From 7154ce999ac64644707241bf9e081add9f5669ad Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 6 Jul 2026 20:45:06 +0000 Subject: [PATCH] ci(repo): Version packages --- .changeset/brave-mammals-burn.md | 5 --- .changeset/nextjs-deprecate-route-matcher.md | 22 ----------- .changeset/nuxt-deprecate-route-matcher.md | 20 ---------- .changeset/protect-check-standalone-signup.md | 5 --- .changeset/protect-check-support.md | 30 -------------- .changeset/tooltip-above-modal.md | 5 --- packages/astro/CHANGELOG.md | 8 ++++ packages/astro/package.json | 2 +- packages/backend/CHANGELOG.md | 7 ++++ packages/backend/package.json | 2 +- packages/chrome-extension/CHANGELOG.md | 10 +++++ packages/chrome-extension/package.json | 2 +- packages/clerk-js/CHANGELOG.md | 32 +++++++++++++++ packages/clerk-js/package.json | 2 +- packages/electron/CHANGELOG.md | 9 +++++ packages/electron/package.json | 2 +- packages/expo-passkeys/CHANGELOG.md | 7 ++++ packages/expo-passkeys/package.json | 2 +- packages/expo/CHANGELOG.md | 9 +++++ packages/expo/package.json | 2 +- packages/express/CHANGELOG.md | 8 ++++ packages/express/package.json | 2 +- packages/fastify/CHANGELOG.md | 8 ++++ packages/fastify/package.json | 2 +- packages/headless/CHANGELOG.md | 7 ++++ packages/headless/package.json | 2 +- packages/hono/CHANGELOG.md | 8 ++++ packages/hono/package.json | 2 +- packages/localizations/CHANGELOG.md | 32 +++++++++++++++ packages/localizations/package.json | 2 +- packages/msw/CHANGELOG.md | 7 ++++ packages/msw/package.json | 2 +- packages/nextjs/CHANGELOG.md | 28 +++++++++++++ packages/nextjs/package.json | 2 +- packages/nuxt/CHANGELOG.md | 26 +++++++++++++ packages/nuxt/package.json | 2 +- packages/react-router/CHANGELOG.md | 9 +++++ packages/react-router/package.json | 2 +- packages/react/CHANGELOG.md | 32 +++++++++++++++ packages/react/package.json | 2 +- packages/shared/CHANGELOG.md | 27 +++++++++++++ packages/shared/package.json | 2 +- packages/swingset/CHANGELOG.md | 8 ++++ packages/swingset/package.json | 2 +- packages/tanstack-react-start/CHANGELOG.md | 9 +++++ packages/tanstack-react-start/package.json | 2 +- packages/testing/CHANGELOG.md | 8 ++++ packages/testing/package.json | 2 +- packages/ui/CHANGELOG.md | 39 +++++++++++++++++++ packages/ui/package.json | 2 +- packages/vue/CHANGELOG.md | 7 ++++ packages/vue/package.json | 2 +- 52 files changed, 368 insertions(+), 110 deletions(-) delete mode 100644 .changeset/brave-mammals-burn.md delete mode 100644 .changeset/nextjs-deprecate-route-matcher.md delete mode 100644 .changeset/nuxt-deprecate-route-matcher.md delete mode 100644 .changeset/protect-check-standalone-signup.md delete mode 100644 .changeset/protect-check-support.md delete mode 100644 .changeset/tooltip-above-modal.md diff --git a/.changeset/brave-mammals-burn.md b/.changeset/brave-mammals-burn.md deleted file mode 100644 index 233a8b48ddb..00000000000 --- a/.changeset/brave-mammals-burn.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -'@clerk/ui': patch ---- - -Fix the payment method form getting stuck in a loading state after a failed card setup. Non-validation errors such as 3DS authentication failures are now displayed. diff --git a/.changeset/nextjs-deprecate-route-matcher.md b/.changeset/nextjs-deprecate-route-matcher.md deleted file mode 100644 index b1110fc1c1f..00000000000 --- a/.changeset/nextjs-deprecate-route-matcher.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -'@clerk/nextjs': patch ---- - -Deprecate `createRouteMatcher()` in favor of resource-based auth checks. - -Middleware-based auth checks rely on path matching, which can diverge from how Next.js routes requests and leave protected resources reachable. - -For a migration guide, see: - https://clerk.com/docs/guides/development/upgrading/upgrade-guides/migrate-from-create-route-matcher - -Instead of protecting routes from middleware, move auth checks into each protected page, layout, API route, or Server Function, for example: - -```ts -import { auth } from '@clerk/nextjs/server' - -export default async function Page() { - await auth.protect() - - return

Dashboard

-} -``` diff --git a/.changeset/nuxt-deprecate-route-matcher.md b/.changeset/nuxt-deprecate-route-matcher.md deleted file mode 100644 index f297891d51a..00000000000 --- a/.changeset/nuxt-deprecate-route-matcher.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -'@clerk/nuxt': patch ---- - -Deprecate `createRouteMatcher()` in favor of Nuxt's native route matching. - -To protect API routes, match paths natively inside `clerkMiddleware()`: - -```ts -export default clerkMiddleware(event => { - const { isAuthenticated } = event.context.auth(); - const { pathname } = getRequestURL(event); - - if (!isAuthenticated && pathname.startsWith('/api/admin')) { - throw createError({ statusCode: 401, statusMessage: 'Unauthorized' }); - } -}); -``` - -To protect pages, use Nuxt's built-in route middleware with `definePageMeta({ middleware: 'auth' })`. diff --git a/.changeset/protect-check-standalone-signup.md b/.changeset/protect-check-standalone-signup.md deleted file mode 100644 index a056f4268ee..00000000000 --- a/.changeset/protect-check-standalone-signup.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -'@clerk/ui': patch ---- - -Fix standalone `` Protect checks so the verification card stays mounted while a solved challenge routes to the next step, while stale direct visits to the protect-check route return to the start of the sign-up flow. diff --git a/.changeset/protect-check-support.md b/.changeset/protect-check-support.md deleted file mode 100644 index 8376d734734..00000000000 --- a/.changeset/protect-check-support.md +++ /dev/null @@ -1,30 +0,0 @@ ---- -'@clerk/clerk-js': minor -'@clerk/localizations': minor -'@clerk/react': minor -'@clerk/shared': minor -'@clerk/ui': minor ---- - -Add support for Clerk Protect mid-flow SDK challenges (`protect_check`) on both sign-up and sign-in. - -When the Protect antifraud service issues a challenge, responses now carry a `protectCheck` field -with `{ status, token, sdkUrl, expiresAt?, uiHints? }`. Clients resolve the gate by loading the -SDK at `sdkUrl`, executing the challenge, and submitting the resulting proof token via -`signUp.submitProtectCheck({ proofToken })` or `signIn.submitProtectCheck({ proofToken })`. The -response may carry a chained challenge, which the SDK resolves iteratively. - -Sign-in adds a new `'needs_protect_check'` value to the `SignInStatus` union. **Upgrading this -package is type-only and does not change runtime behavior**: the server returns the new status -(and the `protectCheck` field) only for instances where Protect mid-flow challenges have been -explicitly enabled — the feature is off by default and is not enabled for existing instances by -upgrading. The server additionally only emits the new status value to SDK versions that -understand it, so older clients never receive an unknown status. - -If an exhaustive `switch` on `signIn.status` flags the new value after upgrading, handle it by -running the challenge described by `protectCheck` and submitting the proof via -`submitProtectCheck()`. Clients should treat the `protectCheck` field as the authoritative gate -signal and fall back to the status value for defense in depth. - -The pre-built `` and `` components handle the gate automatically by routing -to a new `protect-check` route that runs the challenge SDK and resumes the flow on completion. diff --git a/.changeset/tooltip-above-modal.md b/.changeset/tooltip-above-modal.md deleted file mode 100644 index 11809b73cf0..00000000000 --- a/.changeset/tooltip-above-modal.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -'@clerk/ui': patch ---- - -Fix tooltips rendering behind modals (for example on the organization profile Security page). Tooltips now layer above modal content, and pressing Escape or clicking outside while a tooltip is open inside a modal closes only the tooltip instead of also dismissing the modal. diff --git a/packages/astro/CHANGELOG.md b/packages/astro/CHANGELOG.md index 1b4dc890cfc..3fb3f3fa431 100644 --- a/packages/astro/CHANGELOG.md +++ b/packages/astro/CHANGELOG.md @@ -1,5 +1,13 @@ # @clerk/astro +## 3.4.13 + +### Patch Changes + +- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]: + - @clerk/shared@4.25.0 + - @clerk/backend@3.11.1 + ## 3.4.12 ### Patch Changes diff --git a/packages/astro/package.json b/packages/astro/package.json index 9054d23b552..e8b9b2fd520 100644 --- a/packages/astro/package.json +++ b/packages/astro/package.json @@ -1,6 +1,6 @@ { "name": "@clerk/astro", - "version": "3.4.12", + "version": "3.4.13", "description": "Clerk SDK for Astro", "keywords": [ "auth", diff --git a/packages/backend/CHANGELOG.md b/packages/backend/CHANGELOG.md index eed10681fb4..62e518d2d7c 100644 --- a/packages/backend/CHANGELOG.md +++ b/packages/backend/CHANGELOG.md @@ -1,5 +1,12 @@ # Change Log +## 3.11.1 + +### Patch Changes + +- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]: + - @clerk/shared@4.25.0 + ## 3.11.0 ### Minor Changes diff --git a/packages/backend/package.json b/packages/backend/package.json index f7785fc871e..6b4612920ac 100644 --- a/packages/backend/package.json +++ b/packages/backend/package.json @@ -1,6 +1,6 @@ { "name": "@clerk/backend", - "version": "3.11.0", + "version": "3.11.1", "description": "Clerk Backend SDK - REST Client for Backend API & JWT verification utilities", "homepage": "https://clerk.com/", "bugs": { diff --git a/packages/chrome-extension/CHANGELOG.md b/packages/chrome-extension/CHANGELOG.md index 0afbe853a8c..dd9cd9ac03b 100644 --- a/packages/chrome-extension/CHANGELOG.md +++ b/packages/chrome-extension/CHANGELOG.md @@ -1,5 +1,15 @@ # Change Log +## 3.1.49 + +### Patch Changes + +- Updated dependencies [[`3995e8a`](https://github.com/clerk/javascript/commit/3995e8a0edc721a972d7d817c830f48867bedb6c), [`4aebb88`](https://github.com/clerk/javascript/commit/4aebb88c51423132911ee87445c631d373e76981), [`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1), [`f9afa48`](https://github.com/clerk/javascript/commit/f9afa489a10b47e7609743ad2d2eddc019661acb)]: + - @clerk/ui@1.25.0 + - @clerk/clerk-js@6.25.0 + - @clerk/react@6.12.0 + - @clerk/shared@4.25.0 + ## 3.1.48 ### Patch Changes diff --git a/packages/chrome-extension/package.json b/packages/chrome-extension/package.json index d7ec8562bb1..1fee5846fc8 100644 --- a/packages/chrome-extension/package.json +++ b/packages/chrome-extension/package.json @@ -1,6 +1,6 @@ { "name": "@clerk/chrome-extension", - "version": "3.1.48", + "version": "3.1.49", "description": "Clerk SDK for Chrome extensions", "keywords": [ "auth", diff --git a/packages/clerk-js/CHANGELOG.md b/packages/clerk-js/CHANGELOG.md index 6caf256f508..7fb24f3b644 100644 --- a/packages/clerk-js/CHANGELOG.md +++ b/packages/clerk-js/CHANGELOG.md @@ -1,5 +1,37 @@ # Change Log +## 6.25.0 + +### Minor Changes + +- Add support for Clerk Protect mid-flow SDK challenges (`protect_check`) on both sign-up and sign-in. ([#8329](https://github.com/clerk/javascript/pull/8329)) by [@zourzouvillys](https://github.com/zourzouvillys) + + When the Protect antifraud service issues a challenge, responses now carry a `protectCheck` field + with `{ status, token, sdkUrl, expiresAt?, uiHints? }`. Clients resolve the gate by loading the + SDK at `sdkUrl`, executing the challenge, and submitting the resulting proof token via + `signUp.submitProtectCheck({ proofToken })` or `signIn.submitProtectCheck({ proofToken })`. The + response may carry a chained challenge, which the SDK resolves iteratively. + + Sign-in adds a new `'needs_protect_check'` value to the `SignInStatus` union. **Upgrading this + package is type-only and does not change runtime behavior**: the server returns the new status + (and the `protectCheck` field) only for instances where Protect mid-flow challenges have been + explicitly enabled — the feature is off by default and is not enabled for existing instances by + upgrading. The server additionally only emits the new status value to SDK versions that + understand it, so older clients never receive an unknown status. + + If an exhaustive `switch` on `signIn.status` flags the new value after upgrading, handle it by + running the challenge described by `protectCheck` and submitting the proof via + `submitProtectCheck()`. Clients should treat the `protectCheck` field as the authoritative gate + signal and fall back to the status value for defense in depth. + + The pre-built `` and `` components handle the gate automatically by routing + to a new `protect-check` route that runs the challenge SDK and resumes the flow on completion. + +### Patch Changes + +- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]: + - @clerk/shared@4.25.0 + ## 6.24.0 ### Minor Changes diff --git a/packages/clerk-js/package.json b/packages/clerk-js/package.json index df73700f17e..2e81e780300 100644 --- a/packages/clerk-js/package.json +++ b/packages/clerk-js/package.json @@ -1,6 +1,6 @@ { "name": "@clerk/clerk-js", - "version": "6.24.0", + "version": "6.25.0", "description": "Clerk JS library", "keywords": [ "clerk", diff --git a/packages/electron/CHANGELOG.md b/packages/electron/CHANGELOG.md index fc01fa061e0..fd140b3d037 100644 --- a/packages/electron/CHANGELOG.md +++ b/packages/electron/CHANGELOG.md @@ -1,5 +1,14 @@ # @clerk/electron +## 0.0.10 + +### Patch Changes + +- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]: + - @clerk/clerk-js@6.25.0 + - @clerk/react@6.12.0 + - @clerk/shared@4.25.0 + ## 0.0.9 ### Patch Changes diff --git a/packages/electron/package.json b/packages/electron/package.json index 7a1789942b5..49c0de3ce64 100644 --- a/packages/electron/package.json +++ b/packages/electron/package.json @@ -1,6 +1,6 @@ { "name": "@clerk/electron", - "version": "0.0.9", + "version": "0.0.10", "description": "Clerk SDK for Electron", "keywords": [ "clerk", diff --git a/packages/expo-passkeys/CHANGELOG.md b/packages/expo-passkeys/CHANGELOG.md index f77315935cd..2e9feffac75 100644 --- a/packages/expo-passkeys/CHANGELOG.md +++ b/packages/expo-passkeys/CHANGELOG.md @@ -1,5 +1,12 @@ # @clerk/expo-passkeys +## 1.2.1 + +### Patch Changes + +- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]: + - @clerk/shared@4.25.0 + ## 1.2.0 ### Minor Changes diff --git a/packages/expo-passkeys/package.json b/packages/expo-passkeys/package.json index 872ebbfe951..ece1a10186f 100644 --- a/packages/expo-passkeys/package.json +++ b/packages/expo-passkeys/package.json @@ -1,6 +1,6 @@ { "name": "@clerk/expo-passkeys", - "version": "1.2.0", + "version": "1.2.1", "description": "Passkeys library to be used with Clerk for expo", "keywords": [ "react-native", diff --git a/packages/expo/CHANGELOG.md b/packages/expo/CHANGELOG.md index 27165028c06..9bf280c15a9 100644 --- a/packages/expo/CHANGELOG.md +++ b/packages/expo/CHANGELOG.md @@ -1,5 +1,14 @@ # Change Log +## 3.7.1 + +### Patch Changes + +- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]: + - @clerk/clerk-js@6.25.0 + - @clerk/react@6.12.0 + - @clerk/shared@4.25.0 + ## 3.7.0 ### Minor Changes diff --git a/packages/expo/package.json b/packages/expo/package.json index 2c82d2531b1..3110fbbfa2b 100644 --- a/packages/expo/package.json +++ b/packages/expo/package.json @@ -1,6 +1,6 @@ { "name": "@clerk/expo", - "version": "3.7.0", + "version": "3.7.1", "description": "Clerk React Native/Expo library", "keywords": [ "react", diff --git a/packages/express/CHANGELOG.md b/packages/express/CHANGELOG.md index a3a3ce6fded..70ffa852829 100644 --- a/packages/express/CHANGELOG.md +++ b/packages/express/CHANGELOG.md @@ -1,5 +1,13 @@ # Change Log +## 2.1.37 + +### Patch Changes + +- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]: + - @clerk/shared@4.25.0 + - @clerk/backend@3.11.1 + ## 2.1.36 ### Patch Changes diff --git a/packages/express/package.json b/packages/express/package.json index 62d919ae17a..cbec4d6040f 100644 --- a/packages/express/package.json +++ b/packages/express/package.json @@ -1,6 +1,6 @@ { "name": "@clerk/express", - "version": "2.1.36", + "version": "2.1.37", "description": "Clerk server SDK for usage with Express", "keywords": [ "clerk", diff --git a/packages/fastify/CHANGELOG.md b/packages/fastify/CHANGELOG.md index 24c036a9981..1f3002ed7e4 100644 --- a/packages/fastify/CHANGELOG.md +++ b/packages/fastify/CHANGELOG.md @@ -1,5 +1,13 @@ # Change Log +## 3.1.47 + +### Patch Changes + +- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]: + - @clerk/shared@4.25.0 + - @clerk/backend@3.11.1 + ## 3.1.46 ### Patch Changes diff --git a/packages/fastify/package.json b/packages/fastify/package.json index 887d24edcbb..acba4feb64b 100644 --- a/packages/fastify/package.json +++ b/packages/fastify/package.json @@ -1,6 +1,6 @@ { "name": "@clerk/fastify", - "version": "3.1.46", + "version": "3.1.47", "description": "Clerk SDK for Fastify", "keywords": [ "auth", diff --git a/packages/headless/CHANGELOG.md b/packages/headless/CHANGELOG.md index 2a76f21ea71..0bd0d2ca086 100644 --- a/packages/headless/CHANGELOG.md +++ b/packages/headless/CHANGELOG.md @@ -1,5 +1,12 @@ # @clerk/headless +## 0.0.8 + +### Patch Changes + +- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]: + - @clerk/shared@4.25.0 + ## 0.0.7 ### Patch Changes diff --git a/packages/headless/package.json b/packages/headless/package.json index 9047ab5ea3a..258eb41f263 100644 --- a/packages/headless/package.json +++ b/packages/headless/package.json @@ -1,6 +1,6 @@ { "name": "@clerk/headless", - "version": "0.0.7", + "version": "0.0.8", "private": true, "sideEffects": false, "type": "module", diff --git a/packages/hono/CHANGELOG.md b/packages/hono/CHANGELOG.md index 32ab9be6570..1d5e0b780bc 100644 --- a/packages/hono/CHANGELOG.md +++ b/packages/hono/CHANGELOG.md @@ -1,5 +1,13 @@ # @clerk/hono +## 0.1.47 + +### Patch Changes + +- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]: + - @clerk/shared@4.25.0 + - @clerk/backend@3.11.1 + ## 0.1.46 ### Patch Changes diff --git a/packages/hono/package.json b/packages/hono/package.json index 03fd723d26a..3047b49f531 100644 --- a/packages/hono/package.json +++ b/packages/hono/package.json @@ -1,6 +1,6 @@ { "name": "@clerk/hono", - "version": "0.1.46", + "version": "0.1.47", "description": "Clerk SDK for Hono", "keywords": [ "auth", diff --git a/packages/localizations/CHANGELOG.md b/packages/localizations/CHANGELOG.md index 529402a742a..d2267d02ef4 100644 --- a/packages/localizations/CHANGELOG.md +++ b/packages/localizations/CHANGELOG.md @@ -1,5 +1,37 @@ # Change Log +## 4.13.0 + +### Minor Changes + +- Add support for Clerk Protect mid-flow SDK challenges (`protect_check`) on both sign-up and sign-in. ([#8329](https://github.com/clerk/javascript/pull/8329)) by [@zourzouvillys](https://github.com/zourzouvillys) + + When the Protect antifraud service issues a challenge, responses now carry a `protectCheck` field + with `{ status, token, sdkUrl, expiresAt?, uiHints? }`. Clients resolve the gate by loading the + SDK at `sdkUrl`, executing the challenge, and submitting the resulting proof token via + `signUp.submitProtectCheck({ proofToken })` or `signIn.submitProtectCheck({ proofToken })`. The + response may carry a chained challenge, which the SDK resolves iteratively. + + Sign-in adds a new `'needs_protect_check'` value to the `SignInStatus` union. **Upgrading this + package is type-only and does not change runtime behavior**: the server returns the new status + (and the `protectCheck` field) only for instances where Protect mid-flow challenges have been + explicitly enabled — the feature is off by default and is not enabled for existing instances by + upgrading. The server additionally only emits the new status value to SDK versions that + understand it, so older clients never receive an unknown status. + + If an exhaustive `switch` on `signIn.status` flags the new value after upgrading, handle it by + running the challenge described by `protectCheck` and submitting the proof via + `submitProtectCheck()`. Clients should treat the `protectCheck` field as the authoritative gate + signal and fall back to the status value for defense in depth. + + The pre-built `` and `` components handle the gate automatically by routing + to a new `protect-check` route that runs the challenge SDK and resumes the flow on completion. + +### Patch Changes + +- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]: + - @clerk/shared@4.25.0 + ## 4.12.1 ### Patch Changes diff --git a/packages/localizations/package.json b/packages/localizations/package.json index c2279dc9daa..429b5ab6a83 100644 --- a/packages/localizations/package.json +++ b/packages/localizations/package.json @@ -1,6 +1,6 @@ { "name": "@clerk/localizations", - "version": "4.12.1", + "version": "4.13.0", "description": "Localizations for the Clerk components", "keywords": [ "react", diff --git a/packages/msw/CHANGELOG.md b/packages/msw/CHANGELOG.md index 5eab1c824da..a7a9799ac38 100644 --- a/packages/msw/CHANGELOG.md +++ b/packages/msw/CHANGELOG.md @@ -1,5 +1,12 @@ # @clerk/msw +## 0.0.44 + +### Patch Changes + +- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]: + - @clerk/shared@4.25.0 + ## 0.0.43 ### Patch Changes diff --git a/packages/msw/package.json b/packages/msw/package.json index c8ec5d519c0..004504f96cb 100644 --- a/packages/msw/package.json +++ b/packages/msw/package.json @@ -1,6 +1,6 @@ { "name": "@clerk/msw", - "version": "0.0.43", + "version": "0.0.44", "private": true, "sideEffects": false, "type": "module", diff --git a/packages/nextjs/CHANGELOG.md b/packages/nextjs/CHANGELOG.md index b06eb574ee0..432c70ba6b4 100644 --- a/packages/nextjs/CHANGELOG.md +++ b/packages/nextjs/CHANGELOG.md @@ -1,5 +1,33 @@ # Change Log +## 7.5.14 + +### Patch Changes + +- Deprecate `createRouteMatcher()` in favor of resource-based auth checks. ([#8994](https://github.com/clerk/javascript/pull/8994)) by [@Ephem](https://github.com/Ephem) + + Middleware-based auth checks rely on path matching, which can diverge from how Next.js routes requests and leave protected resources reachable. + + For a migration guide, see: + https://clerk.com/docs/guides/development/upgrading/upgrade-guides/migrate-from-create-route-matcher + + Instead of protecting routes from middleware, move auth checks into each protected page, layout, API route, or Server Function, for example: + + ```ts + import { auth } from '@clerk/nextjs/server' + + export default async function Page() { + await auth.protect() + + return

Dashboard

+ } + ``` + +- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]: + - @clerk/react@6.12.0 + - @clerk/shared@4.25.0 + - @clerk/backend@3.11.1 + ## 7.5.13 ### Patch Changes diff --git a/packages/nextjs/package.json b/packages/nextjs/package.json index 4e6ccd169b3..fc16d97154d 100644 --- a/packages/nextjs/package.json +++ b/packages/nextjs/package.json @@ -1,6 +1,6 @@ { "name": "@clerk/nextjs", - "version": "7.5.13", + "version": "7.5.14", "description": "Clerk SDK for NextJS", "keywords": [ "clerk", diff --git a/packages/nuxt/CHANGELOG.md b/packages/nuxt/CHANGELOG.md index db19cb04bca..614986f9515 100644 --- a/packages/nuxt/CHANGELOG.md +++ b/packages/nuxt/CHANGELOG.md @@ -1,5 +1,31 @@ # @clerk/nuxt +## 2.6.13 + +### Patch Changes + +- Deprecate `createRouteMatcher()` in favor of Nuxt's native route matching. ([#9092](https://github.com/clerk/javascript/pull/9092)) by [@jacekradko](https://github.com/jacekradko) + + To protect API routes, match paths natively inside `clerkMiddleware()`: + + ```ts + export default clerkMiddleware(event => { + const { isAuthenticated } = event.context.auth(); + const { pathname } = getRequestURL(event); + + if (!isAuthenticated && pathname.startsWith('/api/admin')) { + throw createError({ statusCode: 401, statusMessage: 'Unauthorized' }); + } + }); + ``` + + To protect pages, use Nuxt's built-in route middleware with `definePageMeta({ middleware: 'auth' })`. + +- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]: + - @clerk/shared@4.25.0 + - @clerk/vue@2.4.12 + - @clerk/backend@3.11.1 + ## 2.6.12 ### Patch Changes diff --git a/packages/nuxt/package.json b/packages/nuxt/package.json index 8351402322a..15bbea9529d 100644 --- a/packages/nuxt/package.json +++ b/packages/nuxt/package.json @@ -1,6 +1,6 @@ { "name": "@clerk/nuxt", - "version": "2.6.12", + "version": "2.6.13", "description": "Clerk SDK for Nuxt", "keywords": [ "clerk", diff --git a/packages/react-router/CHANGELOG.md b/packages/react-router/CHANGELOG.md index 55ab1585040..20df96c36d4 100644 --- a/packages/react-router/CHANGELOG.md +++ b/packages/react-router/CHANGELOG.md @@ -1,5 +1,14 @@ # Change Log +## 3.5.6 + +### Patch Changes + +- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]: + - @clerk/react@6.12.0 + - @clerk/shared@4.25.0 + - @clerk/backend@3.11.1 + ## 3.5.5 ### Patch Changes diff --git a/packages/react-router/package.json b/packages/react-router/package.json index 7e18dea6c24..4afd384bb5d 100644 --- a/packages/react-router/package.json +++ b/packages/react-router/package.json @@ -1,6 +1,6 @@ { "name": "@clerk/react-router", - "version": "3.5.5", + "version": "3.5.6", "description": "Clerk SDK for React Router", "keywords": [ "clerk", diff --git a/packages/react/CHANGELOG.md b/packages/react/CHANGELOG.md index 1f1a7763776..30ef84df73b 100644 --- a/packages/react/CHANGELOG.md +++ b/packages/react/CHANGELOG.md @@ -1,5 +1,37 @@ # Change Log +## 6.12.0 + +### Minor Changes + +- Add support for Clerk Protect mid-flow SDK challenges (`protect_check`) on both sign-up and sign-in. ([#8329](https://github.com/clerk/javascript/pull/8329)) by [@zourzouvillys](https://github.com/zourzouvillys) + + When the Protect antifraud service issues a challenge, responses now carry a `protectCheck` field + with `{ status, token, sdkUrl, expiresAt?, uiHints? }`. Clients resolve the gate by loading the + SDK at `sdkUrl`, executing the challenge, and submitting the resulting proof token via + `signUp.submitProtectCheck({ proofToken })` or `signIn.submitProtectCheck({ proofToken })`. The + response may carry a chained challenge, which the SDK resolves iteratively. + + Sign-in adds a new `'needs_protect_check'` value to the `SignInStatus` union. **Upgrading this + package is type-only and does not change runtime behavior**: the server returns the new status + (and the `protectCheck` field) only for instances where Protect mid-flow challenges have been + explicitly enabled — the feature is off by default and is not enabled for existing instances by + upgrading. The server additionally only emits the new status value to SDK versions that + understand it, so older clients never receive an unknown status. + + If an exhaustive `switch` on `signIn.status` flags the new value after upgrading, handle it by + running the challenge described by `protectCheck` and submitting the proof via + `submitProtectCheck()`. Clients should treat the `protectCheck` field as the authoritative gate + signal and fall back to the status value for defense in depth. + + The pre-built `` and `` components handle the gate automatically by routing + to a new `protect-check` route that runs the challenge SDK and resumes the flow on completion. + +### Patch Changes + +- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]: + - @clerk/shared@4.25.0 + ## 6.11.4 ### Patch Changes diff --git a/packages/react/package.json b/packages/react/package.json index 8598951c89c..8133c391a0b 100644 --- a/packages/react/package.json +++ b/packages/react/package.json @@ -1,6 +1,6 @@ { "name": "@clerk/react", - "version": "6.11.4", + "version": "6.12.0", "description": "Clerk React library", "keywords": [ "clerk", diff --git a/packages/shared/CHANGELOG.md b/packages/shared/CHANGELOG.md index 60d10fea23f..361f656a78c 100644 --- a/packages/shared/CHANGELOG.md +++ b/packages/shared/CHANGELOG.md @@ -1,5 +1,32 @@ # Change Log +## 4.25.0 + +### Minor Changes + +- Add support for Clerk Protect mid-flow SDK challenges (`protect_check`) on both sign-up and sign-in. ([#8329](https://github.com/clerk/javascript/pull/8329)) by [@zourzouvillys](https://github.com/zourzouvillys) + + When the Protect antifraud service issues a challenge, responses now carry a `protectCheck` field + with `{ status, token, sdkUrl, expiresAt?, uiHints? }`. Clients resolve the gate by loading the + SDK at `sdkUrl`, executing the challenge, and submitting the resulting proof token via + `signUp.submitProtectCheck({ proofToken })` or `signIn.submitProtectCheck({ proofToken })`. The + response may carry a chained challenge, which the SDK resolves iteratively. + + Sign-in adds a new `'needs_protect_check'` value to the `SignInStatus` union. **Upgrading this + package is type-only and does not change runtime behavior**: the server returns the new status + (and the `protectCheck` field) only for instances where Protect mid-flow challenges have been + explicitly enabled — the feature is off by default and is not enabled for existing instances by + upgrading. The server additionally only emits the new status value to SDK versions that + understand it, so older clients never receive an unknown status. + + If an exhaustive `switch` on `signIn.status` flags the new value after upgrading, handle it by + running the challenge described by `protectCheck` and submitting the proof via + `submitProtectCheck()`. Clients should treat the `protectCheck` field as the authoritative gate + signal and fall back to the status value for defense in depth. + + The pre-built `` and `` components handle the gate automatically by routing + to a new `protect-check` route that runs the challenge SDK and resumes the flow on completion. + ## 4.24.0 ### Minor Changes diff --git a/packages/shared/package.json b/packages/shared/package.json index cd5b383ca2c..08553956528 100644 --- a/packages/shared/package.json +++ b/packages/shared/package.json @@ -1,6 +1,6 @@ { "name": "@clerk/shared", - "version": "4.24.0", + "version": "4.25.0", "description": "Internal package utils used by the Clerk SDKs", "repository": { "type": "git", diff --git a/packages/swingset/CHANGELOG.md b/packages/swingset/CHANGELOG.md index 0d9113ed598..28c43046f51 100644 --- a/packages/swingset/CHANGELOG.md +++ b/packages/swingset/CHANGELOG.md @@ -1,5 +1,13 @@ # @clerk/swingset +## 0.0.15 + +### Patch Changes + +- Updated dependencies [[`3995e8a`](https://github.com/clerk/javascript/commit/3995e8a0edc721a972d7d817c830f48867bedb6c), [`4aebb88`](https://github.com/clerk/javascript/commit/4aebb88c51423132911ee87445c631d373e76981), [`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1), [`f9afa48`](https://github.com/clerk/javascript/commit/f9afa489a10b47e7609743ad2d2eddc019661acb)]: + - @clerk/ui@1.25.0 + - @clerk/headless@0.0.8 + ## 0.0.14 ### Patch Changes diff --git a/packages/swingset/package.json b/packages/swingset/package.json index 718b10bb163..88176ba9c45 100644 --- a/packages/swingset/package.json +++ b/packages/swingset/package.json @@ -1,6 +1,6 @@ { "name": "@clerk/swingset", - "version": "0.0.14", + "version": "0.0.15", "private": true, "type": "module", "scripts": { diff --git a/packages/tanstack-react-start/CHANGELOG.md b/packages/tanstack-react-start/CHANGELOG.md index ac971d9bab2..10b7acb5740 100644 --- a/packages/tanstack-react-start/CHANGELOG.md +++ b/packages/tanstack-react-start/CHANGELOG.md @@ -1,5 +1,14 @@ # @clerk/tanstack-react-start +## 1.4.14 + +### Patch Changes + +- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]: + - @clerk/react@6.12.0 + - @clerk/shared@4.25.0 + - @clerk/backend@3.11.1 + ## 1.4.13 ### Patch Changes diff --git a/packages/tanstack-react-start/package.json b/packages/tanstack-react-start/package.json index 8a8f1609d94..ce7ff9c2e08 100644 --- a/packages/tanstack-react-start/package.json +++ b/packages/tanstack-react-start/package.json @@ -1,6 +1,6 @@ { "name": "@clerk/tanstack-react-start", - "version": "1.4.13", + "version": "1.4.14", "description": "Clerk SDK for TanStack React Start", "keywords": [ "clerk", diff --git a/packages/testing/CHANGELOG.md b/packages/testing/CHANGELOG.md index 04f596a1557..05b29f6faf1 100644 --- a/packages/testing/CHANGELOG.md +++ b/packages/testing/CHANGELOG.md @@ -1,5 +1,13 @@ # @clerk/testing +## 2.2.4 + +### Patch Changes + +- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]: + - @clerk/shared@4.25.0 + - @clerk/backend@3.11.1 + ## 2.2.3 ### Patch Changes diff --git a/packages/testing/package.json b/packages/testing/package.json index 4690e17d74f..57c4fc98bc0 100644 --- a/packages/testing/package.json +++ b/packages/testing/package.json @@ -1,6 +1,6 @@ { "name": "@clerk/testing", - "version": "2.2.3", + "version": "2.2.4", "description": "Utilities to help you create E2E test suites for apps using Clerk", "keywords": [ "auth", diff --git a/packages/ui/CHANGELOG.md b/packages/ui/CHANGELOG.md index 70960a45726..0114314d869 100644 --- a/packages/ui/CHANGELOG.md +++ b/packages/ui/CHANGELOG.md @@ -1,5 +1,44 @@ # @clerk/ui +## 1.25.0 + +### Minor Changes + +- Add support for Clerk Protect mid-flow SDK challenges (`protect_check`) on both sign-up and sign-in. ([#8329](https://github.com/clerk/javascript/pull/8329)) by [@zourzouvillys](https://github.com/zourzouvillys) + + When the Protect antifraud service issues a challenge, responses now carry a `protectCheck` field + with `{ status, token, sdkUrl, expiresAt?, uiHints? }`. Clients resolve the gate by loading the + SDK at `sdkUrl`, executing the challenge, and submitting the resulting proof token via + `signUp.submitProtectCheck({ proofToken })` or `signIn.submitProtectCheck({ proofToken })`. The + response may carry a chained challenge, which the SDK resolves iteratively. + + Sign-in adds a new `'needs_protect_check'` value to the `SignInStatus` union. **Upgrading this + package is type-only and does not change runtime behavior**: the server returns the new status + (and the `protectCheck` field) only for instances where Protect mid-flow challenges have been + explicitly enabled — the feature is off by default and is not enabled for existing instances by + upgrading. The server additionally only emits the new status value to SDK versions that + understand it, so older clients never receive an unknown status. + + If an exhaustive `switch` on `signIn.status` flags the new value after upgrading, handle it by + running the challenge described by `protectCheck` and submitting the proof via + `submitProtectCheck()`. Clients should treat the `protectCheck` field as the authoritative gate + signal and fall back to the status value for defense in depth. + + The pre-built `` and `` components handle the gate automatically by routing + to a new `protect-check` route that runs the challenge SDK and resumes the flow on completion. + +### Patch Changes + +- Fix the payment method form getting stuck in a loading state after a failed card setup. Non-validation errors such as 3DS authentication failures are now displayed. ([#9080](https://github.com/clerk/javascript/pull/9080)) by [@aeliox](https://github.com/aeliox) + +- Fix standalone `` Protect checks so the verification card stays mounted while a solved challenge routes to the next step, while stale direct visits to the protect-check route return to the start of the sign-up flow. ([#9082](https://github.com/clerk/javascript/pull/9082)) by [@mwickett](https://github.com/mwickett) + +- Fix tooltips rendering behind modals (for example on the organization profile Security page). Tooltips now layer above modal content, and pressing Escape or clicking outside while a tooltip is open inside a modal closes only the tooltip instead of also dismissing the modal. ([#9093](https://github.com/clerk/javascript/pull/9093)) by [@alexcarpenter](https://github.com/alexcarpenter) + +- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]: + - @clerk/localizations@4.13.0 + - @clerk/shared@4.25.0 + ## 1.24.2 ### Patch Changes diff --git a/packages/ui/package.json b/packages/ui/package.json index 1a3a78b3f30..31d3bb19ef0 100644 --- a/packages/ui/package.json +++ b/packages/ui/package.json @@ -1,6 +1,6 @@ { "name": "@clerk/ui", - "version": "1.24.2", + "version": "1.25.0", "description": "Internal package that contains the UI components for the Clerk frontend SDKs", "repository": { "type": "git", diff --git a/packages/vue/CHANGELOG.md b/packages/vue/CHANGELOG.md index 2a8fa8acf7f..ec2f721f8d3 100644 --- a/packages/vue/CHANGELOG.md +++ b/packages/vue/CHANGELOG.md @@ -1,5 +1,12 @@ # @clerk/vue +## 2.4.12 + +### Patch Changes + +- Updated dependencies [[`f2d9e4b`](https://github.com/clerk/javascript/commit/f2d9e4b9eeac4cb9a2b1c9d4278ff11cf49555b1)]: + - @clerk/shared@4.25.0 + ## 2.4.11 ### Patch Changes diff --git a/packages/vue/package.json b/packages/vue/package.json index 9384fdbeaa9..48c111113fe 100644 --- a/packages/vue/package.json +++ b/packages/vue/package.json @@ -1,6 +1,6 @@ { "name": "@clerk/vue", - "version": "2.4.11", + "version": "2.4.12", "description": "Clerk SDK for Vue", "keywords": [ "clerk",