From 17ea6503b22344694442d0f8add343ddab222033 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 May 2026 17:27:44 +0000
Subject: [PATCH 1/2] Bump github.com/go-jose/go-jose/v4 in /contrib/vfsevents

Bumps [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) from 4.1.3 to 4.1.4.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Commits](https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v4
  dependency-version: 4.1.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 contrib/vfsevents/go.mod | 2 +-
 contrib/vfsevents/go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/contrib/vfsevents/go.mod b/contrib/vfsevents/go.mod
index b7727e4e..53b8ae8a 100644
--- a/contrib/vfsevents/go.mod
+++ b/contrib/vfsevents/go.mod
@@ -54,7 +54,7 @@ require (
 	github.com/envoyproxy/go-control-plane/envoy v1.37.0 // indirect
 	github.com/envoyproxy/protoc-gen-validate v1.3.3 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/go-jose/go-jose/v4 v4.1.3 // indirect
+	github.com/go-jose/go-jose/v4 v4.1.4 // indirect
 	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/golang-jwt/jwt/v5 v5.3.1 // indirect
diff --git a/contrib/vfsevents/go.sum b/contrib/vfsevents/go.sum
index abc9834b..45d1edfc 100644
--- a/contrib/vfsevents/go.sum
+++ b/contrib/vfsevents/go.sum
@@ -131,8 +131,8 @@ github.com/fsouza/fake-gcs-server v1.54.0 h1:DGO4EkFVbtP/A5Ha+CAHHx+Xa6O6LeskMB4
 github.com/fsouza/fake-gcs-server v1.54.0/go.mod h1:ryXYE4debQs8GjOxwaOAwFRwM4Cvs6S+NKPPgdVJe6g=
 github.com/go-errors/errors v1.5.1 h1:ZwEMSLRCapFLflTpT7NKaAc7ukJ8ZPEjzlxt8rPN8bk=
 github.com/go-errors/errors v1.5.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
-github.com/go-jose/go-jose/v4 v4.1.3 h1:CVLmWDhDVRa6Mi/IgCgaopNosCaHz7zrMeF9MlZRkrs=
-github.com/go-jose/go-jose/v4 v4.1.3/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08=
+github.com/go-jose/go-jose/v4 v4.1.4 h1:moDMcTHmvE6Groj34emNPLs/qtYXRVcd6S7NHbHz3kA=
+github.com/go-jose/go-jose/v4 v4.1.4/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
 github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=

From 2bf33391ccea85ae0adaa512cc6c72bbd9ff3042 Mon Sep 17 00:00:00 2001
From: Phillip Clark <104393122+phillipc421@users.noreply.github.com>
Date: Tue, 12 May 2026 14:33:57 -0500
Subject: [PATCH 2/2] chore: update CHANGELOG.md

---
 contrib/vfsevents/CHANGELOG.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/contrib/vfsevents/CHANGELOG.md b/contrib/vfsevents/CHANGELOG.md
index b9d6e098..e6bd3f3c 100644
--- a/contrib/vfsevents/CHANGELOG.md
+++ b/contrib/vfsevents/CHANGELOG.md
@@ -6,6 +6,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Security
+- Update github.com/go-jose/go-jose/v4 to v4.1.4
+
 ### Security
 - Update go.opentelemetry.io/otel/sdk to v1.43.0