Skip to content

ci(repo): Version packages #6031

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 4, 2025
Merged

ci(repo): Version packages #6031

merged 1 commit into from
Jun 4, 2025

Conversation

@clerk-cookie
Copy link
Collaborator

@clerk-cookie clerk-cookie commented May 29, 2025
edited
Loading

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

@clerk/backend@2.0.0

Major Changes

  • Introduces machine authentication, supporting four token types: api_key, oauth_token, machine_token, and session_token. For backwards compatibility, session_token remains the default when no token type is specified. This enables machine-to-machine authentication and use cases such as API keys and OAuth integrations. Existing applications continue to work without modification. (#5689) by @wobsoriano

    You can specify which token types are allowed by using the acceptsToken option in the authenticateRequest() function. This option can be set to a specific type, an array of types, or 'any' to accept all supported tokens.

    Example usage:

    import express from 'express';
import { clerkClient } from '@clerk/backend';

const app = express();

app.use(async (req, res, next) => {
  const requestState = await clerkClient.authenticateRequest(req, {
    acceptsToken: 'any',
  });

  if (!requestState.isAuthenticated) {
    // do something for unauthenticated requests
  }

  const authObject = requestState.toAuth();

  if (authObject.tokenType === 'session_token') {
    console.log('this is session token from a user');
  } else {
    console.log('this is some other type of machine token');
    console.log('more specifically, a ' + authObject.tokenType);
  }

  // Attach the auth object to locals so downstream handlers
  // and middleware can access it
  res.locals.auth = authObject;
  next();
});

Minor Changes

  • The svix dependency is no longer needed when using the verifyWebhook() function. verifyWebhook() was refactored to not rely on svix anymore while keeping the same functionality and behavior. (#6059) by @royanger

    If you previously installed svix to use verifyWebhook() you can uninstall it now:

    npm uninstall svix

Patch Changes

@clerk/agent-toolkit@0.1.0

Minor Changes

  • Machine authentication is now supported for advanced use cases via the backend SDK. You can use clerkClient.authenticateRequest to validate machine tokens (such as API keys, OAuth tokens, and machine-to-machine tokens). No new helpers are included in these packages yet. (#5689) by @wobsoriano

    Example (Astro):

    import { clerkClient } from '@clerk/astro/server';

export const GET: APIRoute = ({ request }) => {
  const requestState = await clerkClient.authenticateRequest(request, {
    acceptsToken: 'api_key',
  });

  if (!requestState.isAuthenticated) {
    return new Response(401, { message: 'Unauthorized' });
  }

  return new Response(JSON.stringify(requestState.toAuth()));
};

Patch Changes

@clerk/astro@2.9.0

Minor Changes

  • Machine authentication is now supported for advanced use cases via the backend SDK. You can use clerkClient.authenticateRequest to validate machine tokens (such as API keys, OAuth tokens, and machine-to-machine tokens). No new helpers are included in these packages yet. (#5689) by @wobsoriano

    Example (Astro):

    import { clerkClient } from '@clerk/astro/server';

export const GET: APIRoute = ({ request }) => {
  const requestState = await clerkClient.authenticateRequest(request, {
    acceptsToken: 'api_key',
  });

  if (!requestState.isAuthenticated) {
    return new Response(401, { message: 'Unauthorized' });
  }

  return new Response(JSON.stringify(requestState.toAuth()));
};

  • The svix dependency is no longer needed when using the verifyWebhook() function. verifyWebhook() was refactored to not rely on svix anymore while keeping the same functionality and behavior. (#6059) by @royanger

    If you previously installed svix to use verifyWebhook() you can uninstall it now:

    npm uninstall svix

Patch Changes

@clerk/clerk-js@5.68.0

Minor Changes

  • Introduce cssLayerName option to allow users to opt Clerk styles into a native CSS layer. (#5552) by @alexcarpenter

Patch Changes

  • Get payment_method_order for Stripe payment elements from backend (#6034) by @aeliox

  • Use the is_removable flag on a payment source to determine if it can be removed. (#6033) by @aeliox

  • Clean up layout and logic of the PlanDetails drawer (#5928) by @aeliox

  • Initiate enterprise SSO from ticket flows, such as organization invitations. (#6009) by @LauraBeatris

  • Introduce internal <OAuthConsent /> component to be used internally in the machine auth OAuth flow in account portal. (#6021) by @alexcarpenter

  • feat(types,clerk-js): Update types; RoleSelect allows fallbackLabel (#6037) by @thiskevinwang

    • this updates OrganizationInvitation and OrganizationMembership resource+types to include roleName which is already present on frontend-api responses, as role_name.
    • this updates RoleSelect to allow rendering a fallbackLabel in the event that value does not map to any of the supplied roles

  • Updated dependencies [d8fa5d9, be2e89c, 85f3db4, 5644d94, b578225, 8838120]:

    • @clerk/types@4.60.0
    • @clerk/localizations@3.16.4
    • @clerk/shared@3.9.6

@clerk/clerk-expo@2.13.0

Minor Changes

  • Default token cache SecureStore implementation keychainAccessible to AFTER_FIRST_UNLOCK createResourceCacheStore to align with createTokenCache - The data in the keychain item cannot be accessed after a restart until the device has been unlocked once by the user. This may be useful if you need to access the item when the device is locked. (#6054) by @kkawamu1

Patch Changes

@clerk/express@1.6.0

Minor Changes

  • Machine authentication is now supported for advanced use cases via the backend SDK. You can use clerkClient.authenticateRequest to validate machine tokens (such as API keys, OAuth tokens, and machine-to-machine tokens). No new helpers are included in these packages yet. (#5689) by @wobsoriano

    Example (Astro):

    import { clerkClient } from '@clerk/astro/server';

export const GET: APIRoute = ({ request }) => {
  const requestState = await clerkClient.authenticateRequest(request, {
    acceptsToken: 'api_key',
  });

  if (!requestState.isAuthenticated) {
    return new Response(401, { message: 'Unauthorized' });
  }

  return new Response(JSON.stringify(requestState.toAuth()));
};

  • The svix dependency is no longer needed when using the verifyWebhook() function. verifyWebhook() was refactored to not rely on svix anymore while keeping the same functionality and behavior. (#6059) by @royanger

    If you previously installed svix to use verifyWebhook() you can uninstall it now:

    npm uninstall svix

Patch Changes

@clerk/fastify@2.3.0

Minor Changes

  • Machine authentication is now supported for advanced use cases via the backend SDK. You can use clerkClient.authenticateRequest to validate machine tokens (such as API keys, OAuth tokens, and machine-to-machine tokens). No new helpers are included in these packages yet. (#5689) by @wobsoriano

    Example (Astro):

    import { clerkClient } from '@clerk/astro/server';

export const GET: APIRoute = ({ request }) => {
  const requestState = await clerkClient.authenticateRequest(request, {
    acceptsToken: 'api_key',
  });

  if (!requestState.isAuthenticated) {
    return new Response(401, { message: 'Unauthorized' });
  }

  return new Response(JSON.stringify(requestState.toAuth()));
};

  • The svix dependency is no longer needed when using the verifyWebhook() function. verifyWebhook() was refactored to not rely on svix anymore while keeping the same functionality and behavior. (#6059) by @royanger

    If you previously installed svix to use verifyWebhook() you can uninstall it now:

    npm uninstall svix

Patch Changes

@clerk/nextjs@6.21.0

Minor Changes

  • Introduces machine authentication, supporting four token types: api_key, oauth_token, machine_token, and session_token. For backwards compatibility, session_token remains the default when no token type is specified. This enables machine-to-machine authentication and use cases such as API keys and OAuth integrations. Existing applications continue to work without modification. (#5689) by @wobsoriano

    You can specify which token types are allowed for a given route or handler using the acceptsToken property in the auth() helper, or the token property in the auth.protect() helper. Each can be set to a specific type, an array of types, or 'any' to accept all supported tokens.

    Example usage in Nextjs middleware:

    import { clerkMiddleware, createRouteMatcher } from '@clerk/nextjs/server';

const isOAuthAccessible = createRouteMatcher(['/oauth(.*)']);
const isApiKeyAccessible = createRouteMatcher(['/api(.*)']);
const isMachineTokenAccessible = createRouteMatcher(['/m2m(.*)']);
const isUserAccessible = createRouteMatcher(['/user(.*)']);
const isAccessibleToAnyValidToken = createRouteMatcher(['/any(.*)']);

export default clerkMiddleware(async (auth, req) => {
  if (isOAuthAccessible(req)) await auth.protect({ token: 'oauth_token' });
  if (isApiKeyAccessible(req)) await auth.protect({ token: 'api_key' });
  if (isMachineTokenAccessible(req)) await auth.protect({ token: 'machine_token' });
  if (isUserAccessible(req)) await auth.protect({ token: 'session_token' });

  if (isAccessibleToAnyValidToken(req)) await auth.protect({ token: 'any' });
});

export const config = {
  matcher: [
    '/((?!_next|[^?]*\\.(?:html?|css|js(?!on)|jpe?g|webp|png|gif|svg|ttf|woff2?|ico|csv|docx?|xlsx?|zip|webmanifest)).*)',
    '/(api|trpc)(.*)',
  ],
};

    Leaf node route protection:

    import { auth } from '@clerk/nextjs/server';

// In this example, we allow users and oauth tokens with the "profile" scope
// to access the data. Other types of tokens are rejected.
function POST(req, res) {
  const authObject = await auth({ acceptsToken: ['session_token', 'oauth_token'] });

  if (authObject.tokenType === 'oauth_token' && !authObject.scopes?.includes('profile')) {
    throw new Error('Unauthorized: OAuth token missing the "profile" scope');
  }

  // get data from db using userId
  const data = db.select().from(user).where(eq(user.id, authObject.userId));

  return { data };
}

  • The svix dependency is no longer needed when using the verifyWebhook() function. verifyWebhook() was refactored to not rely on svix anymore while keeping the same functionality and behavior. (#6059) by @royanger

    If you previously installed svix to use verifyWebhook() you can uninstall it now:

    npm uninstall svix

Patch Changes

@clerk/nuxt@1.7.0

Minor Changes

  • Machine authentication is now supported for advanced use cases via the backend SDK. You can use clerkClient.authenticateRequest to validate machine tokens (such as API keys, OAuth tokens, and machine-to-machine tokens). No new helpers are included in these packages yet. (#5689) by @wobsoriano

    Example (Astro):

    import { clerkClient } from '@clerk/astro/server';

export const GET: APIRoute = ({ request }) => {
  const requestState = await clerkClient.authenticateRequest(request, {
    acceptsToken: 'api_key',
  });

  if (!requestState.isAuthenticated) {
    return new Response(401, { message: 'Unauthorized' });
  }

  return new Response(JSON.stringify(requestState.toAuth()));
};

  • The svix dependency is no longer needed when using the verifyWebhook() function. verifyWebhook() was refactored to not rely on svix anymore while keeping the same functionality and behavior. (#6059) by @royanger

    If you previously installed svix to use verifyWebhook() you can uninstall it now:

    npm uninstall svix

Patch Changes

@clerk/react-router@1.5.0

Minor Changes

  • Machine authentication is now supported for advanced use cases via the backend SDK. You can use clerkClient.authenticateRequest to validate machine tokens (such as API keys, OAuth tokens, and machine-to-machine tokens). No new helpers are included in these packages yet. (#5689) by @wobsoriano

    Example (Astro):

    import { clerkClient } from '@clerk/astro/server';

export const GET: APIRoute = ({ request }) => {
  const requestState = await clerkClient.authenticateRequest(request, {
    acceptsToken: 'api_key',
  });

  if (!requestState.isAuthenticated) {
    return new Response(401, { message: 'Unauthorized' });
  }

  return new Response(JSON.stringify(requestState.toAuth()));
};

  • The svix dependency is no longer needed when using the verifyWebhook() function. verifyWebhook() was refactored to not rely on svix anymore while keeping the same functionality and behavior. (#6059) by @royanger

    If you previously installed svix to use verifyWebhook() you can uninstall it now:

    npm uninstall svix

Patch Changes

  • In this release the TypeScript types for rootAuthLoader(), getAuth(), and <ClerkProvider> were adjusted but should still work as before. Previously, these types relied on internal, unstable React Router types that changed in their recent 7.6.1 release. We simplified our TypeScript types and no longer rely on internal exports from React Router. (#6019) by @LekoArts

  • Updated dependencies [ea622ba, d8fa5d9, be2e89c, c656270, 5644d94, a3232c7, b578225, 918e2e0, 795d09a, 4f93634, 8838120]:

    • @clerk/backend@2.0.0
    • @clerk/types@4.60.0
    • @clerk/clerk-react@5.31.9
    • @clerk/shared@3.9.6

@clerk/remix@4.8.0

Minor Changes

  • Machine authentication is now supported for advanced use cases via the backend SDK. You can use clerkClient.authenticateRequest to validate machine tokens (such as API keys, OAuth tokens, and machine-to-machine tokens). No new helpers are included in these packages yet. (#5689) by @wobsoriano

    Example (Astro):

    import { clerkClient } from '@clerk/astro/server';

export const GET: APIRoute = ({ request }) => {
  const requestState = await clerkClient.authenticateRequest(request, {
    acceptsToken: 'api_key',
  });

  if (!requestState.isAuthenticated) {
    return new Response(401, { message: 'Unauthorized' });
  }

  return new Response(JSON.stringify(requestState.toAuth()));
};

Patch Changes

@clerk/tanstack-react-start@0.16.0

Minor Changes

  • Machine authentication is now supported for advanced use cases via the backend SDK. You can use clerkClient.authenticateRequest to validate machine tokens (such as API keys, OAuth tokens, and machine-to-machine tokens). No new helpers are included in these packages yet. (#5689) by @wobsoriano

    Example (Astro):

    import { clerkClient } from '@clerk/astro/server';

export const GET: APIRoute = ({ request }) => {
  const requestState = await clerkClient.authenticateRequest(request, {
    acceptsToken: 'api_key',
  });

  if (!requestState.isAuthenticated) {
    return new Response(401, { message: 'Unauthorized' });
  }

  return new Response(JSON.stringify(requestState.toAuth()));
};

  • The svix dependency is no longer needed when using the verifyWebhook() function. verifyWebhook() was refactored to not rely on svix anymore while keeping the same functionality and behavior. (#6059) by @royanger

    If you previously installed svix to use verifyWebhook() you can uninstall it now:

    npm uninstall svix

Patch Changes

@clerk/testing@1.8.0

Minor Changes

  • Add waitToBeActive({ planSlug }) and getPlanCardCTA({ planSlug }) to pricingTable object. (#6051) by @panteliselef

Patch Changes

@clerk/types@4.60.0

Minor Changes

  • Introduce cssLayerName option to allow users to opt Clerk styles into a native CSS layer. (#5552) by @alexcarpenter

Patch Changes

  • Get payment_method_order for Stripe payment elements from backend (#6034) by @aeliox

  • Use the is_removable flag on a payment source to determine if it can be removed. (#6033) by @aeliox

  • Introduce internal <OAuthConsent /> component to be used internally in the machine auth OAuth flow in account portal. (#6021) by @alexcarpenter

  • feat(types,clerk-js): Update types; RoleSelect allows fallbackLabel (#6037) by @thiskevinwang

    • this updates OrganizationInvitation and OrganizationMembership resource+types to include roleName which is already present on frontend-api responses, as role_name.
    • this updates RoleSelect to allow rendering a fallbackLabel in the event that value does not map to any of the supplied roles

@clerk/chrome-extension@2.4.11

Patch Changes

@clerk/elements@0.23.32

Patch Changes

@clerk/expo-passkeys@0.3.9

Patch Changes

@clerk/localizations@3.16.4

Patch Changes

@clerk/clerk-react@5.31.9

Patch Changes

  • Initialize isomorphic clerk with useRef. Avoid memoizing the singleton, instead use a reference to store it, and then destroy it. (#6024) by @panteliselef

  • Introduce internal <OAuthConsent /> component to be used internally in the machine auth OAuth flow in account portal. (#6021) by @alexcarpenter

  • Updated dependencies [d8fa5d9, be2e89c, 5644d94, b578225, 8838120]:

    • @clerk/types@4.60.0
    • @clerk/shared@3.9.6

@clerk/shared@3.9.6

Patch Changes

@clerk/themes@2.2.49

Patch Changes

@clerk/vue@1.8.7

Patch Changes

@vercel
Copy link

vercel bot commented May 29, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
clerk-js-sandbox ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jun 4, 2025 5:20pm

@pkg-pr-new
Copy link

pkg-pr-new bot commented May 29, 2025
edited
Loading

Open in StackBlitz

@clerk/agent-toolkit

npm i https://pkg.pr.new/@clerk/agent-toolkit@6031

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@6031

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@6031

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@6031

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@6031

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@6031

@clerk/elements

npm i https://pkg.pr.new/@clerk/elements@6031

@clerk/clerk-expo

npm i https://pkg.pr.new/@clerk/clerk-expo@6031

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@6031

@clerk/express

npm i https://pkg.pr.new/@clerk/express@6031

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@6031

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@6031

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@6031

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@6031

@clerk/clerk-react

npm i https://pkg.pr.new/@clerk/clerk-react@6031

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@6031

@clerk/remix

npm i https://pkg.pr.new/@clerk/remix@6031

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@6031

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@6031

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@6031

@clerk/themes

npm i https://pkg.pr.new/@clerk/themes@6031

@clerk/types

npm i https://pkg.pr.new/@clerk/types@6031

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@6031

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@6031

commit: 0f6ae17

@github-actions github-actions bot force-pushed the changeset-release/main branch from 9919b0e to e86255b Compare May 29, 2025 20:38
@github-actions github-actions bot force-pushed the changeset-release/main branch from e86255b to 798ca97 Compare May 29, 2025 21:46
@github-actions github-actions bot force-pushed the changeset-release/main branch from 798ca97 to 2f5740b Compare May 30, 2025 14:35
@github-actions github-actions bot force-pushed the changeset-release/main branch from 2f5740b to 367ac83 Compare May 30, 2025 16:31
@github-actions github-actions bot force-pushed the changeset-release/main branch from 367ac83 to aac6a14 Compare May 30, 2025 20:08
@github-actions github-actions bot force-pushed the changeset-release/main branch from aac6a14 to 3f5ed97 Compare May 30, 2025 21:38
@github-actions github-actions bot force-pushed the changeset-release/main branch from 3f5ed97 to 9d63e9e Compare May 30, 2025 22:28
@github-actions github-actions bot force-pushed the changeset-release/main branch from 9d63e9e to d9036bf Compare June 1, 2025 22:55
@github-actions github-actions bot force-pushed the changeset-release/main branch from d9036bf to a87f21a Compare June 2, 2025 01:04
@github-actions github-actions bot force-pushed the changeset-release/main branch from a87f21a to adc8019 Compare June 2, 2025 11:13
@github-actions github-actions bot force-pushed the changeset-release/main branch from 0fb937f to 9393023 Compare June 4, 2025 15:44
@wobsoriano wobsoriano closed this Jun 4, 2025
@wobsoriano wobsoriano reopened this Jun 4, 2025
@github-actions github-actions bot force-pushed the changeset-release/main branch from 9393023 to 6e0b913 Compare June 4, 2025 17:05
@panteliselef panteliselef reopened this Jun 4, 2025
@github-actions github-actions bot force-pushed the changeset-release/main branch from 6e0b913 to 0f6ae17 Compare June 4, 2025 17:19
@panteliselef panteliselef reopened this Jun 4, 2025
@panteliselef panteliselef merged commit 5f645bc into main Jun 4, 2025
38 checks passed
@panteliselef panteliselef deleted the changeset-release/main branch June 4, 2025 17:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wobsoriano wobsoriano wobsoriano approved these changes

@panteliselef panteliselef panteliselef approved these changes

Assignees

No one assigned

Labels

agent-toolkit astro backend chrome-extension clerk-js elements expo express fastify localizations nextjs nuxt react react-router remix tanstack testing themes types vue

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@clerk-cookie @wobsoriano @panteliselef