You cannot invalidate JWT tokens
This is simple not true. You ALWAYS will sign your tokens with a well known secret, you could eventually even add some salt from a database to it.
I think one of the benefits of some (most?) JWT implementations is that it doesn't hit the database on every request - the token is only validated against a global secret.
We called them and begged them to give us an extension so we could perform the release, and their sales rep treated us like we were the irresponsible ones for not reading the emails they had sent us carefully enough.
We've since moved to Vercel and will never use Netlify again because of the way they managed this.