diff --git a/keda-2.15.yaml b/keda-2.15.yaml
index f281f3703bf..238ee8cb5c0 100644
--- a/keda-2.15.yaml
+++ b/keda-2.15.yaml
@@ -1,7 +1,7 @@
 package:
   name: keda-2.15
   version: 2.15.1
-  epoch: 3
+  epoch: 4
   description: KEDA is a Kubernetes-based Event Driven Autoscaling component. It provides event driven scale for any container running in Kubernetes
   copyright:
     - license: Apache-2.0
@@ -28,6 +28,14 @@ pipeline:
       repository: https://github.com/kedacore/keda
       tag: v${{package.version}}
 
+  - uses: patch
+    with:
+      patches: remove-dgrijalva-jwt-go.patch
+
+  - uses: go/bump
+    with:
+      deps: github.com/golang-jwt/jwt/v4@v4.5.1
+
   - runs: |
       ARCH=$(go env GOARCH) make build
       mkdir -p "${{targets.destdir}}/usr/bin"
diff --git a/keda-2.15/remove-dgrijalva-jwt-go.patch b/keda-2.15/remove-dgrijalva-jwt-go.patch
new file mode 100644
index 00000000000..ebc28c9d21e
--- /dev/null
+++ b/keda-2.15/remove-dgrijalva-jwt-go.patch
@@ -0,0 +1,12 @@
+diff --git a/go.mod b/go.mod
+index b6eff2b66..205bcfab8 100644
+--- a/go.mod
++++ b/go.mod
+@@ -143,7 +143,6 @@ replace (
+ 	github.com/chzyer/logex => github.com/chzyer/logex v1.2.1
+ 
+ 	// https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-26160
+-	github.com/dgrijalva/jwt-go => github.com/golang-jwt/jwt/v4 v4.4.0
+ 	github.com/golang-jwt/jwt/v4 => github.com/golang-jwt/jwt/v4 v4.5.0
+ 
+ 	// opentelemetry cannot update to 1.25.0 according to the dependencies of google.golang.org/grpc