JWT locked to ~> 2.x prevents upgrade to JWT v3

[attenzione]

Checklist

• The issue can be reproduced in the Rails sample app (or N/A).
• I have looked into the Readme and the Examples, and have not found a suitable solution or answer.
• I have looked into the API documentation and have not found a suitable solution or answer.
• I have searched the issues and have not found a suitable solution or answer.
• I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• I agree to the terms within the Auth0 Code of Conduct.

Description

The jwt gem released version 3 back in mid-2025, and most gems have since updated to support 3.x.

Currently, this gem restricts the jwt dependency to ~> 2. Bundler is forced to downgrade gems to satisfy this gem's outdated constraint.

Please consider updating the dependency constraint to support jwt v3.

Reproduction

1. upgrade omniauth-auth0 to v.3.2.0
2. jwt is downgraded from v3 to v2

Additional context

No response

omniauth-auth0 version

3.2.0

OmniAuth version

2.1.4

Ruby version

4.0.2

[mdking]

Important to note there is also this CVE that relates to using the earlier version, GHSA-c32j-vqhx-rx3x

The auth0 gem had the jwt gem issue discussedin auth0/ruby-auth0#690