a malformed token.

🔬 JFrog Research Details

Description:
A design bug in Go golang-jwt module may lead to denial of service when an attacker sends a malformed token to a server.

The parse.ParseUnverified() function starts with:

func (p *Parser) ParseUnverified(tokenString string, claims Claims) (token *Token, parts []string, err error) {
 	parts = strings.Split(tokenString, ".")
 	if len(parts) != 3 {
 		return nil, parts, newError("token contains an invalid number of segments", ErrTokenMalformed)

If an attacker sends a token which has many dots (e.g. 100000) the strings.Split() function might crash due to unexpected memory consumption which may lead to DoS.

---

🐸 JFrog Frogbot