compose (original) (raw)

There is a vulnerability in an older version of the golang-jwt package GHSA-mh63-6h87-95cp. The issue was reported here #12701.

What I did
Update github.com/DefangLabs/secret-detector to latest v0.0.0-20250403165618-22662109213e which now uses the latest version of github.com/golang-jwt/jwt/v5 v5.2.2 which contains the fix for the vulnerability.

Related issue

closes #12701.

Not sure how it relates but here is a Mandarin Duck