CVE-2025-30204: update golang-jwt

[artem-panchenko]

Please consider merging this small security patch and then issue a new 1.3.2 release if the release-1.3 branch is still maintained. Thanks!

[FeynmanZhou]

Hi @artem-panchenko , thanks for your contribution! Would you mind sign off your git commit? See the details at https://github.com/notaryproject/notation/pull/1249/checks?check_run_id=39909230540.

We will discuss about the release of a security patch in the next community meeting.

If you have any questions, feel free to join the slack channel to connect with the community.

[ghost]

LGTM

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 70.65%. Comparing base (394fd06) to head (d8636f3).
Report is 1 commits behind head on release-1.3.

Additional details and impacted files

@@             Coverage Diff              @@
##           release-1.3    #1249   +/-   ##
============================================
  Coverage        70.65%   70.65%           
============================================
  Files               48       48           
  Lines             2944     2944           
============================================
  Hits              2080     2080           
  Misses             671      671           
  Partials           193      193           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[JeyJeyGao]

LGTM

[JeyJeyGao]

Hi @artem-panchenko , the merge is blocked due to a missing commit signature. Could you please sign your commit? Thanks!

[artem-panchenko]

@JeyJeyGao Done. Thanks!