diff --git a/.changeset/brave-mammals-burn.md b/.changeset/brave-mammals-burn.md
deleted file mode 100644
index 233a8b48ddb..00000000000
--- a/.changeset/brave-mammals-burn.md
+++ /dev/null
@@ -1,5 +0,0 @@
----
-'@clerk/ui': patch
----
-
-Fix the payment method form getting stuck in a loading state after a failed card setup. Non-validation errors such as 3DS authentication failures are now displayed.
diff --git a/.changeset/nextjs-deprecate-route-matcher.md b/.changeset/nextjs-deprecate-route-matcher.md
deleted file mode 100644
index b1110fc1c1f..00000000000
--- a/.changeset/nextjs-deprecate-route-matcher.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-'@clerk/nextjs': patch
----
-
-Deprecate `createRouteMatcher()` in favor of resource-based auth checks.
-
-Middleware-based auth checks rely on path matching, which can diverge from how Next.js routes requests and leave protected resources reachable.
-
-For a migration guide, see:
- https://clerk.com/docs/guides/development/upgrading/upgrade-guides/migrate-from-create-route-matcher
-
-Instead of protecting routes from middleware, move auth checks into each protected page, layout, API route, or Server Function, for example:
-
-```ts
-import { auth } from '@clerk/nextjs/server'
-
-export default async function Page() {
- await auth.protect()
-
- return
Dashboard
-}
-```
diff --git a/.changeset/nuxt-deprecate-route-matcher.md b/.changeset/nuxt-deprecate-route-matcher.md
deleted file mode 100644
index f297891d51a..00000000000
--- a/.changeset/nuxt-deprecate-route-matcher.md
+++ /dev/null
@@ -1,20 +0,0 @@
----
-'@clerk/nuxt': patch
----
-
-Deprecate `createRouteMatcher()` in favor of Nuxt's native route matching.
-
-To protect API routes, match paths natively inside `clerkMiddleware()`:
-
-```ts
-export default clerkMiddleware(event => {
- const { isAuthenticated } = event.context.auth();
- const { pathname } = getRequestURL(event);
-
- if (!isAuthenticated && pathname.startsWith('/api/admin')) {
- throw createError({ statusCode: 401, statusMessage: 'Unauthorized' });
- }
-});
-```
-
-To protect pages, use Nuxt's built-in route middleware with `definePageMeta({ middleware: 'auth' })`.
diff --git a/.changeset/protect-check-standalone-signup.md b/.changeset/protect-check-standalone-signup.md
deleted file mode 100644
index a056f4268ee..00000000000
--- a/.changeset/protect-check-standalone-signup.md
+++ /dev/null
@@ -1,5 +0,0 @@
----
-'@clerk/ui': patch
----
-
-Fix standalone `` Protect checks so the verification card stays mounted while a solved challenge routes to the next step, while stale direct visits to the protect-check route return to the start of the sign-up flow.
diff --git a/.changeset/protect-check-support.md b/.changeset/protect-check-support.md
deleted file mode 100644
index 8376d734734..00000000000
--- a/.changeset/protect-check-support.md
+++ /dev/null
@@ -1,30 +0,0 @@
----
-'@clerk/clerk-js': minor
-'@clerk/localizations': minor
-'@clerk/react': minor
-'@clerk/shared': minor
-'@clerk/ui': minor
----
-
-Add support for Clerk Protect mid-flow SDK challenges (`protect_check`) on both sign-up and sign-in.
-
-When the Protect antifraud service issues a challenge, responses now carry a `protectCheck` field
-with `{ status, token, sdkUrl, expiresAt?, uiHints? }`. Clients resolve the gate by loading the
-SDK at `sdkUrl`, executing the challenge, and submitting the resulting proof token via
-`signUp.submitProtectCheck({ proofToken })` or `signIn.submitProtectCheck({ proofToken })`. The
-response may carry a chained challenge, which the SDK resolves iteratively.
-
-Sign-in adds a new `'needs_protect_check'` value to the `SignInStatus` union. **Upgrading this
-package is type-only and does not change runtime behavior**: the server returns the new status
-(and the `protectCheck` field) only for instances where Protect mid-flow challenges have been
-explicitly enabled — the feature is off by default and is not enabled for existing instances by
-upgrading. The server additionally only emits the new status value to SDK versions that
-understand it, so older clients never receive an unknown status.
-
-If an exhaustive `switch` on `signIn.status` flags the new value after upgrading, handle it by
-running the challenge described by `protectCheck` and submitting the proof via
-`submitProtectCheck()`. Clients should treat the `protectCheck` field as the authoritative gate
-signal and fall back to the status value for defense in depth.
-
-The pre-built `` and `` components handle the gate automatically by routing
-to a new `protect-check` route that runs the challenge SDK and resumes the flow on completion.
diff --git a/.changeset/tooltip-above-modal.md b/.changeset/tooltip-above-modal.md
deleted file mode 100644
index 11809b73cf0..00000000000
--- a/.changeset/tooltip-above-modal.md
+++ /dev/null
@@ -1,5 +0,0 @@
----
-'@clerk/ui': patch
----
-
-Fix tooltips rendering behind modals (for example on the organization profile Security page). Tooltips now layer above modal content, and pressing Escape or clicking outside while a tooltip is open inside a modal closes only the tooltip instead of also dismissing the modal.
diff --git a/packages/astro/CHANGELOG.md b/packages/astro/CHANGELOG.md
index 1b4dc890cfc..3fb3f3fa431 100644
--- a/packages/astro/CHANGELOG.md
+++ b/packages/astro/CHANGELOG.md
@@ -1,5 +1,13 @@
# @clerk/astro
+## 3.4.13
+
+### Patch Changes
+
+- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]:
+ - @clerk/shared@4.25.0
+ - @clerk/backend@3.11.1
+
## 3.4.12
### Patch Changes
diff --git a/packages/astro/package.json b/packages/astro/package.json
index 9054d23b552..e8b9b2fd520 100644
--- a/packages/astro/package.json
+++ b/packages/astro/package.json
@@ -1,6 +1,6 @@
{
"name": "@clerk/astro",
- "version": "3.4.12",
+ "version": "3.4.13",
"description": "Clerk SDK for Astro",
"keywords": [
"auth",
diff --git a/packages/backend/CHANGELOG.md b/packages/backend/CHANGELOG.md
index eed10681fb4..62e518d2d7c 100644
--- a/packages/backend/CHANGELOG.md
+++ b/packages/backend/CHANGELOG.md
@@ -1,5 +1,12 @@
# Change Log
+## 3.11.1
+
+### Patch Changes
+
+- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]:
+ - @clerk/shared@4.25.0
+
## 3.11.0
### Minor Changes
diff --git a/packages/backend/package.json b/packages/backend/package.json
index f7785fc871e..6b4612920ac 100644
--- a/packages/backend/package.json
+++ b/packages/backend/package.json
@@ -1,6 +1,6 @@
{
"name": "@clerk/backend",
- "version": "3.11.0",
+ "version": "3.11.1",
"description": "Clerk Backend SDK - REST Client for Backend API & JWT verification utilities",
"homepage": "https://clerk.com/",
"bugs": {
diff --git a/packages/chrome-extension/CHANGELOG.md b/packages/chrome-extension/CHANGELOG.md
index 0afbe853a8c..dd9cd9ac03b 100644
--- a/packages/chrome-extension/CHANGELOG.md
+++ b/packages/chrome-extension/CHANGELOG.md
@@ -1,5 +1,15 @@
# Change Log
+## 3.1.49
+
+### Patch Changes
+
+- Updated dependencies [[`3995e8a`](https://github.com/clerk/javascript/commit/3995e8a0edc721a972d7d817c830f48867bedb6c), [`4aebb88`](https://github.com/clerk/javascript/commit/4aebb88c51423132911ee87445c631d373e76981), [`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1), [`f9afa48`](https://github.com/clerk/javascript/commit/f9afa489a10b47e7609743ad2d2eddc019661acb)]:
+ - @clerk/ui@1.25.0
+ - @clerk/clerk-js@6.25.0
+ - @clerk/react@6.12.0
+ - @clerk/shared@4.25.0
+
## 3.1.48
### Patch Changes
diff --git a/packages/chrome-extension/package.json b/packages/chrome-extension/package.json
index d7ec8562bb1..1fee5846fc8 100644
--- a/packages/chrome-extension/package.json
+++ b/packages/chrome-extension/package.json
@@ -1,6 +1,6 @@
{
"name": "@clerk/chrome-extension",
- "version": "3.1.48",
+ "version": "3.1.49",
"description": "Clerk SDK for Chrome extensions",
"keywords": [
"auth",
diff --git a/packages/clerk-js/CHANGELOG.md b/packages/clerk-js/CHANGELOG.md
index 6caf256f508..7fb24f3b644 100644
--- a/packages/clerk-js/CHANGELOG.md
+++ b/packages/clerk-js/CHANGELOG.md
@@ -1,5 +1,37 @@
# Change Log
+## 6.25.0
+
+### Minor Changes
+
+- Add support for Clerk Protect mid-flow SDK challenges (`protect_check`) on both sign-up and sign-in. ([#8329](https://github.com/clerk/javascript/pull/8329)) by [@zourzouvillys](https://github.com/zourzouvillys)
+
+ When the Protect antifraud service issues a challenge, responses now carry a `protectCheck` field
+ with `{ status, token, sdkUrl, expiresAt?, uiHints? }`. Clients resolve the gate by loading the
+ SDK at `sdkUrl`, executing the challenge, and submitting the resulting proof token via
+ `signUp.submitProtectCheck({ proofToken })` or `signIn.submitProtectCheck({ proofToken })`. The
+ response may carry a chained challenge, which the SDK resolves iteratively.
+
+ Sign-in adds a new `'needs_protect_check'` value to the `SignInStatus` union. **Upgrading this
+ package is type-only and does not change runtime behavior**: the server returns the new status
+ (and the `protectCheck` field) only for instances where Protect mid-flow challenges have been
+ explicitly enabled — the feature is off by default and is not enabled for existing instances by
+ upgrading. The server additionally only emits the new status value to SDK versions that
+ understand it, so older clients never receive an unknown status.
+
+ If an exhaustive `switch` on `signIn.status` flags the new value after upgrading, handle it by
+ running the challenge described by `protectCheck` and submitting the proof via
+ `submitProtectCheck()`. Clients should treat the `protectCheck` field as the authoritative gate
+ signal and fall back to the status value for defense in depth.
+
+ The pre-built `` and `` components handle the gate automatically by routing
+ to a new `protect-check` route that runs the challenge SDK and resumes the flow on completion.
+
+### Patch Changes
+
+- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]:
+ - @clerk/shared@4.25.0
+
## 6.24.0
### Minor Changes
diff --git a/packages/clerk-js/package.json b/packages/clerk-js/package.json
index df73700f17e..2e81e780300 100644
--- a/packages/clerk-js/package.json
+++ b/packages/clerk-js/package.json
@@ -1,6 +1,6 @@
{
"name": "@clerk/clerk-js",
- "version": "6.24.0",
+ "version": "6.25.0",
"description": "Clerk JS library",
"keywords": [
"clerk",
diff --git a/packages/electron/CHANGELOG.md b/packages/electron/CHANGELOG.md
index fc01fa061e0..fd140b3d037 100644
--- a/packages/electron/CHANGELOG.md
+++ b/packages/electron/CHANGELOG.md
@@ -1,5 +1,14 @@
# @clerk/electron
+## 0.0.10
+
+### Patch Changes
+
+- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]:
+ - @clerk/clerk-js@6.25.0
+ - @clerk/react@6.12.0
+ - @clerk/shared@4.25.0
+
## 0.0.9
### Patch Changes
diff --git a/packages/electron/package.json b/packages/electron/package.json
index 7a1789942b5..49c0de3ce64 100644
--- a/packages/electron/package.json
+++ b/packages/electron/package.json
@@ -1,6 +1,6 @@
{
"name": "@clerk/electron",
- "version": "0.0.9",
+ "version": "0.0.10",
"description": "Clerk SDK for Electron",
"keywords": [
"clerk",
diff --git a/packages/expo-passkeys/CHANGELOG.md b/packages/expo-passkeys/CHANGELOG.md
index f77315935cd..2e9feffac75 100644
--- a/packages/expo-passkeys/CHANGELOG.md
+++ b/packages/expo-passkeys/CHANGELOG.md
@@ -1,5 +1,12 @@
# @clerk/expo-passkeys
+## 1.2.1
+
+### Patch Changes
+
+- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]:
+ - @clerk/shared@4.25.0
+
## 1.2.0
### Minor Changes
diff --git a/packages/expo-passkeys/package.json b/packages/expo-passkeys/package.json
index 872ebbfe951..ece1a10186f 100644
--- a/packages/expo-passkeys/package.json
+++ b/packages/expo-passkeys/package.json
@@ -1,6 +1,6 @@
{
"name": "@clerk/expo-passkeys",
- "version": "1.2.0",
+ "version": "1.2.1",
"description": "Passkeys library to be used with Clerk for expo",
"keywords": [
"react-native",
diff --git a/packages/expo/CHANGELOG.md b/packages/expo/CHANGELOG.md
index 27165028c06..9bf280c15a9 100644
--- a/packages/expo/CHANGELOG.md
+++ b/packages/expo/CHANGELOG.md
@@ -1,5 +1,14 @@
# Change Log
+## 3.7.1
+
+### Patch Changes
+
+- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]:
+ - @clerk/clerk-js@6.25.0
+ - @clerk/react@6.12.0
+ - @clerk/shared@4.25.0
+
## 3.7.0
### Minor Changes
diff --git a/packages/expo/package.json b/packages/expo/package.json
index 2c82d2531b1..3110fbbfa2b 100644
--- a/packages/expo/package.json
+++ b/packages/expo/package.json
@@ -1,6 +1,6 @@
{
"name": "@clerk/expo",
- "version": "3.7.0",
+ "version": "3.7.1",
"description": "Clerk React Native/Expo library",
"keywords": [
"react",
diff --git a/packages/express/CHANGELOG.md b/packages/express/CHANGELOG.md
index a3a3ce6fded..70ffa852829 100644
--- a/packages/express/CHANGELOG.md
+++ b/packages/express/CHANGELOG.md
@@ -1,5 +1,13 @@
# Change Log
+## 2.1.37
+
+### Patch Changes
+
+- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]:
+ - @clerk/shared@4.25.0
+ - @clerk/backend@3.11.1
+
## 2.1.36
### Patch Changes
diff --git a/packages/express/package.json b/packages/express/package.json
index 62d919ae17a..cbec4d6040f 100644
--- a/packages/express/package.json
+++ b/packages/express/package.json
@@ -1,6 +1,6 @@
{
"name": "@clerk/express",
- "version": "2.1.36",
+ "version": "2.1.37",
"description": "Clerk server SDK for usage with Express",
"keywords": [
"clerk",
diff --git a/packages/fastify/CHANGELOG.md b/packages/fastify/CHANGELOG.md
index 24c036a9981..1f3002ed7e4 100644
--- a/packages/fastify/CHANGELOG.md
+++ b/packages/fastify/CHANGELOG.md
@@ -1,5 +1,13 @@
# Change Log
+## 3.1.47
+
+### Patch Changes
+
+- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]:
+ - @clerk/shared@4.25.0
+ - @clerk/backend@3.11.1
+
## 3.1.46
### Patch Changes
diff --git a/packages/fastify/package.json b/packages/fastify/package.json
index 887d24edcbb..acba4feb64b 100644
--- a/packages/fastify/package.json
+++ b/packages/fastify/package.json
@@ -1,6 +1,6 @@
{
"name": "@clerk/fastify",
- "version": "3.1.46",
+ "version": "3.1.47",
"description": "Clerk SDK for Fastify",
"keywords": [
"auth",
diff --git a/packages/headless/CHANGELOG.md b/packages/headless/CHANGELOG.md
index 2a76f21ea71..0bd0d2ca086 100644
--- a/packages/headless/CHANGELOG.md
+++ b/packages/headless/CHANGELOG.md
@@ -1,5 +1,12 @@
# @clerk/headless
+## 0.0.8
+
+### Patch Changes
+
+- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]:
+ - @clerk/shared@4.25.0
+
## 0.0.7
### Patch Changes
diff --git a/packages/headless/package.json b/packages/headless/package.json
index 9047ab5ea3a..258eb41f263 100644
--- a/packages/headless/package.json
+++ b/packages/headless/package.json
@@ -1,6 +1,6 @@
{
"name": "@clerk/headless",
- "version": "0.0.7",
+ "version": "0.0.8",
"private": true,
"sideEffects": false,
"type": "module",
diff --git a/packages/hono/CHANGELOG.md b/packages/hono/CHANGELOG.md
index 32ab9be6570..1d5e0b780bc 100644
--- a/packages/hono/CHANGELOG.md
+++ b/packages/hono/CHANGELOG.md
@@ -1,5 +1,13 @@
# @clerk/hono
+## 0.1.47
+
+### Patch Changes
+
+- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]:
+ - @clerk/shared@4.25.0
+ - @clerk/backend@3.11.1
+
## 0.1.46
### Patch Changes
diff --git a/packages/hono/package.json b/packages/hono/package.json
index 03fd723d26a..3047b49f531 100644
--- a/packages/hono/package.json
+++ b/packages/hono/package.json
@@ -1,6 +1,6 @@
{
"name": "@clerk/hono",
- "version": "0.1.46",
+ "version": "0.1.47",
"description": "Clerk SDK for Hono",
"keywords": [
"auth",
diff --git a/packages/localizations/CHANGELOG.md b/packages/localizations/CHANGELOG.md
index 529402a742a..d2267d02ef4 100644
--- a/packages/localizations/CHANGELOG.md
+++ b/packages/localizations/CHANGELOG.md
@@ -1,5 +1,37 @@
# Change Log
+## 4.13.0
+
+### Minor Changes
+
+- Add support for Clerk Protect mid-flow SDK challenges (`protect_check`) on both sign-up and sign-in. ([#8329](https://github.com/clerk/javascript/pull/8329)) by [@zourzouvillys](https://github.com/zourzouvillys)
+
+ When the Protect antifraud service issues a challenge, responses now carry a `protectCheck` field
+ with `{ status, token, sdkUrl, expiresAt?, uiHints? }`. Clients resolve the gate by loading the
+ SDK at `sdkUrl`, executing the challenge, and submitting the resulting proof token via
+ `signUp.submitProtectCheck({ proofToken })` or `signIn.submitProtectCheck({ proofToken })`. The
+ response may carry a chained challenge, which the SDK resolves iteratively.
+
+ Sign-in adds a new `'needs_protect_check'` value to the `SignInStatus` union. **Upgrading this
+ package is type-only and does not change runtime behavior**: the server returns the new status
+ (and the `protectCheck` field) only for instances where Protect mid-flow challenges have been
+ explicitly enabled — the feature is off by default and is not enabled for existing instances by
+ upgrading. The server additionally only emits the new status value to SDK versions that
+ understand it, so older clients never receive an unknown status.
+
+ If an exhaustive `switch` on `signIn.status` flags the new value after upgrading, handle it by
+ running the challenge described by `protectCheck` and submitting the proof via
+ `submitProtectCheck()`. Clients should treat the `protectCheck` field as the authoritative gate
+ signal and fall back to the status value for defense in depth.
+
+ The pre-built `` and `` components handle the gate automatically by routing
+ to a new `protect-check` route that runs the challenge SDK and resumes the flow on completion.
+
+### Patch Changes
+
+- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]:
+ - @clerk/shared@4.25.0
+
## 4.12.1
### Patch Changes
diff --git a/packages/localizations/package.json b/packages/localizations/package.json
index c2279dc9daa..429b5ab6a83 100644
--- a/packages/localizations/package.json
+++ b/packages/localizations/package.json
@@ -1,6 +1,6 @@
{
"name": "@clerk/localizations",
- "version": "4.12.1",
+ "version": "4.13.0",
"description": "Localizations for the Clerk components",
"keywords": [
"react",
diff --git a/packages/msw/CHANGELOG.md b/packages/msw/CHANGELOG.md
index 5eab1c824da..a7a9799ac38 100644
--- a/packages/msw/CHANGELOG.md
+++ b/packages/msw/CHANGELOG.md
@@ -1,5 +1,12 @@
# @clerk/msw
+## 0.0.44
+
+### Patch Changes
+
+- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]:
+ - @clerk/shared@4.25.0
+
## 0.0.43
### Patch Changes
diff --git a/packages/msw/package.json b/packages/msw/package.json
index c8ec5d519c0..004504f96cb 100644
--- a/packages/msw/package.json
+++ b/packages/msw/package.json
@@ -1,6 +1,6 @@
{
"name": "@clerk/msw",
- "version": "0.0.43",
+ "version": "0.0.44",
"private": true,
"sideEffects": false,
"type": "module",
diff --git a/packages/nextjs/CHANGELOG.md b/packages/nextjs/CHANGELOG.md
index b06eb574ee0..432c70ba6b4 100644
--- a/packages/nextjs/CHANGELOG.md
+++ b/packages/nextjs/CHANGELOG.md
@@ -1,5 +1,33 @@
# Change Log
+## 7.5.14
+
+### Patch Changes
+
+- Deprecate `createRouteMatcher()` in favor of resource-based auth checks. ([#8994](https://github.com/clerk/javascript/pull/8994)) by [@Ephem](https://github.com/Ephem)
+
+ Middleware-based auth checks rely on path matching, which can diverge from how Next.js routes requests and leave protected resources reachable.
+
+ For a migration guide, see:
+ https://clerk.com/docs/guides/development/upgrading/upgrade-guides/migrate-from-create-route-matcher
+
+ Instead of protecting routes from middleware, move auth checks into each protected page, layout, API route, or Server Function, for example:
+
+ ```ts
+ import { auth } from '@clerk/nextjs/server'
+
+ export default async function Page() {
+ await auth.protect()
+
+ return Dashboard
+ }
+ ```
+
+- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]:
+ - @clerk/react@6.12.0
+ - @clerk/shared@4.25.0
+ - @clerk/backend@3.11.1
+
## 7.5.13
### Patch Changes
diff --git a/packages/nextjs/package.json b/packages/nextjs/package.json
index 4e6ccd169b3..fc16d97154d 100644
--- a/packages/nextjs/package.json
+++ b/packages/nextjs/package.json
@@ -1,6 +1,6 @@
{
"name": "@clerk/nextjs",
- "version": "7.5.13",
+ "version": "7.5.14",
"description": "Clerk SDK for NextJS",
"keywords": [
"clerk",
diff --git a/packages/nuxt/CHANGELOG.md b/packages/nuxt/CHANGELOG.md
index db19cb04bca..614986f9515 100644
--- a/packages/nuxt/CHANGELOG.md
+++ b/packages/nuxt/CHANGELOG.md
@@ -1,5 +1,31 @@
# @clerk/nuxt
+## 2.6.13
+
+### Patch Changes
+
+- Deprecate `createRouteMatcher()` in favor of Nuxt's native route matching. ([#9092](https://github.com/clerk/javascript/pull/9092)) by [@jacekradko](https://github.com/jacekradko)
+
+ To protect API routes, match paths natively inside `clerkMiddleware()`:
+
+ ```ts
+ export default clerkMiddleware(event => {
+ const { isAuthenticated } = event.context.auth();
+ const { pathname } = getRequestURL(event);
+
+ if (!isAuthenticated && pathname.startsWith('/api/admin')) {
+ throw createError({ statusCode: 401, statusMessage: 'Unauthorized' });
+ }
+ });
+ ```
+
+ To protect pages, use Nuxt's built-in route middleware with `definePageMeta({ middleware: 'auth' })`.
+
+- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]:
+ - @clerk/shared@4.25.0
+ - @clerk/vue@2.4.12
+ - @clerk/backend@3.11.1
+
## 2.6.12
### Patch Changes
diff --git a/packages/nuxt/package.json b/packages/nuxt/package.json
index 8351402322a..15bbea9529d 100644
--- a/packages/nuxt/package.json
+++ b/packages/nuxt/package.json
@@ -1,6 +1,6 @@
{
"name": "@clerk/nuxt",
- "version": "2.6.12",
+ "version": "2.6.13",
"description": "Clerk SDK for Nuxt",
"keywords": [
"clerk",
diff --git a/packages/react-router/CHANGELOG.md b/packages/react-router/CHANGELOG.md
index 55ab1585040..20df96c36d4 100644
--- a/packages/react-router/CHANGELOG.md
+++ b/packages/react-router/CHANGELOG.md
@@ -1,5 +1,14 @@
# Change Log
+## 3.5.6
+
+### Patch Changes
+
+- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]:
+ - @clerk/react@6.12.0
+ - @clerk/shared@4.25.0
+ - @clerk/backend@3.11.1
+
## 3.5.5
### Patch Changes
diff --git a/packages/react-router/package.json b/packages/react-router/package.json
index 7e18dea6c24..4afd384bb5d 100644
--- a/packages/react-router/package.json
+++ b/packages/react-router/package.json
@@ -1,6 +1,6 @@
{
"name": "@clerk/react-router",
- "version": "3.5.5",
+ "version": "3.5.6",
"description": "Clerk SDK for React Router",
"keywords": [
"clerk",
diff --git a/packages/react/CHANGELOG.md b/packages/react/CHANGELOG.md
index 1f1a7763776..30ef84df73b 100644
--- a/packages/react/CHANGELOG.md
+++ b/packages/react/CHANGELOG.md
@@ -1,5 +1,37 @@
# Change Log
+## 6.12.0
+
+### Minor Changes
+
+- Add support for Clerk Protect mid-flow SDK challenges (`protect_check`) on both sign-up and sign-in. ([#8329](https://github.com/clerk/javascript/pull/8329)) by [@zourzouvillys](https://github.com/zourzouvillys)
+
+ When the Protect antifraud service issues a challenge, responses now carry a `protectCheck` field
+ with `{ status, token, sdkUrl, expiresAt?, uiHints? }`. Clients resolve the gate by loading the
+ SDK at `sdkUrl`, executing the challenge, and submitting the resulting proof token via
+ `signUp.submitProtectCheck({ proofToken })` or `signIn.submitProtectCheck({ proofToken })`. The
+ response may carry a chained challenge, which the SDK resolves iteratively.
+
+ Sign-in adds a new `'needs_protect_check'` value to the `SignInStatus` union. **Upgrading this
+ package is type-only and does not change runtime behavior**: the server returns the new status
+ (and the `protectCheck` field) only for instances where Protect mid-flow challenges have been
+ explicitly enabled — the feature is off by default and is not enabled for existing instances by
+ upgrading. The server additionally only emits the new status value to SDK versions that
+ understand it, so older clients never receive an unknown status.
+
+ If an exhaustive `switch` on `signIn.status` flags the new value after upgrading, handle it by
+ running the challenge described by `protectCheck` and submitting the proof via
+ `submitProtectCheck()`. Clients should treat the `protectCheck` field as the authoritative gate
+ signal and fall back to the status value for defense in depth.
+
+ The pre-built `` and `` components handle the gate automatically by routing
+ to a new `protect-check` route that runs the challenge SDK and resumes the flow on completion.
+
+### Patch Changes
+
+- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]:
+ - @clerk/shared@4.25.0
+
## 6.11.4
### Patch Changes
diff --git a/packages/react/package.json b/packages/react/package.json
index 8598951c89c..8133c391a0b 100644
--- a/packages/react/package.json
+++ b/packages/react/package.json
@@ -1,6 +1,6 @@
{
"name": "@clerk/react",
- "version": "6.11.4",
+ "version": "6.12.0",
"description": "Clerk React library",
"keywords": [
"clerk",
diff --git a/packages/shared/CHANGELOG.md b/packages/shared/CHANGELOG.md
index 60d10fea23f..361f656a78c 100644
--- a/packages/shared/CHANGELOG.md
+++ b/packages/shared/CHANGELOG.md
@@ -1,5 +1,32 @@
# Change Log
+## 4.25.0
+
+### Minor Changes
+
+- Add support for Clerk Protect mid-flow SDK challenges (`protect_check`) on both sign-up and sign-in. ([#8329](https://github.com/clerk/javascript/pull/8329)) by [@zourzouvillys](https://github.com/zourzouvillys)
+
+ When the Protect antifraud service issues a challenge, responses now carry a `protectCheck` field
+ with `{ status, token, sdkUrl, expiresAt?, uiHints? }`. Clients resolve the gate by loading the
+ SDK at `sdkUrl`, executing the challenge, and submitting the resulting proof token via
+ `signUp.submitProtectCheck({ proofToken })` or `signIn.submitProtectCheck({ proofToken })`. The
+ response may carry a chained challenge, which the SDK resolves iteratively.
+
+ Sign-in adds a new `'needs_protect_check'` value to the `SignInStatus` union. **Upgrading this
+ package is type-only and does not change runtime behavior**: the server returns the new status
+ (and the `protectCheck` field) only for instances where Protect mid-flow challenges have been
+ explicitly enabled — the feature is off by default and is not enabled for existing instances by
+ upgrading. The server additionally only emits the new status value to SDK versions that
+ understand it, so older clients never receive an unknown status.
+
+ If an exhaustive `switch` on `signIn.status` flags the new value after upgrading, handle it by
+ running the challenge described by `protectCheck` and submitting the proof via
+ `submitProtectCheck()`. Clients should treat the `protectCheck` field as the authoritative gate
+ signal and fall back to the status value for defense in depth.
+
+ The pre-built `` and `` components handle the gate automatically by routing
+ to a new `protect-check` route that runs the challenge SDK and resumes the flow on completion.
+
## 4.24.0
### Minor Changes
diff --git a/packages/shared/package.json b/packages/shared/package.json
index cd5b383ca2c..08553956528 100644
--- a/packages/shared/package.json
+++ b/packages/shared/package.json
@@ -1,6 +1,6 @@
{
"name": "@clerk/shared",
- "version": "4.24.0",
+ "version": "4.25.0",
"description": "Internal package utils used by the Clerk SDKs",
"repository": {
"type": "git",
diff --git a/packages/swingset/CHANGELOG.md b/packages/swingset/CHANGELOG.md
index 0d9113ed598..28c43046f51 100644
--- a/packages/swingset/CHANGELOG.md
+++ b/packages/swingset/CHANGELOG.md
@@ -1,5 +1,13 @@
# @clerk/swingset
+## 0.0.15
+
+### Patch Changes
+
+- Updated dependencies [[`3995e8a`](https://github.com/clerk/javascript/commit/3995e8a0edc721a972d7d817c830f48867bedb6c), [`4aebb88`](https://github.com/clerk/javascript/commit/4aebb88c51423132911ee87445c631d373e76981), [`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1), [`f9afa48`](https://github.com/clerk/javascript/commit/f9afa489a10b47e7609743ad2d2eddc019661acb)]:
+ - @clerk/ui@1.25.0
+ - @clerk/headless@0.0.8
+
## 0.0.14
### Patch Changes
diff --git a/packages/swingset/package.json b/packages/swingset/package.json
index 718b10bb163..88176ba9c45 100644
--- a/packages/swingset/package.json
+++ b/packages/swingset/package.json
@@ -1,6 +1,6 @@
{
"name": "@clerk/swingset",
- "version": "0.0.14",
+ "version": "0.0.15",
"private": true,
"type": "module",
"scripts": {
diff --git a/packages/tanstack-react-start/CHANGELOG.md b/packages/tanstack-react-start/CHANGELOG.md
index ac971d9bab2..10b7acb5740 100644
--- a/packages/tanstack-react-start/CHANGELOG.md
+++ b/packages/tanstack-react-start/CHANGELOG.md
@@ -1,5 +1,14 @@
# @clerk/tanstack-react-start
+## 1.4.14
+
+### Patch Changes
+
+- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]:
+ - @clerk/react@6.12.0
+ - @clerk/shared@4.25.0
+ - @clerk/backend@3.11.1
+
## 1.4.13
### Patch Changes
diff --git a/packages/tanstack-react-start/package.json b/packages/tanstack-react-start/package.json
index 8a8f1609d94..ce7ff9c2e08 100644
--- a/packages/tanstack-react-start/package.json
+++ b/packages/tanstack-react-start/package.json
@@ -1,6 +1,6 @@
{
"name": "@clerk/tanstack-react-start",
- "version": "1.4.13",
+ "version": "1.4.14",
"description": "Clerk SDK for TanStack React Start",
"keywords": [
"clerk",
diff --git a/packages/testing/CHANGELOG.md b/packages/testing/CHANGELOG.md
index 04f596a1557..05b29f6faf1 100644
--- a/packages/testing/CHANGELOG.md
+++ b/packages/testing/CHANGELOG.md
@@ -1,5 +1,13 @@
# @clerk/testing
+## 2.2.4
+
+### Patch Changes
+
+- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]:
+ - @clerk/shared@4.25.0
+ - @clerk/backend@3.11.1
+
## 2.2.3
### Patch Changes
diff --git a/packages/testing/package.json b/packages/testing/package.json
index 4690e17d74f..57c4fc98bc0 100644
--- a/packages/testing/package.json
+++ b/packages/testing/package.json
@@ -1,6 +1,6 @@
{
"name": "@clerk/testing",
- "version": "2.2.3",
+ "version": "2.2.4",
"description": "Utilities to help you create E2E test suites for apps using Clerk",
"keywords": [
"auth",
diff --git a/packages/ui/CHANGELOG.md b/packages/ui/CHANGELOG.md
index 70960a45726..0114314d869 100644
--- a/packages/ui/CHANGELOG.md
+++ b/packages/ui/CHANGELOG.md
@@ -1,5 +1,44 @@
# @clerk/ui
+## 1.25.0
+
+### Minor Changes
+
+- Add support for Clerk Protect mid-flow SDK challenges (`protect_check`) on both sign-up and sign-in. ([#8329](https://github.com/clerk/javascript/pull/8329)) by [@zourzouvillys](https://github.com/zourzouvillys)
+
+ When the Protect antifraud service issues a challenge, responses now carry a `protectCheck` field
+ with `{ status, token, sdkUrl, expiresAt?, uiHints? }`. Clients resolve the gate by loading the
+ SDK at `sdkUrl`, executing the challenge, and submitting the resulting proof token via
+ `signUp.submitProtectCheck({ proofToken })` or `signIn.submitProtectCheck({ proofToken })`. The
+ response may carry a chained challenge, which the SDK resolves iteratively.
+
+ Sign-in adds a new `'needs_protect_check'` value to the `SignInStatus` union. **Upgrading this
+ package is type-only and does not change runtime behavior**: the server returns the new status
+ (and the `protectCheck` field) only for instances where Protect mid-flow challenges have been
+ explicitly enabled — the feature is off by default and is not enabled for existing instances by
+ upgrading. The server additionally only emits the new status value to SDK versions that
+ understand it, so older clients never receive an unknown status.
+
+ If an exhaustive `switch` on `signIn.status` flags the new value after upgrading, handle it by
+ running the challenge described by `protectCheck` and submitting the proof via
+ `submitProtectCheck()`. Clients should treat the `protectCheck` field as the authoritative gate
+ signal and fall back to the status value for defense in depth.
+
+ The pre-built `` and `` components handle the gate automatically by routing
+ to a new `protect-check` route that runs the challenge SDK and resumes the flow on completion.
+
+### Patch Changes
+
+- Fix the payment method form getting stuck in a loading state after a failed card setup. Non-validation errors such as 3DS authentication failures are now displayed. ([#9080](https://github.com/clerk/javascript/pull/9080)) by [@aeliox](https://github.com/aeliox)
+
+- Fix standalone `` Protect checks so the verification card stays mounted while a solved challenge routes to the next step, while stale direct visits to the protect-check route return to the start of the sign-up flow. ([#9082](https://github.com/clerk/javascript/pull/9082)) by [@mwickett](https://github.com/mwickett)
+
+- Fix tooltips rendering behind modals (for example on the organization profile Security page). Tooltips now layer above modal content, and pressing Escape or clicking outside while a tooltip is open inside a modal closes only the tooltip instead of also dismissing the modal. ([#9093](https://github.com/clerk/javascript/pull/9093)) by [@alexcarpenter](https://github.com/alexcarpenter)
+
+- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]:
+ - @clerk/localizations@4.13.0
+ - @clerk/shared@4.25.0
+
## 1.24.2
### Patch Changes
diff --git a/packages/ui/package.json b/packages/ui/package.json
index 1a3a78b3f30..31d3bb19ef0 100644
--- a/packages/ui/package.json
+++ b/packages/ui/package.json
@@ -1,6 +1,6 @@
{
"name": "@clerk/ui",
- "version": "1.24.2",
+ "version": "1.25.0",
"description": "Internal package that contains the UI components for the Clerk frontend SDKs",
"repository": {
"type": "git",
diff --git a/packages/vue/CHANGELOG.md b/packages/vue/CHANGELOG.md
index 2a8fa8acf7f..ec2f721f8d3 100644
--- a/packages/vue/CHANGELOG.md
+++ b/packages/vue/CHANGELOG.md
@@ -1,5 +1,12 @@
# @clerk/vue
+## 2.4.12
+
+### Patch Changes
+
+- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]:
+ - @clerk/shared@4.25.0
+
## 2.4.11
### Patch Changes
diff --git a/packages/vue/package.json b/packages/vue/package.json
index 9384fdbeaa9..48c111113fe 100644
--- a/packages/vue/package.json
+++ b/packages/vue/package.json
@@ -1,6 +1,6 @@
{
"name": "@clerk/vue",
- "version": "2.4.11",
+ "version": "2.4.12",
"description": "Clerk SDK for Vue",
"keywords": [
"clerk",