SREP-3402 - fix(CVE): Update jose2go to v1.7.0 to fix CVE-2025-63811

[MitaliBhalla]

What type of PR is this?

bug

What this PR does / Why we need it?

Updates github.com/dvsekhvalnov/jose2go from v1.6.0 to v1.7.0 to fix CVE-2025-63811 (GHSA-9mj6-hxhv-w67j), a High severity vulnerability.

Which Jira/Github issue(s) does this PR fix?

SREP-3402

Pre-checks

• Ran unit tests locally

[coderabbitai]

Important

Review skipped

Auto reviews are limited based on label configuration.

🚫 Review skipped — only excluded labels are configured. (1)

• do-not-merge/work-in-progress

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

Walkthrough

The pull request updates the Go toolchain version from 1.25.3 to 1.25.7 in both the Dockerfile and go.mod file. Additionally, a dependency on github.com/openshift-online/ocm-api-model/clientapi v0.0.448 is converted from indirect to direct, and an indirect dependency on github.com/dvsekhvalnov/jose2go is bumped from v1.6.0 to v1.7.0.

Changes

Cohort / File(s)	Summary
Toolchain Version Update Dockerfile, go.mod	Go toolchain version bumped from go1.25.3+auto to go1.25.7+auto in Dockerfile build stages and go.mod.
Dependency Management go.mod	Direct dependency added for github.com/openshift-online/ocm-api-model/clientapi v0.0.448 (converted from indirect). Indirect dependency github.com/dvsekhvalnov/jose2go bumped from v1.6.0 to v1.7.0.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

@MitaliBhalla: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 53.04%. Comparing base (005c98d) to head (a1628a5).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #895   +/-   ##
=======================================
  Coverage   53.04%   53.04%           
=======================================
  Files          86       86           
  Lines        6538     6538           
=======================================
  Hits         3468     3468           
  Misses       2609     2609           
  Partials      461      461           

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[feichashao]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: feichashao, MitaliBhalla

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [MitaliBhalla,feichashao]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment