Request to Update go-jose Dependency to Address Security Vulnerability

[surendrasake]

Hi Team,
We’ve identified that the latest version of the Confluent Kafka Go client (v2.11.0) includes a dependency on go-jose v4.0.4, which has a known vulnerability flagged by Black Duck (BD).
As this dependency is used transitively, we are currently suppressing the BD alert. However, we kindly request that you consider updating the go-jose library to a version that addresses this vulnerability in a future release.
Please let us know if there are any constraints or if a fix is already planned.
Thanks for your support!
Best regards,
Surendra Babu