fix(deps): update dependency @clerk/clerk-js to v5

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@clerk/clerk-js (source)	^4.54.2 → ^5.0.0

---

Release Notes

clerk/javascript (@​clerk/clerk-js)

v5.125.7

Compare Source

Patch Changes

• Add optional intent parameter to session.touch() to indicate why the touch was triggered (focus, session switch, or org switch). This enables the backend to skip expensive client piggybacking for focus-only touches. (#​8135) by @​nikosdouvlis

• Updated dependencies [e5f213f]:

  • @​clerk/shared@​3.47.3
  • @​clerk/localizations@​3.37.3

v5.125.6

Compare Source

Patch Changes

• Fix issue where "Manage Subscription" button appeared on default free plans. (#​8116) by @​dstaley

v5.125.5

Compare Source

Patch Changes

• Fix issue where free plans had a monthly/annual toggle. (#​8031) by @​dstaley

v5.125.4

Compare Source

Patch Changes

• Fix a crash in the Turnstile CAPTCHA retry logic where captcha.reset() was called after the widget's DOM container had already been removed, causing an unhandled error (#​7957) by @​tmilewski

v5.125.3

Compare Source

Patch Changes

• Add debug logging to detect session token swaps in multi-session scenarios (#​7945) by @​jacekradko

• Remove CHIPS build variant and use partitioned_cookies environment flag from the Clerk API to control partitioned cookie behavior at runtime. (#​7946) by @​brkalow

• Updated dependencies [7955e9d]:

  • @​clerk/shared@​3.47.2
  • @​clerk/localizations@​3.37.2

v5.125.2

Compare Source

Patch Changes

• Don't display impersonation for agents (#​7934) by @​tmilewski

• Updated dependencies [8a0c404]:

  • @​clerk/shared@​3.47.1
  • @​clerk/localizations@​3.37.1

v5.125.1

Compare Source

Patch Changes

• Fix "You must belong to an organization" screen showing after accepting an organization invitation (#​7921) by @​LauraBeatris

v5.125.0

Compare Source

Minor Changes

• Add support for displaying proration and account credits on payment attempts and statements. (#​7885) by @​dstaley

Patch Changes

• Updated dependencies [c00c524]:
  • @​clerk/localizations@​3.37.0
  • @​clerk/shared@​3.47.0

v5.124.0

Compare Source

Minor Changes

• Introduces MFA setup session task for handling require MFA after sign-in and sign-up (#​7851) by @​octoper

• Add support for account credits in checkout. (#​7870) by @​dstaley

Patch Changes

• Fix __client_uat cookie being set on two different domain scopes when app is loaded in both iframe and non-iframe contexts. getCookieDomain() now falls back to hostname instead of undefined when the eTLD+1 probe fails, and the eTLD+1 probe uses the same SameSite/Secure attributes as the actual cookie to ensure consistent behavior across contexts. (#​7882) by @​brkalow

• Fix BaseRouter state not syncing after popup OAuth by observing pushState/replaceState changes in addition to popstate (#​7863) by @​brkalow

• Updated dependencies [71bd53c, 935f780]:

  • @​clerk/localizations@​3.36.0
  • @​clerk/shared@​3.46.0

v5.123.1

Compare Source

Patch Changes

• Set SameSite=None on cookies for .replit.dev origins and consolidate third-party domain list (#​7864) by @​brkalow

• fix(clerk-js): Handle missing window.location in React Native navigation (#​7854) by @​SarahSoutoul

• Updated dependencies [b17e4bb]:

  • @​clerk/shared@​3.45.1
  • @​clerk/localizations@​3.35.5

v5.123.0

Compare Source

Minor Changes

• Add username field into PublicUserData object. (#​7837) by @​Jibaru

• Add providerUserId field to ExternalAccount resource as the preferred way to access the unique user ID from the OAuth provider. The existing externalId field is now deprecated in favor of providerUserId for better clarity and consistency across the API. (#​7778) by @​Jibaru

Patch Changes

• Updates Keyless Prompt content. (#​7798) by @​alexcarpenter

• Disable ConsoleTransport for debug logger by default (#​7786) by @​jacekradko

• Fixed an issue where primary identifier shows undefined when signing in with phone number only (#​7797) by @​wobsoriano

• Fix infinite loading spinner when navigating to factor-two sign-in route without an active 2FA session (#​7787) by @​nikosdouvlis

• Display message for user_deactivated error code on SignIn and SignUp (#​7811) by @​LauraBeatris

• Removed redundant beforeunload event listener from SafeLock that was disabling the browser's back-forward cache (bfcache), degrading navigation performance. (#​7818) by @​wobsoriano

• Updated dependencies [35bcbd1]:

  • @​clerk/shared@​3.45.0
  • @​clerk/localizations@​3.35.4

v5.122.1

Compare Source

Patch Changes

• Improve captcha error diagnostics (#​7768) by @​jacekradko

v5.122.0

Compare Source

Minor Changes

• Export useOrganizationCreationDefaults hook to fetch suggested organization name and logo from default naming rules (#​7690) by @​LauraBeatris

Patch Changes

• Updated dependencies [64a35f7, 71b20f1, aebb8df, 71b20f1]:
  • @​clerk/shared@​3.44.0
  • @​clerk/localizations@​3.35.3

v5.121.1

Compare Source

Patch Changes

• fix: Ensure unsafeMetadata is passed with Sign Up Ticket flow (#​7657) by @​tmilewski

• Updates keyless prompt content. (#​7636) by @​alexcarpenter

• Fix unsafeMetadata being lost when users are transferred between sign-in and sign-up flows during OAuth/SSO authentication (#​7647) by @​tmilewski

• Updated dependencies [b7a4e1e]:

  • @​clerk/shared@​3.43.2
  • @​clerk/localizations@​3.35.2

v5.121.0

Compare Source

Minor Changes

• Handle offline_access scope in OAuth consent screen by filtering it from the displayed scopes list (as it describes access duration rather than what can be accessed) and appending informational text about staying signed in when the scope is present. (#​7631) by @​jfoshee

Patch Changes

• Fix TaskChooseOrganization to complete organization activation when logo upload fails (#​7635) by @​LauraBeatris

• Updated dependencies [c650a04, e995cc3]:

  • @​clerk/localizations@​3.35.1
  • @​clerk/shared@​3.43.1

v5.120.0

Compare Source

Minor Changes

• Surface organization creation defaults with prefilled form fields and advisory warnings (#​7603) by @​LauraBeatris

Patch Changes

• Fix redirect conflicts when SignIn and SignUp components are used together on the same page. Added missing dependency arrays to useEffect hooks in redirect functions to prevent unwanted redirects during other component flows. (#​7614) by @​jacekradko

• Remove opacity from Select placeholder (#​7575) by @​LauraBeatris

• Display actual organization membership name in in-app enable organization prompt success message (#​7582) by @​LauraBeatris

• Updated dependencies [271ddeb]:

  • @​clerk/localizations@​3.35.0
  • @​clerk/shared@​3.43.0

v5.119.1

Compare Source

Patch Changes

• Fix role select being disabled on OrganizationProfile invite members page when default role is not in roles list (#​7569) by @​LauraBeatris

v5.119.0

Compare Source

Minor Changes

• Fix "You must belong to an organization" screen showing when user has existing memberships, invitations or suggestions (#​7557) by @​LauraBeatris

• When password is enabled at the instance level, but not required allow users to add a password in the user profile. (#​7549) by @​austincalvelage

Patch Changes

• Updated dependencies [c4dbcf7]:
  • @​clerk/localizations@​3.34.0

v5.118.0

Compare Source

Minor Changes

• Disable role selection in OrganizationProfile during role set migration (#​7541) by @​LauraBeatris

Patch Changes

• Add data-variant and data-color attributes to the Text component. (#​7535) by @​alexcarpenter

• Updated dependencies [a4e6932]:

  • @​clerk/localizations@​3.33.0
  • @​clerk/shared@​3.42.0

v5.117.0

Compare Source

Minor Changes

• Improves resilience by keeping users logged in when Clerk's origin is temporarily unavailable using edge-based token generation (#​7516) by @​bratsos

Patch Changes

• Updated dependencies [03dd374]:
  • @​clerk/shared@​3.41.1
  • @​clerk/localizations@​3.32.1

v5.116.0

Compare Source

Minor Changes

• Display message in TaskChooseOrganization when user is not allowed to create organizations (#​7502) by @​LauraBeatris

Patch Changes

• Fix Web3 connection error handling in <UserProfile /> (#​7489) by @​kduprey

• Add missing selected and hover states to RolesListItem option. (#​7497) by @​alexcarpenter

• Introduce radio group for EnableOrganizationsPrompt (#​7501) by @​LauraBeatris

• Updated dependencies [79eb5af, 54cd476, b3b02b4, 7b3024a, 2cd4da9]:

  • @​clerk/shared@​3.41.0
  • @​clerk/localizations@​3.32.0

v5.115.0

Compare Source

Minor Changes

• Add Web3 Solana support to <UserProfile /> (#​7435) by @​kduprey

• Add support for Sign in with Solana. (#​7293) by @​kduprey

Patch Changes

• Fix navigation that was not awaited when attempting to set the session active on password sign-in (#​7459) by @​octoper

• Updated dependencies [375a32d, 175883b, f626046, a2cc94e, 14342d2]:

  • @​clerk/localizations@​3.31.0
  • @​clerk/shared@​3.40.0

v5.114.1

Compare Source

Patch Changes

• Updated dependencies [893d3e4]:
  • @​clerk/localizations@​3.30.1

v5.114.0

Compare Source

Minor Changes

• Add a subtitle on the Reset password session task screen (#​7392) by @​octoper

Patch Changes

• Improve error handling for invalid avatar file uploads. Previously, avatar images which exceeded the max file size limit of 10MB did not return an error within the Avatar upload component so the user was unaware why their upload did not work. (#​7357) by @​jigar-clerk

• Country code updates: Aland Islands, Ascension Island, Kosovo, Mayotte, Western Sahara, and updated names for Algeria, Congo (split into Democratic Republic and Republic), Macedonia (to North Macedonia), and Swaziland (to Eswatini). (#​7378) by @​zourzouvillys

• Allow reordering API Keys and Billing pages in <UserProfile /> and <OrganizationProfile />. (#​7383) by @​wobsoriano

  Example:

  export function CustomUserProfile() {
    return (
      <UserProfile>
        <UserProfile.Page label='apiKeys' />
        <UserProfile.Page label='billing' />
      </UserProfile>
    );
  }

• Updated dependencies [b117ebc]:

  • @​clerk/localizations@​3.30.0
  • @​clerk/shared@​3.39.0

v5.113.0

Compare Source

Minor Changes

• Introduce new <TaskResetPassword/> session task component (#​7314) by @​octoper

Patch Changes

• Show the correct error message on form_new_password_matches_current error code (#​7372) by @​octoper

• Rename internal isPasswordUntrustedError to isPasswordCompromisedError (#​7352) by @​octoper

• Updated dependencies [e31f3d5, 8376789, f917d68, 818c25a, b41c0d5, b41c0d5]:

  • @​clerk/shared@​3.38.0
  • @​clerk/localizations@​3.29.1

v5.112.1

Compare Source

Patch Changes

• Fix line height calculations. (#​7350) by @​alexcarpenter

v5.112.0

Compare Source

Minor Changes

• Introduce reset-password session task (#​7268) by @​octoper

• Introduce a new variant for the alternative methods screen to handle untrusted password error on sign-in (#​7331) by @​octoper

Patch Changes

• Prevent enable organization prompt from appearing if there is a session with a pending choose-organization task. (#​7307) by @​LauraBeatris

  This resolves an issue where, after organizations are enabled via the Dashboard, cached environment resources may cause the prompt to show again when the user is redirected to complete the choose-organization task.

• Fix issue where SignIn and SignUp instances were unable to be serialized with JSON.stringify due to a circular reference. (#​7321) by @​dstaley

• Conditionally apply tabIndex={-1} usage when shown to ensure buttons are keyboard accessible. (#​7306) by @​alexcarpenter

• Fixes line-height discrepancy between browsers. (#​7112) by @​alexcarpenter

• Add localization key for username form error (#​7320) by @​guilherme6191

• Ensure client trust messaging is only displayed if no 2FA options are available (#​7313) by @​tmilewski

• Updates line-height calculations to follow font-sizing to fix differences across browsers. (#​7112) by @​alexcarpenter

• Reverts the changes introduced in PR #​7105, as it was causing JWTs returned from client piggybacking not to be inserted into the cache even though their claims had actually changed. (#​7329) by @​octoper

• Updated dependencies [40a841d, f364924, f115e56, d4aef71, 3f99742, 02798f5, 07a30ce, ce8b914]:

  • @​clerk/shared@​3.37.0
  • @​clerk/localizations@​3.29.0

v5.111.0

Compare Source

Minor Changes

• When a session already exists on sign in, complete the sign in and redirect instead of only rendering an error. (#​7156) by @​brkalow

• Optimized session token poller to share token with other open tabs (#​7302) by @​jacekradko

Patch Changes

• Updated dependencies [e6ad12f]:
  • @​clerk/localizations@​3.28.5

v5.110.0

Compare Source

Minor Changes

• Removes SWR as direct dependency (#​7270) by @​panteliselef

• Introduce in-app development prompt to enable the Organizations feature (#​7159) by @​LauraBeatris

  In development instances, when using organization components or hooks for the first time, developers will see a prompt to enable the Organizations feature directly in their app, eliminating the need to visit the Clerk Dashboard.

Patch Changes

• Fix useFetch to update fetcher ref (#​7145) by @​iagodahlem

• Ensure that organization component warnings are only shown when no user session exists in development (#​7298) by @​LauraBeatris

• Updated dependencies [f85abda, 36e43cc]:

  • @​clerk/shared@​3.36.0
  • @​clerk/localizations@​3.28.4

v5.109.2

Compare Source

Patch Changes

• Make subscription actions more visible with inline buttons (#​7255) by @​mauricioabreu

• Added debug query param to token requests initiated with skipCache option. (#​7155) by @​jacekradko

• Updated dependencies [d8f59a6]:

  • @​clerk/shared@​3.35.2
  • @​clerk/localizations@​3.28.3

v5.109.1

Compare Source

Patch Changes

• Only render last used badge when there are multiple strategies enabled. (#​7224) by @​alexcarpenter

• Internal change, not user-facing: Replace useOrganization with useOrganizationContext in billing components (#​7257) by @​LauraBeatris

• Fix issue where network errors were being masked by fraud protection logic, preventing cache fallback from triggering properly. (#​7254) by @​chriscanin

• Generate a stable tab identifier in MemoryTokenCache so multi-tab token broadcasts can be traced via consistent debug logs. (#​7150) by @​jacekradko

• Updated dependencies [a9c13ca]:

  • @​clerk/shared@​3.35.1
  • @​clerk/localizations@​3.28.2

v5.109.0

Compare Source

Minor Changes

• Introduced initial Clerk Protect dynamic loader and related types to support dynamically enabling and rolling out Protect in the environment. (#​7227) by @​zourzouvillys

• Standardized API keys naming convention (#​7223) by @​wobsoriano

• [Experimental] Add support for sign-up via modal in signals implementation (#​7193) by @​dstaley

Patch Changes

• fix(clerk-js): update inCrossOriginIframe to handle nested cross origin iframes (#​7212) by @​thiskevinwang

• [Experimental] Type method returns using ClerkError (#​7213) by @​dstaley

• Fixes a bug where billing hooks would attempt to fetch billing information for an organization member with insufficient permissions, resulting in a 403 error. (#​7202) by @​panteliselef

• Ensure scrollbox height fills the available space. (#​7222) by @​alexcarpenter

• Updated dependencies [9f48f13, 7be8f45, bdbb0d9, aa184a4, 1d4e7a7, 42f0d95, c63cc8e, d32d724, 00291bc]:

  • @​clerk/localizations@​3.28.1
  • @​clerk/shared@​3.35.0

v5.108.0

Compare Source

Minor Changes

• Support for email_code and email_link as a second factor when user is signing in on a new device. (#​7116) by @​tmilewski

• Update SocialButtons to show "Continue with" prefix for last auth strategy, and improve mobile layout consistency. (#​7169) by @​alexcarpenter

• [Experimental] Update errors to have specific field types based on whether it's a sign-in or a sign-up. (#​7195) by @​dstaley

• Removed internal parameter when creating API keys (#​7207) by @​wobsoriano

Patch Changes

• Updated dependencies [d64638d, b5a7e2f, a1d10fc, b944ff3, 4011c5e]:
  • @​clerk/localizations@​3.28.0
  • @​clerk/shared@​3.34.0

v5.107.0

Compare Source

Minor Changes

• Update the supported API version to 2025-11-10. (#​7095) by @​panteliselef

Patch Changes

• Updated dependencies [613cb97]:
  • @​clerk/shared@​3.33.0
  • @​clerk/localizations@​3.27.2

v5.106.0

Compare Source

Minor Changes

• Implemented server-side pagination and filtering for API keys (#​6453) by @​wobsoriano

• [Experimental] Add types for errors used in new custom flow APIs (#​7174) by @​nikosdouvlis

• [Experimental] Add support for modal SSO sign-ins to new APIs (#​7026) by @​dstaley

• Support granular API keys settings for user and organization profiles (#​7179) by @​wobsoriano

Patch Changes

• Updated dependencies [cc11472, 539fad7, c413433, a940c39]:
  • @​clerk/shared@​3.32.0
  • @​clerk/localizations@​3.27.1

v5.105.1

Compare Source

Patch Changes

• Add aria live region to ensure feedback messages are read to screen readers when feedback changes. (#​7111) by @​alexcarpenter

v5.105.0

Compare Source

Minor Changes

• Replaced the persistent key column in the API keys table with a one-time modal that displays the secret immediately after creation. (#​7107) by @​wobsoriano

Patch Changes

• Move clientTrustState to SignIn (#​7163) by @​tmilewski

• Updated dependencies [d88ea99, a474c59, 5536429]:

  • @​clerk/localizations@​3.27.0
  • @​clerk/shared@​3.31.1

v5.104.0

Compare Source

Minor Changes

• Adds client_trust_state field to Client and SignIn resources to support new fraud protection feature. (#​7096) by @​chriscanin

Patch Changes

• fix: Appropriately handle last-used SAML strategies (#​7135) by @​tmilewski

• Experimental: Ground work for fixing stale data between hooks and components by sharing a single cache. (#​6913) by @​panteliselef

• Updated dependencies [ea65d39, b09b29e]:

  • @​clerk/shared@​3.31.0
  • @​clerk/localizations@​3.26.6

v5.103.2

Compare Source

Patch Changes

• Propagate locale from ClerkProvider to PaymentElement (#​6885) by @​aeliox

• Deprecate @clerk/types in favor of @clerk/shared/types (#​7022) by @​nikosdouvlis

  The @clerk/types package is now deprecated. All type definitions have been consolidated and moved to @clerk/shared/types to improve consistency across the Clerk ecosystem.

  Backward Compatibility:

  The @clerk/types package will remain available and will continue to re-export all types from @clerk/shared/types to ensure backward compatibility. Existing applications will continue to work without any immediate breaking changes. However, we strongly recommend migrating to @clerk/shared/types as new type definitions and updates will only be added to @clerk/shared/types starting with the next major release.

  Migration Steps:

  Please update your imports from @clerk/types to @clerk/shared/types:

  // Before
  import type { ClerkResource, UserResource } from '@​clerk/types';
  
  // After
  import type { ClerkResource, UserResource } from '@​clerk/shared/types';

  What Changed:

  All type definitions including:

  • Resource types (User, Organization, Session, etc.)
  • API response types
  • Configuration types
  • Authentication types
  • Error types
  • And all other shared types

  Have been moved from packages/types/src to packages/shared/src/types and are now exported via @clerk/shared/types.

• Add debug logging to session update flows when browser is offline (#​7113) by @​jacekradko

• Remove last used badge from rendering on sign-up. (#​7100) by @​alexcarpenter

• Bug fix for Checkout success screen to not mention payment if a payment was not made. (#​7140) by @​panteliselef

• Optimize Session.#hydrateCache to only cache token if it's new/different (#​7105) by @​jacekradko

• Navigates to /sign-up/continue on sign-up with missing_requirements status using ticket as strategy (#​7101) by @​LauraBeatris

  It fixes IdP-initiated flows with missing requirements such as accepting legal consent

• Updated dependencies [3e0ef92, 2587aa6]:

  • @​clerk/shared@​3.30.0
  • @​clerk/localizations@​3.26.5

v5.103.1

Compare Source

Patch Changes

• Bring back OrgPreview within the OrgSwitcher component (#​7091) by @​alexcarpenter

v5.103.0

Compare Source

Minor Changes

• Allow free trials without requiring a payment method, based on the configuration of an instance. (#​7068) by @​mauricioabreu

• [Billing Beta] Remove unnecessary orgId from BillingPayerMethods interface. (#​7087) by @​panteliselef

Patch Changes

• Ensure ThreeDotsMenu is full opacity when focus visible. (#​7080) by @​alexcarpenter

• Localize aria-labels within UserButton and OrganizationSwitcher triggers. (#​7086) by @​alexcarpenter

• Updated dependencies [791ff19, 439427e, 7dfbf3a, d33b7b5]:

  • @​clerk/shared@​3.29.0
  • @​clerk/types@​4.96.0
  • @​clerk/localizations@​3.26.4

v5.102.1

Compare Source

Patch Changes

• Add title attribute to email address field with the recommended format. (#​6956) by @​alexcarpenter

• Fixes an issue in SelectOption where the focus styles were not being properly applied when the option is focused. (#​6999) by @​alexcarpenter

  Increases SelectOption touch area to remove any dead spots between items.

• Make avatar remove button size xs to be consistent with upload button sizing. (#​7041) by @​alexcarpenter

• Improve avatar upload and removal UX to auto collapse the profile section upon successful save. (#​7044) by @​alexcarpenter

• Updated dependencies [4d46e4e, 1217b87]:

  • @​clerk/localizations@​3.26.3
  • @​clerk/types@​4.95.1
  • @​clerk/shared@​3.28.3

v5.102.0

Compare Source

Minor Changes

• [Billing Beta]: Dropping paymentMethodId from subscription item. (#​7017) by @​panteliselef

Patch Changes

• Add support for automatically sending the browser locale during the sign-in flow (#​7011) by [@​guilherme6191](https://redi

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - "after 9am and before 5pm Monday" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.