Bug description
After seemingly a linter compliance PR, ruby-jwt version constraint changed from 2.x to 2.7.x.
#307
Currently, ruby-jwt has a CVE fix that's available under 2.10.3, but we cannot apply it.
jwt/ruby-jwt#725
Expected behavior
I believe, truelayer-signing gem should depend on jwt v2 and constraint the major upgrades, but not minor.
Bug description
After seemingly a linter compliance PR, ruby-jwt version constraint changed from
2.xto2.7.x.#307
Currently, ruby-jwt has a CVE fix that's available under 2.10.3, but we cannot apply it.
jwt/ruby-jwt#725
Expected behavior
I believe, truelayer-signing gem should depend on jwt v2 and constraint the major upgrades, but not minor.