auth0-lock 14.1.0 → 14.2.0

package/.github/workflows/claude-code-review.yml

@@ -0,0 +1,18 @@
+name: Claude Code PR Review
+
+on:
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+  pull_request_review:
+    types: [submitted]
+
+jobs:
+  claude-review:
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
+      id-token: write
+    uses: auth0/auth0-ai-pr-analyzer-gh-action/.github/workflows/claude-code-review.yml@main

package/.github/workflows/codeql.yml

@@ -40,15 +40,15 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@v4
         with:
           languages: ${{ matrix.language }}
           queries: +security-and-quality
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v3
+        uses: github/codeql-action/autobuild@v4
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@v4
         with:
           category: '/language:${{ matrix.language }}'

package/.version

@@ -1 +1 @@
-v14.1.0
+v14.2.0

package/CHANGELOG.md

@@ -1,5 +1,14 @@
 # Change Log
 
+## [v14.2.0](https://github.com/auth0/lock/tree/v14.2.0) (2025-10-21)
+[Full Changelog](https://github.com/auth0/lock/compare/v14.1.0...v14.2.0)
+
+**Added**
+- feat: add Claude Code PR Review workflow [\#2679](https://github.com/auth0/lock/pull/2679) ([ankita10119](https://github.com/ankita10119))
+
+**Fixed**
+- fix: captcha not rendering for initial signup screen in classic login  [\#2677](https://github.com/auth0/lock/pull/2677) ([paebanks](https://github.com/paebanks))
+
 ## [v14.1.0](https://github.com/auth0/lock/tree/v14.1.0) (2025-09-12)
 [Full Changelog](https://github.com/auth0/lock/compare/v14.0.0...v14.1.0)
 

package/README.md

@@ -3,6 +3,7 @@
 ![Downloads](https://img.shields.io/npm/dw/auth0-lock)
 [![License](https://img.shields.io/:license-mit-blue.svg?style=flat)](https://opensource.org/licenses/MIT)
 [![Build Status](https://github.com/auth0/lock/actions/workflows/test.yml/badge.svg)](https://github.com/auth0/lock/actions/workflows/test.yml)
+[![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/auth0/lock)
 
 > :warning: Lock is built using React 18 from v12 onwards. Getting issues? Please [submit a bug report](https://github.com/auth0/lock/issues/new?assignees=&labels=bug+report,v12&template=report_a_bug.md&title=).
 
@@ -30,7 +31,7 @@ From CDN
 
 ```html
 <!-- Latest patch release (recommended for production) -->
-<script src="https://cdn.auth0.com/js/lock/14.1.0/lock.min.js"></script>
+<script src="https://cdn.auth0.com/js/lock/14.2.0/lock.min.js"></script>
 ```
 
 ### Configure Auth0
@@ -137,4 +138,4 @@ Please do not report security vulnerabilities on the public GitHub issue tracker
 </p>
 <p align="center">
   This project is licensed under the MIT license. See the <a href="https://github.com/auth0/lock/blob/master/LICENSE"> LICENSE</a> file for more info.
-</p>
+</p>

package/lib/__tests__/core/remote_data.js

@@ -13,7 +13,9 @@ var getSyncRemoteData = function getSyncRemoteData() {
   return require('core/remote_data').syncRemoteData;
 };
 jest.mock('sync', function () {
-  return jest.fn();
+  return jest.fn(function (model, key, options) {
+    return model;
+  });
 });
 jest.mock('connection/enterprise', function () {
   return {
@@ -30,7 +32,11 @@ jest.mock('core/index', function () {
     id: function id() {
       return 'id';
     },
-    emitEvent: jest.fn()
+    emitEvent: jest.fn(),
+    setCaptcha: jest.fn(),
+    setPasswordlessCaptcha: jest.fn(),
+    setPasswordResetCaptcha: jest.fn(),
+    setSignupChallenge: jest.fn()
   };
 });
 jest.mock('core/sso/data', function () {
@@ -40,6 +46,12 @@ jest.mock('core/sso/data', function () {
     })
   };
 });
+jest.mock('core/web_api', function () {
+  return {
+    getChallenge: jest.fn(),
+    getSignupChallenge: jest.fn()
+  };
+});
 describe('remote_data.syncRemoteData()', function () {
   beforeEach(function () {
     jest.clearAllMocks();
@@ -63,4 +75,123 @@ describe('remote_data.syncRemoteData()', function () {
       });
     });
   });
+  describe('captcha syncing', function () {
+    it('should sync login captcha when initialScreen is login', function () {
+      var syncRemoteData = getSyncRemoteData();
+      syncRemoteData('mockModel', 'login');
+      var syncCalls = require('sync').mock.calls;
+      var captchaCall = syncCalls.find(function (c) {
+        return c[1] === 'captcha';
+      });
+      var signupCaptchaCall = syncCalls.find(function (c) {
+        return c[1] === 'signupCaptcha';
+      });
+      expect(captchaCall).toBeDefined();
+      expect(signupCaptchaCall).toBeUndefined();
+    });
+    it('should sync signup captcha when initialScreen is signUp', function () {
+      var syncRemoteData = getSyncRemoteData();
+      syncRemoteData('mockModel', 'signUp');
+      var syncCalls = require('sync').mock.calls;
+      var captchaCall = syncCalls.find(function (c) {
+        return c[1] === 'captcha';
+      });
+      var signupCaptchaCall = syncCalls.find(function (c) {
+        return c[1] === 'signupCaptcha';
+      });
+      expect(captchaCall).toBeUndefined();
+      expect(signupCaptchaCall).toBeDefined();
+    });
+    it('should call webApi.getChallenge when login captcha syncFn is executed', function () {
+      var mockModel = {
+        get: jest.fn().mockReturnValue('test-id')
+      };
+      var syncRemoteData = getSyncRemoteData();
+      require('core/web_api').getChallenge.mockClear();
+      syncRemoteData(mockModel, 'login');
+      var syncCalls = require('sync').mock.calls;
+      var captchaCall = syncCalls.find(function (c) {
+        return c[1] === 'captcha';
+      });
+      var mockCallback = jest.fn();
+      captchaCall[2].syncFn(mockModel, mockCallback);
+      expect(require('core/web_api').getChallenge).toHaveBeenCalledWith('test-id', expect.any(Function));
+    });
+    it('should call webApi.getSignupChallenge when signup captcha syncFn is executed', function () {
+      var mockModel = {
+        get: jest.fn().mockReturnValue('test-id')
+      };
+      var syncRemoteData = getSyncRemoteData();
+      require('core/web_api').getSignupChallenge.mockClear();
+      syncRemoteData(mockModel, 'signUp');
+      var syncCalls = require('sync').mock.calls;
+      var signupCaptchaCall = syncCalls.find(function (c) {
+        return c[1] === 'signupCaptcha';
+      });
+      var mockCallback = jest.fn();
+      signupCaptchaCall[2].syncFn(mockModel, mockCallback);
+      expect(require('core/web_api').getSignupChallenge).toHaveBeenCalledWith('test-id', expect.any(Function));
+    });
+    it('should default to login captcha when no initialScreen is provided', function () {
+      var syncRemoteData = getSyncRemoteData();
+      syncRemoteData('mockModel'); // No second parameter
+
+      var syncCalls = require('sync').mock.calls;
+      var captchaCall = syncCalls.find(function (c) {
+        return c[1] === 'captcha';
+      });
+      var signupCaptchaCall = syncCalls.find(function (c) {
+        return c[1] === 'signupCaptcha';
+      });
+      expect(captchaCall).toBeDefined();
+      expect(signupCaptchaCall).toBeUndefined();
+    });
+    it('should not sync any captcha for other initialScreen values', function () {
+      var syncRemoteData = getSyncRemoteData();
+      syncRemoteData('mockModel', 'forgotPassword');
+      var syncCalls = require('sync').mock.calls;
+      var captchaCall = syncCalls.find(function (c) {
+        return c[1] === 'captcha';
+      });
+      var signupCaptchaCall = syncCalls.find(function (c) {
+        return c[1] === 'signupCaptcha';
+      });
+      expect(captchaCall).toBeUndefined();
+      expect(signupCaptchaCall).toBeUndefined();
+    });
+    it('should handle webApi.getSignupChallenge errors gracefully', function () {
+      var mockModel = {
+        get: jest.fn().mockReturnValue('test-id')
+      };
+      var syncRemoteData = getSyncRemoteData();
+      syncRemoteData(mockModel, 'signUp');
+      var syncCalls = require('sync').mock.calls;
+      var signupCaptchaCall = syncCalls.find(function (c) {
+        return c[1] === 'signupCaptcha';
+      });
+      require('core/web_api').getSignupChallenge.mockImplementation(function (id, cb) {
+        cb(new Error('404 Not Found'), null);
+      });
+      var mockCallback = jest.fn();
+      signupCaptchaCall[2].syncFn(mockModel, mockCallback);
+      expect(mockCallback).toHaveBeenCalledWith(null, null);
+    });
+    it('should handle webApi.getChallenge errors gracefully', function () {
+      var mockModel = {
+        get: jest.fn().mockReturnValue('test-id')
+      };
+      var syncRemoteData = getSyncRemoteData();
+      syncRemoteData(mockModel, 'login');
+      var syncCalls = require('sync').mock.calls;
+      var captchaCall = syncCalls.find(function (c) {
+        return c[1] === 'captcha';
+      });
+      require('core/web_api').getChallenge.mockImplementation(function (id, cb) {
+        cb(new Error('Network error'), null);
+      });
+      var mockCallback = jest.fn();
+      captchaCall[2].syncFn(mockModel, mockCallback);
+      expect(mockCallback).toHaveBeenCalledWith(null, null);
+    });
+  });
 });

package/lib/core/actions.js

@@ -34,7 +34,7 @@ function _toPropertyKey(t) { var i = _toPrimitive(t, "string"); return "symbol"
 function _toPrimitive(t, r) { if ("object" != _typeof(t) || !t) return t; var e = t[Symbol.toPrimitive]; if (void 0 !== e) { var i = e.call(t, r || "default"); if ("object" != _typeof(i)) return i; throw new TypeError("@@toPrimitive must return a primitive value."); } return ("string" === r ? String : Number)(t); }
 function setupLock(id, clientID, domain, options, hookRunner, emitEventFn, handleEventFn) {
   var m = l.setup(id, clientID, domain, options, hookRunner, emitEventFn, handleEventFn);
-  m = (0, _remote_data.syncRemoteData)(m);
+  m = (0, _remote_data.syncRemoteData)(m, options === null || options === void 0 ? void 0 : options.initialScreen);
   (0, _preload_utils.img)(l.ui.logo(m) || _container.defaultProps.logo);
   _web_api.default.setupClient(id, clientID, domain, l.withAuthOptions(m, _objectSpread(_objectSpread({}, options), {}, {
     popupOptions: l.ui.popupOptions(m)

package/lib/core/remote_data.js

@@ -19,6 +19,7 @@ function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e
 // shouldn't depend on this
 
 function syncRemoteData(m) {
+  var initialScreen = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : 'login';
   if (l.useTenantInfo(m)) {
     m = (0, _sync.default)(m, 'client', {
       syncFn: function syncFn(m, cb) {
@@ -69,13 +70,24 @@ function syncRemoteData(m) {
       }
     }
   });
-  m = (0, _sync.default)(m, 'captcha', {
-    syncFn: function syncFn(m, cb) {
-      _web_api.default.getChallenge(m.get('id'), function (err, r) {
-        cb(null, r);
-      });
-    },
-    successFn: _index2.setCaptcha
-  });
+  if (initialScreen === 'login') {
+    m = (0, _sync.default)(m, 'captcha', {
+      syncFn: function syncFn(m, cb) {
+        _web_api.default.getChallenge(m.get('id'), function (err, r) {
+          cb(null, r);
+        });
+      },
+      successFn: _index2.setCaptcha
+    });
+  } else if (initialScreen === 'signUp') {
+    m = (0, _sync.default)(m, 'signupCaptcha', {
+      syncFn: function syncFn(m, cb) {
+        _web_api.default.getSignupChallenge(m.get('id'), function (err, r) {
+          cb(null, r);
+        });
+      },
+      successFn: _index2.setSignupChallenge
+    });
+  }
   return m;
 }

package/lib/core/web_api/helper.js

@@ -169,5 +169,5 @@ function trimAuthParams() {
   return p;
 }
 function getVersion() {
-  return "14.1.0";
+  return "14.2.0";
 }

package/lib/field/captcha/captcha_pane.js

@@ -46,6 +46,11 @@ var CaptchaPane = exports.default = /*#__PURE__*/function (_React$Component) {
       var captcha = (0, _captcha2.getCaptchaConfig)(lock, flow);
       var value = (0, _index3.getFieldValue)(lock, 'captcha');
       var isValid = !(0, _index3.isFieldVisiblyInvalid)(lock, 'captcha');
+
+      // If no captcha config, don't render anything
+      if (!captcha) {
+        return null;
+      }
       var provider = captcha.get('provider');
       if ((0, _third_party_captcha.isThirdPartyCaptcha)(provider)) {
         function handleChange(value) {

package/lib/i18n.js

@@ -90,7 +90,7 @@ function assertLanguage(m, language, base) {
 function syncLang(m, language, _cb) {
   (0, _cdn_utils.load)({
     method: 'registerLanguageDictionary',
-    url: "".concat(l.languageBaseUrl(m), "/js/lock/").concat("14.1.0", "/").concat(language, ".js"),
+    url: "".concat(l.languageBaseUrl(m), "/js/lock/").concat("14.2.0", "/").concat(language, ".js"),
     check: function check(str) {
       return str && str === language;
     },

package/lib/lock.js

@@ -36,7 +36,7 @@ var Auth0Lock = exports.default = /*#__PURE__*/function (_Core) {
   _inherits(Auth0Lock, _Core);
   return _createClass(Auth0Lock);
 }(_core.default); // telemetry
-Auth0Lock.version = "14.1.0";
+Auth0Lock.version = "14.2.0";
 
 // TODO: should we have different telemetry for classic/passwordless?
 // TODO: should we set telemetry info before each request?

package/lib/passwordless.js

@@ -36,4 +36,4 @@ var Auth0LockPasswordless = exports.default = /*#__PURE__*/function (_Core) {
   _inherits(Auth0LockPasswordless, _Core);
   return _createClass(Auth0LockPasswordless);
 }(_core.default);
-Auth0LockPasswordless.version = "14.1.0";
+Auth0LockPasswordless.version = "14.2.0";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "auth0-lock",
-  "version": "14.1.0",
+  "version": "14.2.0",
   "description": "Auth0 Lock",
   "author": "Auth0 <support@auth0.com> (http://auth0.com)",
   "license": "MIT",