go modules depencies:gopkg.in/square/go-jose.v2 vulnerabilities in api/go.mod

[ssignik]

Issue description

When running a trivy scan on apisix-dashboard v3.0.1 it reported several CVEs on the dependencies.
And when I try to fix these cves, They will be resolved except gopkg.in/square/go-jose.v2(https://github.com/square/go-jose/tree/v2.6.0), and it seems would not upgrade. Is it possible to replace gopkg.in/square/go-jose.v2 by other module? or there may be other ways to resolve it?

api/go.mod (gomod)

Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)

┌────────────────────────────┬────────────────┬──────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────┐
│          Library           │ Vulnerability  │ Severity │  Status  │ Installed Version │ Fixed Version │                        Title                         │
├────────────────────────────┼────────────────┼──────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────┤
│ gopkg.in/square/go-jose.v2 │ CVE-2024-28180 │ MEDIUM   │ affected │ 2.6.0             │               │ jose-go: improper handling of highly compressed data │
│                            │                │          │          │                   │               │ https://avd.aquasec.com/nvd/cve-2024-28180           │
└────────────────────────────┴────────────────┴──────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────┘

Expected behavior

fix this cve of gopkg.in/square/go-jose.v2-v2.6.0

How to Reproduce

1. git clone -b v3.0.1 https://github.com/apache/apisix-dashboard.git
2. cd apisix-dashboard
3. trivy fs .

Screenshots

No response

Environment

• apisix version (cmd: apisix version):
• OS (cmd: uname -a):
• OpenResty / Nginx version (cmd: nginx -V or openresty -V):
• etcd version, if have (cmd: run etcd --version):
• apisix-dashboard version, if have: 3.0.1
• Browser version, if have:

Additional context

No response