npm - auth0-lock - Versions diffs - 14.0.0 → 14.2.0 - Mend

auth0-lock 14.0.0 → 14.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/.github/workflows/claude-code-review.yml +18 -0
package/.github/workflows/codeql.yml +3 -3
package/.github/workflows/test.yml +1 -1
package/.version +1 -1
package/CHANGELOG.md +42 -0
package/Makefile +16 -4
package/README.md +3 -2
package/lib/__tests__/core/remote_data.js +133 -2
package/lib/connection/social/index.js +3 -3
package/lib/core/actions.js +1 -1
package/lib/core/remote_data.js +20 -8
package/lib/core/web_api/helper.js +1 -1
package/lib/core.js +1 -1
package/lib/field/captcha/captcha_pane.js +5 -0
package/lib/field/social/social_buttons_pane.js +2 -1
package/lib/i18n.js +1 -1
package/lib/lock.js +1 -1
package/lib/passwordless.js +1 -1
package/package.json +6 -4
package/.github/workflows/semgrep.yml +0 -40

package/lib/field/captcha/captcha_pane.js CHANGED Viewed

@@ -46,6 +46,11 @@ var CaptchaPane = exports.default = /*#__PURE__*/function (_React$Component) {
       var captcha = (0, _captcha2.getCaptchaConfig)(lock, flow);
       var value = (0, _index3.getFieldValue)(lock, 'captcha');
       var isValid = !(0, _index3.isFieldVisiblyInvalid)(lock, 'captcha');
+      // If no captcha config, don't render anything
+      if (!captcha) {
+        return null;
+      }
       var provider = captcha.get('provider');
       if ((0, _third_party_captcha.isThirdPartyCaptcha)(provider)) {
         function handleChange(value) {

package/lib/field/social/social_buttons_pane.js CHANGED Viewed

@@ -84,7 +84,8 @@ var SocialButtonsPane = exports.default = /*#__PURE__*/function (_React$Componen
         className: "auth0-loading"
       }));
       return /*#__PURE__*/_react.default.createElement("div", {
-        className: "auth-lock-social-buttons-pane"
+        className: "auth-lock-social-buttons-pane",
+        tabIndex: 0
       }, header, /*#__PURE__*/_react.default.createElement("div", {
         className: "auth0-lock-social-buttons-container"
       }, buttons), loading);

package/lib/i18n.js CHANGED Viewed

@@ -90,7 +90,7 @@ function assertLanguage(m, language, base) {
 function syncLang(m, language, _cb) {
   (0, _cdn_utils.load)({
     method: 'registerLanguageDictionary',
-    url: "".concat(l.languageBaseUrl(m), "/js/lock/").concat("14.0.0", "/").concat(language, ".js"),
+    url: "".concat(l.languageBaseUrl(m), "/js/lock/").concat("14.2.0", "/").concat(language, ".js"),
     check: function check(str) {
       return str && str === language;
     },

package/lib/lock.js CHANGED Viewed

@@ -36,7 +36,7 @@ var Auth0Lock = exports.default = /*#__PURE__*/function (_Core) {
   _inherits(Auth0Lock, _Core);
   return _createClass(Auth0Lock);
 }(_core.default); // telemetry
-Auth0Lock.version = "14.0.0";
+Auth0Lock.version = "14.2.0";
 // TODO: should we have different telemetry for classic/passwordless?
 // TODO: should we set telemetry info before each request?

package/lib/passwordless.js CHANGED Viewed

@@ -36,4 +36,4 @@ var Auth0LockPasswordless = exports.default = /*#__PURE__*/function (_Core) {
   _inherits(Auth0LockPasswordless, _Core);
   return _createClass(Auth0LockPasswordless);
 }(_core.default);
-Auth0LockPasswordless.version = "14.0.0";
+Auth0LockPasswordless.version = "14.2.0";

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "auth0-lock",
-  "version": "14.0.0",
+  "version": "14.2.0",
   "description": "Auth0 Lock",
   "author": "Auth0 <support@auth0.com> (http://auth0.com)",
   "license": "MIT",
@@ -62,7 +62,7 @@
     "@babel/preset-env": "^7.0.0",
     "@babel/preset-react": "^7.0.0",
     "@cfaester/enzyme-adapter-react-18": "^0.8.0",
-    "@google-cloud/translate": "^6.0.2",
+    "@google-cloud/translate": "^9.1.0",
     "babel-jest": "^29.3.1",
     "babel-loader": "8.4.1",
     "babel-plugin-stylus-compiler": "^1.4.0",
@@ -81,7 +81,6 @@
     "eslint-config-prettier": "^8.8.0",
     "eslint-plugin-react": "^7.32.2",
     "esm": "^3.2.25",
-    "events": "^3.3.0",
     "expect.js": "^0.3.1",
     "flat": "^5.0.2",
     "glob": "^7.1.7",
@@ -106,7 +105,6 @@
     "karma-mocha-reporter": "^2.2.5",
     "lint-staged": "^13.2.3",
     "mocha": "^11.5.0",
-    "node-es-module-loader": "^0.3.8",
     "prettier": "^2.4.1",
     "puppeteer": "^24.9.0",
     "react-test-renderer": "^18.2.0",
@@ -126,6 +124,7 @@
     "blueimp-md5": "^2.19.0",
     "classnames": "^2.3.2",
     "dompurify": "^3.2.5",
+    "events": "^3.3.0",
     "immutable": "^3.7.6",
     "jsonp": "^0.2.1",
     "password-sheriff": "^1.1.1",
@@ -188,5 +187,8 @@
     "*.{js,jsx,json}": [
       "prettier --write"
     ]
+  },
+  "optionalDependencies": {
+    "fsevents": "^2.3.3"
   }
 }

package/.github/workflows/semgrep.yml DELETED Viewed

@@ -1,40 +0,0 @@
-name: Semgrep
-on:
-  merge_group:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-  push:
-    branches:
-      - master
-  schedule:
-    - cron: '30 0 1,15 * *'
-permissions:
-  contents: read
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
-  cancel-in-progress: ${{ github.ref != 'refs/heads/master' }}
-jobs:
-  run:
-    name: Check for Vulnerabilities
-    runs-on: ubuntu-latest
-    container:
-      image: returntocorp/semgrep
-    steps:
-      - if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group'
-        run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection.
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ github.event.pull_request.head.sha || github.ref }}
-      - run: semgrep ci
-        env:
-          SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}