league/oauth2-server depends on lcobucci/jwt; we currently use dev-v9.0.0-alpha as 9.0.0 (!) which depends on lcobucci/jwt ^3.4||^4.0. We have v3.4.0 installed, which supports ^5.6||^7.0. There are later 3.x releases, but no support increases. v4.0.0 supports ^7.4||^8.0.
We don't have a way to support both the 3.4 version that supports 7.2 and the 4.0 version that supports 8.0, so it's unclear how we'd fix this.