pocke
commented
3 years ago I overlooked that omniauth-google-oauth2 v0.6.1 actually allows omniauth v2 (but v0.8.2 doesn't allow it), so now I do not have a strong motivation to upgrade omniauth-google-oauth2 gem. I still think relaxing the restrictions is better than now but it is not required for me.
Omniauth gem v2 has been released and it contains a security fix. https://github.com/omniauth/omniauth/releases/tag/v2.0.0
But the dependency reject using omniauth v2 because omniauth-google-oauth2 gem is pinned to v0.6 and it requires omniauth gem
< 2.So this patch relaxes the version restriction.
Personally I think no version restriction is better than using a restriction such as
< 3. The restriction blocks upgrading gem but the upgrading doesn't break anything in most cases. So I just removed the restriction.