openshift
diff --git a/‎cmd/move-blobs/go.mod
Lines changed: 9 additions & 0 deletions b/‎cmd/move-blobs/go.mod
Lines changed: 9 additions & 0 deletions
diff --git a/‎go.mod
Lines changed: 1 addition & 2 deletions b/‎go.mod
Lines changed: 1 addition & 2 deletions
diff --git a/‎go.sum
Lines changed: 0 additions & 2 deletions b/‎go.sum
Lines changed: 0 additions & 2 deletions
diff --git a/‎pkg/storage/ibmcos/ibmcos.go
Lines changed: 1 addition & 1 deletion b/‎pkg/storage/ibmcos/ibmcos.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎vendor/github.com/golang-jwt/jwt/.gitignore
Lines changed: 0 additions & 4 deletions b/‎vendor/github.com/golang-jwt/jwt/.gitignore
Lines changed: 0 additions & 4 deletions
diff --git a/‎vendor/github.com/golang-jwt/jwt/LICENSE
Lines changed: 0 additions & 9 deletions b/‎vendor/github.com/golang-jwt/jwt/LICENSE
Lines changed: 0 additions & 9 deletions
diff --git a/‎vendor/github.com/golang-jwt/jwt/MIGRATION_GUIDE.md
Lines changed: 0 additions & 22 deletions b/‎vendor/github.com/golang-jwt/jwt/MIGRATION_GUIDE.md
Lines changed: 0 additions & 22 deletions
diff --git a/‎vendor/github.com/golang-jwt/jwt/README.md
Lines changed: 0 additions & 113 deletions b/‎vendor/github.com/golang-jwt/jwt/README.md
Lines changed: 0 additions & 113 deletions
@@ -29,3 +29,12 @@ require (
 	golang.org/x/sys v0.15.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 )
+
+
+replace (
+	// CVE-2025-30204
+	// By replacing we can avoid bumping the go version making the backport
+	// possible for old releases.
+	github.com/golang-jwt/jwt/v4 => github.com/golang-jwt/jwt/v4 v4.5.2
+	github.com/golang-jwt/jwt/v5 => github.com/golang-jwt/jwt/v5 v5.2.2
+)
@@ -25,7 +25,7 @@ require (
 	github.com/aws/aws-sdk-go v1.50.35
 	github.com/davecgh/go-spew v1.1.1
 	github.com/ghodss/yaml v1.0.0
-	github.com/golang-jwt/jwt v3.2.2+incompatible
+	github.com/golang-jwt/jwt/v5 v5.2.1
 	github.com/google/go-cmp v0.5.9
 	github.com/google/uuid v1.6.0
 	github.com/googleapis/gax-go/v2 v2.11.0
@@ -96,7 +96,6 @@ require (
 	github.com/go-stack/stack v1.8.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
-	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/cel-go v0.12.6 // indirect
 
@@ -730,8 +730,6 @@ github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5x
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d/go.mod h1:nnjvkQ9ptGaCkuDUx6wNykzzlUixGxvkme+H/lnzb+A=
-github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
-github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
 github.com/golang-jwt/jwt/v4 v4.5.2 h1:YtQM7lnr8iZ+j5q71MGKkNw9Mn7AjHM68uc9g5fXeUI=
 github.com/golang-jwt/jwt/v4 v4.5.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-jwt/jwt/v5 v5.2.2 h1:Rl4B7itRWVtYIHFrSNd7vhTiz9UpLdi6gZhZ3wEeDy8=
 
@@ -27,7 +27,7 @@ import (
 	"github.com/IBM/ibm-cos-sdk-go/service/s3/s3manager"
 	"github.com/IBM/platform-services-go-sdk/resourcecontrollerv2"
 	"github.com/IBM/platform-services-go-sdk/resourcemanagerv2"
-	"github.com/golang-jwt/jwt"
+	"github.com/golang-jwt/jwt/v5"
 	configapiv1 "github.com/openshift/api/config/v1"
 	imageregistryv1 "github.com/openshift/api/imageregistry/v1"
 	operatorapi "github.com/openshift/api/operator/v1"