[🐸 Frogbot] Update version of github.com/golang-jwt/jwt/v4 to 4.5.2

[github-actions]

📦 Vulnerable Dependencies

Severity	ID	Contextual Analysis	Direct Dependencies	Impacted Dependency	Fixed Versions
High	CVE-2025-30204	Not Covered	github.com/golang-jwt/jwt/v4:v4.5.1 github.com/jfrog/jfrog-cli-artifactory:v0.2.1 github.com/jfrog/jfrog-cli-core/v2:v2.58.2 github.com/jfrog/jfrog-client-go:v1.51.1	github.com/golang-jwt/jwt/v4 v4.5.1	[4.5.2]

🔖 Details

Vulnerability Details

Contextual Analysis:	Not Covered
Direct Dependencies:	github.com/golang-jwt/jwt/v4:v4.5.1, github.com/jfrog/jfrog-cli-artifactory:v0.2.1, github.com/jfrog/jfrog-cli-core/v2:v2.58.2, github.com/jfrog/jfrog-client-go:v1.51.1
Impacted Dependency:	github.com/golang-jwt/jwt/v4:v4.5.1
Fixed Versions:	[4.5.2]
CVSS V3:	7.5

golang-jwt is a Go implementation of JSON Web Tokens. Prior to
5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.

---

🐸 JFrog Frogbot

[github-actions]

---

🐸 JFrog Frogbot