auth0-lock - npm Package Versions

v12.0.0 (2023-01-20)

Full Changelog

Lock is now built using React 18, which resolves a number of security vulnerabilities and improves performance. If you encounter any issues relating to this upgrade, please submit a bug report.

Despite the major version bump, v12 is completely API-compatible with v11.

Changed

• Upgrade to React 18 #2209 (stevehobbsdev)
• Upgrade to Webpack 5 #2213 (stevehobbsdev)
• Various dependency bumps see the full changelog

v11.35.0 (2022-12-19)

Full Changelog

Added

• Support captcha for Passwordless #2222 (robinbijlani)

Changed

• Bump dependencies to latest patch and fix typos #2210 (piwysocki)
• Add CodeQL workflow for GitHub code scanning #2197 (lgtm-com[bot])
• Use lts-browsers docker image for Circle build #2204 (piwysocki)
• homepage added to package.json #2208 (piwysocki)
• Remove FAQ reference from README #2203 (frederikprijck)
• Update okta logo #2201 (jamescgarrett)
• Update readme to match new design #2187 (ewanharris)

v12.0.0-beta.0 (2022-12-08)

Full Changelog

:warning: This is a beta release of Lock.js v12 that includes an upgrade to React 18, and should not be used in production. If you find any issues, please submit a bug report.

Changed

• Upgrade to React 18 #2209 (stevehobbsdev)
• Upgrade to Webpack 5, Jest 29, Babel 8 #2213 (stevehobbsdev)
• bump dependencies to latest patch and fix typos #2210 (piwysocki)

v11.34.2 (2022-10-10)

Full Changelog

Fixed

• [SDK-3657] Render sign up confirmation before sign in #2180 (ewanharris)

v11.34.1 (2022-09-29)

Full Changelog

Fixed

• [ESD-22705] Don't pass function to ConfirmationPane unless closable is enabled #2176 (ewanharris)

Security

• [ESD-22866] Disable spellcheck and autocorrect on all sensitive input fields #2178 (ewanharris)

v11.34.0 (2022-09-14)

Full Changelog

Added

• FDR-297: Adding okta for enterprise #2172 (jamescgarrett)

v11.33.3 (2022-08-16)

Full Changelog

Added

• IAMRISK-1725 Add password_leaked error label for Signup #2160 (robinbijlani)

v11.33.2 (2022-06-29)

Full Changelog

Changed

• Bump qs from 6.10.5 to 6.11.0 #2147 (dependabot[bot])
• Bump shell-quote from 1.7.2 to 1.7.3 #2145 (dependabot[bot])
• Bump prettier from 2.7.0 to 2.7.1 #2144 (dependabot[bot])

v11.33.1 (2022-06-14)

Full Changelog

Fixed

• Move captcha pane below additional signup fields in UI #2135 (stevehobbsdev)

Security

• [Snyk] Upgrade dompurify from 2.3.6 to 2.3.7 #2132 (snyk-bot)

v11.33.0 (2022-05-05)

Full Changelog

Important

This release contains a change to how custom signup fields are processed. From this release, all HTML tags are stripped from user input into any custom signup field before being sent to Auth0 to register the user. This is a security measure to help mitigate from potential XSS attacks in signup verification emails.

If you would be affected by this change and require HTML to be specified in a custom signup field, please leave us some feedback in our issue tracker.

Changed

• ui box - div replaced by main #2114 (piwysocki)
• More complete support for custom passwordless connections #2105 (peter-isgfunds)

Fixed

• fix: initialize reset password inside componentDidMount #2111 (stevehobbsdev)

Security

• [Snyk] Upgrade dompurify from 2.3.4 to 2.3.5 #2101 (snyk-bot)