auth0-lock 14.2.4 → 14.3.0

package/.github/workflows/release.yml

@@ -18,7 +18,10 @@ jobs:
   release:
     uses: ./.github/workflows/npm-release.yml
     with:
-      node-version: 22
+      # Pinned to 22.22.1 — 22.22.2 has a regression (nodejs/node#62425) where
+      # the bundled npm is missing promise-retry, breaking npm install -g npm@11.
+      # Revert to node-version: 22 once the upstream fix is released.
+      node-version: 22.22.1
       require-build: true
     secrets:
       github-token: ${{ secrets.GITHUB_TOKEN }}

package/.github/workflows/test.yml

@@ -56,4 +56,4 @@ jobs:
         run: npm run test:e2e
 
       - name: Upload coverage
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # pin@5.5.2
+        uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # pin@5.5.3

package/.version

@@ -1 +1 @@
-v14.2.4
+v14.3.0

package/CHANGELOG.md

@@ -1,5 +1,27 @@
 # Change Log
 
+## [v14.3.0](https://github.com/auth0/lock/tree/v14.3.0) (2026-04-06)
+[Full Changelog](https://github.com/auth0/lock/compare/v14.2.5...v14.3.0)
+
+**Added**
+- feat(types): ship TypeScript definitions directly from the lock repo, supersedes `@types/auth0-lock` [\#2763](https://github.com/auth0/lock/pull/2763) ([ankita10119](https://github.com/ankita10119))
+
+**Changed**
+- chore(deps): upgrade webpack-dev-server to v5, auth0-password-policies to 3.1.0, and fix dev setup  [\#2771](https://github.com/auth0/lock/pull/2771) ([ankita10119](https://github.com/ankita10119))
+
+**Deprecated**
+- chore: remove deprecated yammer, renren, miicard strategies [\#2747](https://github.com/auth0/lock/pull/2747) ([omarquazi-okta](https://github.com/omarquazi-okta))
+
+**Fixed**
+- Fix: TypeError in matchConnection and findADConnectionWithoutDomain for enterprise connections with null/undefined domains (#2749)  [\#2758](https://github.com/auth0/lock/pull/2758) ([ankita10119](https://github.com/ankita10119))
+
+## [v14.2.5](https://github.com/auth0/lock/tree/v14.2.5) (2026-03-19)
+[Full Changelog](https://github.com/auth0/lock/compare/v14.2.4...v14.2.5)
+
+**Fixed**
+- Fix: TypeError when CordovaAuth0Plugin is not a constructor (auth0-js 9.30.1+)  [\#2742](https://github.com/auth0/lock/pull/2742) ([ankita10119](https://github.com/ankita10119))
+- Fix: TypeError in matchConnection for enterprise connections with no domains [\#2736](https://github.com/auth0/lock/pull/2736) ([ankita10119](https://github.com/ankita10119))
+
 ## [v14.2.4](https://github.com/auth0/lock/tree/v14.2.4) (2026-01-21)
 [Full Changelog](https://github.com/auth0/lock/compare/v14.2.3...v14.2.4)
 

package/README.md

@@ -31,7 +31,7 @@ From CDN
 
 ```html
 <!-- Latest patch release (recommended for production) -->
-<script src="https://cdn.auth0.com/js/lock/14.2.4/lock.min.js"></script>
+<script src="https://cdn.auth0.com/js/lock/14.3.0/lock.min.js"></script>
 ```
 
 ### Configure Auth0

package/babel.config.js

@@ -0,0 +1,15 @@
+const pkg = require('./package.json');
+const coreJsVersion = pkg.devDependencies['core-js'].replace(/^\^/, '');
+
+module.exports = {
+  plugins: [
+    'version-inline',
+    'transform-css-import-to-string',
+    'babel-plugin-stylus-compiler',
+    '@babel/plugin-proposal-function-bind'
+  ],
+  presets: [
+    ['@babel/preset-env', { useBuiltIns: 'entry', corejs: coreJsVersion }],
+    '@babel/preset-react'
+  ]
+};

package/lib/__tests__/connection/enterprise/matchConnection.js

@@ -0,0 +1,66 @@
+"use strict";
+
+var _immutable = _interopRequireDefault(require("immutable"));
+var _enterprise = require("../../../connection/enterprise");
+function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
+jest.mock('core/index', function () {
+  return {
+    connections: jest.fn()
+  };
+});
+describe('matchConnection', function () {
+  afterEach(function () {
+    return jest.resetAllMocks();
+  });
+  it('does not throw when enterprise connection has no domains field (key absent)', function () {
+    var _require = require('core/index'),
+      connections = _require.connections;
+
+    // Tenant omits the domains field entirely
+    connections.mockReturnValue(_immutable.default.fromJS([{
+      name: 'samlp-connection',
+      strategy: 'samlp',
+      type: 'enterprise'
+    }]));
+    var m = _immutable.default.fromJS({
+      id: '__lock__'
+    });
+    expect(function () {
+      return (0, _enterprise.matchConnection)(m, 'test@example.com');
+    }).not.toThrow();
+    expect((0, _enterprise.matchConnection)(m, 'test@example.com')).toBeFalsy();
+  });
+  it('does not throw when enterprise connection has domains explicitly set to null', function () {
+    var _require2 = require('core/index'),
+      connections = _require2.connections;
+
+    // Tenant returns domains: null
+    connections.mockReturnValue(_immutable.default.fromJS([{
+      name: 'samlp-connection',
+      strategy: 'samlp',
+      type: 'enterprise',
+      domains: null
+    }]));
+    var m = _immutable.default.fromJS({
+      id: '__lock__'
+    });
+    expect(function () {
+      return (0, _enterprise.matchConnection)(m, 'test@example.com');
+    }).not.toThrow();
+    expect((0, _enterprise.matchConnection)(m, 'test@example.com')).toBeFalsy();
+  });
+  it('matches a connection when the email domain is in the domains list', function () {
+    var _require3 = require('core/index'),
+      connections = _require3.connections;
+    connections.mockReturnValue(_immutable.default.fromJS([{
+      name: 'samlp-connection',
+      strategy: 'samlp',
+      type: 'enterprise',
+      domains: ['example.com']
+    }]));
+    var m = _immutable.default.fromJS({
+      id: '__lock__'
+    });
+    expect((0, _enterprise.matchConnection)(m, 'user@example.com')).toBeTruthy();
+  });
+});

package/lib/connection/enterprise.js

@@ -105,7 +105,7 @@ function matchConnection(m, email) {
   var target = (0, _email.emailDomain)(email);
   if (!target) return false;
   return l.connections.apply(l, [m, 'enterprise'].concat(_toConsumableArray(strategies))).find(function (x) {
-    return x.get('domains').contains(target);
+    return (x.get('domains') || (0, _immutable.List)()).contains(target);
   });
 }
 function isEnterpriseDomain(m, email) {
@@ -128,7 +128,7 @@ function isADEnabled(m) {
 function findADConnectionWithoutDomain(m) {
   var name = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : undefined;
   return l.connections(m, 'enterprise', 'ad', 'auth0-adldap').find(function (x) {
-    return x.get('domains').isEmpty() && (!name || x.get('name') === name);
+    return (x.get('domains') || (0, _immutable.List)()).isEmpty() && (!name || x.get('name') === name);
   });
 }
 function findActiveFlowConnection(m) {

package/lib/connection/social/index.js

@@ -32,11 +32,9 @@ var STRATEGIES = exports.STRATEGIES = {
   'google-oauth2': 'Google',
   instagram: 'Instagram',
   linkedin: 'LinkedIn',
-  miicard: 'miiCard',
   paypal: 'PayPal',
   'paypal-sandbox': 'PayPal Sandbox',
   planningcenter: 'Planning Center',
-  renren: '人人',
   salesforce: 'Salesforce',
   'salesforce-community': 'Salesforce Community',
   'salesforce-sandbox': 'Salesforce (sandbox)',
@@ -53,7 +51,6 @@ var STRATEGIES = exports.STRATEGIES = {
   windowslive: 'Microsoft',
   wordpress: 'Wordpress',
   yahoo: 'Yahoo!',
-  yammer: 'Yammer',
   yandex: 'Yandex',
   weibo: '新浪微博',
   line: 'Line'

package/lib/core/web_api/helper.js

@@ -169,5 +169,5 @@ function trimAuthParams() {
   return p;
 }
 function getVersion() {
-  return "14.2.4";
+  return "14.3.0";
 }

package/lib/core/web_api/p2_api.js

@@ -6,7 +6,6 @@ Object.defineProperty(exports, "__esModule", {
 exports.default = void 0;
 var _auth0Js = _interopRequireDefault(require("auth0-js"));
 var _qs = _interopRequireDefault(require("qs"));
-var _cordovaAuth0PluginMin = _interopRequireDefault(require("auth0-js/dist/cordova-auth0-plugin.min.js"));
 var _helper = require("./helper");
 function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
 function _typeof(o) { "@babel/helpers - typeof"; return _typeof = "function" == typeof Symbol && "symbol" == typeof Symbol.iterator ? function (o) { return typeof o; } : function (o) { return o && "function" == typeof Symbol && o.constructor === Symbol && o !== Symbol.prototype ? "symbol" : typeof o; }, _typeof(o); }
@@ -18,6 +17,10 @@ function _defineProperties(e, r) { for (var t = 0; t < r.length; t++) { var o =
 function _createClass(e, r, t) { return r && _defineProperties(e.prototype, r), t && _defineProperties(e, t), Object.defineProperty(e, "prototype", { writable: !1 }), e; }
 function _toPropertyKey(t) { var i = _toPrimitive(t, "string"); return "symbol" == _typeof(i) ? i : i + ""; }
 function _toPrimitive(t, r) { if ("object" != _typeof(t) || !t) return t; var e = t[Symbol.toPrimitive]; if (void 0 !== e) { var i = e.call(t, r || "default"); if ("object" != _typeof(i)) return i; throw new TypeError("@@toPrimitive must return a primitive value."); } return ("string" === r ? String : Number)(t); }
+// require() used intentionally: cordova-auth0-plugin.min.js is a UMD bundle;
+// webpack 5 cannot statically resolve a default export from module.exports,
+// so import-default syntax would emit a warning.
+var CordovaAuth0Plugin = require('auth0-js/dist/cordova-auth0-plugin.min.js');
 var Auth0APIClient = /*#__PURE__*/function () {
   function Auth0APIClient(lockID, clientID, domain, opts) {
     _classCallCheck(this, Auth0APIClient);
@@ -45,7 +48,7 @@ var Auth0APIClient = /*#__PURE__*/function () {
       responseMode: opts.responseMode,
       responseType: opts.responseType,
       leeway: opts.leeway || 60,
-      plugins: opts.plugins || [new _cordovaAuth0PluginMin.default()],
+      plugins: opts.plugins || (typeof CordovaAuth0Plugin === 'function' ? [new CordovaAuth0Plugin()] : []),
       overrides: (0, _helper.webAuthOverrides)(opts.overrides),
       _sendTelemetry: opts._sendTelemetry === false ? false : true,
       _telemetryInfo: telemetry,