fix(deps): update dependency @clerk/clerk-js to v5

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@clerk/clerk-js (source)	^4.54.2 -> ^5.0.0

---

Release Notes

clerk/javascript (@​clerk/clerk-js)

v5.31.2

Compare Source

Patch Changes

• Re-init window.Clerk options when ClerkProvider props change in @clerk/clerk-react (#​4498) by @​nikosdouvlis

v5.31.1

Compare Source

Patch Changes

• Fix an issue where protocol relative URLs were not properly detected as non-relative. (#​4483) by @​BRKalow

• Updated dependencies [8a04ae47b8305f994b348301fd8134d5baf02943]:

  • @​clerk/shared@​2.11.5

v5.31.0

Compare Source

Minor Changes

• New Feature: Introduce the <Waitlist /> component and the waitlist sign up mode. (#​4376) by @​nikospapcom

  • Allow users to request access with an email address via the new <Waitlist /> component.
  • Show Join waitlist prompt from <SignIn /> component when mode is waitlist.
  • Appropriate the text in the Sign Up component when mode is waitlist.
  • Added joinWaitlist() method in Clerk singleton.
  • Added redirectToWaitlist() method in Clerk singleton to allow user to redirect to waitlist page.

Patch Changes

• Expose internal __internal_getOption method from Clerk. (#​4456) by @​alexcarpenter

• Updated dependencies [d74a6a7c0f291104c6bba722a8c432814d7b336e, 1a0c8fe665869e732d3c800bde0f5219fce54301, 0800fc3f1f4e1b6a1d13f5c02557001a283af6e8]:

  • @​clerk/localizations@​3.5.0
  • @​clerk/types@​4.30.0
  • @​clerk/shared@​2.11.4

v5.30.3

Compare Source

Patch Changes

• clerk-js is now built with Rspack instead of Webpack. This is an internal tooling change that shouldn't affect consumers. by @​nikosdouvlis

• Refactor imports from @​clerk/shared to improve treeshaking support by @​nikosdouvlis

• Updated dependencies [a7726cc12a824b278f6d2a37cb1901c38c5f70dc, a7726cc12a824b278f6d2a37cb1901c38c5f70dc]:

  • @​clerk/shared@​2.11.3
  • @​clerk/localizations@​3.4.4

v5.30.2

Compare Source

v5.30.1

Compare Source

v5.30.0

Compare Source

Minor Changes

• • Introduce redirectUrl property on setActive as a replacement for beforeEmit. (#​4312) by @​issuedat

  • Deprecates beforeEmit property on setActive.

Patch Changes

• Experimental: asStandalone now accepts a callback that notifies if the standalone popover needs to unmount. (#​4423) by @​panteliselef

• Improve checkbox label alignment to account for wrapping labels. (#​4426) by @​alexcarpenter

• Remove unused fitTextInOneLine and textWidthForCurrentSize (#​4407) by @​zythosec

• Chore: Replace beforeEmit with an explicit call after setActive, inside the experimental UserVerification. (#​4362) by @​panteliselef

• • Changed __experimental_legalAccepted checkbox Indicator element descriptor and element id (#​4427) by @​octoper

  • Changed __experimental_legalAccepted checkbox Label element descriptor and element id

  • Added two new element descriptors formFieldCheckboxInput, formFieldCheckboxLabel.

• Updated dependencies [f875463da, 5be7ca9fd, c2f5071be, 08c5a2add, ae0621972, cd2189ac8, 159877be0, 434b432f8]:

  • @​clerk/types@​4.29.0
  • @​clerk/localizations@​3.4.1
  • @​clerk/shared@​2.11.0

v5.29.1

Compare Source

Patch Changes

• Move @clerk/ui to devDependencies (#​4399) by @​dstaley

• Show an error on <UserProfile /> if the Web3 wallet is already claimed. (#​4389) by @​EmmanouelaPothitou

• Fix for legal consent rendered on the component when only social sign up is enabled (#​4403) by @​octoper

v5.29.0

Compare Source

Minor Changes

• Adding experimental support for legal consent for <SignUp/> component (#​4337) by @​octoper

Patch Changes

• Updated dependencies [3fdcdbf88, f9d53fe34]:
  • @​clerk/localizations@​3.4.0
  • @​clerk/types@​4.28.0
  • @​clerk/ui@​0.1.10
  • @​clerk/shared@​2.10.1

v5.28.0

Compare Source

Minor Changes

• Add experimental support for new UI components (#​4114) by @​BRKalow

Patch Changes

• Bug fix: Always receive a new session verification object when UserVerification component mounts. (#​4359) by @​panteliselef

• Updated dependencies [3b50b67bd, 3b50b67bd]:

  • @​clerk/shared@​2.10.0
  • @​clerk/types@​4.27.0
  • @​clerk/localizations@​3.3.1

v5.27.0

Compare Source

Minor Changes

• Drop maxAgeMinutes from __experimental_startVerification. (#​4338) by @​panteliselef

  Drop types __experimental_SessionVerificationConfig and __experimental_SessionVerificationMaxAgeMinutes.

• The "Restricted access" screen has been improved for visual consistency and the ability to contact support. The displayed texts have been made more clear and the sign-in button has been moved to the bottom. (#​4335) by @​nikospapcom

• Add experimental standalone mode for <UserButton /> and <OrganizationSwitcher />. (#​4042) by @​panteliselef

  When __experimental_asStandalone: true the component will not render its trigger, and instead it will render only the contents of the popover in place.

  APIs that changed:

  • (For internal usage) Added __experimental_prefetchOrganizationSwitcher as a way to mount an internal component that will render the useOrganizationList() hook and prefetch the necessary data for the popover of <OrganizationSwitcher />. This enhances the UX since no loading state will be visible and keeps CLS to the minimum.
  • New property for mountOrganizationSwitcher(node, { __experimental_asStandalone: true })
  • New property for mountUserButton(node, { __experimental_asStandalone: true })

• Use EIP-4361 message spec for Web3 wallets sign in signature requests (#​4334) by @​chanioxaris

Patch Changes

• Retry with exponential backoff if loadScript fails to load the script (#​4349) by @​nikosdouvlis

• Add the ?render=explicit query parameter to the Turnstile script. (#​4332) by @​anagstef

• Updated dependencies [e81d45b72, 752ce9bfa, 0a9bf8ef4, 99cdf9b67, ce40ff6f0, 2102052c0]:

  • @​clerk/types@​4.26.0
  • @​clerk/shared@​2.9.2
  • @​clerk/localizations@​3.3.0

v5.26.5

Compare Source

Patch Changes

• Only retry the OAuth flow if the captcha check failed. (#​4329) by @​nikosdouvlis

• Improve bot detection by loading the Turnstile SDK directly from CloudFlare. (#​4321) by @​anagstef

  If loading fails due to CSP rules, load it through FAPI instead.

• Bypass captcha for providers dynamically provided in environment (#​4322) by @​nikosdouvlis

• Updated dependencies [d64e54c40, 2ba2fd148]:

  • @​clerk/shared@​2.9.1
  • @​clerk/types@​4.25.1
  • @​clerk/localizations@​3.2.1

v5.26.4

Compare Source

Patch Changes

• Correctly handle malformed or protocol-relative URLs before navigating to cross-origin URLs (#​4317) by @​nikosdouvlis

v5.26.3

Compare Source

Patch Changes

• Update OrganizationSwitcher popover action to include label (#​4304) by @​LauraBeatris

v5.26.2

Compare Source

Patch Changes

• Handle gracefully Coinbase Wallet use of existing Passkey (#​4302) by @​chanioxaris

• Updates webpack to address CVE-2024-43788. (#​4287) by @​dependabot

• Updated dependencies [e29a8061d, 00a9ddb5b]:

  • @​clerk/localizations@​3.2.0

v5.26.1

Compare Source

Patch Changes

• Enable "Send invitation" button when default role is loaded (#​4281) by @​LauraBeatris

v5.26.0

Compare Source

Minor Changes

• Rename __experimental_assurance to __experimental_reverification. (#​4268) by @​panteliselef

  • Supported levels are now are firstFactor, secondFactor, multiFactor.
  • Support maxAge is now replaced by maxAgeMinutes and afterMinutes depending on usage.
  • Introduced ____experimental_SessionVerificationTypes that abstracts away the level and maxAge
    • Allowed values 'veryStrict' | 'strict' | 'moderate' | 'lax'

Patch Changes

• Updated dependencies [fb932e5cf]:
  • @​clerk/shared@​2.9.0
  • @​clerk/types@​4.25.0
  • @​clerk/localizations@​3.1.2

v5.24.1

Compare Source

Patch Changes

• Maintain focus on password input after error during sign in flow. (#​4240) by @​alexcarpenter

v5.24.0

Compare Source

Minor Changes

• Handle sign_up_mode_restricted error encountered in an oauth flow (#​4232) by @​nikospapcom

• Render "Restricted access" screen in <SignUp /> component when signup.mode in userSettings is restricted (#​4220) by @​nikospapcom

Patch Changes

• Correctly pass defaultOpen prop to OrganizationSwitcher popover instance. (#​4233) by @​alexcarpenter

• Conditionally renders identification sections on UserProfile based on the SAML connection configuration for disabling additional identifiers. (#​4211) by @​NicolasLopes7

• Updated dependencies [4749ed4c5, f1f17eaab, 2e35ac538]:

  • @​clerk/types@​4.23.0
  • @​clerk/localizations@​3.1.0
  • @​clerk/shared@​2.8.4

v5.23.0

Compare Source

Minor Changes

• Hide sign up url from <SignIn /> component when mode is restricted (#​4206) by @​nikospapcom

Patch Changes

• Handle gracefully Coinbase Wallet initial configuration (#​4218) by @​chanioxaris

• Supports default role on OrganizationProfile invitations. When inviting a member, the default role will be automatically selected, otherwise it falls back to the only available role. (#​4210) by @​LauraBeatris

• Add type for __internal_country (#​4215) by @​dstaley

• Updated dependencies [c9063853e, 19d3808d4, 737bcbb0f]:

  • @​clerk/types@​4.22.0
  • @​clerk/localizations@​3.0.6
  • @​clerk/shared@​2.8.3

v5.22.4

Compare Source

Patch Changes

• Fix UserProfile and OrganizationProfile wrong padding on footer for small screens when Development notice is enabled (#​4191) by @​octoper

• Internal change to move iconImageUrl util to shared package. (#​4188) by @​alexcarpenter

• Only render the Sign out of all accounts action within <UserButton /> when there are multiple sessions. (#​4200) by @​alexcarpenter

• Updated dependencies [cb32aaf59, 2e5c550e4, 6275c242c, f9faaf031]:

  • @​clerk/shared@​2.8.2
  • @​clerk/types@​4.21.1
  • @​clerk/localizations@​3.0.5

v5.22.3

Compare Source

Patch Changes

• Restore behavior of MetaMask compatible Web3 wallets. Before, even if a user didn't use the MetaMask browser extension but a compatible one, such as Rabby Wallet, it was possible to use it as they share the same API to authenticate themselves. This behavior stopped working when we added support for EIP6963 regarding handling multiple injected providers. This commit restores the previous behavior by using the existing injected provider if there is a single one (#​4185) by @​chanioxaris

• Updated dependencies [5dde18f6b]:

  • @​clerk/localizations@​3.0.4

v5.22.2

Compare Source

Patch Changes

• Add color to phone input select options to fix rendering within dark and shadesOfPurple themes. (#​4176) by @​alexcarpenter

• Updated dependencies [3743eb911]:

  • @​clerk/shared@​2.8.1

v5.22.1

Compare Source

Patch Changes

• Updated dependencies [2d8e6e9d0, bcc5eba39]:
  • @​clerk/localizations@​3.0.3

v5.22.0

Compare Source

Minor Changes

• Experimental support for has() with assurance. (#​4118) by @​panteliselef

  Example usage:

  has({
    __experimental_assurance: {
      level: "L2.secondFactor",
      maxAge: "A1.10min",
    },
  });

  Created a shared utility called createCheckAuthorization exported from @clerk/shared

Patch Changes

• Moves fastDeepMerge utils to @clerk/shared package. (#​4056) by @​alexcarpenter

• Adds translation keys for error messages from the organizations API. (#​4123) by @​LauraBeatris

• Updated dependencies [23b850f5f, ace56babd, ba19be354, 248142a6d, 1189f71f8, de1ba10b4]:

  • @​clerk/localizations@​3.0.2
  • @​clerk/shared@​2.8.0
  • @​clerk/types@​4.21.0

v5.21.2

Compare Source

Patch Changes

• Updated dependencies [be3b119f8]:
  • @​clerk/shared@​2.7.2

v5.21.1

Compare Source

Patch Changes

• Update type of __experimental_factorVerificationAge to be [number, number] | null. (#​4135) by @​panteliselef

• Updated dependencies [8c6909d46]:

  • @​clerk/types@​4.20.1
  • @​clerk/localizations@​3.0.1
  • @​clerk/shared@​2.7.1

v5.21.0

Compare Source

Minor Changes

• Experimental support: Expect a new sessionClaim called fva that tracks the age of verified factor groups. (#​4061) by @​panteliselef

Server side

This can be applied to any helper that returns the auth object

Nextjs example

auth().__experimental_factorVerificationAge;

Client side

React example

const { session } = useSession();
session?.__experimental_factorVerificationAge;

Patch Changes

• Fix bug where session.getToken() was reading a stale organization ID. (#​4112) by @​BRKalow

• Drop support for deprecated Coinbase Web3 provider (#​4092) by @​chanioxaris

• Ensure we don't access window.addEventListener() and window.dispatchEvent in non-browser environments. (#​4095) by @​wobsoriano

• Support phone_code as first factor for the experimental UserVerification component. (#​4085) by @​panteliselef

• Updated dependencies [c63a5adf0, 8823c21a2, 95ac67a14, a0cb062fa, 746b4ed5e, feb9e14d4]:

  • @​clerk/types@​4.20.0
  • @​clerk/shared@​2.7.0
  • @​clerk/localizations@​3.0.0

v5.20.0

Compare Source

Minor Changes

• Add support for the Coinbase Wallet web3 provider and authentication strategy. The Coinbase Wallet provider handles both Coinbase Wallet extension and Smart Wallet (#​4082) by @​chanioxaris

• Experimental: Persist the Clerk client after signing out a user. (#​3941) by @​panteliselef

  This allows for matching a user's device with a client. To try out this new feature, enable it in your <ClerkProvider /> or clerk.load() call.

  // React
  <ClerkProvider experimental={{ persistClient: true }} />;
  
  // Vanilla JS
  await clerk.load({ experimental: { persistClient: true } });

Patch Changes

• Updated dependencies [8a3b9f079, e95c28196]:
  • @​clerk/types@​4.19.0
  • @​clerk/localizations@​2.8.1
  • @​clerk/shared@​2.6.2

v5.19.0

Compare Source

Minor Changes

• Add new UserVerification component (experimental feature). This UI component allows for a user to "re-enter" their credentials (first factor and/or second factor) which results in them being re-verified. (#​4016) by @​panteliselef

  New methods have been added:

  • __experimental_openUserVerification()
  • __experimental_closeUserVerification()
  • __experimental_mountUserVerification(targetNode: HTMLDivElement)
  • __experimental_unmountUserVerification(targetNode: HTMLDivElement)

• Move SessionVerification methods from UserResource to SessionResource: (#​4073) by @​panteliselef

  • user.__experimental_verifySession -> session.__experimental_startVerification
  • user.__experimental_verifySessionPrepareFirstFactor -> session.__experimental_prepareFirstFactorVerification
  • user.__experimental_verifySessionAttemptFirstFactor -> session.__experimental_attemptFirstFactorVerification
  • user.__experimental_verifySessionPrepareSecondFactor -> session.__experimental_prepareSecondFactorVerification
  • user.__experimental_verifySessionAttemptSecondFactor -> session.__experimental_attemptSecondFactorVerification

Patch Changes

• Bug fix: Use the EIP-6963 standard to get a Web3 provider when more than one provider is injected. (#​4059) by @​EmmanouelaPothitou

• chore(clerk-js): Display shortened web3 wallet address on user profile (#​4074) by @​EmmanouelaPothitou

• chore(clerk-js): Add 'Unverified' or 'Primary' tag next to the Web3 wallet address on the user profile. (#​4077) by @​EmmanouelaPothitou

• Updated dependencies [afad9af89, 82593173a, afad9af89]:

  • @​clerk/localizations@​2.8.0
  • @​clerk/types@​4.18.0
  • @​clerk/shared@​2.6.1

v5.18.0

Compare Source

Minor Changes

• Add support for Coinbase Wallet strategy during sign in/up flows. Users can now authenticate using their Coinbase Wallet browser extension in the same way as MetaMask (#​4052) by @​chanioxaris

Patch Changes

• Tidy up and improve README (#​4053) by @​LekoArts

• Updated dependencies [58e6754ad, 13693018f, 3aa63dc5a, 3304dcc0b]:

  • @​clerk/localizations@​2.7.1
  • @​clerk/types@​4.17.0
  • @​clerk/shared@​2.6.0

v5.17.0

Compare Source

Minor Changes

• Support connecting Coinbase Wallet via (#​4030) by @​chanioxaris

Patch Changes

• Fix 404s after signing out in NextJS apps by keeping the session cookie while cache is being invalidated (#​4001) by @​nikosdouvlis

• Updated dependencies [7ca43acae, c1389492d]:

  • @​clerk/localizations@​2.7.0
  • @​clerk/types@​4.16.0
  • @​clerk/shared@​2.5.5

v5.16.1

Compare Source

Patch Changes

• Remove sessionId parameter from all experimental verify session methods. (#​4026) by @​panteliselef

• Introduce Coinbase Wallet Web3 provider types (#​4028) by @​chanioxaris

• Change the webpackChunkName of GoogleOneTap from "oneTap" to "onetap" for consistency. (#​4036) by @​panteliselef

• Fixes issue where createFlexGapPropertyIosCompat was incorrectly detecting a modern Chrome for iOS user agent. (#​4034) by @​alexcarpenter

• Introduce support for the Hugging Face OAuth Provider. (#​4021) by @​Nikpolik

• Updated dependencies [0158c774a, 8be1a7abc]:

  • @​clerk/types@​4.15.1
  • @​clerk/localizations@​2.6.3
  • @​clerk/shared@​2.5.4

v5.16.0

Compare Source

Minor Changes

• Expose SessionVerification as an experimental resource. (#​4011) by @​panteliselef

  Update UserResource with 5 new experimental methods:

  • experimental_verifySession for creating a new SessionVerification record and initiating a new flow.
  • experimental_verifySessionPrepareFirstFactor for preparing a supported first factor like phone_code
  • experimental_verifySessionAttemptFirstFactor for attempting a supported first factor like password
  • experimental_verifySessionPrepareSecondFactor for preparing a supported second factor like phone_code
  • experimental_verifySessionAttemptSecondFactor for attempting a supported second factor like totp

• Fixes a bug where multiple tabs with different active organizations would not always respect the selected organization. Going forward, when a tab is focused the active organization will immediately be updated to the tab's last active organization. (#​3786) by @​BRKalow

  Additionally, Clerk.session.getToken() now accepts an organizationId option. The provided organization ID will be used to set organization-related claims in the generated session token.

Patch Changes

• • Fixes an issue in Connected Accounts menu that was related to Custom OAuth Providers: (#​4014) by @​nikospapcom

  • Resolves undefined properties error that occurred when a Custom OAuth Provider was enabled but authenticatable was set to false.

• Fix issue where MFA two-factor UI was incorrectly rendering set default action in SMS code when TOTP strategy was defined. (#​4003) by @​alexcarpenter

• Updated dependencies [247b3fd75]:

  • @​clerk/types@​4.15.0
  • @​clerk/localizations@​2.6.2
  • @​clerk/shared@​2.5.3

v5.15.1

Compare Source

Patch Changes

• Improve the Smart CAPTCHA widget console error. (#​3989) by @​agis

• Updated dependencies [c81785972, 05198fd17, 5818ca8bd]:

  • @​clerk/localizations@​2.6.1

v5.15.0

Compare Source

Minor Changes

• Inject windowNavigate through router functions. (#​3922) by @​panteliselef

Patch Changes

• Fixes an issue where the application logo would render smaller then intended (#​3959) by @​alexcarpenter

• Updated dependencies [77cdf7611, 3de0a1b7e, ec6bfb5b1, dc0e1c33d, e5491facc, 072667043]:

  • @​clerk/localizations@​2.6.0
  • @​clerk/types@​4.14.0
  • @​clerk/shared@​2.5.2

v5.14.1

Compare Source

Patch Changes

• Add development mode warning in the browser console when load() happens. Companion PR for Add dev mode warning to components. (#​3930) by @​LekoArts

• Fix unresponsive behavior when clicking placeholder logo in the <CreateOrganization /> component (#​3921) by @​wobsoriano

• In certain situations the Frontend API response contains supported_first_factors with a null value while the current code always assumed to receive an array. SignInResource['supportedFirstFactors'] has been updated to account for that and any code accessing this value has been made more resilient against null values. (#​3938) by @​dstaley

• Updated dependencies [7e0ced3da, b6f0613dc]:

  • @​clerk/shared@​2.5.1
  • @​clerk/types@​4.13.1
  • @​clerk/localizations@​2.5.8

v5.14.0

Compare Source

Minor Changes

• Add a nonce to clerk-js' script loading options. Also adds a nonce prop to ClerkProvider. This can be used to thread a nonce value through to the clerk-js script load to support apps using a strict-dynamic content security policy. For next.js applications, the nonce will be automatically pulled from the CSP header and threaded through without needing any props so long as the provider is server-rendered. (#​3858) by @​jescalan

• Introduce transferable prop for <SignIn /> to disable the automatic transfer of a sign in attempt to a sign up attempt when attempting to sign in with a social provider when the account does not exist. Also adds a transferable option to Clerk.handleRedirectCallback() with the same functionality. (#​3845) by @​BRKalow

Patch Changes

• Updated dependencies [59d5f19d3, 4e6c94e3f]:
  • @​clerk/shared@​2.5.0
  • @​clerk/types@​4.13.0
  • @​clerk/localizations@​2.5.7

v5.13.2

Compare Source

Patch Changes

• Add option to hide the slug field in the <CreateOrganization />, <OrganizationSwitcher />, and <OrganizationList /> components (#​3882) by @​wobsoriano

• Updated dependencies [9b2aeacb3]:

  • @​clerk/types@​4.12.1
  • @​clerk/localizations@​2.5.6
  • @​clerk/shared@​2.4.5

v5.13.1

Compare Source

Patch Changes

• Fix missing horizonatal padding when page urls are used within <UserButton />. (#​3903) by @​alexcarpenter

v5.13.0

Compare Source

Minor Changes

• Add createOrganizationsLimit param in @clerk/backend method User.updateUser() (#​3823) by @​NicolasLopes7

  Example:

      import { createClerkClient }  from '@​clerk/backend';
  
      const clerkClient = createClerkClient({...});
      // Update user with createOrganizationsLimit equals 10
      await clerkClient.users.updateUser('user_...', { createOrganizationsLimit: 10 })
  
      // Remove createOrganizationsLimit
      await clerkClient.users.updateUser('user_...', { createOrganizationsLimit: 0 })

Patch Changes

• Updated dependencies [7e94fcf0f]:
  • @​clerk/types@​4.12.0
  • @​clerk/localizations@​2.5.5
  • @​clerk/shared@​2.4.4

v5.12.0

[Compare Source](https://redirect.github.

---

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - "after 9am and before 5pm Monday" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.