Releases: auth0/lock
v12.0.0
Lock is now built using React 18, which resolves a number of security vulnerabilities and improves performance. If you encounter any issues relating to this upgrade, please submit a bug report.
Despite the major version bump, v12 is completely API-compatible with v11.
Note: From this release onwards, we no longer publish to Bower. Those using Bower should migrate to NPM, or use the CDN.
Changed
- Upgrade to React 18 #2209 (stevehobbsdev)
- Upgrade to Webpack 5 #2213 (stevehobbsdev)
- Various dependency bumps see the full changelog
v11.35.0
Added
- Support captcha for Passwordless #2222 (robinbijlani)
Changed
- Bump dependencies to latest patch and fix typos #2210 (piwysocki)
- Add CodeQL workflow for GitHub code scanning #2197 (lgtm-com[bot])
- Use lts-browsers docker image for Circle build #2204 (piwysocki)
- homepage added to package.json #2208 (piwysocki)
- Remove FAQ reference from README #2203 (frederikprijck)
- Update okta logo #2201 (jamescgarrett)
- Update readme to match new design #2187 (ewanharris)
v12.0.0-beta.0
Changed
- Upgrade to React 18 #2209 (stevehobbsdev)
- Upgrade to Webpack 5, Jest 29, Babel 8 #2213 (stevehobbsdev)
- bump dependencies to latest patch and fix typos #2210 (piwysocki)
This PR also includes a quick tweak to .circleci/config.yml
that will allow automatic releasing to happen from the beta
branch.
Installation
Install from NPM using the beta
designator, or the version directly:
npm install auth0-lock@beta
// or
npm install [email protected]
v11.34.2
v11.34.1
Fixed
- ESD-22705 Don't pass function to ConfirmationPane unless closable is enabled #2176 (ewanharris)
Security
- ESD-22866 Disable spellcheck and autocorrect on all sensitive input fields #2178 (ewanharris)
v11.34.0
v11.33.3
v11.33.2
A patch release to include some bumped dependencies, as well as exercise a new CI pipeline through Jenkins.
Changed
- Bump qs from 6.10.5 to 6.11.0 #2147 (dependabot[bot])
- Bump shell-quote from 1.7.2 to 1.7.3 #2145 (dependabot[bot])
- Bump prettier from 2.7.0 to 2.7.1 #2144 (dependabot[bot])
v11.33.1
v11.33.0
Important
This release contains a change to how custom signup fields are processed. From this release, all HTML tags are stripped from user input into any custom signup field before being sent to Auth0 to register the user. This is a security measure to help mitigate from potential XSS attacks in signup verification emails.
If you would be affected by this change and require HTML to be specified in a custom signup field, please leave us some feedback in our issue tracker.
Changed
- ui box - div replaced by main #2114 (piwysocki)
- More complete support for custom passwordless connections #2105 (peter-isgfunds)
Fixed
- fix: initialize reset password inside componentDidMount #2111 (stevehobbsdev)
Security