Security: Update github.com/golang-jwt/jwt/v5 to fix HIGH severity vulnerability

## Summary
Update `github.com/golang-jwt/jwt/v5` from v5.2.1 to v5.2.2 or later (v5.3.0 available) to address HIGH severity vulnerability GHSA-mh63-6h87-95cp.

## Vulnerability Details
- **CVE**: GHSA-mh63-6h87-95cp
- **Severity**: HIGH (CVSS 7.5)
- **Issue**: Excessive memory allocation during header parsing when processing untrusted JWT tokens
- **Current Version**: v5.2.1 (vulnerable)
- **Fixed In**: v5.2.2+
- **Latest Version**: v5.3.0

## Affected Files
- `go.mod` (repository root)
- `deploy/operator/go.mod`

## Remediation Steps
Since this is a transitive dependency, identify and update the direct dependencies that pull it in, or add a replace directive to force the fixed version:

```bash
# For root go.mod
cd <repo-root>
go get github.com/golang-jwt/jwt/v5@v5.3.0
go mod tidy
go test ./...

# For operator go.mod
cd deploy/operator
go get github.com/golang-jwt/jwt/v5@v5.3.0
go mod tidy
go test ./...
```

## References
- Original PR: https://github.com/jumpstarter-dev/jumpstarter-controller/pull/170
- Discussion: https://github.com/jumpstarter-dev/jumpstarter-controller/pull/170#discussion_r2451864479

---
_This issue was created as a follow-up to the security review in PR #170 at the request of @mangelajo._

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Security: Update github.com/golang-jwt/jwt/v5 to fix HIGH severity vulnerability #175

Summary

Vulnerability Details

Affected Files

Remediation Steps

References

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Security: Update github.com/golang-jwt/jwt/v5 to fix HIGH severity vulnerability #175

Description

Summary

Vulnerability Details

Affected Files

Remediation Steps

References

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions