Skip to content

ci(repo): Version packages#9091

Open
clerk-cookie wants to merge 1 commit into
mainfrom
changeset-release/main
Open

ci(repo): Version packages#9091
clerk-cookie wants to merge 1 commit into
mainfrom
changeset-release/main

Conversation

@clerk-cookie

@clerk-cookie clerk-cookie commented Jul 6, 2026

Copy link
Copy Markdown
Collaborator

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

@clerk/clerk-js@6.25.0

Minor Changes

  • Add support for Clerk Protect mid-flow SDK challenges (protect_check) on both sign-up and sign-in. (#8329) by @zourzouvillys

    When the Protect antifraud service issues a challenge, responses now carry a protectCheck field
    with { status, token, sdkUrl, expiresAt?, uiHints? }. Clients resolve the gate by loading the
    SDK at sdkUrl, executing the challenge, and submitting the resulting proof token via
    signUp.submitProtectCheck({ proofToken }) or signIn.submitProtectCheck({ proofToken }). The
    response may carry a chained challenge, which the SDK resolves iteratively.

    Sign-in adds a new 'needs_protect_check' value to the SignInStatus union. Upgrading this
    package is type-only and does not change runtime behavior
    : the server returns the new status
    (and the protectCheck field) only for instances where Protect mid-flow challenges have been
    explicitly enabled — the feature is off by default and is not enabled for existing instances by
    upgrading. The server additionally only emits the new status value to SDK versions that
    understand it, so older clients never receive an unknown status.

    If an exhaustive switch on signIn.status flags the new value after upgrading, handle it by
    running the challenge described by protectCheck and submitting the proof via
    submitProtectCheck(). Clients should treat the protectCheck field as the authoritative gate
    signal and fall back to the status value for defense in depth.

    The pre-built <SignIn /> and <SignUp /> components handle the gate automatically by routing
    to a new protect-check route that runs the challenge SDK and resumes the flow on completion.

Patch Changes

  • Updated dependencies [f2d9e4b]:
    • @clerk/shared@4.25.0

@clerk/localizations@4.13.0

Minor Changes

  • Add support for Clerk Protect mid-flow SDK challenges (protect_check) on both sign-up and sign-in. (#8329) by @zourzouvillys

    When the Protect antifraud service issues a challenge, responses now carry a protectCheck field
    with { status, token, sdkUrl, expiresAt?, uiHints? }. Clients resolve the gate by loading the
    SDK at sdkUrl, executing the challenge, and submitting the resulting proof token via
    signUp.submitProtectCheck({ proofToken }) or signIn.submitProtectCheck({ proofToken }). The
    response may carry a chained challenge, which the SDK resolves iteratively.

    Sign-in adds a new 'needs_protect_check' value to the SignInStatus union. Upgrading this
    package is type-only and does not change runtime behavior
    : the server returns the new status
    (and the protectCheck field) only for instances where Protect mid-flow challenges have been
    explicitly enabled — the feature is off by default and is not enabled for existing instances by
    upgrading. The server additionally only emits the new status value to SDK versions that
    understand it, so older clients never receive an unknown status.

    If an exhaustive switch on signIn.status flags the new value after upgrading, handle it by
    running the challenge described by protectCheck and submitting the proof via
    submitProtectCheck(). Clients should treat the protectCheck field as the authoritative gate
    signal and fall back to the status value for defense in depth.

    The pre-built <SignIn /> and <SignUp /> components handle the gate automatically by routing
    to a new protect-check route that runs the challenge SDK and resumes the flow on completion.

Patch Changes

  • Updated dependencies [f2d9e4b]:
    • @clerk/shared@4.25.0

@clerk/react@6.12.0

Minor Changes

  • Add support for Clerk Protect mid-flow SDK challenges (protect_check) on both sign-up and sign-in. (#8329) by @zourzouvillys

    When the Protect antifraud service issues a challenge, responses now carry a protectCheck field
    with { status, token, sdkUrl, expiresAt?, uiHints? }. Clients resolve the gate by loading the
    SDK at sdkUrl, executing the challenge, and submitting the resulting proof token via
    signUp.submitProtectCheck({ proofToken }) or signIn.submitProtectCheck({ proofToken }). The
    response may carry a chained challenge, which the SDK resolves iteratively.

    Sign-in adds a new 'needs_protect_check' value to the SignInStatus union. Upgrading this
    package is type-only and does not change runtime behavior
    : the server returns the new status
    (and the protectCheck field) only for instances where Protect mid-flow challenges have been
    explicitly enabled — the feature is off by default and is not enabled for existing instances by
    upgrading. The server additionally only emits the new status value to SDK versions that
    understand it, so older clients never receive an unknown status.

    If an exhaustive switch on signIn.status flags the new value after upgrading, handle it by
    running the challenge described by protectCheck and submitting the proof via
    submitProtectCheck(). Clients should treat the protectCheck field as the authoritative gate
    signal and fall back to the status value for defense in depth.

    The pre-built <SignIn /> and <SignUp /> components handle the gate automatically by routing
    to a new protect-check route that runs the challenge SDK and resumes the flow on completion.

Patch Changes

  • Updated dependencies [f2d9e4b]:
    • @clerk/shared@4.25.0

@clerk/shared@4.25.0

Minor Changes

  • Add support for Clerk Protect mid-flow SDK challenges (protect_check) on both sign-up and sign-in. (#8329) by @zourzouvillys

    When the Protect antifraud service issues a challenge, responses now carry a protectCheck field
    with { status, token, sdkUrl, expiresAt?, uiHints? }. Clients resolve the gate by loading the
    SDK at sdkUrl, executing the challenge, and submitting the resulting proof token via
    signUp.submitProtectCheck({ proofToken }) or signIn.submitProtectCheck({ proofToken }). The
    response may carry a chained challenge, which the SDK resolves iteratively.

    Sign-in adds a new 'needs_protect_check' value to the SignInStatus union. Upgrading this
    package is type-only and does not change runtime behavior
    : the server returns the new status
    (and the protectCheck field) only for instances where Protect mid-flow challenges have been
    explicitly enabled — the feature is off by default and is not enabled for existing instances by
    upgrading. The server additionally only emits the new status value to SDK versions that
    understand it, so older clients never receive an unknown status.

    If an exhaustive switch on signIn.status flags the new value after upgrading, handle it by
    running the challenge described by protectCheck and submitting the proof via
    submitProtectCheck(). Clients should treat the protectCheck field as the authoritative gate
    signal and fall back to the status value for defense in depth.

    The pre-built <SignIn /> and <SignUp /> components handle the gate automatically by routing
    to a new protect-check route that runs the challenge SDK and resumes the flow on completion.

@clerk/ui@1.25.0

Minor Changes

  • Add support for Clerk Protect mid-flow SDK challenges (protect_check) on both sign-up and sign-in. (#8329) by @zourzouvillys

    When the Protect antifraud service issues a challenge, responses now carry a protectCheck field
    with { status, token, sdkUrl, expiresAt?, uiHints? }. Clients resolve the gate by loading the
    SDK at sdkUrl, executing the challenge, and submitting the resulting proof token via
    signUp.submitProtectCheck({ proofToken }) or signIn.submitProtectCheck({ proofToken }). The
    response may carry a chained challenge, which the SDK resolves iteratively.

    Sign-in adds a new 'needs_protect_check' value to the SignInStatus union. Upgrading this
    package is type-only and does not change runtime behavior
    : the server returns the new status
    (and the protectCheck field) only for instances where Protect mid-flow challenges have been
    explicitly enabled — the feature is off by default and is not enabled for existing instances by
    upgrading. The server additionally only emits the new status value to SDK versions that
    understand it, so older clients never receive an unknown status.

    If an exhaustive switch on signIn.status flags the new value after upgrading, handle it by
    running the challenge described by protectCheck and submitting the proof via
    submitProtectCheck(). Clients should treat the protectCheck field as the authoritative gate
    signal and fall back to the status value for defense in depth.

    The pre-built <SignIn /> and <SignUp /> components handle the gate automatically by routing
    to a new protect-check route that runs the challenge SDK and resumes the flow on completion.

Patch Changes

  • Fix the payment method form getting stuck in a loading state after a failed card setup. Non-validation errors such as 3DS authentication failures are now displayed. (#9080) by @aeliox

  • Fix tooltips rendering behind modals (for example on the organization profile Security page). Tooltips now layer above modal content, and pressing Escape or clicking outside while a tooltip is open inside a modal closes only the tooltip instead of also dismissing the modal. (#9093) by @alexcarpenter

  • Updated dependencies [f2d9e4b]:

    • @clerk/localizations@4.13.0
    • @clerk/shared@4.25.0

@clerk/astro@3.4.13

Patch Changes

  • Updated dependencies [f2d9e4b]:
    • @clerk/shared@4.25.0
    • @clerk/backend@3.11.1

@clerk/backend@3.11.1

Patch Changes

  • Updated dependencies [f2d9e4b]:
    • @clerk/shared@4.25.0

@clerk/chrome-extension@3.1.49

Patch Changes

  • Updated dependencies [3995e8a, f2d9e4b, f9afa48]:
    • @clerk/ui@1.25.0
    • @clerk/clerk-js@6.25.0
    • @clerk/react@6.12.0
    • @clerk/shared@4.25.0

@clerk/electron@0.0.10

Patch Changes

  • Updated dependencies [f2d9e4b]:
    • @clerk/clerk-js@6.25.0
    • @clerk/react@6.12.0
    • @clerk/shared@4.25.0

@clerk/expo@3.7.1

Patch Changes

  • Updated dependencies [f2d9e4b]:
    • @clerk/clerk-js@6.25.0
    • @clerk/react@6.12.0
    • @clerk/shared@4.25.0

@clerk/expo-passkeys@1.2.1

Patch Changes

  • Updated dependencies [f2d9e4b]:
    • @clerk/shared@4.25.0

@clerk/express@2.1.37

Patch Changes

  • Updated dependencies [f2d9e4b]:
    • @clerk/shared@4.25.0
    • @clerk/backend@3.11.1

@clerk/fastify@3.1.47

Patch Changes

  • Updated dependencies [f2d9e4b]:
    • @clerk/shared@4.25.0
    • @clerk/backend@3.11.1

@clerk/hono@0.1.47

Patch Changes

  • Updated dependencies [f2d9e4b]:
    • @clerk/shared@4.25.0
    • @clerk/backend@3.11.1

@clerk/nextjs@7.5.14

Patch Changes

  • Deprecate createRouteMatcher() in favor of resource-based auth checks. (#8994) by @Ephem

    Middleware-based auth checks rely on path matching, which can diverge from how Next.js routes requests and leave protected resources reachable.

    For a migration guide, see:
    https://clerk.com/docs/guides/development/upgrading/upgrade-guides/migrate-from-create-route-matcher

    Instead of protecting routes from middleware, move auth checks into each protected page, layout, API route, or Server Function, for example:

    import { auth } from '@clerk/nextjs/server'
    
    export default async function Page() {
      await auth.protect()
    
      return <h1>Dashboard</h1>
    }
  • Updated dependencies [f2d9e4b]:

    • @clerk/react@6.12.0
    • @clerk/shared@4.25.0
    • @clerk/backend@3.11.1

@clerk/nuxt@2.6.13

Patch Changes

  • Deprecate createRouteMatcher() in favor of Nuxt's native route matching. (#9092) by @jacekradko

    To protect API routes, match paths natively inside clerkMiddleware():

    export default clerkMiddleware(event => {
      const { isAuthenticated } = event.context.auth();
      const { pathname } = getRequestURL(event);
    
      if (!isAuthenticated && pathname.startsWith('/api/admin')) {
        throw createError({ statusCode: 401, statusMessage: 'Unauthorized' });
      }
    });

    To protect pages, use Nuxt's built-in route middleware with definePageMeta({ middleware: 'auth' }).

  • Updated dependencies [f2d9e4b]:

    • @clerk/shared@4.25.0
    • @clerk/vue@2.4.12
    • @clerk/backend@3.11.1

@clerk/react-router@3.5.6

Patch Changes

  • Updated dependencies [f2d9e4b]:
    • @clerk/react@6.12.0
    • @clerk/shared@4.25.0
    • @clerk/backend@3.11.1

@clerk/tanstack-react-start@1.4.14

Patch Changes

  • Updated dependencies [f2d9e4b]:
    • @clerk/react@6.12.0
    • @clerk/shared@4.25.0
    • @clerk/backend@3.11.1

@clerk/testing@2.2.4

Patch Changes

  • Updated dependencies [f2d9e4b]:
    • @clerk/shared@4.25.0
    • @clerk/backend@3.11.1

@clerk/vue@2.4.12

Patch Changes

  • Updated dependencies [f2d9e4b]:
    • @clerk/shared@4.25.0

@clerk/headless@0.0.8

Patch Changes

  • Updated dependencies [f2d9e4b]:
    • @clerk/shared@4.25.0

@clerk/msw@0.0.44

Patch Changes

  • Updated dependencies [f2d9e4b]:
    • @clerk/shared@4.25.0

@clerk/swingset@0.0.15

Patch Changes

@vercel

vercel Bot commented Jul 6, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
clerk-js-sandbox Ready Ready Preview, Comment Jul 6, 2026 6:06pm
swingset Ready Ready Preview, Comment Jul 6, 2026 6:06pm

Request Review

@coderabbitai

coderabbitai Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Important

Review skipped

Ignore keyword(s) in the title.

⛔ Ignored keywords (1)
  • ci(repo): Version packages

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository YAML (base), Repository UI (inherited)

Review profile: CHILL

Plan: Pro Plus

Run ID: a2c8c832-d66c-4074-8a1c-0a9f935cb539

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review

Comment @coderabbitai help to get the list of available commands.

@pkg-pr-new

pkg-pr-new Bot commented Jul 6, 2026

Copy link
Copy Markdown

Open in StackBlitz

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@9091

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@9091

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@9091

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@9091

@clerk/electron

npm i https://pkg.pr.new/@clerk/electron@9091

@clerk/electron-passkeys

npm i https://pkg.pr.new/@clerk/electron-passkeys@9091

@clerk/eslint-plugin

npm i https://pkg.pr.new/@clerk/eslint-plugin@9091

@clerk/expo

npm i https://pkg.pr.new/@clerk/expo@9091

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@9091

@clerk/express

npm i https://pkg.pr.new/@clerk/express@9091

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@9091

@clerk/hono

npm i https://pkg.pr.new/@clerk/hono@9091

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@9091

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@9091

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@9091

@clerk/react

npm i https://pkg.pr.new/@clerk/react@9091

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@9091

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@9091

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@9091

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@9091

@clerk/ui

npm i https://pkg.pr.new/@clerk/ui@9091

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@9091

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@9091

commit: cf63328

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

API Changes Report

Generated by Break Check on 2026-07-06T18:10:28.393Z

Summary

Metric Count
Packages analyzed 19
Packages with changes 0
🔴 Breaking changes 0
🟡 Non-breaking changes 0
🟢 Additions 0

No API Changes Detected

All packages have stable APIs with no detected changes.


Report generated by Break Check

Last ran on cf63328.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant