v12.0.0

Lock is now built using React 18, which resolves a number of security vulnerabilities and improves performance. If you encounter any issues relating to this upgrade, please submit a bug report.

Despite the major version bump, v12 is completely API-compatible with v11.

Note: From this release onwards, we no longer publish to Bower. Those using Bower should migrate to NPM, or use the CDN.

Changed

• Upgrade to React 18 #2209 (stevehobbsdev)
• Upgrade to Webpack 5 #2213 (stevehobbsdev)
• Various dependency bumps see the full changelog

v11.35.0

Added

• Support captcha for Passwordless #2222 (robinbijlani)

Changed

• Bump dependencies to latest patch and fix typos #2210 (piwysocki)
• Add CodeQL workflow for GitHub code scanning #2197 (lgtm-com[bot])
• Use lts-browsers docker image for Circle build #2204 (piwysocki)
• homepage added to package.json #2208 (piwysocki)
• Remove FAQ reference from README #2203 (frederikprijck)
• Update okta logo #2201 (jamescgarrett)
• Update readme to match new design #2187 (ewanharris)

v12.0.0-beta.0

⚠️ This is a beta release of Lock.js v12 that includes an upgrade to React 18, and should not be used in production. If you find any issues, please submit a bug report.

Changed

• Upgrade to React 18 #2209 (stevehobbsdev)
• Upgrade to Webpack 5, Jest 29, Babel 8 #2213 (stevehobbsdev)
• bump dependencies to latest patch and fix typos #2210 (piwysocki)

---

This PR also includes a quick tweak to .circleci/config.yml that will allow automatic releasing to happen from the beta branch.

Installation

Install from NPM using the beta designator, or the version directly:

npm install auth0-lock@beta

// or

npm install [email protected]

v11.34.2

Fixed

• SDK-3657 Render sign up confirmation before sign in #2180 (ewanharris)

v11.34.1

Fixed

• ESD-22705 Don't pass function to ConfirmationPane unless closable is enabled #2176 (ewanharris)

Security

• ESD-22866 Disable spellcheck and autocorrect on all sensitive input fields #2178 (ewanharris)

v11.34.0

Added

• FDR-297: Adding okta for enterprise #2172 (jamescgarrett)

v11.33.3

Added

• IAMRISK-1725 Add password_leaked error label for Signup #2160 (robinbijlani)

v11.33.2

A patch release to include some bumped dependencies, as well as exercise a new CI pipeline through Jenkins.

Changed

• Bump qs from 6.10.5 to 6.11.0 #2147 (dependabot[bot])
• Bump shell-quote from 1.7.2 to 1.7.3 #2145 (dependabot[bot])
• Bump prettier from 2.7.0 to 2.7.1 #2144 (dependabot[bot])

v11.33.1

Fixed

• Move captcha pane below additional signup fields in UI #2135 (stevehobbsdev)

Security

• [Snyk] Upgrade dompurify from 2.3.6 to 2.3.7 #2132 (snyk-bot)

v11.33.0

Important

This release contains a change to how custom signup fields are processed. From this release, all HTML tags are stripped from user input into any custom signup field before being sent to Auth0 to register the user. This is a security measure to help mitigate from potential XSS attacks in signup verification emails.

If you would be affected by this change and require HTML to be specified in a custom signup field, please leave us some feedback in our issue tracker.

Changed

• ui box - div replaced by main #2114 (piwysocki)
• More complete support for custom passwordless connections #2105 (peter-isgfunds)

Fixed

• fix: initialize reset password inside componentDidMount #2111 (stevehobbsdev)

Security

• [Snyk] Upgrade dompurify from 2.3.4 to 2.3.5 #2101 (snyk-bot)