4 files changed, 7 insertions, 4 deletions

diff --git a/services/auth/source/oauth2/jwtsigningkey.go b/services/auth/source/oauth2/jwtsigningkey.go
index 33bd3648e7..ff0d426e22 100644
--- a/services/auth/source/oauth2/jwtsigningkey.go
+++ b/services/auth/source/oauth2/jwtsigningkey.go
@@ -22,7 +22,7 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
 
-	"github.com/golang-jwt/jwt/v4"
+	"github.com/golang-jwt/jwt/v5"
 )
 
 // ErrInvalidAlgorithmType represents an invalid algorithm error.
diff --git a/services/auth/source/oauth2/token.go b/services/auth/source/oauth2/token.go
index 612c9db8cf..3405619d3f 100644
--- a/services/auth/source/oauth2/token.go
+++ b/services/auth/source/oauth2/token.go
@@ -9,7 +9,7 @@ import (
 
 	"code.gitea.io/gitea/modules/timeutil"
 
-	"github.com/golang-jwt/jwt/v4"
+	"github.com/golang-jwt/jwt/v5"
 )
 
 // ___________     __
@@ -50,6 +50,9 @@ func ParseToken(jwtToken string, signingKey JWTSigningKey) (*Token, error) {
 	if err != nil {
 		return nil, err
 	}
+	if !parsedToken.Valid {
+		return nil, fmt.Errorf("invalid token")
+	}
 	var token *Token
 	var ok bool
 	if token, ok = parsedToken.Claims.(*Token); !ok || !parsedToken.Valid {
diff --git a/services/lfs/server.go b/services/lfs/server.go
index cc0ec73105..58b4663345 100644
--- a/services/lfs/server.go
+++ b/services/lfs/server.go
@@ -32,7 +32,7 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/storage"
 
-	"github.com/golang-jwt/jwt/v4"
+	"github.com/golang-jwt/jwt/v5"
 	"github.com/minio/sha256-simd"
 )
 
diff --git a/services/packages/auth.go b/services/packages/auth.go
index 41d3a0a825..2f78b26f50 100644
--- a/services/packages/auth.go
+++ b/services/packages/auth.go
@@ -13,7 +13,7 @@ import (
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 
-	"github.com/golang-jwt/jwt/v4"
+	"github.com/golang-jwt/jwt/v5"
 )
 
 type packageClaims struct {