@sergiught Hello, mentioning you as the main contributor of the repo.
As Auth0 clients we're facing the same issue and as we're working in a regulated domain it's a bit sensitive for us.
Would there be any chance you could look at this?
Thank you!

is there any update on this?
since go-jose 2.x has reached end-of-live we also get security warnings and need to react on that.
any chance that the open PR #275 will be merged in a timely manner?

Thank you very much

Im absolutely agreed with above users. Please update the dependecy it has a security vulnerability.

Hey folks, apologies for the delay as I have missed getting notified on this. Unfortunately I am no longer a maintainer of this project as I have transitioned to a new team, however I've immediately alerted the owning team and it will be looked at ASAP.

CC: @developerkunal, @arpit-jn

Hey folks,
I apologize for the delay in addressing this vulnerability; it was unfortunately overlooked. At this time, we're unable to upgrade to JoseV4 due to the breaking changes it would introduce, which would require a major version release. However, I’ve already scheduled improvements and version upgrades that will be included in an upcoming major release.

In the meantime, we’ve released a security patch to address the issue. If you encounter any further problems, please don’t hesitate to tag me or open a new issue, and I’ll respond as quickly as possible.

Thank you for your understanding.

What's the timeline for the upcoming major release that will include this support for jose v4? Anything contributors can help with?