diff --git a/.github/workflows/lint_code.yml b/.github/workflows/lint_code.yml
index 2c857da..7a65c96 100644
--- a/.github/workflows/lint_code.yml
+++ b/.github/workflows/lint_code.yml
@@ -2,7 +2,7 @@ name: "[CI] Lint"
 on: "push"
 
 env:
-  RUBY_VERSION: 2.7.1
+  RUBY_VERSION: 3.2.2
 
 jobs:
   lint:
@@ -13,7 +13,7 @@ jobs:
         if: "github.ref != 'refs/heads/develop'"
         env:
           GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
-      - uses: actions/checkout@v2.0.0
+      - uses: actions/checkout@v3
         with:
           fetch-depth: 1
       - uses: ruby/setup-ruby@v1
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 8f1c7b7..e9cc95a 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -2,7 +2,7 @@ name: Tests
 on: "push"
 
 env:
-  RUBY_VERSION: 2.7.1
+  RUBY_VERSION: 3.2.2
 
 jobs:
   tests:
@@ -13,13 +13,13 @@ jobs:
         if: "github.ref != 'refs/heads/master' || github.ref != 'refs/heads/develop'"
         env:
           GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
-      - uses: actions/checkout@v2.0.0
+      - uses: actions/checkout@v3
         with:
           fetch-depth: 1
       - uses: ruby/setup-ruby@v1
         with:
           ruby-version: ${{ env.RUBY_VERSION }}
           bundler-cache: true
-      - uses: nanasess/setup-chromedriver@v1.0.1
+      - uses: nanasess/setup-chromedriver@v2
       - run: bundle exec rspec
         name: RSpec
diff --git a/.rubocop.yml b/.rubocop.yml
index e72c634..a20f336 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -1,6 +1,5 @@
-require:
+plugins:
   - rubocop-rspec
-
 # Common configuration.
 AllCops:
   # Default formatter will be used if no -f/--format option is given.
@@ -53,7 +52,7 @@ AllCops:
   # If a value is specified for TargetRubyVersion then it is used.
   # Else if .ruby-version exists and it contains an MRI version it is used.
   # Otherwise we fallback to the oldest officially supported Ruby version (2.0).
-  TargetRubyVersion: 2.7
+  TargetRubyVersion: 3.2.2
   SuggestExtensions: false
 
   RSpec:
@@ -1217,11 +1216,12 @@ RSpec/LeakyConstantDeclaration:
 RSpec/DescribedClass:
   Enabled: false
 
-RSpec/FilePath:
+RSpec/SpecFilePathFormat:
+  Enabled: true
   Exclude:
     - "spec/omniauth/strategies/publik_spec.rb"
 # This is the default configuration file.
 
 RSpec/VerifiedDoubleReference:
   Exclude:
-    - "spec/omniauth/strategies/publik_spec.rb"
\ No newline at end of file
+    - "spec/omniauth/strategies/publik_spec.rb"
diff --git a/.ruby-version b/.ruby-version
index 860487c..be94e6f 100644
--- a/.ruby-version
+++ b/.ruby-version
@@ -1 +1 @@
-2.7.1
+3.2.2
diff --git a/Gemfile b/Gemfile
index b27fa89..4e5ebff 100644
--- a/Gemfile
+++ b/Gemfile
@@ -7,7 +7,7 @@ gemspec
 
 group :test do
   gem "byebug"
-  gem "rack", ">= 1.6.2"
+  gem "rack", "~> 2.2"
   gem "rack-test"
-  gem "rspec", "~> 3.0"
+  gem "rspec", "~> 3.1"
 end
diff --git a/omniauth-publik.gemspec b/omniauth-publik.gemspec
index 1d3bd39..54ef4ec 100644
--- a/omniauth-publik.gemspec
+++ b/omniauth-publik.gemspec
@@ -13,19 +13,20 @@ Gem::Specification.new do |spec|
   spec.summary = "OmniAuth strategy for Publik"
   spec.description = "OmniAuth strategy for Publik"
   spec.homepage = "https://github.com/OpenSourcePolitics/omniauth-publik"
-  spec.required_ruby_version = ">= 2.7"
+  spec.required_ruby_version = ">= 3.2"
   spec.files = `git ls-files -z`.split("\x0").reject do |f|
     f.match(%r{^(test|spec|features)/})
   end
   spec.bindir = "exe"
   spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
-
-  spec.add_dependency "omniauth", "~> 2.0"
+  # rubocop:disable Gemspec/DevelopmentDependencies
+  spec.add_dependency "omniauth", "~> 2.1"
   spec.add_dependency "omniauth-oauth2", ">= 1.7.2", "< 2.0"
-  spec.add_development_dependency "bundler", "~> 2.3.4"
-  spec.add_development_dependency "rake", "~> 13.0"
-  spec.add_development_dependency "rubocop", "1.23"
+  spec.add_development_dependency "bundler", ">= 2.4"
+  spec.add_development_dependency "rake", "~> 13.2"
+  spec.add_development_dependency "rubocop", "~> 1.69"
   spec.add_development_dependency "rubocop-rspec"
+  # rubocop:enable Gemspec/DevelopmentDependencies
   spec.metadata["rubygems_mfa_required"] = "true"
 end
diff --git a/spec/omniauth/strategies/publik_spec.rb b/spec/omniauth/strategies/publik_spec.rb
index 117e459..4df9ba0 100644
--- a/spec/omniauth/strategies/publik_spec.rb
+++ b/spec/omniauth/strategies/publik_spec.rb
@@ -62,7 +62,7 @@
       let(:client_site) { "http : // example.com" }
 
       it "raises an ArgumentError" do
-        expect { subject.client.site }.to raise_error(URI::InvalidURIError, "bad URI(is not URI?): \"http : // example.com\"")
+        expect { subject.client.site }.to raise_error(URI::InvalidURIError, "bad URI (is not URI?): \"http : // example.com\"")
       end
 
       it "can't define authorize url" do
@@ -85,8 +85,7 @@
 
   describe "#callback_url" do
     before do
-      allow(strategy).to receive(:full_host).and_return("https://example.com")
-      allow(strategy).to receive(:script_name).and_return("/sub_uri")
+      allow(strategy).to receive_messages(full_host: "https://example.com", script_name: "/sub_uri")
     end
 
     it "is a combination of host, script name, and callback path" do