chore: relax jwt dependency to allow v3#208
Merged
Conversation
Allow ruby-jwt v3 in addition to v2.x and add a CI matrix entry that pins jwt ~> 3.0 so compat is verified by tests, not just by inspection. Also tighten the JWT.decode call in spec/client_spec.rb to pass an explicit HS256 algorithm — relying on header-inferred algorithms is brittle across jwt versions. Co-Authored-By: Sérgio Patrício <sergiopatricio@users.noreply.github.com> Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
shaljam
requested review from
JimmyPettersson85,
nijeesh-stream and
vishalnarkhede
as code owners
sorbet/rbi/hidden-definitions/hidden.rbi declared StringScanner#initialize(*arg), which conflicts with sorbet's bundled stdlib RBI signature (arg0, arg1=T.unsafe(nil)) and made `srb tc` fail on Ruby 3.4. The latent error was masked because Ruby 3.4 has been getting cancelled by earlier matrix failures for months. This is a workaround; the root cause is a Ruby/Sorbet stdlib RBI mismatch and a future `srb rbi hidden-definitions` regen may re-add the line. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
shaljam
force-pushed
the
chore/jwt-v3-support
branch
from
ad1cf27 to
2e86461
Compare
The server renamed the canonical built-in blocklist from profanity_en_2020_v1 to profanity (chat PR #12716, MOD2-563). The list_blocklists API now returns the new name, so list/get specs that asserted on DEFAULT_BLOCKLIST were failing. Update the constant, the doc comments, and the moderation_spec literal to match. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
shaljam
force-pushed
the
chore/jwt-v3-support
branch
from
3396486 to
5338f30
Compare
nijeesh-stream
approved these changes
Apr 29, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
jwtconstraint in the gemspec to>= 2.10, < 4so apps can resolve to ruby-jwt v3 (originally proposed in Relax jwt dependency to allow v3 #207 by @sergiopatricio, fixes Support jwt gem 3.x #204).jwt ~> 3.0so v3 compatibility is verified by tests, not just by inspection.spec/client_spec.rbto pass an explicitHS256algorithm toJWT.decode— header-inferred algorithms have shifted across jwt major versions and are brittle.profanity_en_2020_v1blocklist name toprofanity.Test plan
Ruby 4.0 (jwt ~> 3.0)matrix entry passes🤖 Generated with Claude Code