Bump github.com/lestrrat-go/jwx/v3 from 3.0.12 to 3.0.13

[dependabot]

Bumps github.com/lestrrat-go/jwx/v3 from 3.0.12 to 3.0.13.

Release notes

Sourced from github.com/lestrrat-go/jwx/v3's releases.

v3.0.13

What's Changed

• Pass value of WithContext to jws.Verify by @​lestrrat in lestrrat-go/jwx#1483
• Bump golangci/golangci-lint-action from 8.0.0 to 9.0.0 by @​dependabot[bot] in lestrrat-go/jwx#1490
• Bump actions/checkout from 5.0.0 to 5.0.1 by @​dependabot[bot] in lestrrat-go/jwx#1494
• Bump actions/setup-go from 6.0.0 to 6.1.0 by @​dependabot[bot] in lestrrat-go/jwx#1500
• Bump golang.org/x/crypto from 0.43.0 to 0.45.0 by @​dependabot[bot] in lestrrat-go/jwx#1499
• Bump golang.org/x/crypto from 0.39.0 to 0.45.0 in /cmd/jwx by @​dependabot[bot] in lestrrat-go/jwx#1495
• Bump actions/checkout from 5.0.1 to 6.0.0 by @​dependabot[bot] in lestrrat-go/jwx#1504
• Bump golang.org/x/crypto from 0.43.0 to 0.45.0 in /tools/cmd/genoptions by @​dependabot[bot] in lestrrat-go/jwx#1502
• Bump golangci/golangci-lint-action from 9.0.0 to 9.1.0 by @​dependabot[bot] in lestrrat-go/jwx#1506
• Fix document for (jwk.Set).LookupKeyID by @​lestrrat in lestrrat-go/jwx#1508
• Bump golang.org/x/crypto from 0.43.0 to 0.45.0 in /tools/cmd/genjwt by @​dependabot[bot] in lestrrat-go/jwx#1509
• Bump actions/stale from 10.1.0 to 10.1.1 by @​dependabot[bot] in lestrrat-go/jwx#1514
• Bump golangci/golangci-lint-action from 9.1.0 to 9.2.0 by @​dependabot[bot] in lestrrat-go/jwx#1515
• Bump actions/checkout from 6.0.0 to 6.0.1 by @​dependabot[bot] in lestrrat-go/jwx#1516
• Update httprc by @​lestrrat in lestrrat-go/jwx#1518
• Bump actions/cache from 4.3.0 to 5.0.1 by @​dependabot[bot] in lestrrat-go/jwx#1525
• Appease linter (v2.7.2) by @​lestrrat in lestrrat-go/jwx#1526
• Bump golang.org/x/crypto from 0.45.0 to 0.46.0 by @​dependabot[bot] in lestrrat-go/jwx#1520
• Add permissions by @​lestrrat in lestrrat-go/jwx#1528
• Bump github.com/valyala/fastjson from 1.6.4 to 1.6.7 by @​dependabot[bot] in lestrrat-go/jwx#1524
• Fix Clone() by @​lestrrat in lestrrat-go/jwx#1530

Full Changelog: lestrrat-go/jwx@v3.0.12...v3.0.13

Changelog

Sourced from github.com/lestrrat-go/jwx/v3's changelog.

v3.0.13 12 Jan 2026

• [jwt] The jwt.WithContext() option is now properly being passed to jws.Verify() from jwt.Parse().
• [jwx] github.com/lestrrat-go/httprc/v3 has been upgraded to remove dependency on github.com/lestrrat-go/option (v1)
• [jwk] jwk.Clone() has been fixed to properly work with private fields.

Commits

• 163a6e9 Update Changes
• b9bf60f Fix Clone() (#1530)
• 58c3e9a Bump github.com/valyala/fastjson from 1.6.4 to 1.6.7 (#1524)
• 9bc2796 Add permissions (#1528)
• 5cba31b Bump golang.org/x/crypto from 0.45.0 to 0.46.0 (#1520)
• ee9f640 Appease linter (v2.7.2) (#1526)
• 6514988 Bump actions/cache from 4.3.0 to 5.0.1 (#1525)
• 4400003 Update httprc (#1518)
• cc93a1a Bump actions/checkout from 6.0.0 to 6.0.1 (#1516)
• a7d1b6e Bump golangci/golangci-lint-action from 9.1.0 to 9.2.0 (#1515)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[deepsource-io]

Here's the code health analysis summary for commits 5366c47..0d21d52. View details on DeepSource ↗.

Analysis Summary

Analyzer	Status	Summary	Link
Go	✅ Success		View Check ↗
Test coverage	✅ Success		View Check ↗

Code Coverage Report

Metric	Aggregate	Go
Composite Coverage	47.7%	47.7%
Line Coverage	47.7%	47.7%

---

💡 If you’re a repository administrator, you can configure the quality gates from the settings.