◐ Shell
clean mode source ↗

Releases · clerk/javascript

@clerk/vue@2.4.3

Patch Changes

  • Align the HeadlessBrowserClerk.load() parameter type with the runtime behavior by accepting the full ClerkOptions, including isSatellite. The clerk-js implementation has always accepted and used isSatellite from load() options — it's the only way to configure a satellite app when using @clerk/clerk-js directly — but the type previously excluded it, producing a contradictory generated API reference and type errors for direct consumers. (#8846) by @manovotny

  • Updated dependencies [f4167ec, 17e4164, ed2cf75, 67c04a4, 51c8fdc, c2ba971, 8744728, d9b5c7d]:

    • @clerk/shared@4.18.0

@clerk/ui@1.17.0

Minor Changes

  • Add internal OAuth transport support for native desktop SDK wrappers to run Clerk's prebuilt OAuth flows through a system browser. (#8831) by @wobsoriano

Patch Changes

  • Add an overview to the organization profile Security page. The page now lands on a summary of the SSO connection — a status badge (Unconfigured, In Progress, Active, Inactive), the configuration details framed in a card (provider, domain, sign-on URL, issuer, certificate), and an actions menu with Edit, Activate / Deactivate, and Remove — and switches into the existing configuration flow on Start, Continue, or Edit. (#8813) by @iagodahlem

  • Rename the <OrganizationProfile /> SSO page to "Security". The navbar entry is now labeled "Security" with a shield icon, its route path changed from organization-self-serve-sso to organization-security, and a new organizationProfile.navbar.security localization key replaces organizationProfile.navbar.selfServeSSO. (#8796) by @iagodahlem

  • Upgrade build tooling to Rspack 2 (No user-facing API changes). (#8382) by @jacekradko

  • Updated dependencies [f4167ec, 17e4164, ed2cf75, 67c04a4, 51c8fdc, c2ba971, 8744728, d9b5c7d]:

    • @clerk/shared@4.18.0
    • @clerk/localizations@4.8.2

@clerk/testing@2.1.2

Patch Changes

  • When a Frontend API request exhausts its retries in the Playwright setupClerkTestingToken helper, the warning now includes response diagnostics (cf-ray, retry-after, content-type, and a truncated response body) so rate-limit responses can be attributed to their source. Network-error retry exhaustion now includes the error message in the warning as well. (#8848) by @jacekradko

  • Preserve the /// <reference types="cypress" /> directive in the published @clerk/testing/cypress type declarations. TypeScript's declaration emit previously dropped it, so the shipped types relied on the global Cypress namespace without declaring the dependency and failed to type-check under skipLibCheck: false. (#8841) by @jacekradko

  • Updated dependencies [f4167ec, 17e4164, ed2cf75, 67c04a4, 51c8fdc, c2ba971, 8744728, d9b5c7d]:

    • @clerk/shared@4.18.0
    • @clerk/backend@3.7.1

@clerk/tanstack-react-start@1.4.3

Patch Changes

@clerk/shared@4.18.0

Minor Changes

  • Add internal OAuth transport support for native desktop SDK wrappers to run Clerk's prebuilt OAuth flows through a system browser. (#8831) by @wobsoriano

Patch Changes

  • Align the HeadlessBrowserClerk.load() parameter type with the runtime behavior by accepting the full ClerkOptions, including isSatellite. The clerk-js implementation has always accepted and used isSatellite from load() options — it's the only way to configure a satellite app when using @clerk/clerk-js directly — but the type previously excluded it, producing a contradictory generated API reference and type errors for direct consumers. (#8846) by @manovotny

  • Add an overview to the organization profile Security page. The page now lands on a summary of the SSO connection — a status badge (Unconfigured, In Progress, Active, Inactive), the configuration details framed in a card (provider, domain, sign-on URL, issuer, certificate), and an actions menu with Edit, Activate / Deactivate, and Remove — and switches into the existing configuration flow on Start, Continue, or Edit. (#8813) by @iagodahlem

  • Rename the <OrganizationProfile /> SSO page to "Security". The navbar entry is now labeled "Security" with a shield icon, its route path changed from organization-self-serve-sso to organization-security, and a new organizationProfile.navbar.security localization key replaces organizationProfile.navbar.selfServeSSO. (#8796) by @iagodahlem

  • Ship a self-contained CookieAttributes interface from @clerk/shared/cookie and use it in createCookieHandler's set/remove signatures. The published declarations previously referenced Cookies.CookieAttributes from js-cookie, which consumers could never resolve (the import was dropped from the declaration output and js-cookie ships no types), causing TS2503 errors under skipLibCheck: false and silently degrading the option types to any otherwise. (#8841) by @jacekradko

  • Resolve the browser connectivity heuristics (isValidBrowser, isBrowserOnline, and therefore isValidBrowserOnline) from the worker's navigator when window is unavailable but the code runs inside a WorkerGlobalScope. In a Web/Service Worker — most notably an MV3 extension background service worker (where @clerk/chrome-extension loads the background client) — there is no window, so these checks previously always reported "invalid/offline". That caused getToken() failures to be re-thrown as a misleading clerk_offline error and capped network retries lower than intended. The checks now read real connectivity from the worker's navigator. Server-side rendering continues to report false (the fallback requires a real worker scope, so a bare globalThis.navigator such as the one modern Node exposes is not treated as a browser), and behavior in standard browsers and React Native is unchanged. (#8827) by @royanger

  • Exclude self-identified server runtimes (Cloudflare-Workers, Node.js, Deno, Bun user agents) from the worker-scope navigator fallback used by isValidBrowser, isBrowserOnline, and isValidBrowserOnline. Today Cloudflare's workerd is excluded only because its self does not satisfy instanceof WorkerGlobalScope; this guard keeps the checks returning false on server-side worker runtimes even if that implementation detail changes, while real browser web/service workers (such as MV3 extension background workers) are unaffected. (#8840) by @jacekradko

  • Clarify the isSatellite JSDoc to note it must be set in load(), unlike domain, which is set in the Clerk constructor. This corrects the generated API reference for direct @clerk/clerk-js and <script> consumers, where load() is the only way to configure a satellite app. (#8845) by @SarahSoutoul

@clerk/react@6.10.0

Minor Changes

  • Add internal OAuth transport support for native desktop SDK wrappers to run Clerk's prebuilt OAuth flows through a system browser. (#8831) by @wobsoriano

Patch Changes

@clerk/react-router@3.4.3

Patch Changes

@clerk/nuxt@2.6.3

Patch Changes

@clerk/nextjs@7.5.3

Patch Changes

@clerk/localizations@4.8.2

Patch Changes

  • Add an overview to the organization profile Security page. The page now lands on a summary of the SSO connection — a status badge (Unconfigured, In Progress, Active, Inactive), the configuration details framed in a card (provider, domain, sign-on URL, issuer, certificate), and an actions menu with Edit, Activate / Deactivate, and Remove — and switches into the existing configuration flow on Start, Continue, or Edit. (#8813) by @iagodahlem

  • Rename the <OrganizationProfile /> SSO page to "Security". The navbar entry is now labeled "Security" with a shield icon, its route path changed from organization-self-serve-sso to organization-security, and a new organizationProfile.navbar.security localization key replaces organizationProfile.navbar.selfServeSSO. (#8796) by @iagodahlem

  • Updated dependencies [f4167ec, 17e4164, ed2cf75, 67c04a4, 51c8fdc, c2ba971, 8744728, d9b5c7d]:

    • @clerk/shared@4.18.0