Handle vulnerabilty against CVE-2025-30204

Hannes Hörlrequested to merge
hhoerl/38690-bump-golang-jwt into main

What does this MR do?

Handle vulnerabilty against CVE-2025-30204

Bump github.com/golang-jwt/jwt/v5 to v5.2.2, which we need for managing caches on Azure:

; go mod why github.com/golang-jwt/jwt/v5
# github.com/golang-jwt/jwt/v5
gitlab.com/gitlab-org/gitlab-runner/cache/azure
github.com/Azure/azure-sdk-for-go/sdk/azidentity
github.com/Azure/azure-sdk-for-go/sdk/azidentity.test
github.com/golang-jwt/jwt/v5
;

Why was this MR needed?

To not be vulnerable against CVE-2025-30204.

What's the best way to test this MR?

See the pipeline go green

What are the relevant issue numbers?

related: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/38690

Edited by Hannes Hörl

Merge request reports