auth0-lock 11.33.0 → 11.33.1

package/.circleci/config.yml

@@ -4,7 +4,7 @@ orbs:
 executors:
   docker-executor:
     docker:
-      - image: circleci/node:14.15
+      - image: cimg/node:14.19-browsers
 jobs:
   build-and-test:
     executor: docker-executor
@@ -14,7 +14,7 @@ jobs:
       - checkout
       - run:
           name: Update Yarn
-          command: 'sudo npm update -g yarn'
+          command: 'npm update -g yarn'
       - restore_cache:
           name: Restore Yarn Package Cache
           key: yarn-packages-{{ checksum "yarn.lock" }}
@@ -49,7 +49,7 @@ jobs:
       - checkout
       - run:
           name: Update Yarn
-          command: 'sudo npm update -g yarn'
+          command: 'npm update -g yarn'
       - restore_cache:
           name: Restore Yarn Package Cache
           key: yarn-packages-{{ checksum "yarn.lock" }}

package/.github/dependabot.yml

@@ -0,0 +1,9 @@
+version: 2
+updates:
+  - package-ecosystem: "npm" 
+    directory: "/" 
+    schedule:
+      interval: "daily"
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]

package/.github/workflows/semgrep.yml

@@ -0,0 +1,25 @@
+name: Semgrep
+
+on:
+  pull_request: {}
+
+  push:
+    branches: ["master", "main"]
+
+  schedule:
+    - cron: '30 0 1,15 * *'
+
+jobs:
+  semgrep:
+    name: Scan
+    runs-on: ubuntu-latest
+    container:
+      image: returntocorp/semgrep
+    # Skip any PR created by dependabot to avoid permission issues
+    if: (github.actor != 'dependabot[bot]')
+    steps:
+      - uses: actions/checkout@v3
+
+      - run: semgrep ci
+        env:
+          SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}

package/CHANGELOG.md

@@ -1,5 +1,14 @@
 # Change Log
 
+## [v11.33.1](https://github.com/auth0/lock/tree/v11.33.1) (2022-06-14)
+[Full Changelog](https://github.com/auth0/lock/compare/v11.33.0...v11.33.1)
+
+**Fixed**
+- Move captcha pane below additional signup fields in UI [\#2135](https://github.com/auth0/lock/pull/2135) ([stevehobbsdev](https://github.com/stevehobbsdev))
+
+**Security**
+- [Snyk] Upgrade dompurify from 2.3.6 to 2.3.7 [\#2132](https://github.com/auth0/lock/pull/2132) ([snyk-bot](https://github.com/snyk-bot))
+
 ## [v11.33.0](https://github.com/auth0/lock/tree/v11.33.0) (2022-05-05)
 
 [Full Changelog](https://github.com/auth0/lock/compare/v11.32.2...v11.33.0)

package/README.md

@@ -25,7 +25,7 @@ From CDN
 
 ```html
 <!-- Latest patch release (recommended for production) -->
-<script src="https://cdn.auth0.com/js/lock/11.33.0/lock.min.js"></script>
+<script src="https://cdn.auth0.com/js/lock/11.33.1/lock.min.js"></script>
 ```
 
 From [npm](https://npmjs.org)
@@ -490,7 +490,7 @@ Extra input fields can be added to the sign up screen with the `additionalSignUp
 
 Additional sign up fields are rendered below the default fields in the order they are provided.
 
-:warning: **Note**: From `11.33.0` onwards, all HTML tags are stripped from user input into custom signup fields.
+:warning: **Note**: From `11.33.1` onwards, all HTML tags are stripped from user input into custom signup fields.
 
 ##### Text field
 

package/lib/core/web_api/helper.js

@@ -176,5 +176,5 @@ function trimAuthParams() {
 }
 
 function getVersion() {
-  return '11.33.0';
+  return '11.33.1';
 }

package/lib/engine/classic/sign_up_pane.js

@@ -125,8 +125,8 @@ var SignUpPane = function (_React$Component) {
       }),
       usernamePane,
       passwordPane,
-      captchaPane,
-      fields
+      fields,
+      captchaPane
     );
   };
 

package/lib/i18n.js

@@ -125,7 +125,7 @@ function assertLanguage(m, language, base) {
 function syncLang(m, language, _cb) {
   (0, _cdn_utils.load)({
     method: 'registerLanguageDictionary',
-    url: l.languageBaseUrl(m) + '/js/lock/' + '11.33.0' + '/' + language + '.js',
+    url: l.languageBaseUrl(m) + '/js/lock/' + '11.33.1' + '/' + language + '.js',
     check: function check(str) {
       return str && str === language;
     },

package/lib/lock.js

@@ -42,7 +42,7 @@ var Auth0Lock = function (_Core) {
 
 
 exports.default = Auth0Lock;
-Auth0Lock.version = '11.33.0';
+Auth0Lock.version = '11.33.1';
 
 // TODO: should we have different telemetry for classic/passwordless?
 // TODO: should we set telemetry info before each request?

package/lib/passwordless.js

@@ -41,4 +41,4 @@ var Auth0LockPasswordless = function (_Core) {
 exports.default = Auth0LockPasswordless;
 
 
-Auth0LockPasswordless.version = '11.33.0';
+Auth0LockPasswordless.version = '11.33.1';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "auth0-lock",
-  "version": "11.33.0",
+  "version": "11.33.1",
   "description": "Auth0 Lock",
   "author": "Auth0 <support@auth0.com> (http://auth0.com)",
   "license": "MIT",
@@ -56,7 +56,7 @@
     "bump-version": "^0.5.0",
     "chalk": "^4.1.2",
     "cross-env": "^7.0.3",
-    "css-loader": "^0.26.1",
+    "css-loader": "^0.28.11",
     "emojic": "^1.1.15",
     "enzyme": "^3.1.0",
     "enzyme-adapter-react-15": "^1.0.1",
@@ -72,7 +72,7 @@
     "grunt-babel": "^6.0.0",
     "grunt-cli": "^0.1.13",
     "grunt-concurrent": "^2.3.1",
-    "grunt-contrib-clean": "^0.6.0",
+    "grunt-contrib-clean": "^0.7.0",
     "grunt-env": "^0.4.4",
     "grunt-exec": "^0.4.6",
     "grunt-webpack": "^2.0.1",
@@ -93,9 +93,9 @@
     "puppeteer": "^10.1.0",
     "react-test-renderer": "^15.6.2",
     "sinon": "^1.15.4",
-    "stylus": "^0.54.5",
+    "stylus": "^0.58.1",
     "stylus-loader": "^2.3.1",
-    "tmp": "^0.1.0",
+    "tmp": "^0.2.1",
     "uglify-js": "^2.7.4",
     "unminified-webpack-plugin": "^1.1.1",
     "unreleased": "^0.1.0",
@@ -109,7 +109,7 @@
     "auth0-password-policies": "^1.0.2",
     "blueimp-md5": "^2.19.0",
     "classnames": "^2.3.1",
-    "dompurify": "^2.3.5",
+    "dompurify": "^2.3.7",
     "immutable": "^3.7.3",
     "jsonp": "^0.2.1",
     "node-fetch": "^2.6.7",