auth0-lock 14.1.0 → 14.2.1

package/.github/workflows/claude-code-review.yml

@@ -0,0 +1,18 @@
+name: Claude Code PR Review
+
+on:
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+  pull_request_review:
+    types: [submitted]
+
+jobs:
+  claude-review:
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
+      id-token: write
+    uses: auth0/auth0-ai-pr-analyzer-gh-action/.github/workflows/claude-code-review.yml@main

package/.github/workflows/codeql.yml

@@ -37,18 +37,18 @@ jobs:
         run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection.
 
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@v4
         with:
           languages: ${{ matrix.language }}
           queries: +security-and-quality
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v3
+        uses: github/codeql-action/autobuild@v4
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@v4
         with:
           category: '/language:${{ matrix.language }}'

package/.github/workflows/npm-release.yml

@@ -29,7 +29,7 @@ jobs:
 
     steps:
       # Checkout the code
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           fetch-depth: 0
 

package/.github/workflows/snyk.yml

@@ -29,7 +29,7 @@ jobs:
       - if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group'
         run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection.
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           ref: ${{ github.event.pull_request.head.sha || github.ref }}
 

package/.github/workflows/test.yml

@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           ref: ${{ github.event.pull_request.head.sha || github.ref }}
 

package/.version

@@ -1 +1 @@
-v14.1.0
+v14.2.1

package/CHANGELOG.md

@@ -1,5 +1,20 @@
 # Change Log
 
+## [v14.2.1](https://github.com/auth0/lock/tree/v14.2.1) (2025-12-03)
+[Full Changelog](https://github.com/auth0/lock/compare/v14.2.0...v14.2.1)
+
+**Fixed**
+- Fix: connectionResolver receives incorrect field value when switching between Login and Sign-up tabs [\#2697](https://github.com/auth0/lock/pull/2697) ([ankita10119](https://github.com/ankita10119))
+
+## [v14.2.0](https://github.com/auth0/lock/tree/v14.2.0) (2025-10-21)
+[Full Changelog](https://github.com/auth0/lock/compare/v14.1.0...v14.2.0)
+
+**Added**
+- feat: add Claude Code PR Review workflow [\#2679](https://github.com/auth0/lock/pull/2679) ([ankita10119](https://github.com/ankita10119))
+
+**Fixed**
+- fix: captcha not rendering for initial signup screen in classic login  [\#2677](https://github.com/auth0/lock/pull/2677) ([paebanks](https://github.com/paebanks))
+
 ## [v14.1.0](https://github.com/auth0/lock/tree/v14.1.0) (2025-09-12)
 [Full Changelog](https://github.com/auth0/lock/compare/v14.0.0...v14.1.0)
 

package/README.md

@@ -3,6 +3,7 @@
 ![Downloads](https://img.shields.io/npm/dw/auth0-lock)
 [![License](https://img.shields.io/:license-mit-blue.svg?style=flat)](https://opensource.org/licenses/MIT)
 [![Build Status](https://github.com/auth0/lock/actions/workflows/test.yml/badge.svg)](https://github.com/auth0/lock/actions/workflows/test.yml)
+[![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/auth0/lock)
 
 > :warning: Lock is built using React 18 from v12 onwards. Getting issues? Please [submit a bug report](https://github.com/auth0/lock/issues/new?assignees=&labels=bug+report,v12&template=report_a_bug.md&title=).
 
@@ -30,7 +31,7 @@ From CDN
 
 ```html
 <!-- Latest patch release (recommended for production) -->
-<script src="https://cdn.auth0.com/js/lock/14.1.0/lock.min.js"></script>
+<script src="https://cdn.auth0.com/js/lock/14.2.1/lock.min.js"></script>
 ```
 
 ### Configure Auth0
@@ -137,4 +138,4 @@ Please do not report security vulnerabilities on the public GitHub issue tracker
 </p>
 <p align="center">
   This project is licensed under the MIT license. See the <a href="https://github.com/auth0/lock/blob/master/LICENSE"> LICENSE</a> file for more info.
-</p>
+</p>

package/customJsdomEnvironment.js

@@ -0,0 +1,9 @@
+const JSDOMEnvironment = require('jest-environment-jsdom').default;
+
+module.exports = class CustomJsdomEnvironment extends JSDOMEnvironment {
+  async setup() {
+    await super.setup();
+    // Expose jsdom instance globally so tests can call jsdom.reconfigure()
+    this.global.jsdom = this.dom;
+  }
+};

package/lib/__tests__/core/index.js

@@ -54,10 +54,8 @@ describe('setup', function () {
     var model = mock.calls[0][1].toJS();
     expect(model.auth.redirectUrl).toBe('https://test.com/path/');
   });
-  it.only('default redirectUrl should work when `window.location.origin` is not available', function () {
-    jsdom.reconfigure({
-      url: 'https://test.com/path/#not-this-part'
-    });
+  it('default redirectUrl should work when `window.location.origin` is not available', function () {
+    (0, _testUtils.setURL)('https://test.com/path/#not-this-part');
     var options = {};
     setup('id', 'clientID', 'domain', options, 'hookRunner', 'emitEventFn');
     var _mockInit2 = mockInit,

package/lib/__tests__/core/remote_data.js

@@ -13,7 +13,9 @@ var getSyncRemoteData = function getSyncRemoteData() {
   return require('core/remote_data').syncRemoteData;
 };
 jest.mock('sync', function () {
-  return jest.fn();
+  return jest.fn(function (model, key, options) {
+    return model;
+  });
 });
 jest.mock('connection/enterprise', function () {
   return {
@@ -30,7 +32,11 @@ jest.mock('core/index', function () {
     id: function id() {
       return 'id';
     },
-    emitEvent: jest.fn()
+    emitEvent: jest.fn(),
+    setCaptcha: jest.fn(),
+    setPasswordlessCaptcha: jest.fn(),
+    setPasswordResetCaptcha: jest.fn(),
+    setSignupChallenge: jest.fn()
   };
 });
 jest.mock('core/sso/data', function () {
@@ -40,6 +46,12 @@ jest.mock('core/sso/data', function () {
     })
   };
 });
+jest.mock('core/web_api', function () {
+  return {
+    getChallenge: jest.fn(),
+    getSignupChallenge: jest.fn()
+  };
+});
 describe('remote_data.syncRemoteData()', function () {
   beforeEach(function () {
     jest.clearAllMocks();
@@ -63,4 +75,123 @@ describe('remote_data.syncRemoteData()', function () {
       });
     });
   });
+  describe('captcha syncing', function () {
+    it('should sync login captcha when initialScreen is login', function () {
+      var syncRemoteData = getSyncRemoteData();
+      syncRemoteData('mockModel', 'login');
+      var syncCalls = require('sync').mock.calls;
+      var captchaCall = syncCalls.find(function (c) {
+        return c[1] === 'captcha';
+      });
+      var signupCaptchaCall = syncCalls.find(function (c) {
+        return c[1] === 'signupCaptcha';
+      });
+      expect(captchaCall).toBeDefined();
+      expect(signupCaptchaCall).toBeUndefined();
+    });
+    it('should sync signup captcha when initialScreen is signUp', function () {
+      var syncRemoteData = getSyncRemoteData();
+      syncRemoteData('mockModel', 'signUp');
+      var syncCalls = require('sync').mock.calls;
+      var captchaCall = syncCalls.find(function (c) {
+        return c[1] === 'captcha';
+      });
+      var signupCaptchaCall = syncCalls.find(function (c) {
+        return c[1] === 'signupCaptcha';
+      });
+      expect(captchaCall).toBeUndefined();
+      expect(signupCaptchaCall).toBeDefined();
+    });
+    it('should call webApi.getChallenge when login captcha syncFn is executed', function () {
+      var mockModel = {
+        get: jest.fn().mockReturnValue('test-id')
+      };
+      var syncRemoteData = getSyncRemoteData();
+      require('core/web_api').getChallenge.mockClear();
+      syncRemoteData(mockModel, 'login');
+      var syncCalls = require('sync').mock.calls;
+      var captchaCall = syncCalls.find(function (c) {
+        return c[1] === 'captcha';
+      });
+      var mockCallback = jest.fn();
+      captchaCall[2].syncFn(mockModel, mockCallback);
+      expect(require('core/web_api').getChallenge).toHaveBeenCalledWith('test-id', expect.any(Function));
+    });
+    it('should call webApi.getSignupChallenge when signup captcha syncFn is executed', function () {
+      var mockModel = {
+        get: jest.fn().mockReturnValue('test-id')
+      };
+      var syncRemoteData = getSyncRemoteData();
+      require('core/web_api').getSignupChallenge.mockClear();
+      syncRemoteData(mockModel, 'signUp');
+      var syncCalls = require('sync').mock.calls;
+      var signupCaptchaCall = syncCalls.find(function (c) {
+        return c[1] === 'signupCaptcha';
+      });
+      var mockCallback = jest.fn();
+      signupCaptchaCall[2].syncFn(mockModel, mockCallback);
+      expect(require('core/web_api').getSignupChallenge).toHaveBeenCalledWith('test-id', expect.any(Function));
+    });
+    it('should default to login captcha when no initialScreen is provided', function () {
+      var syncRemoteData = getSyncRemoteData();
+      syncRemoteData('mockModel'); // No second parameter
+
+      var syncCalls = require('sync').mock.calls;
+      var captchaCall = syncCalls.find(function (c) {
+        return c[1] === 'captcha';
+      });
+      var signupCaptchaCall = syncCalls.find(function (c) {
+        return c[1] === 'signupCaptcha';
+      });
+      expect(captchaCall).toBeDefined();
+      expect(signupCaptchaCall).toBeUndefined();
+    });
+    it('should not sync any captcha for other initialScreen values', function () {
+      var syncRemoteData = getSyncRemoteData();
+      syncRemoteData('mockModel', 'forgotPassword');
+      var syncCalls = require('sync').mock.calls;
+      var captchaCall = syncCalls.find(function (c) {
+        return c[1] === 'captcha';
+      });
+      var signupCaptchaCall = syncCalls.find(function (c) {
+        return c[1] === 'signupCaptcha';
+      });
+      expect(captchaCall).toBeUndefined();
+      expect(signupCaptchaCall).toBeUndefined();
+    });
+    it('should handle webApi.getSignupChallenge errors gracefully', function () {
+      var mockModel = {
+        get: jest.fn().mockReturnValue('test-id')
+      };
+      var syncRemoteData = getSyncRemoteData();
+      syncRemoteData(mockModel, 'signUp');
+      var syncCalls = require('sync').mock.calls;
+      var signupCaptchaCall = syncCalls.find(function (c) {
+        return c[1] === 'signupCaptcha';
+      });
+      require('core/web_api').getSignupChallenge.mockImplementation(function (id, cb) {
+        cb(new Error('404 Not Found'), null);
+      });
+      var mockCallback = jest.fn();
+      signupCaptchaCall[2].syncFn(mockModel, mockCallback);
+      expect(mockCallback).toHaveBeenCalledWith(null, null);
+    });
+    it('should handle webApi.getChallenge errors gracefully', function () {
+      var mockModel = {
+        get: jest.fn().mockReturnValue('test-id')
+      };
+      var syncRemoteData = getSyncRemoteData();
+      syncRemoteData(mockModel, 'login');
+      var syncCalls = require('sync').mock.calls;
+      var captchaCall = syncCalls.find(function (c) {
+        return c[1] === 'captcha';
+      });
+      require('core/web_api').getChallenge.mockImplementation(function (id, cb) {
+        cb(new Error('Network error'), null);
+      });
+      var mockCallback = jest.fn();
+      captchaCall[2].syncFn(mockModel, mockCallback);
+      expect(mockCallback).toHaveBeenCalledWith(null, null);
+    });
+  });
 });

package/lib/__tests__/core/web_api.js

@@ -1,15 +1,11 @@
 "use strict";
 
 var _web_api = _interopRequireDefault(require("../../core/web_api"));
+var _testUtils = require("../testUtils");
 function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
-function _typeof(o) { "@babel/helpers - typeof"; return _typeof = "function" == typeof Symbol && "symbol" == typeof Symbol.iterator ? function (o) { return typeof o; } : function (o) { return o && "function" == typeof Symbol && o.constructor === Symbol && o !== Symbol.prototype ? "symbol" : typeof o; }, _typeof(o); }
-function ownKeys(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
-function _objectSpread(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys(Object(t), !0).forEach(function (r) { _defineProperty(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : ownKeys(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; }
-function _defineProperty(e, r, t) { return (r = _toPropertyKey(r)) in e ? Object.defineProperty(e, r, { value: t, enumerable: !0, configurable: !0, writable: !0 }) : e[r] = t, e; }
-function _toPropertyKey(t) { var i = _toPrimitive(t, "string"); return "symbol" == _typeof(i) ? i : i + ""; }
-function _toPrimitive(t, r) { if ("object" != _typeof(t) || !t) return t; var e = t[Symbol.toPrimitive]; if (void 0 !== e) { var i = e.call(t, r || "default"); if ("object" != _typeof(i)) return i; throw new TypeError("@@toPrimitive must return a primitive value."); } return ("string" === r ? String : Number)(t); }
 describe('Auth0WebApi', function () {
   var originalWindow;
+  var originalLocation;
   var LOCK_ID = 'lock-id';
   var CLIENT_ID = 'client-id';
   var DEFAULT_DOMAIN = 'test.com';
@@ -18,17 +14,16 @@ describe('Auth0WebApi', function () {
   };
   beforeEach(function () {
     originalWindow = window.window;
+    originalLocation = window.location;
   });
   afterEach(function () {
     window.window = originalWindow;
+    delete window.location;
+    window.location = originalLocation;
   });
   describe('setupClient', function () {
     it('sets the correct options when is on the hosted login page', function () {
-      delete window.location;
-      window.location = _objectSpread(_objectSpread({}, originalWindow.location), {}, {
-        host: DEFAULT_DOMAIN,
-        search: ''
-      });
+      (0, _testUtils.setURL)("https://".concat(DEFAULT_DOMAIN, "/"));
       _web_api.default.setupClient(LOCK_ID, CLIENT_ID, DEFAULT_DOMAIN, {
         redirect: true
       });
@@ -41,40 +36,24 @@ describe('Auth0WebApi', function () {
       }));
     });
     it('sets redirect: true when on the same origin as the specified domain', function () {
-      delete window.location;
-      window.location = _objectSpread(_objectSpread({}, originalWindow.location), {}, {
-        host: DEFAULT_DOMAIN,
-        search: ''
-      });
+      (0, _testUtils.setURL)("https://".concat(DEFAULT_DOMAIN, "/"));
       _web_api.default.setupClient(LOCK_ID, CLIENT_ID, DEFAULT_DOMAIN, {});
       expect(client().authOpt.popup).toBe(false);
     });
     it('sets redirect: false when on a different origin as the specified domain', function () {
-      delete window.location;
-      window.location = _objectSpread(_objectSpread({}, originalWindow.location), {}, {
-        host: 'test-other.com',
-        search: ''
-      });
+      (0, _testUtils.setURL)('https://test-other.com/');
       _web_api.default.setupClient(LOCK_ID, CLIENT_ID, DEFAULT_DOMAIN, {});
       expect(client().authOpt.popup).toBe(true);
     });
     it('forces popup and sso mode for cordova, only when not running in the hosted environment', function () {
-      delete window.location;
-      window.location = _objectSpread(_objectSpread({}, originalWindow.location), {}, {
-        host: DEFAULT_DOMAIN,
-        search: ''
-      });
+      (0, _testUtils.setURL)("https://".concat(DEFAULT_DOMAIN, "/"));
       window.cordova = true;
       _web_api.default.setupClient(LOCK_ID, CLIENT_ID, DEFAULT_DOMAIN, {});
       expect(client().authOpt.popup).toBe(false);
       expect(client().authOpt.sso).toBeUndefined();
     });
     it('forces popup and sso mode for electron, only when not running in the hosted environment', function () {
-      delete window.location;
-      window.location = _objectSpread(_objectSpread({}, originalWindow.location), {}, {
-        host: DEFAULT_DOMAIN,
-        search: ''
-      });
+      (0, _testUtils.setURL)("https://".concat(DEFAULT_DOMAIN, "/"));
       window.electron = true;
       _web_api.default.setupClient(LOCK_ID, CLIENT_ID, DEFAULT_DOMAIN, {});
       expect(client().authOpt.popup).toBe(false);

package/lib/__tests__/testUtils.js

@@ -61,11 +61,37 @@ var extractPropsFromWrapper = exports.extractPropsFromWrapper = function extract
 };
 
 // Newer (> Jest v22) versions don't allow modification of location.href
-// but can use `jsdom.reconfigure` when `jsdom` is exposed globally.
-// https://www.npmjs.com/package/jest-environment-jsdom-global
+// Try jsdom.reconfigure() first (via custom environment), then fall back to property mocking
 var setURL = exports.setURL = function setURL(url) {
-  jsdom.reconfigure({
-    url: url
+  // Approach 1: Use jsdom.reconfigure() if available (cleanest)
+  if (global.jsdom && typeof global.jsdom.reconfigure === 'function') {
+    global.jsdom.reconfigure({
+      url: url
+    });
+    return;
+  }
+
+  // Approach 2: Fallback - Mock location properties with Object.defineProperty
+  var parsedUrl = new URL(url);
+  delete window.location;
+  Object.defineProperty(window, 'location', {
+    value: {
+      href: parsedUrl.href,
+      origin: parsedUrl.origin,
+      protocol: parsedUrl.protocol,
+      host: parsedUrl.host,
+      hostname: parsedUrl.hostname,
+      port: parsedUrl.port,
+      pathname: parsedUrl.pathname,
+      search: parsedUrl.search,
+      hash: parsedUrl.hash,
+      // Add toString for debugging
+      toString: function toString() {
+        return parsedUrl.href;
+      }
+    },
+    writable: true,
+    configurable: true
   });
 };
 var expectMockToMatch = exports.expectMockToMatch = function expectMockToMatch(_ref2, numberOfCalls) {

package/lib/__tests__/ui/box/container.js

@@ -13,6 +13,11 @@ jest.mock('store/index', function () {
 jest.mock('ui/box/chrome', function () {
   return (0, _testUtils.mockComponent)('chrome');
 });
+jest.mock('connection/database/index', function () {
+  return {
+    databaseUsernameValue: jest.fn()
+  };
+});
 var mockEvent = {
   preventDefault: function preventDefault() {}
 };
@@ -77,14 +82,23 @@ describe('Container', function () {
   describe('with a custom `connectionResolver`', function () {
     var connectionResolverMock;
     var setResolvedConnectionMock;
+    var databaseUsernameValueMock;
     beforeEach(function () {
       connectionResolverMock = jest.fn();
       setResolvedConnectionMock = jest.fn();
+      databaseUsernameValueMock = require('connection/database/index').databaseUsernameValue;
+
+      // Set default return value for databaseUsernameValue mock
+      databaseUsernameValueMock.mockReturnValue('peter_picked@pickledpepper.com');
       require('core/index').connectionResolver = function () {
         return connectionResolverMock;
       };
       require('core/index').setResolvedConnection = setResolvedConnectionMock;
     });
+    afterEach(function () {
+      // Reset mock between tests and restore default return value
+      databaseUsernameValueMock.mockReset().mockReturnValue('peter_picked@pickledpepper.com');
+    });
     it('calls `connectionResolver` onSubmit', function () {
       var c = getContainer();
       c.handleSubmit(mockEvent);
@@ -111,6 +125,48 @@ describe('Container', function () {
       expect(mock.calls.length).toBe(1);
       expect(mock.calls[0]).toMatchSnapshot();
     });
+    it('prioritizes email over username on signUp screen', function () {
+      databaseUsernameValueMock.mockReturnValue('test@example.com');
+      var c = getContainer({
+        screenName: 'main.signUp'
+      });
+      c.handleSubmit(mockEvent);
+
+      // Should call databaseUsernameValue with emailFirst: true
+      expect(databaseUsernameValueMock).toHaveBeenCalledWith(expect.anything(), {
+        emailFirst: true
+      });
+
+      // connectionResolver should receive the email value
+      var _connectionResolverMo2 = connectionResolverMock,
+        mock = _connectionResolverMo2.mock;
+      expect(mock.calls[0][0]).toBe('test@example.com');
+    });
+    it('prioritizes username over email on login screen', function () {
+      databaseUsernameValueMock.mockReturnValue('testuser');
+      var c = getContainer({
+        screenName: 'main.login'
+      });
+      c.handleSubmit(mockEvent);
+
+      // Should call databaseUsernameValue with empty options (default behavior)
+      expect(databaseUsernameValueMock).toHaveBeenCalledWith(expect.anything(), {});
+
+      // connectionResolver should receive the username value
+      var _connectionResolverMo3 = connectionResolverMock,
+        mock = _connectionResolverMo3.mock;
+      expect(mock.calls[0][0]).toBe('testuser');
+    });
+    it('uses default behavior when screenName is not main.signUp', function () {
+      databaseUsernameValueMock.mockReturnValue('defaultvalue');
+      var c = getContainer({
+        screenName: 'forgotPassword'
+      });
+      c.handleSubmit(mockEvent);
+
+      // Should call databaseUsernameValue with empty options (default behavior)
+      expect(databaseUsernameValueMock).toHaveBeenCalledWith(expect.anything(), {});
+    });
   });
   describe('when suppressSubmitOverlay is true', function () {
     it('it does not display the overlay when submitting', function () {

package/lib/core/actions.js

@@ -34,7 +34,7 @@ function _toPropertyKey(t) { var i = _toPrimitive(t, "string"); return "symbol"
 function _toPrimitive(t, r) { if ("object" != _typeof(t) || !t) return t; var e = t[Symbol.toPrimitive]; if (void 0 !== e) { var i = e.call(t, r || "default"); if ("object" != _typeof(i)) return i; throw new TypeError("@@toPrimitive must return a primitive value."); } return ("string" === r ? String : Number)(t); }
 function setupLock(id, clientID, domain, options, hookRunner, emitEventFn, handleEventFn) {
   var m = l.setup(id, clientID, domain, options, hookRunner, emitEventFn, handleEventFn);
-  m = (0, _remote_data.syncRemoteData)(m);
+  m = (0, _remote_data.syncRemoteData)(m, options === null || options === void 0 ? void 0 : options.initialScreen);
   (0, _preload_utils.img)(l.ui.logo(m) || _container.defaultProps.logo);
   _web_api.default.setupClient(id, clientID, domain, l.withAuthOptions(m, _objectSpread(_objectSpread({}, options), {}, {
     popupOptions: l.ui.popupOptions(m)

package/lib/core/remote_data.js

@@ -19,6 +19,7 @@ function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e
 // shouldn't depend on this
 
 function syncRemoteData(m) {
+  var initialScreen = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : 'login';
   if (l.useTenantInfo(m)) {
     m = (0, _sync.default)(m, 'client', {
       syncFn: function syncFn(m, cb) {
@@ -69,13 +70,24 @@ function syncRemoteData(m) {
       }
     }
   });
-  m = (0, _sync.default)(m, 'captcha', {
-    syncFn: function syncFn(m, cb) {
-      _web_api.default.getChallenge(m.get('id'), function (err, r) {
-        cb(null, r);
-      });
-    },
-    successFn: _index2.setCaptcha
-  });
+  if (initialScreen === 'login') {
+    m = (0, _sync.default)(m, 'captcha', {
+      syncFn: function syncFn(m, cb) {
+        _web_api.default.getChallenge(m.get('id'), function (err, r) {
+          cb(null, r);
+        });
+      },
+      successFn: _index2.setCaptcha
+    });
+  } else if (initialScreen === 'signUp') {
+    m = (0, _sync.default)(m, 'signupCaptcha', {
+      syncFn: function syncFn(m, cb) {
+        _web_api.default.getSignupChallenge(m.get('id'), function (err, r) {
+          cb(null, r);
+        });
+      },
+      successFn: _index2.setSignupChallenge
+    });
+  }
   return m;
 }

package/lib/core/web_api/helper.js

@@ -169,5 +169,5 @@ function trimAuthParams() {
   return p;
 }
 function getVersion() {
-  return "14.1.0";
+  return "14.2.1";
 }

package/lib/field/captcha/captcha_pane.js

@@ -46,6 +46,11 @@ var CaptchaPane = exports.default = /*#__PURE__*/function (_React$Component) {
       var captcha = (0, _captcha2.getCaptchaConfig)(lock, flow);
       var value = (0, _index3.getFieldValue)(lock, 'captcha');
       var isValid = !(0, _index3.isFieldVisiblyInvalid)(lock, 'captcha');
+
+      // If no captcha config, don't render anything
+      if (!captcha) {
+        return null;
+      }
       var provider = captcha.get('provider');
       if ((0, _third_party_captcha.isThirdPartyCaptcha)(provider)) {
         function handleChange(value) {

package/lib/i18n.js

@@ -90,7 +90,7 @@ function assertLanguage(m, language, base) {
 function syncLang(m, language, _cb) {
   (0, _cdn_utils.load)({
     method: 'registerLanguageDictionary',
-    url: "".concat(l.languageBaseUrl(m), "/js/lock/").concat("14.1.0", "/").concat(language, ".js"),
+    url: "".concat(l.languageBaseUrl(m), "/js/lock/").concat("14.2.1", "/").concat(language, ".js"),
     check: function check(str) {
       return str && str === language;
     },

package/lib/lock.js

@@ -36,7 +36,7 @@ var Auth0Lock = exports.default = /*#__PURE__*/function (_Core) {
   _inherits(Auth0Lock, _Core);
   return _createClass(Auth0Lock);
 }(_core.default); // telemetry
-Auth0Lock.version = "14.1.0";
+Auth0Lock.version = "14.2.1";
 
 // TODO: should we have different telemetry for classic/passwordless?
 // TODO: should we set telemetry info before each request?

package/lib/passwordless.js

@@ -36,4 +36,4 @@ var Auth0LockPasswordless = exports.default = /*#__PURE__*/function (_Core) {
   _inherits(Auth0LockPasswordless, _Core);
   return _createClass(Auth0LockPasswordless);
 }(_core.default);
-Auth0LockPasswordless.version = "14.1.0";
+Auth0LockPasswordless.version = "14.2.1";

package/lib/ui/box/container.js

@@ -11,6 +11,7 @@ var _button = require("./button");
 var l = _interopRequireWildcard(require("../../core/index"));
 var c = _interopRequireWildcard(require("../../field/index"));
 var _index3 = require("../../store/index");
+var _index4 = require("../../connection/database/index");
 function _interopRequireWildcard(e, t) { if ("function" == typeof WeakMap) var r = new WeakMap(), n = new WeakMap(); return (_interopRequireWildcard = function _interopRequireWildcard(e, t) { if (!t && e && e.__esModule) return e; var o, i, f = { __proto__: null, default: e }; if (null === e || "object" != _typeof(e) && "function" != typeof e) return f; if (o = t ? n : r) { if (o.has(e)) return o.get(e); o.set(e, f); } for (var _t in e) "default" !== _t && {}.hasOwnProperty.call(e, _t) && ((i = (o = Object.defineProperty) && Object.getOwnPropertyDescriptor(e, _t)) && (i.get || i.set) ? o(f, _t, i) : f[_t] = e[_t]); return f; })(e, t); }
 function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
 function _callSuper(t, o, e) { return o = _getPrototypeOf(o), _possibleConstructorReturn(t, _isNativeReflectConstruct() ? Reflect.construct(o, e || [], _getPrototypeOf(t).constructor) : o.apply(t, e)); }
@@ -109,7 +110,9 @@ var Container = exports.default = /*#__PURE__*/function (_React$Component) {
   return _createClass(Container, [{
     key: "checkConnectionResolver",
     value: function checkConnectionResolver(done) {
-      var contentProps = this.props.contentProps;
+      var _this$props = this.props,
+        contentProps = _this$props.contentProps,
+        screenName = _this$props.screenName;
       var lock = contentProps.model;
       var connectionResolver = l.connectionResolver(lock);
       if (!connectionResolver) {
@@ -122,7 +125,13 @@ var Container = exports.default = /*#__PURE__*/function (_React$Component) {
         connections: connections,
         id: id
       };
-      var userInputValue = c.getFieldValue(lock, 'username') || c.getFieldValue(lock, 'email');
+
+      // On signUp screen, use emailFirst option to prioritize email over username
+      // On login screen, use default behavior (username first)
+      var isSignUpScreen = screenName === 'main.signUp';
+      var userInputValue = (0, _index4.databaseUsernameValue)(lock, isSignUpScreen ? {
+        emailFirst: true
+      } : {});
       connectionResolver(userInputValue, context, function (resolvedConnection) {
         (0, _index3.swap)(_index3.updateEntity, 'lock', l.id(lock), function (m) {
           return l.setResolvedConnection(m, resolvedConnection);
@@ -177,9 +186,9 @@ var Container = exports.default = /*#__PURE__*/function (_React$Component) {
   }, {
     key: "handleClose",
     value: function handleClose() {
-      var _this$props = this.props,
-        closeHandler = _this$props.closeHandler,
-        isSubmitting = _this$props.isSubmitting;
+      var _this$props2 = this.props,
+        closeHandler = _this$props2.closeHandler,
+        isSubmitting = _this$props2.isSubmitting;
       if (!isSubmitting) {
         closeHandler();
       }
@@ -187,9 +196,9 @@ var Container = exports.default = /*#__PURE__*/function (_React$Component) {
   }, {
     key: "handleEsc",
     value: function handleEsc() {
-      var _this$props2 = this.props,
-        closeHandler = _this$props2.closeHandler,
-        escHandler = _this$props2.escHandler;
+      var _this$props3 = this.props,
+        closeHandler = _this$props3.closeHandler,
+        escHandler = _this$props3.escHandler;
       escHandler ? escHandler() : this.handleClose();
     }
   }, {
@@ -202,35 +211,35 @@ var Container = exports.default = /*#__PURE__*/function (_React$Component) {
   }, {
     key: "render",
     value: function render() {
-      var _this$props3 = this.props,
-        autofocus = _this$props3.autofocus,
-        avatar = _this$props3.avatar,
-        auxiliaryPane = _this$props3.auxiliaryPane,
-        backHandler = _this$props3.backHandler,
-        badgeLink = _this$props3.badgeLink,
-        closeHandler = _this$props3.closeHandler,
-        contentComponent = _this$props3.contentComponent,
-        contentProps = _this$props3.contentProps,
-        disableSubmitButton = _this$props3.disableSubmitButton,
-        disallowClose = _this$props3.disallowClose,
-        error = _this$props3.error,
-        info = _this$props3.info,
-        isMobile = _this$props3.isMobile,
-        isModal = _this$props3.isModal,
-        isSubmitting = _this$props3.isSubmitting,
-        logo = _this$props3.logo,
-        primaryColor = _this$props3.primaryColor,
-        screenName = _this$props3.screenName,
-        showBadge = _this$props3.showBadge,
-        submitButtonLabel = _this$props3.submitButtonLabel,
-        submitHandler = _this$props3.submitHandler,
-        success = _this$props3.success,
-        tabs = _this$props3.tabs,
-        terms = _this$props3.terms,
-        title = _this$props3.title,
-        classNames = _this$props3.classNames,
-        scrollGlobalMessagesIntoView = _this$props3.scrollGlobalMessagesIntoView,
-        suppressSubmitOverlay = _this$props3.suppressSubmitOverlay;
+      var _this$props4 = this.props,
+        autofocus = _this$props4.autofocus,
+        avatar = _this$props4.avatar,
+        auxiliaryPane = _this$props4.auxiliaryPane,
+        backHandler = _this$props4.backHandler,
+        badgeLink = _this$props4.badgeLink,
+        closeHandler = _this$props4.closeHandler,
+        contentComponent = _this$props4.contentComponent,
+        contentProps = _this$props4.contentProps,
+        disableSubmitButton = _this$props4.disableSubmitButton,
+        disallowClose = _this$props4.disallowClose,
+        error = _this$props4.error,
+        info = _this$props4.info,
+        isMobile = _this$props4.isMobile,
+        isModal = _this$props4.isModal,
+        isSubmitting = _this$props4.isSubmitting,
+        logo = _this$props4.logo,
+        primaryColor = _this$props4.primaryColor,
+        screenName = _this$props4.screenName,
+        showBadge = _this$props4.showBadge,
+        submitButtonLabel = _this$props4.submitButtonLabel,
+        submitHandler = _this$props4.submitHandler,
+        success = _this$props4.success,
+        tabs = _this$props4.tabs,
+        terms = _this$props4.terms,
+        title = _this$props4.title,
+        classNames = _this$props4.classNames,
+        scrollGlobalMessagesIntoView = _this$props4.scrollGlobalMessagesIntoView,
+        suppressSubmitOverlay = _this$props4.suppressSubmitOverlay;
       var badge = showBadge ? /*#__PURE__*/_react.default.createElement(BottomBadge, {
         link: badgeLink
       }) : null;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "auth0-lock",
-  "version": "14.1.0",
+  "version": "14.2.1",
   "description": "Auth0 Lock",
   "author": "Auth0 <support@auth0.com> (http://auth0.com)",
   "license": "MIT",
@@ -40,7 +40,7 @@
     "i18n:validate": "node -r esm scripts/lang-audit.js"
   },
   "devDependencies": {
-    "@auth0/component-cdn-uploader": "^2.2.2",
+    "@auth0/component-cdn-uploader": "^2.4.2",
     "@babel/core": "^7.0.0",
     "@babel/eslint-parser": "^7.22.9",
     "@babel/plugin-proposal-class-properties": "^7.0.0",
@@ -94,8 +94,7 @@
     "grunt-webpack": "^5.0.0",
     "husky": "^7.0.2",
     "jest": "^29.3.1",
-    "jest-environment-jsdom": "^29.3.1",
-    "jest-environment-jsdom-global": "^4.0.0",
+    "jest-environment-jsdom": "^30.2.0",
     "karma": "^6.4.1",
     "karma-babel-preprocessor": "^8.0.2",
     "karma-browserify": "^8.1.0",
@@ -119,7 +118,7 @@
     "webpack-dev-server": "^4.11.1"
   },
   "dependencies": {
-    "auth0-js": "^9.27.0",
+    "auth0-js": "^9.29.0",
     "auth0-password-policies": "^1.0.2",
     "blueimp-md5": "^2.19.0",
     "classnames": "^2.3.2",
@@ -135,7 +134,7 @@
     "react-transition-group": "^2.2.1",
     "trim": "^1.0.1",
     "url-join": "^1.1.0",
-    "validator": "^13.6.0"
+    "validator": "^13.15.22"
   },
   "ccu": {
     "name": "lock",
@@ -178,7 +177,7 @@
       "lcov",
       "text-summary"
     ],
-    "testEnvironment": "jest-environment-jsdom-global"
+    "testEnvironment": "<rootDir>/customJsdomEnvironment.js"
   },
   "lint-staged": {
     "*.{js,jsx}": [