diff --git a/CHANGELOG.md b/CHANGELOG.md
index eb2b9d1..3d27ff7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,7 @@
 
 ### Changes
 
+* Update `gopkg.in/square/go-jose.v2` to `github.com/go-jose/go-jose/v4`
 * Dependency updates
   * `github.com/docker/docker` v24.0.7+incompatible -> v24.0.9+incompatible
   * `github.com/go-jose/go-jose/v3` v3.0.1 -> v3.0.3
diff --git a/go.mod b/go.mod
index 0883d29..8c9fc7d 100644
--- a/go.mod
+++ b/go.mod
@@ -6,6 +6,7 @@ toolchain go1.21.3
 
 require (
 	github.com/cenkalti/backoff/v3 v3.2.2
+	github.com/go-jose/go-jose/v4 v4.0.2
 	github.com/hashicorp/go-hclog v1.6.2
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/go-secure-stdlib/fileutil v0.1.0
diff --git a/go.sum b/go.sum
index 01c73d3..8f884ad 100644
--- a/go.sum
+++ b/go.sum
@@ -50,6 +50,8 @@ github.com/frankban/quicktest v1.14.0 h1:+cqqvzZV87b4adx/5ayVOaYZ2CrvM4ejQvUdBzP
 github.com/frankban/quicktest v1.14.0/go.mod h1:NeW+ay9A/U67EYXNFA1nPE8e/tnQv/09mUdL/ijj8og=
 github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k=
 github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ=
+github.com/go-jose/go-jose/v4 v4.0.2 h1:R3l3kkBds16bO7ZFAEEcofK0MkrAJt3jlJznWZG0nvk=
+github.com/go-jose/go-jose/v4 v4.0.2/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
diff --git a/path_creds.go b/path_creds.go
index d15c968..72e712b 100644
--- a/path_creds.go
+++ b/path_creds.go
@@ -8,12 +8,13 @@ import (
 	"fmt"
 	"time"
 
+	"github.com/go-jose/go-jose/v4"
+	josejwt "github.com/go-jose/go-jose/v4/jwt"
 	"github.com/hashicorp/vault/sdk/framework"
 	"github.com/hashicorp/vault/sdk/helper/strutil"
 	"github.com/hashicorp/vault/sdk/helper/template"
 	"github.com/hashicorp/vault/sdk/logical"
 	"github.com/mitchellh/mapstructure"
-	josejwt "gopkg.in/square/go-jose.v2/jwt"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
 )
@@ -47,6 +48,12 @@ type nameMetadata struct {
 	RoleName    string
 }
 
+var allowedSignatureAlgs = []jose.SignatureAlgorithm{
+	jose.RS256,
+	jose.ES256,
+	jose.HS256,
+}
+
 func (b *backend) pathCredentials() *framework.Path {
 	forwardOperation := &framework.PathOperation{
 		Callback:                    b.pathCredentialsRead,
@@ -444,7 +451,7 @@ func createRoleWithWAL(ctx context.Context, client *client, s logical.Storage, n
 }
 
 func getTokenTTL(token string) (time.Duration, error) {
-	parsed, err := josejwt.ParseSigned(token)
+	parsed, err := josejwt.ParseSigned(token, allowedSignatureAlgs)
 	if err != nil {
 		return 0, err
 	}