Does github.com/sigstore/timestamp-authority CVE-2025-66564 affect jfrog-cli?

CVE-2025-66564 was reported against github.com/sigstore/timestamp-authority , which is an [indirect dependency](https://github.com/jfrog/jfrog-cli/blob/master/go.mod#L216) of jfrog-cli. Fix is included in timestamp-authority v2.0.3 and newer, while jfrog-cli included v1.2.9. Is jfrog-cli affected?