ci(repo): Version packages #6541
Conversation
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
@clerk/agent-toolkit
@clerk/astro
@clerk/backend
@clerk/chrome-extension
@clerk/clerk-js
@clerk/dev-cli
@clerk/elements
@clerk/clerk-expo
@clerk/expo-passkeys
@clerk/express
@clerk/fastify
@clerk/localizations
@clerk/nextjs
@clerk/nuxt
@clerk/clerk-react
@clerk/react-router
@clerk/remix
@clerk/shared
@clerk/tanstack-react-start
@clerk/testing
@clerk/themes
@clerk/types
@clerk/upgrade
@clerk/vue
commit: |
📝 WalkthroughWalkthroughMultiple .changeset files were removed and many package CHANGELOG.md and package.json version fields were updated across the monorepo. Public API changes documented in changelogs include: backend M2M surface renames (m2mTokens → m2m; create response secret → token; verifySecret → verifyToken), addition of an optional navigate parameter to Clerk.setActive, renaming RedirectToTask → RedirectToTasks in several UI packages, and a Next.js telemetry event KEYLESS_ENV_DRIFT_DETECTED. Several packages list dependency updates to @clerk/* packages. Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Suggested reviewers
📜 Recent review detailsConfiguration used: CodeRabbit UI 💡 Knowledge Base configuration:
You can enable these settings in your CodeRabbit configuration. 📒 Files selected for processing (50)
💤 Files with no reviewable changes (6)
✅ Files skipped from review due to trivial changes (8)
🚧 Files skipped from review as they are similar to previous changes (36)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. CodeRabbit Commands (Invoked using PR/Issue comments)Type Other keywords and placeholders
CodeRabbit Configuration File (
|
github-actions
bot
force-pushed
the
changeset-release/main
branch
from
536126e to
400317a
Compare
|
Caution Review failedFailed to post review comments. Configuration used: CodeRabbit UI 📒 Files selected for processing (47)
💤 Files with no reviewable changes (3)
🧰 Additional context used📓 Path-based instructions (5)**/*.{js,jsx,ts,tsx,json,css,scss,md,yaml,yml}📄 CodeRabbit Inference Engine (.cursor/rules/development.mdc)
Files:
packages/*/package.json📄 CodeRabbit Inference Engine (.cursor/rules/global.mdc)
Files:
**/*⚙️ CodeRabbit Configuration File
Files:
packages/localizations/**/*📄 CodeRabbit Inference Engine (.cursor/rules/monorepo.mdc)
Files:
packages/**/CHANGELOG.md📄 CodeRabbit Inference Engine (.cursor/rules/development.mdc)
Files:
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)
🔇 Additional comments (53)
📝 WalkthroughWalkthroughThis PR removes three changeset files and adds changelog entries plus version bumps across multiple packages. It introduces two public API updates: an optional navigate callback parameter to clerk.setActive() (@clerk/clerk-js, reflected in @clerk/types) and a rename of RedirectToTask to RedirectToTasks across React, Next.js, Remix, Vue, and TanStack React Start. It also documents a patch in @clerk/shared to invalidate organization memberships based on client user. Most other changes are dependency updates and metadata-only version increments. Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
Suggested labels
Suggested reviewers
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. CodeRabbit Commands (Invoked using PR/Issue comments)Type Other keywords and placeholders
CodeRabbit Configuration File (
|
|
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. CodeRabbit Commands (Invoked using PR/Issue comments)Type Other keywords and placeholders
CodeRabbit Configuration File (
|
|
Caution Review failedFailed to post review comments. Configuration used: CodeRabbit UI 📒 Files selected for processing (47)
💤 Files with no reviewable changes (3)
🧰 Additional context used📓 Path-based instructions (5)**/*.{js,jsx,ts,tsx,json,css,scss,md,yaml,yml}📄 CodeRabbit Inference Engine (.cursor/rules/development.mdc)
Files:
packages/*/package.json📄 CodeRabbit Inference Engine (.cursor/rules/global.mdc)
Files:
**/*⚙️ CodeRabbit Configuration File
Files:
packages/**/CHANGELOG.md📄 CodeRabbit Inference Engine (.cursor/rules/development.mdc)
Files:
packages/localizations/**/*📄 CodeRabbit Inference Engine (.cursor/rules/monorepo.mdc)
Files:
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
🔇 Additional comments (45)
📝 WalkthroughWalkthroughThis PR primarily updates package versions and changelogs across multiple packages. It deletes three changeset files. It introduces a public API change adding an optional navigate callback to Clerk.setActive in @clerk/clerk-js/@clerk/types. It documents/propagates a public component rename RedirectToTask to RedirectToTasks across React, Next.js, Remix, Vue, React Router, and TanStack React Start packages. Backend changelog notes dependency bumps, with prior public exports (Machine, M2MToken) referenced. No functional code changes are shown beyond the documented API addition/rename. Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Possibly related PRs
Suggested reviewers
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. CodeRabbit Commands (Invoked using PR/Issue comments)Type Other keywords and placeholders
CodeRabbit Configuration File (
|
github-actions
bot
force-pushed
the
changeset-release/main
branch
from
400317a to
8fdc6fb
Compare
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 10
🧹 Nitpick comments (19)
packages/tanstack-react-start/package.json (1)
3-3: Tests for the renamed component.No tests were modified in this PR. Please ensure coverage exists for RedirectToTasks across adapters (rendering, navigation, and error paths). I can help sketch quick vitest cases if desired.
packages/testing/package.json (1)
76-81: Ensure test utilities and examples reflect m2m token API changes.Given backend changes (result.secret → result.token, verifySecret → verifyToken), validate that any helpers, docs, or examples in @clerk/testing are updated and covered by tests.
Would you like me to draft sample Playwright/Cypress snippets demonstrating verifyToken usage and asserting failure paths?
packages/chrome-extension/CHANGELOG.md (1)
3-11: Deduplicate repeated commit reference in 2.5.20 entry.The commit
69498dfappears twice in the same bullet list. Consider removing the duplicate to keep the entry clean.Apply this minimal diff within the commit list:
- - Updated dependencies [[`69498df`](https://github.com/clerk/javascript/commit/69498dfca3e6bb388eb8c94313eac06347dd5a27), [`59f1559`](https://github.com/clerk/javascript/commit/59f15593bab708b9e13eebfff6780c2d52b31b0a), [`69498df`](https://github.com/clerk/javascript/commit/69498dfca3e6bb388eb8c94313eac06347dd5a27)]: + - Updated dependencies [[`69498df`](https://github.com/clerk/javascript/commit/69498dfca3e6bb388eb8c94313eac06347dd5a27), [`59f1559`](https://github.com/clerk/javascript/commit/59f15593bab708b9e13eebfff6780c2d52b31b0a)]:packages/remix/CHANGELOG.md (2)
7-8: Include a short migration snippet for the component renameA small before/after code snippet will help users adopt
RedirectToTasksquickly.For example:
// Before import { RedirectToTask } from '@clerk/remix'; // After import { RedirectToTasks } from '@clerk/remix';
11-16: Deduplicate commit references in dependency updates
69498dfis listed twice in the bracketed commit list. Suggest removing the duplicate for cleanliness.Apply this diff:
- - Updated dependencies [[`d400782`](https://github.com/clerk/javascript/commit/d400782b7016c1232c0aa1e3399c61b61e4f0709), [`69498df`](https://github.com/clerk/javascript/commit/69498dfca3e6bb388eb8c94313eac06347dd5a27), [`2db7431`](https://github.com/clerk/javascript/commit/2db743147827fb69fb8fe73a1e26545aeb7be7aa), [`59f1559`](https://github.com/clerk/javascript/commit/59f15593bab708b9e13eebfff6780c2d52b31b0a), [`69498df`](https://github.com/clerk/javascript/commit/69498dfca3e6bb388eb8c94313eac06347dd5a27)]: + - Updated dependencies [[`d400782`](https://github.com/clerk/javascript/commit/d400782b7016c1232c0aa1e3399c61b61e4f0709), [`69498df`](https://github.com/clerk/javascript/commit/69498dfca3e6bb388eb8c94313eac06347dd5a27), [`2db7431`](https://github.com/clerk/javascript/commit/2db743147827fb69fb8fe73a1e26545aeb7be7aa), [`59f1559`](https://github.com/clerk/javascript/commit/59f15593bab708b9e13eebfff6780c2d52b31b0a)]:packages/elements/CHANGELOG.md (1)
3-11: Changelog entry looks good; minor nit: duplicate commit hash in dependency noteThe patch entry is clear and consistent. One small nit: the commit reference 69498df appears twice in the same bullet list.
Apply this diff to deduplicate the commit reference:
- - Updated dependencies [[`69498df`](https://github.com/clerk/javascript/commit/69498dfca3e6bb388eb8c94313eac06347dd5a27), [`59f1559`](https://github.com/clerk/javascript/commit/59f15593bab708b9e13eebfff6780c2d52b31b0a), [`69498df`](https://github.com/clerk/javascript/commit/69498dfca3e6bb388eb8c94313eac06347dd5a27)]: + - Updated dependencies [[`69498df`](https://github.com/clerk/javascript/commit/69498dfca3e6bb388eb8c94313eac06347dd5a27), [`59f1559`](https://github.com/clerk/javascript/commit/59f15593bab708b9e13eebfff6780c2d52b31b0a)]:packages/express/CHANGELOG.md (1)
3-11: Consider adding a short note about downstream m2m token renameSince this package now depends on @clerk/[email protected], it may help consumers to know about the backend’s m2m response change (secret → token) and deprecation of verifySecret in favor of verifyToken, even though there’s no API change in express itself. A one-liner under Patch Changes can prevent surprises for users reading only this changelog.
packages/vue/CHANGELOG.md (2)
3-14: Document migration snippet for RedirectToTasks renameThe rename is clear. Consider adding a brief “Migration” snippet to help users update imports/usages quickly.
For example:
- import { RedirectToTask } from '@clerk/vue'; + import { RedirectToTasks } from '@clerk/vue';If you’ve kept a temporary alias export for backward compatibility, noting deprecation timing here would also help.
3-14: Add/adjust tests to catch regressions from the renameThere are no tests in this PR. Recommend adding a lightweight unit/integration test to assert RedirectToTasks renders and is exported from the package entry point. If a temporary alias exists, add a deprecation test to ensure it warns properly and will be removed on schedule. I can help scaffold these.
Do you want me to draft a test file and a codemod script to assist consumers with the rename?
packages/shared/CHANGELOG.md (1)
7-8: Consider briefly clarifying end-user impact of the membership invalidation.A one-liner can help consumers understand whether any action is required (e.g., cache invalidation behavior and whether this could cause extra fetches/UI refreshes).
- Invalidate organization memberships based on client user ([#6530](https://github.com/clerk/javascript/pull/6530)) by [@iagodahlem](https://github.com/iagodahlem) + - Invalidate organization memberships based on client user ([#6530](https://github.com/clerk/javascript/pull/6530)) by [@iagodahlem](https://github.com/iagodahlem) + - Note: This is an internal cache invalidation improvement; no code changes are required for consumers beyond taking this version.packages/react-router/CHANGELOG.md (1)
5-8: Call out deprecation/alias strategy for the renamed component to ease migration.Explicitly stating whether RedirectToTask is still exported as a temporary alias (and planned removal version) helps consumers plan upgrades.
### Minor Changes -- Rename `RedirectToTask` control component to `RedirectToTasks` ([#6486](https://github.com/clerk/javascript/pull/6486)) by [@LauraBeatris](https://github.com/LauraBeatris) +- Rename `RedirectToTask` control component to `RedirectToTasks` ([#6486](https://github.com/clerk/javascript/pull/6486)) by [@LauraBeatris](https://github.com/LauraBeatris) + - If applicable, `RedirectToTask` may be kept as a deprecated alias for a limited period. Prefer `RedirectToTasks`. If an alias is provided, it will be removed in a future minor release; check release notes for timelines.packages/tanstack-react-start/CHANGELOG.md (1)
5-8: Add a short deprecation guidance for the renamed component.Aligning with other packages, explicitly tell users what to do and whether a temporary alias exists.
### Minor Changes -- Rename `RedirectToTask` control component to `RedirectToTasks` ([#6486](https://github.com/clerk/javascript/pull/6486)) by [@LauraBeatris](https://github.com/LauraBeatris) +- Rename `RedirectToTask` control component to `RedirectToTasks` ([#6486](https://github.com/clerk/javascript/pull/6486)) by [@LauraBeatris](https://github.com/LauraBeatris) + - Migrate imports to `RedirectToTasks`. If a temporary alias is exported for `RedirectToTask`, treat it as deprecated and plan removal in an upcoming minor release.packages/types/CHANGELOG.md (1)
3-25: Docs/readability: casing consistency for setActive API nameConsider aligning the casing with other entries that reference the Clerk singleton. The bullet currently says
clerk.setActive()while most references useClerk.*when naming the public API in prose. The code example can continue using the lowercaseclerkinstance.- - Add `navigate` parameter to `clerk.setActive()` for custom navigation before the session and/or organization is set. ([#6486](https://github.com/clerk/javascript/pull/6486)) by [@LauraBeatris](https://github.com/LauraBeatris) + - Add `navigate` parameter to `Clerk.setActive()` for custom navigation before the session and/or organization is set. ([#6486](https://github.com/clerk/javascript/pull/6486)) by [@LauraBeatris](https://github.com/LauraBeatris)packages/backend/CHANGELOG.md (2)
7-7: Clarify scope: specify which response removessecretMinor wording tweak to remove ambiguity. Explicitly calling out the method helps readers understand exactly which response changed.
- - Remove `secret` in favor of `token` in m2m response. ([#6542](https://github.com/clerk/javascript/pull/6542)) by [@wobsoriano](https://github.com/wobsoriano) + - Remove the `secret` field in favor of `token` in the `m2mTokens.create()` response. ([#6542](https://github.com/clerk/javascript/pull/6542)) by [@wobsoriano](https://github.com/wobsoriano)
25-25: Fix grammar: “in favor or” → “in favor of”Small typo in the deprecation note.
- - Deprecates `clerkClient.m2mTokens.verifySecret({ secret: 'mt_xxx' })` in favor or `clerkClient.m2mTokens.verifyToken({ token: 'mt_xxx' })` ([#6536](https://github.com/clerk/javascript/pull/6536)) by [@wobsoriano](https://github.com/wobsoriano) + - Deprecates `clerkClient.m2mTokens.verifySecret({ secret: 'mt_xxx' })` in favor of `clerkClient.m2mTokens.verifyToken({ token: 'mt_xxx' })` ([#6536](https://github.com/clerk/javascript/pull/6536)) by [@wobsoriano](https://github.com/wobsoriano)packages/react/CHANGELOG.md (1)
9-13: Dependency bumps look correct for this releaseUpdated dependencies align with the PR objectives: @clerk/[email protected] and @clerk/[email protected].
Optional: you could add a brief note if these bumps include any reactive type changes affecting this package’s public API (none apparent here).
packages/clerk-js/CHANGELOG.md (1)
7-24: Add the exact navigate signature and awaiting behavior for clarityBriefly documenting the callback’s signature and the fact that it’s awaited will help avoid misuse and make the contract explicit.
Apply this diff to insert a short note under the bullet:
- Add `navigate` parameter to `clerk.setActive()` for custom navigation before the session and/or organization is set. ([#6486](https://github.com/clerk/javascript/pull/6486)) by [@LauraBeatris](https://github.com/LauraBeatris) + + Signature: + ```ts + navigate?: (ctx: { session: Session }) => void | Promise<void> + ``` + + Notes: + - The `navigate` callback is awaited; throw or reject to surface errors to callers. + - Return early after custom navigation if you don’t want to continue default post-activation flows.packages/nextjs/CHANGELOG.md (2)
7-7: Clarify wording and add a brief migration hint."control component" is inconsistent with prior entries (“exported component”). Also, a short migration hint helps users scanning the changelog.
-- Rename `RedirectToTask` control component to `RedirectToTasks` ([#6486](https://github.com/clerk/javascript/pull/6486)) by [@LauraBeatris](https://github.com/LauraBeatris) +- Rename `RedirectToTask` exported component to `RedirectToTasks` ([#6486](https://github.com/clerk/javascript/pull/6486)) by [@LauraBeatris](https://github.com/LauraBeatris) + Migration: update imports from `RedirectToTask` to `RedirectToTasks`.
11-11: Deduplicate commit references in the “Updated dependencies” line.The commit
69498dfappears twice; keep it once to avoid noise.- - Updated dependencies [[`d400782`](https://github.com/clerk/javascript/commit/d400782b7016c1232c0aa1e3399c61b61e4f0709), [`69498df`](https://github.com/clerk/javascript/commit/69498dfca3e6bb388eb8c94313eac06347dd5a27), [`2db7431`](https://github.com/clerk/javascript/commit/2db743147827fb69fb8fe73a1e26545aeb7be7aa), [`59f1559`](https://github.com/clerk/javascript/commit/59f15593bab708b9e13eebfff6780c2d52b31b0a), [`69498df`](https://github.com/clerk/javascript/commit/69498dfca3e6bb388eb8c94313eac06347dd5a27)]: + - Updated dependencies [[`d400782`](https://github.com/clerk/javascript/commit/d400782b7016c1232c0aa1e3399c61b61e4f0709), [`69498df`](https://github.com/clerk/javascript/commit/69498dfca3e6bb388eb8c94313eac06347dd5a27), [`2db7431`](https://github.com/clerk/javascript/commit/2db743147827fb69fb8fe73a1e26545aeb7be7aa), [`59f1559`](https://github.com/clerk/javascript/commit/59f15593bab708b9e13eebfff6780c2d52b31b0a)]:
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (49)
.changeset/chatty-kings-raise.md(0 hunks).changeset/rich-donuts-agree.md(0 hunks).changeset/small-adults-crash.md(0 hunks).changeset/upset-sides-kneel.md(0 hunks).changeset/warm-rocks-flow.md(0 hunks)packages/agent-toolkit/CHANGELOG.md(1 hunks)packages/agent-toolkit/package.json(1 hunks)packages/astro/CHANGELOG.md(1 hunks)packages/astro/package.json(1 hunks)packages/backend/CHANGELOG.md(1 hunks)packages/backend/package.json(1 hunks)packages/chrome-extension/CHANGELOG.md(1 hunks)packages/chrome-extension/package.json(1 hunks)packages/clerk-js/CHANGELOG.md(1 hunks)packages/clerk-js/package.json(1 hunks)packages/elements/CHANGELOG.md(1 hunks)packages/elements/package.json(1 hunks)packages/expo-passkeys/CHANGELOG.md(1 hunks)packages/expo-passkeys/package.json(1 hunks)packages/expo/CHANGELOG.md(1 hunks)packages/expo/package.json(1 hunks)packages/express/CHANGELOG.md(1 hunks)packages/express/package.json(1 hunks)packages/fastify/CHANGELOG.md(1 hunks)packages/fastify/package.json(1 hunks)packages/localizations/CHANGELOG.md(1 hunks)packages/localizations/package.json(1 hunks)packages/nextjs/CHANGELOG.md(1 hunks)packages/nextjs/package.json(1 hunks)packages/nuxt/CHANGELOG.md(1 hunks)packages/nuxt/package.json(1 hunks)packages/react-router/CHANGELOG.md(1 hunks)packages/react-router/package.json(1 hunks)packages/react/CHANGELOG.md(1 hunks)packages/react/package.json(1 hunks)packages/remix/CHANGELOG.md(1 hunks)packages/remix/package.json(1 hunks)packages/shared/CHANGELOG.md(1 hunks)packages/shared/package.json(1 hunks)packages/tanstack-react-start/CHANGELOG.md(1 hunks)packages/tanstack-react-start/package.json(1 hunks)packages/testing/CHANGELOG.md(1 hunks)packages/testing/package.json(1 hunks)packages/themes/CHANGELOG.md(1 hunks)packages/themes/package.json(1 hunks)packages/types/CHANGELOG.md(1 hunks)packages/types/package.json(1 hunks)packages/vue/CHANGELOG.md(1 hunks)packages/vue/package.json(1 hunks)
💤 Files with no reviewable changes (5)
- .changeset/warm-rocks-flow.md
- .changeset/chatty-kings-raise.md
- .changeset/small-adults-crash.md
- .changeset/upset-sides-kneel.md
- .changeset/rich-donuts-agree.md
🧰 Additional context used
📓 Path-based instructions (5)
**/*.{js,jsx,ts,tsx,json,css,scss,md,yaml,yml}
📄 CodeRabbit Inference Engine (.cursor/rules/development.mdc)
Use Prettier for consistent code formatting
Files:
packages/types/package.jsonpackages/nextjs/package.jsonpackages/expo/package.jsonpackages/nuxt/package.jsonpackages/react/package.jsonpackages/expo-passkeys/package.jsonpackages/express/package.jsonpackages/tanstack-react-start/package.jsonpackages/fastify/package.jsonpackages/react-router/package.jsonpackages/elements/package.jsonpackages/clerk-js/package.jsonpackages/vue/package.jsonpackages/testing/package.jsonpackages/fastify/CHANGELOG.mdpackages/backend/package.jsonpackages/chrome-extension/CHANGELOG.mdpackages/chrome-extension/package.jsonpackages/expo-passkeys/CHANGELOG.mdpackages/astro/CHANGELOG.mdpackages/themes/package.jsonpackages/agent-toolkit/CHANGELOG.mdpackages/localizations/CHANGELOG.mdpackages/agent-toolkit/package.jsonpackages/remix/package.jsonpackages/testing/CHANGELOG.mdpackages/nuxt/CHANGELOG.mdpackages/themes/CHANGELOG.mdpackages/shared/package.jsonpackages/react/CHANGELOG.mdpackages/shared/CHANGELOG.mdpackages/react-router/CHANGELOG.mdpackages/express/CHANGELOG.mdpackages/remix/CHANGELOG.mdpackages/vue/CHANGELOG.mdpackages/expo/CHANGELOG.mdpackages/astro/package.jsonpackages/tanstack-react-start/CHANGELOG.mdpackages/localizations/package.jsonpackages/types/CHANGELOG.mdpackages/backend/CHANGELOG.mdpackages/nextjs/CHANGELOG.mdpackages/clerk-js/CHANGELOG.mdpackages/elements/CHANGELOG.md
packages/*/package.json
📄 CodeRabbit Inference Engine (.cursor/rules/global.mdc)
All publishable packages should be placed under the packages/ directory
packages/*/package.json: All publishable packages must be located in the 'packages/' directory.
All packages must be published under the @clerk namespace on npm.
Semantic versioning must be used across all packages.
Files:
packages/types/package.jsonpackages/nextjs/package.jsonpackages/expo/package.jsonpackages/nuxt/package.jsonpackages/react/package.jsonpackages/expo-passkeys/package.jsonpackages/express/package.jsonpackages/tanstack-react-start/package.jsonpackages/fastify/package.jsonpackages/react-router/package.jsonpackages/elements/package.jsonpackages/clerk-js/package.jsonpackages/vue/package.jsonpackages/testing/package.jsonpackages/backend/package.jsonpackages/chrome-extension/package.jsonpackages/themes/package.jsonpackages/agent-toolkit/package.jsonpackages/remix/package.jsonpackages/shared/package.jsonpackages/astro/package.jsonpackages/localizations/package.json
**/*
⚙️ CodeRabbit Configuration File
If there are no tests added or modified as part of the PR, please suggest that tests be added to cover the changes.
Files:
packages/types/package.jsonpackages/nextjs/package.jsonpackages/expo/package.jsonpackages/nuxt/package.jsonpackages/react/package.jsonpackages/expo-passkeys/package.jsonpackages/express/package.jsonpackages/tanstack-react-start/package.jsonpackages/fastify/package.jsonpackages/react-router/package.jsonpackages/elements/package.jsonpackages/clerk-js/package.jsonpackages/vue/package.jsonpackages/testing/package.jsonpackages/fastify/CHANGELOG.mdpackages/backend/package.jsonpackages/chrome-extension/CHANGELOG.mdpackages/chrome-extension/package.jsonpackages/expo-passkeys/CHANGELOG.mdpackages/astro/CHANGELOG.mdpackages/themes/package.jsonpackages/agent-toolkit/CHANGELOG.mdpackages/localizations/CHANGELOG.mdpackages/agent-toolkit/package.jsonpackages/remix/package.jsonpackages/testing/CHANGELOG.mdpackages/nuxt/CHANGELOG.mdpackages/themes/CHANGELOG.mdpackages/shared/package.jsonpackages/react/CHANGELOG.mdpackages/shared/CHANGELOG.mdpackages/react-router/CHANGELOG.mdpackages/express/CHANGELOG.mdpackages/remix/CHANGELOG.mdpackages/vue/CHANGELOG.mdpackages/expo/CHANGELOG.mdpackages/astro/package.jsonpackages/tanstack-react-start/CHANGELOG.mdpackages/localizations/package.jsonpackages/types/CHANGELOG.mdpackages/backend/CHANGELOG.mdpackages/nextjs/CHANGELOG.mdpackages/clerk-js/CHANGELOG.mdpackages/elements/CHANGELOG.md
packages/**/CHANGELOG.md
📄 CodeRabbit Inference Engine (.cursor/rules/development.mdc)
Maintain detailed changelogs
Files:
packages/fastify/CHANGELOG.mdpackages/chrome-extension/CHANGELOG.mdpackages/expo-passkeys/CHANGELOG.mdpackages/astro/CHANGELOG.mdpackages/agent-toolkit/CHANGELOG.mdpackages/localizations/CHANGELOG.mdpackages/testing/CHANGELOG.mdpackages/nuxt/CHANGELOG.mdpackages/themes/CHANGELOG.mdpackages/react/CHANGELOG.mdpackages/shared/CHANGELOG.mdpackages/react-router/CHANGELOG.mdpackages/express/CHANGELOG.mdpackages/remix/CHANGELOG.mdpackages/vue/CHANGELOG.mdpackages/expo/CHANGELOG.mdpackages/tanstack-react-start/CHANGELOG.mdpackages/types/CHANGELOG.mdpackages/backend/CHANGELOG.mdpackages/nextjs/CHANGELOG.mdpackages/clerk-js/CHANGELOG.mdpackages/elements/CHANGELOG.md
packages/localizations/**/*
📄 CodeRabbit Inference Engine (.cursor/rules/monorepo.mdc)
Localization files must be placed in 'packages/localizations/'.
Files:
packages/localizations/CHANGELOG.mdpackages/localizations/package.json
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
- GitHub Check: Analyze (javascript-typescript)
- GitHub Check: semgrep-cloud-platform/scan
🔇 Additional comments (55)
packages/expo/package.json (1)
3-3: Semver patch bump verified — package.json and CHANGELOG.md both show 2.14.19Confirmed with the provided check: package.json and the top entry in packages/expo/CHANGELOG.md both report 2.14.19.
Files checked:
- packages/expo/package.json — version: 2.14.19
- packages/expo/CHANGELOG.md — top entry: 2.14.19
Snippet:
"version": "2.14.19",packages/expo/CHANGELOG.md (1)
3-12: Changelog entry is scoped and accurate for a patch release.
- Clearly documents dependency bumps to @clerk/clerk-js 5.84.0, @clerk/types 4.77.0, @clerk/shared 3.20.1, and @clerk/clerk-react 5.42.0.
- No runtime notes added, which is appropriate given no code changes in this package.
LGTM.
packages/nuxt/package.json (1)
3-3: Version bump aligns with semantic versioning and repo policiesPatch bump to 1.8.6 is appropriate for dependency updates; package name, scope, location, and publishConfig all comply with guidelines.
packages/types/package.json (1)
3-3: Semver bump looks correct and consistent with PR scope.Minor bump to 4.77.0 aligns with the new optional navigate parameter in setActive types.
packages/tanstack-react-start/package.json (2)
3-3: Version bump to 0.22.0 is appropriate for the public rename.Minor bump matches the RedirectToTask → RedirectToTasks rename captured in the changelog.
79-86: Confirm peer ranges remain accurate post-update.Peers are pinned to ^1.127.0 while devDeps are ^1.128.0. If we rely on APIs introduced in 1.128, consider bumping peers to ^1.128.0 to avoid consumer peer warnings; otherwise, keeping a broader minimum is fine.
packages/astro/package.json (1)
3-3: Patch bump to 2.11.2 is correct for dependency-only changes.No additional issues spotted; exports and peers look consistent.
packages/testing/package.json (2)
3-3: Patch bump to 1.10.14 aligns with dependency updates.Looks good.
3-3: Verify deprecated m2m usages (testing + examples) — scan inconclusive (examples missing)I ran the ripgrep scan. packages/testing: no matches for m2mTokens.verifySecret(...) or result.secret. examples directory was not present in this checkout, so the scan is incomplete.
Files/locations to check:
- packages/testing — scanned, no matches found.
- examples — missing (couldn't scan). Please ensure example projects are present or confirm there are none to check.
Run this adjusted script locally (it skips non-existent dirs) and fix any matches by switching to verifyToken({ token }) and result.token:
#!/bin/bash set -euo pipefail EXCLUDES=(-g '!.changeset/*' -g '!**/CHANGELOG.md' -g '!**/CHANGELOG.mdx') TARGETS=(packages/testing) [ -d examples ] && TARGETS+=(examples) echo "Scanning ${TARGETS[*]} for deprecated m2m usages..." rg -n $'m2mTokens\\.verifySecret\\s*\\(' "${TARGETS[@]}" "${EXCLUDES[@]}" || true rg -n $'result\\.secret\\b' "${TARGETS[@]}" "${EXCLUDES[@]}" || true echo "If any matches appear above, switch to verifyToken({ token }) and result.token."packages/themes/package.json (1)
3-3: Patch bump to 2.4.9 is appropriate for types dependency update.All package metadata and exports look consistent.
packages/remix/package.json (1)
3-3: Version bump to 4.11.0 looks correct and consistent with the changelog.
Aligned with the RedirectToTask → RedirectToTasks rename and dependency bumps described in CHANGELOG.md. Semver minor is appropriate if a deprecated alias remains.packages/elements/package.json (2)
3-3: Patch version bump to 0.23.53 looks good.
Pure metadata update consistent with repo-wide dependency bumps; no API surface changed in this package.
3-3: Sanity-check passed — changelog entry exists for packages/elements v0.23.53Found "## 0.23.53" in packages/elements/CHANGELOG.md (line 3). No action required.
- packages/elements/package.json — version: 0.23.53
- packages/elements/CHANGELOG.md — contains "## 0.23.53" (line 3)
packages/react-router/package.json (1)
3-3: Version 1.9.0 is appropriate given the documented rename and dependency updates.
Assuming a deprecation alias exists forRedirectToTask, a minor bump is acceptable.packages/react/package.json (1)
3-3: React package version bump to 5.42.0 LGTM.
Matches the rename and dependency bumps documented in the changelog; no other metadata changes.packages/clerk-js/package.json (2)
3-3: Clerk.js version bump to 5.84.0 looks good.
This aligns with the new optionalnavigateparameter addition and dependency bumps.
3-3: Types & tests for setActive({ navigate }) verified — no changes requiredTypes and tests are present.
- packages/types/src/clerk.ts — defines SetActiveNavigate and includes navigate?: SetActiveNavigate in SetActiveParams.
- packages/clerk-js/src/core/tests/clerk.test.ts — contains tests calling setActive({ navigate }) and asserting navigate is invoked (e.g. tests around lines shown in the search output).
- packages/clerk-js/CHANGELOG.md — documents the new
navigateparameter.packages/fastify/package.json (1)
3-3: Patch bump to 2.4.20 — aligned with dependency updates (LGTM).No export or runtime changes. Peer dep (fastify >=5) aligns with devDependency. Nothing else to do here.
packages/agent-toolkit/package.json (1)
3-3: Patch bump to 0.1.21 — consistent with backend/types/shared updates (LGTM).Metadata, exports, and bin remain unchanged. Good to ship.
packages/nextjs/package.json (1)
3-3: Approve: bump to 6.31.0 — RedirectToTask → RedirectToTasks rename verifiedChangelog and repo checks passed: packages/nextjs/CHANGELOG.md contains a "## 6.31.0" entry mentioning RedirectToTasks, and no stale RedirectToTask references were found.
- packages/nextjs/package.json — "version": "6.31.0"
- packages/nextjs/CHANGELOG.md — contains the rename entry
- Repository search — no occurrences of "RedirectToTask"
Optional: consider adding a minimal type-level test asserting RedirectToTasks is exported from @clerk/nextjs.
packages/vue/package.json (1)
3-3: LGTM — bump to 1.11.0 matches RedirectToTask → RedirectToTasks rename (verified)
- packages/vue/package.json — "version": "1.11.0"
- packages/vue/CHANGELOG.md — contains "## 1.11.0" and an entry mentioning "RedirectToTasks"
- Repo search — no remaining occurrences of "RedirectToTask"
No changes required.
packages/shared/package.json (2)
3-3: Semver patch bump looks good.Version moved to 3.20.1 with no other changes. Clear, minimal, and consistent with the PR scope.
3-3: CHANGELOG entry for 3.20.1 is present — no action requiredVerified: packages/shared/package.json version = 3.20.1 and packages/shared/CHANGELOG.md contains header "## 3.20.1" (line 3).
packages/expo-passkeys/package.json (2)
3-3: Expo Passkeys version bump is correct.Patch bump to 0.3.30 aligns with dependency updates; no API surface change here.
3-3: Confirmed — version and peer range OKpackage.json version 0.3.30 matches CHANGELOG, and peerDependency "expo: >=50 <54" includes the devDependency "expo: ~52.0.47" — no changes required.
- packages/expo-passkeys/package.json — "version": "0.3.30"; devDependencies.expo: "~52.0.47"; peerDependencies.expo: ">=50 <54"
- packages/expo-passkeys/CHANGELOG.md — contains "## 0.3.30" (line 3)
packages/localizations/CHANGELOG.md (2)
3-9: Changelog entry reads well and matches the patch scope.Entry 3.21.1 correctly notes the dependency bump to @clerk/[email protected]. Looks consistent with other packages in this release wave.
3-9: No action needed — package.json version matches CHANGELOG (3.21.1)Verified:
- packages/localizations/package.json — version: 3.21.1
- packages/localizations/CHANGELOG.md — contains "## 3.21.1" (line 3)
packages/chrome-extension/CHANGELOG.md (1)
3-11: Confirmed: chrome-extension package.json version and @clerk/ deps align with CHANGELOG 2.5.20*
- packages/chrome-extension/package.json — version = 2.5.20; @clerk/clerk-js: workspace:^, @clerk/clerk-react: workspace:^, @clerk/shared: workspace:^
- packages/chrome-extension/CHANGELOG.md — contains "## 2.5.20" (line 3)
No changes required.
packages/express/package.json (3)
3-3: Express package patch bump is fine.1.7.20 matches the dependency update wave; no API/export surface changes in this file.
3-3: CHANGELOG entry for 1.7.20 is present — no action neededVerified:
- packages/express/package.json — version is "1.7.20"
- packages/express/CHANGELOG.md — contains "## 1.7.20" (line 3)
3-3: Spot-check (backend 2.9.0): m2mTokens.verifySecret only in tests — no runtime change requiredSearch results show m2mTokens.verifySecret only in test/integration files:
- packages/backend/src/api/tests/M2MTokenApi.test.ts (lines ~303, ~329)
- integration/tests/machine-auth/m2m.test.ts (line ~57)
No occurrences found in production code or migrations. No action required for runtime; tests may be updated later if desired.
packages/expo-passkeys/CHANGELOG.md (1)
3-10: Changelog entry is accurate and consistent with repo-wide bumps.Patch section correctly lists dependency updates to @clerk/[email protected] and @clerk/[email protected] with commit refs. Semantic versioning is respected.
packages/agent-toolkit/CHANGELOG.md (2)
3-11: Changelog entry LGTM.Patch entry correctly reflects dependency updates to @clerk/[email protected], @clerk/[email protected], and @clerk/[email protected] with SHAs. Versioning is consistent.
7-10: No deprecated m2m "secret" API usages found in code — only docs/CLI mention "secret".I searched for usages of verifySecret, verifyToken, .secret (and the token "secret") inside packages/agent-toolkit. No code paths reference the deprecated m2m API; the occurrences are documentation/CLI flags only:
- packages/agent-toolkit/README.md — references to "Clerk secret key", CLERK_SECRET_KEY env var, and examples using --secret-key / --secret-key=sk_123.
- packages/agent-toolkit/src/modelcontextprotocol/local-server.ts — yargs option('secret-key') with description "Clerk secret key".
Action: no code changes required to address the @clerk/[email protected] rename. If you want to avoid user confusion, consider a follow-up doc/CLI wording change (optional) to mention "token" or clarify that the env/CLI flag is the project API key.
packages/chrome-extension/package.json (1)
3-4: Approve: version bump to 2.5.20 — changelog entry presentpackage.json updated to 2.5.20 and CHANGELOG contains the "## 2.5.20" entry (packages/chrome-extension/CHANGELOG.md:3).
- packages/chrome-extension/package.json — "version": "2.5.20"
- packages/chrome-extension/CHANGELOG.md — line 3: "## 2.5.20"
packages/localizations/package.json (1)
3-4: Localizations package version bump is correct.Metadata-only change, complies with monorepo publishing rules and semver. Dependencies point to workspace @clerk/types as expected.
packages/astro/CHANGELOG.md (1)
3-11: Astro changelog patch entry aligns with dependency updates.Accurately documents bumps to @clerk/[email protected], @clerk/[email protected], and @clerk/[email protected] with commit references. No functional notes needed for a pure dependency patch.
packages/remix/CHANGELOG.md (1)
3-6: Changelog entry looks good and follows conventionsVersion header and section categorization (Minor/Patch) are clear and consistent with prior entries.
packages/fastify/CHANGELOG.md (1)
3-11: LGTM: Patch entry accurately reflects dependency bumpsThe dependency versions match the coordinated release wave. No content issues spotted in this entry.
packages/elements/CHANGELOG.md (1)
3-11: Verified: package.json version matches CHANGELOG; workspace deps are expectedpackages/elements/package.json version is 0.23.53 and packages/elements/CHANGELOG.md contains "## 0.23.53". The @clerk/* dependencies in package.json are declared as "workspace:^" (monorepo workspace refs) while the changelog lists the resolved package versions (e.g., @clerk/[email protected], @clerk/[email protected], @clerk/[email protected]). This is expected for a workspace-managed repo — no changes required.
Files checked:
- packages/elements/package.json — version: 0.23.53; @clerk/* deps: "workspace:^"
- packages/elements/CHANGELOG.md — top entry "## 0.23.53" with dependency notes
packages/themes/CHANGELOG.md (2)
3-9: Patch entry is clear and consistentNew 2.4.9 entry and dependency reference look good.
3-9: Sanity-check — themes version and @clerk/types alignment verifiedConfirmed:
- packages/themes/package.json — version: 2.4.9; dependency "@clerk/types": "workspace:^"
- packages/types/package.json — @clerk/[email protected]
- packages/themes/CHANGELOG.md contains "## 2.4.9"
Conclusion: the CHANGELOG version matches package.json and the workspace:^ dependency will resolve to @clerk/types 4.77.0 — no changes required.
packages/express/CHANGELOG.md (2)
3-11: Changelog entry aligns with dependency updatesPatch entry for 1.7.20 and dependency bumps read well.
3-11: Express 1.7.20 matches CHANGELOG; confirm workspace package versionspackages/express/package.json is version 1.7.20 and packages/express/CHANGELOG.md contains "## 1.7.20". However, @clerk/backend, @clerk/types and @clerk/shared are declared as "workspace:^" in packages/express/package.json (so this file doesn't show concrete versions). Confirm the actual workspace package versions match the changelog ( @clerk/backend → 2.9.0, @clerk/types → 4.77.0, @clerk/shared → 3.20.1) or update the dependency constraints to the intended pinned ranges.
Files to check:
- packages/express/package.json
- packages/express/CHANGELOG.md
- package.json for the workspace packages that provide @clerk/backend, @clerk/types, @clerk/shared — verify their "version" fields match the changelog (or adjust constraints here).
packages/vue/CHANGELOG.md (1)
3-14: Rename verified — no remaining code references toRedirectToTaskBrief: I searched the repo — there are no exact matches for the old symbol
RedirectToTaskin code (only changelogs mention the rename). The new symbolRedirectToTasksis present and exported where expected.Key locations:
- No code occurrences of: RedirectToTask (none found)
- Exports / occurrences of RedirectToTasks:
- packages/vue/src/components/controlComponents.ts:63 — export const RedirectToTasks = defineComponent(...)
- packages/react/src/components/controlComponents.tsx:169 — export const RedirectToTasks = withClerk(...)
- packages/react/src/components/index.ts: (references RedirectToTasks)
- packages/nextjs/src/client-boundary/controlComponents.ts (references RedirectToTasks)
- Snapshot updates: packages/tanstack-react-start/src/tests/snapshots/exports.test.ts.snap, packages/remix/src/tests/snapshots/exports.test.ts.snap, packages/react-router/src/tests/snapshots/exports.test.ts.snap
- Changelogs noting the rename: packages/vue/CHANGELOG.md, packages/react/CHANGELOG.md, packages/nextjs/CHANGELOG.md, packages/react-router/CHANGELOG.md, packages/tanstack-react-start/CHANGELOG.md, packages/remix/CHANGELOG.md
Action: No changes required from this review — the rename is applied across the codebase and exports reference the new name.
packages/shared/CHANGELOG.md (2)
3-11: Entry looks good and is consistent with repo-wide bumps.Changelog correctly documents the patch, PR link, author attribution, and dependent package bumps to @clerk/[email protected].
9-11: No action needed — packages/shared already tracks @clerk/[email protected] via workspace protocolpackages/types/package.json shows "version": "4.77.0", and packages/shared/package.json declares "@clerk/types": "workspace:^", so it already resolves to the workspace package at 4.77.0.
Files to note:
- packages/shared/package.json — dependencies["@clerk/types"] -> "workspace:^"
- packages/types/package.json — "version" -> "4.77.0"
- packages/shared/CHANGELOG.md — lists @clerk/[email protected] (matches workspace version)
packages/testing/CHANGELOG.md (2)
3-11: Changelog entry looks correct and consistent with upstream bumps.Version 1.10.14 lists only dependency updates and matches the repo-wide versions.
3-11: Quick sanity check — testing version OK; workspace deps need explicit verificationpackages/testing/package.json is @clerk/[email protected] (confirmed). Its @clerk/* deps are declared as
workspace:^, so their concrete versions aren’t visible here — please confirm the actual workspace package versions match the CHANGELOG ( @clerk/backend 2.9.0, @clerk/types 4.77.0, @clerk/shared 3.20.1 ).Files to check:
- packages/testing/package.json — version OK
- packages/backend/package.json — should be 2.9.0
- packages/types/package.json — should be 4.77.0
- packages/shared/package.json — should be 3.20.1
Suggested quick check:
for p in backend types shared; do jq -r '.name + "@" + .version' packages/$p/package.json; donepackages/react-router/CHANGELOG.md (2)
11-16: LGTM on dependency bumps.The listed versions match the rest of the release train in this PR.
5-8: Rename verified — no remaining references toRedirectToTask;RedirectToTaskspresentSearched the repo (excluding CHANGELOG.md, dist/build, node_modules): no matches for
RedirectToTask.RedirectToTasksis present in the codebase at:
- packages/vue/src/components/controlComponents.ts
- packages/react/src/components/controlComponents.tsx
- packages/react/src/components/index.ts
- packages/nextjs/src/client-boundary/controlComponents.ts
- packages/remix/src/tests/snapshots/exports.test.ts.snap
- packages/tanstack-react-start/src/tests/snapshots/exports.test.ts.snap
- packages/react-router/src/tests/snapshots/exports.test.ts.snap
No further action required.
packages/tanstack-react-start/CHANGELOG.md (2)
11-16: Dependencies section is consistent with the rest of the monorepo release.No issues spotted.
5-8: No stale usages ofRedirectToTaskfound — rename looks completeI searched the repo (excluding build artifacts) and found no code references to the old symbol; only historical mentions remain in CHANGELOGs. Code and test snapshots use
RedirectToTasks.Files of note:
- packages/tanstack-react-start/CHANGELOG.md — changelog entry (expected)
- packages/react/src/components/controlComponents.tsx — defines
RedirectToTasks- packages/react/src/components/index.ts — exports
RedirectToTasks- packages/nextjs/src/client-boundary/controlComponents.ts — references
RedirectToTasks- packages/vue/src/components/controlComponents.ts — defines
RedirectToTasks- various snapshots (e.g. packages/*/src/tests/snapshots/exports.test.ts.snap) — updated to
"RedirectToTasks"No re-exports or aliases for the old name were found. No action required.
packages/clerk-js/CHANGELOG.md (1)
3-32: Clear, actionable entry with a practical example — nice workThe 5.84.0 section reads well, links are correct, and the example neatly shows the intended before-activation navigation flow. Dependency bumps are listed consistently with prior entries.
packages/nextjs/CHANGELOG.md (1)
7-7: Confirm whether this rename is breaking or aliasedI searched the repo for exports/aliases of RedirectToTask/RedirectToTasks; no occurrences or aliasing were found under packages/. The changelog entry currently reads:
- Rename
RedirectToTaskcontrol component toRedirectToTasks(#6486) by @LauraBeatrisAction requested (pick one):
- If
RedirectToTaskwas intentionally removed: update the changelog to mark this as a BREAKING CHANGE and call out required consumer updates.- If an alias/deprecation was added for backward compatibility: update the changelog to state that
RedirectToTaskremains as a deprecated alias (and mention removal timeline).Files to check before updating:
- packages/nextjs/CHANGELOG.md (line ~7)
- package exports and built artifacts for nextjs (e.g., packages/nextjs/src, packages/nextjs/dist or types) to confirm whether an alias exists.
packages/backend/CHANGELOG.md
Outdated
| ## 2.9.0 | ||
|
|
||
| ### Minor Changes | ||
|
|
||
| - Remove `secret` in favor of `token` in m2m response. ([#6542](https://github.com/clerk/javascript/pull/6542)) by [@wobsoriano](https://github.com/wobsoriano) | ||
|
|
||
| Before: | ||
|
|
||
| ```ts | ||
| const result = await clerkClient.m2mTokens.create(); | ||
|
|
||
| console.log(result.secret); | ||
| ``` | ||
|
|
||
| After: | ||
|
|
||
| ```ts | ||
| const result = await clerkClient.m2mTokens.create(); | ||
|
|
||
| console.log(result.token); | ||
| ``` | ||
|
|
||
| - Deprecates `clerkClient.m2mTokens.verifySecret({ secret: 'mt_xxx' })` in favor or `clerkClient.m2mTokens.verifyToken({ token: 'mt_xxx' })` ([#6536](https://github.com/clerk/javascript/pull/6536)) by [@wobsoriano](https://github.com/wobsoriano) |
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Verify tests cover the rename and deprecation path
The public API changes are significant (response property rename and method deprecation). Please ensure there is test coverage for:
m2mTokens.create()returningtoken(and notsecret)m2mTokens.verifyToken()happy/edge paths- Backward-compat docs/samples not relying on
verifySecret
I can help generate a migration check, but first please run the script below to assess repo usage and tests.
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "Search repo for old API usages that should be updated:"
rg -n --hidden --glob '!*dist*' --glob '!*build*' $'m2mTokens\\.verifySecret\\(' || true
rg -n --hidden --glob '!*dist*' --glob '!*build*' $'result\\.secret\\b' || true
echo
echo "Search for new API usages and test coverage:"
rg -n --hidden --glob '!*dist*' --glob '!*build*' $'m2mTokens\\.verifyToken\\(' -A 3 || true
rg -n --hidden --glob '!*dist*' --glob '!*build*' $'m2mTokens\\.create\\(' -A 5 | rg -n $'token\\b' -A 0 || true
echo
echo "List likely test files that mention m2m tokens:"
fd -t f -e ts -e tsx -e js -e mjs -e cts -e mts | rg -n $'m2mTokens|verifyToken|verifySecret|mt_' || trueLength of output: 5207
Verify tests cover the rename and deprecation path — leftover verifySecret usages need attention
Quick check: the repo already has tests for the new API (create() -> .token, verifyToken) but there are remaining verifySecret usages that should be either removed/updated or explicitly tested as the deprecation/fallback path.
Files to fix or confirm (from the search results)
- packages/backend/src/api/tests/M2MTokenApi.test.ts — calls to
apiClient.m2mTokens.verifySecret(...)(lines ~303, ~329) - integration/tests/machine-auth/m2m.test.ts —
clerkClient.m2mTokens.verifySecret({ secret })(line ~57) - packages/backend/CHANGELOG.md — examples referencing
result.secretandverifySecret(lines ~14, ~25, ~108, ~116)
Notes:
- New API coverage exists in tests (e.g., M2MTokenApi.test.ts around lines ~226–255, factory.test.ts, and src/tokens/verify.ts).
- Action: either update the remaining
verifySecretusages toverifyToken, or keep them only as explicit deprecation/back-compat tests that assert expected fallback behavior (and document the deprecation). Also ensurem2mTokens.create()tests expect.token(not.secret).
I can help open a small PR to replace usages or add deprecation tests if you want.
| @@ -1,6 +1,6 @@ | |||
| { | |||
| "name": "@clerk/backend", | |||
| "version": "2.8.0", | |||
| "version": "2.9.0", | |||
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Version bump to 2.9.0 — semver and metadata look correct (LGTM).
Matches the changelog (m2m secret→token rename, deprecations) and workspace deps. No packaging/export changes here.
Run this to double-check repo-wide migration consistency (no lingering verifySecret/result.secret usages) and the changelog entry:
Also consider adding/adjusting unit/integration tests that cover verifyToken({ token }) and the new m2m response shape in @clerk/backend to prevent regressions.
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "Check backend changelog has 2.9.0 entry"
rg -n $'^##\\s*2\\.9\\.0' packages/backend/CHANGELOG.md || { echo "Missing 2.9.0 entry in backend changelog"; exit 1; }
echo "Search for deprecated m2mTokens.verifySecret(...) usages"
rg -n --hidden --glob '!*dist/*' --glob '!*CHANGELOG.md' $'m2mTokens\\.verifySecret\\s*\\(' || echo "No deprecated usages found"
echo "Search for result.secret linked to m2mTokens.create(...)"
# Look for .secret within a small window around m2mTokens.create calls
rg -n --hidden --glob '!*dist/*' --glob '!*CHANGELOG.md' $'m2mTokens\\.create' -A4 -B2 | rg -n $'\\.secret' || echo "No '.secret' usages near m2mTokens.create calls"Length of output: 1286
Action required — tests using deprecated m2m API need updating; changelog OK
Changelog check passed (packages/backend/CHANGELOG.md contains "## 2.9.0"), but there are remaining deprecated usages in tests and a few .secret references that should be reviewed.
Files to fix:
- packages/backend/src/api/tests/M2MTokenApi.test.ts — m2mTokens.verifySecret at lines ~303 and ~329
- integration/tests/machine-auth/m2m.test.ts — m2mTokens.verifySecret at ~line 57
- integration/tests/machine-auth/m2m.test.ts — .secret references at ~lines 85, 95, 168 (these reference server.secretKey values)
Requested changes:
- Replace deprecated m2mTokens.verifySecret(...) calls in tests with the new verifyToken({ token }) usage.
- Ensure tests/assertions are updated to match the new m2m response shape (replace any result.secret expectations with the new token field as appropriate).
- Add or adjust unit/integration tests in @clerk/backend to cover verifyToken({ token }) and the new m2m response shape to prevent regressions.
🤖 Prompt for AI Agents
In packages/backend/package.json around line 3, tests still use the deprecated
m2m API; update the three test files listed: replace m2mTokens.verifySecret(...)
calls in packages/backend/src/api/__tests__/M2MTokenApi.test.ts (around lines
~303 and ~329) and integration/tests/machine-auth/m2m.test.ts (around line ~57)
with the new verifyToken({ token }) call, adjust assertions to expect the new
response shape (replace any result.secret expectations with the new token field
or other renamed properties), and replace or remove direct .secret accesses in
integration/tests/machine-auth/m2m.test.ts at ~lines 85, 95, 168 to reference
server.secretKey usage compatible with the new API; add/adjust unit and
integration tests in @clerk/backend to cover verifyToken({ token }) and the new
m2m response shape to prevent regressions.
packages/nuxt/CHANGELOG.md
Outdated
| ## 1.8.6 | ||
|
|
||
| ### Patch Changes | ||
|
|
||
| - Updated dependencies [[`d400782`](https://github.com/clerk/javascript/commit/d400782b7016c1232c0aa1e3399c61b61e4f0709), [`69498df`](https://github.com/clerk/javascript/commit/69498dfca3e6bb388eb8c94313eac06347dd5a27), [`2db7431`](https://github.com/clerk/javascript/commit/2db743147827fb69fb8fe73a1e26545aeb7be7aa), [`59f1559`](https://github.com/clerk/javascript/commit/59f15593bab708b9e13eebfff6780c2d52b31b0a), [`69498df`](https://github.com/clerk/javascript/commit/69498dfca3e6bb388eb8c94313eac06347dd5a27)]: | ||
| - @clerk/[email protected] | ||
| - @clerk/[email protected] | ||
| - @clerk/[email protected] | ||
| - @clerk/[email protected] | ||
|
|
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Changelog entry looks good; consider deduping commit refs and verify version sync
The 1.8.6 entry correctly documents patch-level dependency updates. Minor nit: the commit reference 69498df appears twice in the bracket list; consider deduplicating for clarity.
Also, since this is a release-only change with dependency bumps, ensure CI/e2e matrix passes against Nuxt 3.17.x and the updated @clerk/* packages.
Run this to verify package.json version matches the latest changelog entry:
🏁 Script executed:
#!/bin/bash
set -euo pipefail
PKG="packages/nuxt/package.json"
CHANGELOG="packages/nuxt/CHANGELOG.md"
pkg_ver="$(jq -r .version "$PKG")"
ch_ver="$(grep -m1 -E '^## [0-9]+\.[0-9]+\.[0-9]+' "$CHANGELOG" | awk '{print $2}')"
echo "package.json version: $pkg_ver"
echo "CHANGELOG latest entry: $ch_ver"
if [[ "$pkg_ver" == "$ch_ver" ]]; then
echo "OK: Versions are in sync."
else
echo "ERROR: Versions are not in sync." >&2
exit 1
fiLength of output: 485
Changelog OK — versions in sync (1.8.6); please dedupe duplicate commit ref
Verified: packages/nuxt/package.json and packages/nuxt/CHANGELOG.md both report v1.8.6.
- Fix: packages/nuxt/CHANGELOG.md — the commit ref
69498dfappears twice in the dependency commit list; remove the duplicate for clarity. - Please also ensure CI/e2e matrix passes against Nuxt 3.17.x with the bumped @clerk/* packages.
Suggested corrected snippet:
## 1.8.6
### Patch Changes
- Updated dependencies [[`d400782`](https://github.com/clerk/javascript/commit/d400782b7016c1232c0aa1e3399c61b61e4f0709), [`69498df`](https://github.com/clerk/javascript/commit/69498dfca3e6bb388eb8c94313eac06347dd5a27), [`2db7431`](https://github.com/clerk/javascript/commit/2db743147827fb69fb8fe73a1e26545aeb7be7aa), [`59f1559`](https://github.com/clerk/javascript/commit/59f15593bab708b9e13eebfff6780c2d52b31b0a)]:
- @clerk/[email protected]
- @clerk/[email protected]
- @clerk/[email protected]
- @clerk/[email protected]
🤖 Prompt for AI Agents
packages/nuxt/CHANGELOG.md lines 3-12: the commit reference `69498df` is
duplicated in the "Updated dependencies" list; remove the duplicate occurrence
so each commit hash appears only once (update the inline bracketed list to
contain d400782, 69498df, 2db7431, 59f1559) and keep the dependency bullets
unchanged, then run the CI/e2e matrix ensuring tests pass against Nuxt 3.17.x
with the bumped @clerk/* packages.
| @@ -1,6 +1,6 @@ | |||
| { | |||
| "name": "@clerk/react-router", | |||
| "version": "1.8.13", | |||
| "version": "1.9.0", | |||
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Confirm deprecation alias and changelog entry exist.
This helps avoid an accidental breaking change for consumers.
🏁 Script executed:
#!/bin/bash
set -euo pipefail
pkg="packages/react-router"
ver=$(jq -r .version "$pkg/package.json")
echo "Checking changelog for $ver..."
rg -n "## $ver" "$pkg/CHANGELOG.md" || { echo "Missing changelog entry for $ver"; exit 1; }
echo "Looking for 'RedirectToTask' references (alias/deprecation)..."
rg -n -S "RedirectToTask" "$pkg" -g '!dist' -A 2 || {
echo "No references found. If there's no alias, confirm this is a deliberate breaking change and consider a major bump or an alias.";
}Length of output: 1044
🏁 Script executed:
#!/bin/bash
set -euo pipefail
pkg="packages/react-router"
echo "Searching for RedirectToTasks occurrences..."
rg -n -S "RedirectToTasks" "$pkg" -g '!dist' -A 2 || true
echo
echo "Searching for RedirectToTask (old name) occurrences..."
rg -n -S "RedirectToTask" "$pkg" -g '!dist' -A 2 || true
echo
echo "Looking for export lines that mention Redirect (to find barrel/index exports)..."
rg -n -S "export .*Redirect" "$pkg" -g '!dist' -A 2 || trueLength of output: 2646
🏁 Script executed:
#!/bin/bash
set -euo pipefail
pkg="packages/react-router"
echo "package.json relevant fields:"
jq '{name,version,main,module,types,exports}' "$pkg/package.json" || true
echo
echo "=== tests/exports.test.ts ==="
sed -n '1,240p' "$pkg/src/__tests__/exports.test.ts" || true
echo
echo "=== tests snapshot (exports.test.ts.snap) ==="
sed -n '1,240p' "$pkg/src/__tests__/__snapshots__/exports.test.ts.snap" || true
echo
echo "Searching for export statements in src (public API barrels / exports):"
rg -n -S "export .*from|export \\{.*\\}|export default" "$pkg/src" -g '!dist' -A 2 || true
echo
echo "Top-level src files and directories:"
ls -la "$pkg/src" || trueLength of output: 5351
Action required: add a deprecation alias for RedirectToTask or confirm deliberate breaking change
Changelog contains a 1.9.0 entry renaming RedirectToTask → RedirectToTasks, but I found no alias/export for the old name in the codebase — only the changelog mentions the old name. You should either provide a compatibility alias or treat this as a breaking change and bump/announce accordingly.
Files/locations inspected (evidence)
- packages/react-router/package.json — version 1.9.0
- packages/react-router/CHANGELOG.md — “Rename
RedirectToTask… toRedirectToTasks” (line ~7) - packages/react-router/src/tests/snapshots/exports.test.ts.snap — public exports snapshot shows "RedirectToTasks"
- packages/react-router/src/client/ReactRouterClerkProvider.tsx — re-exports from '@clerk/clerk-react'
- packages/react-router/src/index.ts and packages/react-router/src/client/index.ts — public re-export barrels
Recommended fixes
- Add a backward-compatible alias export (so consumers using the old name won’t break). For example, add to packages/react-router/src/client/index.ts (or another barrel file that re-exports the external components):
export { RedirectToTasks as RedirectToTask } from '@clerk/clerk-react';
- Update the snapshot/tests to account for the alias (or intentionally avoid adding the alias and document the breaking change + bump version accordingly).
- Update the changelog to explicitly state whether the old name is deprecated with an alias or intentionally removed.
🤖 Prompt for AI Agents
In packages/react-router/package.json around line 3, the changelog shows
RedirectToTask was renamed to RedirectToTasks but no compatibility export
exists; either add a backward-compatible alias export or treat it as a breaking
change. To add the alias: in packages/react-router/src/client/index.ts (or
packages/react-router/src/index.ts) add the line `export { RedirectToTasks as
RedirectToTask } from '@clerk/clerk-react';`, then update the public-exports
snapshot/tests to include the alias; alternatively, if you intend this to be a
breaking change, revert adding the alias, increment the package major version in
package.json and update CHANGELOG.md to explicitly state the removal.
| ### Minor Changes | ||
|
|
||
| - Rename `RedirectToTask` control component to `RedirectToTasks` ([#6486](https://github.com/clerk/javascript/pull/6486)) by [@LauraBeatris](https://github.com/LauraBeatris) | ||
|
|
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Clarify migration for the renamed component and verify back-compat alias
Renaming an exported component can be breaking if no alias remains. Please add a short migration note here and confirm whether RedirectToTask is still re-exported (deprecated) for a grace period. If no alias exists, consider explicitly calling out the breaking nature of this change.
Run this script to verify whether an alias/back-compat export still exists anywhere in the repo and to surface usages that might need migration:
Apply this change to include a concise migration snippet under Minor Changes:
### Minor Changes
-- Rename `RedirectToTask` control component to `RedirectToTasks` ([#6486](https://github.com/clerk/javascript/pull/6486)) by [@LauraBeatris](https://github.com/LauraBeatris)
+- Rename `RedirectToTask` control component to `RedirectToTasks` ([#6486](https://github.com/clerk/javascript/pull/6486)) by [@LauraBeatris](https://github.com/LauraBeatris)
+ - Migration:
+ ```diff
+ - import { RedirectToTask } from '@clerk/clerk-react'
+ + import { RedirectToTasks } from '@clerk/clerk-react'
+ ```
+ If you rely on the old name, update imports accordingly. If a deprecation alias exists, consider migrating proactively to avoid future breakages.I can also generate a codemod (jscodeshift/ts-morph) to automatically update imports across packages—want me to include it?
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "Searching for exports of RedirectToTask and RedirectToTasks…"
rg -n -S --glob '!*dist*' --glob '!*node_modules*' $'export .*RedirectToTask|export .*RedirectToTasks' -A 2 -B 2 || true
echo
echo "Searching for usages of RedirectToTask across the repo (may indicate migration needs)…"
rg -n -S --glob '!*dist*' --glob '!*node_modules*' $'RedirectToTask' -A 2 -B 2 || trueLength of output: 8013
Action required: Add migration note or restore back-compat alias — no RedirectToTask re-export found
Verification summary: a repo search shows only RedirectToTasks exports (e.g. packages/react/src/components/index.ts, packages/react/src/components/controlComponents.tsx, packages/vue/src/components/controlComponents.ts, packages/nextjs/src/client-boundary/controlComponents.ts). RedirectToTask only appears in CHANGELOGs/snapshots — there is no back-compat RedirectToTask export/alias. This rename is therefore breaking unless you add a deprecated alias or call out the breaking change in the changelogs.
Files to update (suggested)
- Add migration note to changelogs that list the rename:
- packages/react/CHANGELOG.md
- packages/vue/CHANGELOG.md
- packages/remix/CHANGELOG.md
- packages/nextjs/CHANGELOG.md
- packages/tanstack-react-start/CHANGELOG.md
- packages/react-router/CHANGELOG.md
- If you want back-compat, add a deprecated alias in the public exports (examples below):
- packages/react/src/components/index.ts
- (and any other package index that re-exports the control components, e.g. nextjs client-boundary)
Suggested CHANGELOG update (concise migration snippet)
### Minor Changes
- Rename `RedirectToTask` control component to `RedirectToTasks` ([#6486](https://github.com/clerk/javascript/pull/6486)) by [@LauraBeatris](https://github.com/LauraBeatris)
+ - Migration:
+ ```diff
+ - import { RedirectToTask } from '@clerk/clerk-react'
+ + import { RedirectToTasks } from '@clerk/clerk-react'
+ ```
+ Note: repository search shows no `RedirectToTask` re-export/alias — this is a breaking rename. Either add a deprecated alias in the exports (example below) or explicitly mark this as breaking so consumers can migrate.Suggested (optional) back-compat export to add
# packages/react/src/components/index.ts
+ // Deprecated alias for back-compat — remove in next major
+ export { RedirectToTasks as RedirectToTask }I can also generate a jscodeshift/ts-morph codemod to update imports across the repo if you want—should I include it?
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| ### Minor Changes | |
| - Rename `RedirectToTask` control component to `RedirectToTasks` ([#6486](https://github.com/clerk/javascript/pull/6486)) by [@LauraBeatris](https://github.com/LauraBeatris) | |
| ### Minor Changes | |
| - Rename `RedirectToTask` control component to `RedirectToTasks` ([#6486](https://github.com/clerk/javascript/pull/6486)) by [@LauraBeatris](https://github.com/LauraBeatris) | |
| - Migration: |
🤖 Prompt for AI Agents
In packages/react/CHANGELOG.md around lines 5-8: the changelog renames
RedirectToTask to RedirectToTasks but provides no migration note or back-compat
alias, which is a breaking change; either add a concise migration note to the
listed changelogs (packages/react, vue, remix, nextjs, tanstack-react-start,
react-router) showing the old -> new import and telling users to rename, or
restore backward compatibility by adding a deprecated alias export named
RedirectToTask that re-exports RedirectToTasks in each public index (e.g.
packages/react/src/components/index.ts and other package index
files/client-boundary files), and update tests/snapshots if needed; choose one
approach and apply consistently across all affected packages.
| @@ -1,6 +1,6 @@ | |||
| { | |||
| "name": "@clerk/clerk-react", | |||
| "version": "5.41.1", | |||
| "version": "5.42.0", | |||
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Ensure migration safety for the component rename and consider test coverage.
- Verify an export alias for
RedirectToTaskexists (deprecated) to avoid breaking apps pinned to minor versions. - Since this affects a public component, consider adding/adjusting tests or smoke tests to cover both the new
RedirectToTasksand the deprecated alias (if present).
🏁 Script executed:
#!/bin/bash
set -euo pipefail
pkg="packages/react"
ver=$(jq -r .version "$pkg/package.json")
echo "Checking changelog for $ver..."
rg -n "## $ver" "$pkg/CHANGELOG.md" || { echo "Missing changelog entry for $ver"; exit 1; }
echo "Scanning for 'RedirectToTask' (alias) and 'RedirectToTasks' (new export)..."
rg -n -S "RedirectTo(Task|Tasks)" "$pkg" -g '!dist' -A 2 || echo "No component references found in sources."
echo "Checking tests mention either name (if tests exist in this package)..."
rg -n -S "RedirectTo(Task|Tasks)" "$pkg" -g '!dist' -A 2 || echo "No tests referencing the components found."Length of output: 3168
Add a deprecated alias for RedirectToTask and add tests to ensure a safe rename
Changelog shows the component was renamed to RedirectToTasks, but the source only exports RedirectToTasks (no RedirectToTask alias) and there are no tests referencing either export — this can break consumers pinned to minor versions. Please add a backward-compatible alias and tests.
Files to change
- packages/react/src/components/controlComponents.tsx — add deprecated alias export
- packages/react/src/components/index.ts — export the alias from the public API
- add tests (e.g. packages/react/src/components/tests/redirectToTasks.test.tsx) that cover both RedirectToTasks and the deprecated RedirectToTask alias
Suggested diffs
packages/react/src/components/controlComponents.tsx
export const RedirectToTasks = withClerk(({ clerk }: WithClerkProp) => {
React.useEffect(() => {
void clerk.redirectToTasks();
}, 'RedirectToTasks');
});
+/** @deprecated Use RedirectToTasks instead. Kept for backward compatibility. */
+export const RedirectToTask = RedirectToTasks;packages/react/src/components/index.ts
RedirectToTasks,
+ RedirectToTask,Test guidance (very short)
- Add a unit / smoke test that imports both RedirectToTasks and RedirectToTask and asserts they mount and trigger clerk.redirectToTasks (mock the clerk). This ensures the alias remains a drop-in replacement until removed in a major release.
Committable suggestion skipped: line range outside the PR's diff.
🤖 Prompt for AI Agents
In packages/react/src/components/controlComponents.tsx around the
RedirectToTasks component definition, add a deprecated alias export named
RedirectToTask that simply re-exports or points to RedirectToTasks (mark with a
JSDoc @deprecated), then in packages/react/src/components/index.ts export
RedirectToTask from ./controlComponents so the alias is part of the public API;
finally add a new test file
packages/react/src/components/__tests__/redirectToTasks.test.tsx that mocks the
clerk object, imports both RedirectToTasks and RedirectToTask, mounts/renders
them (shallow or render) and asserts that invoking the component behavior
triggers clerk.redirectToTasks for both imports to ensure backward compatibility
until the next major release.
| @@ -1,6 +1,6 @@ | |||
| { | |||
| "name": "@clerk/remix", | |||
| "version": "4.10.13", | |||
| "version": "4.11.0", | |||
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Verify non-breaking rename (ensure deprecated alias is still exported).
If RedirectToTask was removed without an alias, this would be breaking. Please confirm an alias/export remains and that the changelog documents the migration.
Run this script to validate the changelog entry exists and to scan for the legacy export:
🏁 Script executed:
#!/bin/bash
set -euo pipefail
pkg="packages/remix"
echo "Checking changelog entry matches package.json version..."
ver=$(jq -r .version "$pkg/package.json")
rg -n "## $ver" "$pkg/CHANGELOG.md" || { echo "Missing changelog entry for $ver"; exit 1; }
echo "Scanning for deprecated alias 'RedirectToTask' to prevent breaking change..."
rg -n -S "RedirectToTask" "$pkg" -g '!dist' -A 2 || {
echo "No references found. If intentional, confirm this was communicated as a breaking change or provide a compatibility alias.";
}Length of output: 1055
Action required — add compatibility alias for RedirectToTask or mark as breaking
Changelog documents the rename to RedirectToTasks (packages/remix/CHANGELOG.md) but a scan of packages/remix shows no occurrences of the legacy name RedirectToTask and the tests snapshot only contains "RedirectToTasks" (packages/remix/src/tests/snapshots/exports.test.ts.snap). That indicates no deprecated alias/export remains — this is a breaking change for consumers.
Please either:
- Add a compatibility export in the package's public exports (example:
export { RedirectToTasks as RedirectToTask }), or - Explicitly mark this as a breaking change in the changelog/release notes and add migration guidance.
Files to review:
- packages/remix/CHANGELOG.md
- packages/remix/src/tests/snapshots/exports.test.ts.snap
- the remix package's public entry (root exports) — add the alias there
🤖 Prompt for AI Agents
In packages/remix/package.json around line 3, the version bump removes the
legacy RedirectToTask export causing a breaking change; to fix, add a
compatibility alias in the remix package's public entry (root exports file,
e.g., packages/remix/src/index.ts or whichever file is listed as the package's
main/exports) by exporting the new name under the old name (export {
RedirectToTasks as RedirectToTask }) so consumers still import the legacy
identifier, and update the package's CHANGELOG.md to either note this as a
breaking change with migration guidance or remove the alias and clearly mark the
change as breaking per the review; ensure tests and snapshots reflect the alias
if you add it.
| @@ -1,6 +1,6 @@ | |||
| { | |||
| "name": "@clerk/types", | |||
| "version": "4.76.0", | |||
| "version": "4.77.0", | |||
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Quick repo-wide sanity check for renamed/removed APIs.
Given the deprecations/renames mentioned in the PR (verifySecret → verifyToken, secret → token, RedirectToTask → RedirectToTasks), run this to catch any lingering usages outside changelogs/changesets.
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# Exclude changeset and changelog files
EXCLUDES=(-g '!.changeset/*' -g '!**/CHANGELOG.md' -g '!**/CHANGELOG.mdx')
echo "Searching for deprecated usages (should return no matches):"
echo "- m2mTokens.verifySecret({ secret })"
rg -n $'m2mTokens\\.verifySecret\\s*\\(' "${EXCLUDES[@]}"
echo "- result.secret from m2mTokens.create()"
rg -n $'result\\.secret\\b' "${EXCLUDES[@]}"
echo "- RedirectToTask (old name)"
rg -n $'\\bRedirectToTask\\b' "${EXCLUDES[@]}"
echo "Done."Length of output: 966
Action required: update remaining deprecated m2mTokens.verifySecret usages (verifySecret → verifyToken; secret → token).
Quick check found 3 remaining occurrences that need fixing — replace the old API/name and update parameter/property names as appropriate:
- packages/backend/src/api/tests/M2MTokenApi.test.ts — lines 303, 329
- Replace: apiClient.m2mTokens.verifySecret(...) → apiClient.m2mTokens.verifyToken(...)
- integration/tests/machine-auth/m2m.test.ts — line 57
- Replace: clerkClient.m2mTokens.verifySecret({ secret }) → clerkClient.m2mTokens.verifyToken({ token: /* renamed variable or value */ })
Notes: no matches were found for result.secret or RedirectToTask (outside changesets/changelogs). After making changes, rerun the repo-wide search to confirm no remaining usages.
🤖 Prompt for AI Agents
packages/types/package.json (line 3) and update usages in
packages/backend/src/api/__tests__/M2MTokenApi.test.ts (lines ~303, ~329) and
integration/tests/machine-auth/m2m.test.ts (line 57): replace
apiClient.m2mTokens.verifySecret(...) with apiClient.m2mTokens.verifyToken(...),
and change any call shapes from { secret } to { token: /* appropriate value or
renamed variable */ } (rename local variables if needed), then run a repo-wide
search to ensure no remaining verifySecret or secret parameters remain.
8fdc6fb to
0357f13
Compare
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (5)
packages/clerk-js/CHANGELOG.md (2)
5-24: Changelog entry is clear; consider adding the explicit type signature and behavior notes fornavigate.Nice addition and example. Two small improvements to reduce ambiguity for readers:
- Show the TS signature of the
navigatecallback (payload shape and return type).- Clarify whether
navigateis awaited and what happens if it throws (does it abortsetActive?).Proposed wording right after the bullet item:
- Add `navigate` parameter to `clerk.setActive()` for custom navigation before the session and/or organization is set. ([#6486](https://github.com/clerk/javascript/pull/6486)) by [@LauraBeatris](https://github.com/LauraBeatris) + + Type: + - `navigate?: (payload: { session: Session }) => Promise<void>` + + Notes: + - `navigate` is awaited before `setActive` completes. + - If the callback throws, `setActive` will be aborted and the error will be propagated to the caller.
7-7: Standardize the API name casing for consistency.Elsewhere in the changelog, API references often use
Clerk.setActive(). Consider aligning this entry to use the same casing unless the lowercaseclerkis intentionally referring to an instance.- - Add `navigate` parameter to `clerk.setActive()` for custom navigation before the session and/or organization is set. ([#6486](https://github.com/clerk/javascript/pull/6486)) by [@LauraBeatris](https://github.com/LauraBeatris) + - Add `navigate` parameter to `Clerk.setActive()` for custom navigation before the session and/or organization is set. ([#6486](https://github.com/clerk/javascript/pull/6486)) by [@LauraBeatris](https://github.com/LauraBeatris)If the lowercase
clerkis intentional (referring to a runtime instance), feel free to keep it—just ensure surrounding entries follow the same convention.packages/nextjs/CHANGELOG.md (3)
5-8: Clarify rename impact and add a brief migration exampleThe rename is clear, but a short migration snippet will help consumers scanning the changelog quickly adopt the change. Consider explicitly calling out import/component rename.
Apply this diff to enrich the entry:
### Minor Changes -- Rename `RedirectToTask` control component to `RedirectToTasks` ([#6486](https://github.com/clerk/javascript/pull/6486)) by [@LauraBeatris](https://github.com/LauraBeatris) +- Rename `RedirectToTask` component to `RedirectToTasks` ([#6486](https://github.com/clerk/javascript/pull/6486)) by [@LauraBeatris](https://github.com/LauraBeatris) + - Migration: + ```ts + // Before + import { RedirectToTask } from '@clerk/nextjs'; + // After + import { RedirectToTasks } from '@clerk/nextjs'; + ``` + - Note: If `RedirectToTask` remains as a temporary alias, mark it as deprecated in docs and specify the removal target (next major).
7-7: Minor wording consistency“control component” is inconsistent with prior entries (e.g., earlier sections just say “component”). Prefer “component” for consistency.
-- Rename `RedirectToTask` control component to `RedirectToTasks` ([#6486](https://github.com/clerk/javascript/pull/6486)) by [@LauraBeatris](https://github.com/LauraBeatris) +- Rename `RedirectToTask` component to `RedirectToTasks` ([#6486](https://github.com/clerk/javascript/pull/6486)) by [@LauraBeatris](https://github.com/LauraBeatris)
3-8: Add a small export smoke test for the renamed componentNo tests are updated in this release PR (expected), but a quick export smoke test reduces the risk of accidental regressions when renaming exports.
Example (place under @clerk/nextjs tests):
// packages/nextjs/__tests__/exports.spec.ts import { RedirectToTasks } from '@clerk/nextjs'; describe('exports', () => { it('exposes RedirectToTasks', () => { expect(typeof RedirectToTasks).toBe('function'); }); // If you maintain a deprecation alias for one cycle, also test it: // import { RedirectToTask } from '@clerk/nextjs'; // it('temporarily exposes deprecated RedirectToTask', () => { // expect(typeof RedirectToTask).toBe('function'); // }); });I can open a follow-up PR adding this test if helpful.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (49)
.changeset/chatty-kings-raise.md(0 hunks).changeset/rich-donuts-agree.md(0 hunks).changeset/small-adults-crash.md(0 hunks).changeset/upset-sides-kneel.md(0 hunks).changeset/warm-rocks-flow.md(0 hunks)packages/agent-toolkit/CHANGELOG.md(1 hunks)packages/agent-toolkit/package.json(1 hunks)packages/astro/CHANGELOG.md(1 hunks)packages/astro/package.json(1 hunks)packages/backend/CHANGELOG.md(1 hunks)packages/backend/package.json(1 hunks)packages/chrome-extension/CHANGELOG.md(1 hunks)packages/chrome-extension/package.json(1 hunks)packages/clerk-js/CHANGELOG.md(1 hunks)packages/clerk-js/package.json(1 hunks)packages/elements/CHANGELOG.md(1 hunks)packages/elements/package.json(1 hunks)packages/expo-passkeys/CHANGELOG.md(1 hunks)packages/expo-passkeys/package.json(1 hunks)packages/expo/CHANGELOG.md(1 hunks)packages/expo/package.json(1 hunks)packages/express/CHANGELOG.md(1 hunks)packages/express/package.json(1 hunks)packages/fastify/CHANGELOG.md(1 hunks)packages/fastify/package.json(1 hunks)packages/localizations/CHANGELOG.md(1 hunks)packages/localizations/package.json(1 hunks)packages/nextjs/CHANGELOG.md(1 hunks)packages/nextjs/package.json(1 hunks)packages/nuxt/CHANGELOG.md(1 hunks)packages/nuxt/package.json(1 hunks)packages/react-router/CHANGELOG.md(1 hunks)packages/react-router/package.json(1 hunks)packages/react/CHANGELOG.md(1 hunks)packages/react/package.json(1 hunks)packages/remix/CHANGELOG.md(1 hunks)packages/remix/package.json(1 hunks)packages/shared/CHANGELOG.md(1 hunks)packages/shared/package.json(1 hunks)packages/tanstack-react-start/CHANGELOG.md(1 hunks)packages/tanstack-react-start/package.json(1 hunks)packages/testing/CHANGELOG.md(1 hunks)packages/testing/package.json(1 hunks)packages/themes/CHANGELOG.md(1 hunks)packages/themes/package.json(1 hunks)packages/types/CHANGELOG.md(1 hunks)packages/types/package.json(1 hunks)packages/vue/CHANGELOG.md(1 hunks)packages/vue/package.json(1 hunks)
💤 Files with no reviewable changes (5)
- .changeset/chatty-kings-raise.md
- .changeset/warm-rocks-flow.md
- .changeset/upset-sides-kneel.md
- .changeset/small-adults-crash.md
- .changeset/rich-donuts-agree.md
✅ Files skipped from review due to trivial changes (5)
- packages/backend/package.json
- packages/react-router/package.json
- packages/localizations/CHANGELOG.md
- packages/vue/package.json
- packages/astro/CHANGELOG.md
🚧 Files skipped from review as they are similar to previous changes (37)
- packages/expo/package.json
- packages/agent-toolkit/package.json
- packages/nextjs/package.json
- packages/chrome-extension/package.json
- packages/nuxt/package.json
- packages/tanstack-react-start/package.json
- packages/themes/package.json
- packages/expo-passkeys/package.json
- packages/localizations/package.json
- packages/remix/package.json
- packages/react/package.json
- packages/fastify/package.json
- packages/elements/package.json
- packages/types/package.json
- packages/testing/package.json
- packages/clerk-js/package.json
- packages/react/CHANGELOG.md
- packages/themes/CHANGELOG.md
- packages/expo-passkeys/CHANGELOG.md
- packages/agent-toolkit/CHANGELOG.md
- packages/shared/CHANGELOG.md
- packages/astro/package.json
- packages/chrome-extension/CHANGELOG.md
- packages/expo/CHANGELOG.md
- packages/nuxt/CHANGELOG.md
- packages/tanstack-react-start/CHANGELOG.md
- packages/react-router/CHANGELOG.md
- packages/shared/package.json
- packages/express/CHANGELOG.md
- packages/fastify/CHANGELOG.md
- packages/elements/CHANGELOG.md
- packages/types/CHANGELOG.md
- packages/vue/CHANGELOG.md
- packages/express/package.json
- packages/testing/CHANGELOG.md
- packages/remix/CHANGELOG.md
- packages/backend/CHANGELOG.md
🧰 Additional context used
📓 Path-based instructions (3)
**/*.{js,jsx,ts,tsx,json,css,scss,md,yaml,yml}
📄 CodeRabbit Inference Engine (.cursor/rules/development.mdc)
Use Prettier for consistent code formatting
Files:
packages/clerk-js/CHANGELOG.mdpackages/nextjs/CHANGELOG.md
packages/**/CHANGELOG.md
📄 CodeRabbit Inference Engine (.cursor/rules/development.mdc)
Maintain detailed changelogs
Files:
packages/clerk-js/CHANGELOG.mdpackages/nextjs/CHANGELOG.md
**/*
⚙️ CodeRabbit Configuration File
If there are no tests added or modified as part of the PR, please suggest that tests be added to cover the changes.
Files:
packages/clerk-js/CHANGELOG.mdpackages/nextjs/CHANGELOG.md
packages/clerk-js/CHANGELOG.md
Outdated
| ### Patch Changes | ||
|
|
||
| - Updated dependencies [[`69498df`](https://github.com/clerk/javascript/commit/69498dfca3e6bb388eb8c94313eac06347dd5a27), [`59f1559`](https://github.com/clerk/javascript/commit/59f15593bab708b9e13eebfff6780c2d52b31b0a)]: | ||
| - @clerk/[email protected] | ||
| - @clerk/[email protected] | ||
| - @clerk/[email protected] |
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Verify dependency versions sync with package manifests.
The dependency versions listed here should match packages/clerk-js/package.json. Please verify to prevent release inconsistencies.
Run:
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# Find the clerk-js package.json
PKG_JSON="$(fd -a '^package\.json$' packages/clerk-js | head -n1)"
echo "Checking ${PKG_JSON}"
echo "Declared deps in package.json:"
jq -r '.dependencies | to_entries[] | select(.key|test("^@clerk/(types|shared|localizations)$")) | "\(.key): \(.value)"' "$PKG_JSON"
echo
echo "Changelog deps:"
cat <<'EOF'
@clerk/[email protected]
@clerk/[email protected]
@clerk/[email protected]
EOFLength of output: 719
Changelog versions vs package.json mismatch — please align
CHANGELOG.md lists explicit versions for @clerk/types (4.77.0), @clerk/shared (3.20.1), and @clerk/localizations (3.21.1), but packages/clerk-js/package.json declares those deps as workspace:^ — update one or the other to avoid release inconsistencies.
Files to check:
- packages/clerk-js/CHANGELOG.md — lines ~26–31 (current changelog block).
- packages/clerk-js/package.json — dependencies: @clerk/types, @clerk/shared, @clerk/localizations (all set to workspace:^).
Changelog snippet:
### Patch Changes
- Updated dependencies [[`69498df`](https://github.com/clerk/javascript/commit/69498dfca3e6bb388eb8c94313eac06347dd5a27), [`59f1559`](https://github.com/clerk/javascript/commit/59f15593bab708b9e13eebfff6780c2d52b31b0a)]:
- @clerk/[email protected]
- @clerk/[email protected]
- @clerk/[email protected]
package.json declared deps (verified):
@clerk/localizations: workspace:^
@clerk/shared: workspace:^
@clerk/types: workspace:^
packages/nextjs/CHANGELOG.md
Outdated
| - Updated dependencies [[`d400782`](https://github.com/clerk/javascript/commit/d400782b7016c1232c0aa1e3399c61b61e4f0709), [`69498df`](https://github.com/clerk/javascript/commit/69498dfca3e6bb388eb8c94313eac06347dd5a27), [`307dc3f`](https://github.com/clerk/javascript/commit/307dc3f05ba1bd3b30b491b198d9e65eebcc95f9), [`2db7431`](https://github.com/clerk/javascript/commit/2db743147827fb69fb8fe73a1e26545aeb7be7aa), [`59f1559`](https://github.com/clerk/javascript/commit/59f15593bab708b9e13eebfff6780c2d52b31b0a), [`69498df`](https://github.com/clerk/javascript/commit/69498dfca3e6bb388eb8c94313eac06347dd5a27)]: | ||
| - @clerk/[email protected] | ||
| - @clerk/[email protected] | ||
| - @clerk/[email protected] | ||
| - @clerk/[email protected] | ||
|
|
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Verify dependency versions and deduplicate repeated commit hash
- The dependency versions listed look right per PR objectives. Please verify they match the actual package.json for @clerk/nextjs.
- The commit hash 69498df appears twice; consider removing duplicates to reduce noise.
Run this script to verify versions match package.json:
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# Find the nextjs package.json
NEXTJS_PKG=$(fd -a -t f package.json | gawk '/packages\/nextjs\/package\.json$/ {print; exit}')
if [[ -z "${NEXTJS_PKG:-}" ]]; then
echo "Could not locate packages/nextjs/package.json"
exit 1
fi
echo "Using ${NEXTJS_PKG}"
# Expected versions from changelog
exp_backend="2.9.0"
exp_types="4.77.0"
exp_shared="3.20.1"
exp_react="5.42.0"
echo "Reading declared deps..."
jq -r '.dependencies, .peerDependencies, .devDependencies' "$NEXTJS_PKG" > /tmp/deps.json
check_dep() {
local name="$1" exp="$2"
# Search all dep sections for the package (supports ^/~ ranges or exact)
local found
found=$(jq -r --arg n "$name" '
to_entries | map(select(.value | has($n))) | .[]
| "\(.key): \(.value[$n])"
' /tmp/deps.json)
if [[ -z "$found" ]]; then
echo "WARN: $name not found in dependencies/peer/dev deps"
return
fi
echo "Found -> $found"
# Strip leading range specifiers for comparison
local ver
ver=$(sed -E 's/^[\^~]//' <<< "$(awk -F': ' '{print $2}' <<< "$found")")
if [[ "$ver" != "$exp" ]]; then
echo "MISMATCH: $name expected $exp but found $ver"
exit 2
fi
}
check_dep "@clerk/backend" "$exp_backend"
check_dep "@clerk/types" "$exp_types"
check_dep "@clerk/shared" "$exp_shared"
check_dep "@clerk/clerk-react" "$exp_react"
echo "All listed dependency versions align with package.json."Length of output: 1055
🏁 Script executed:
#!/bin/bash
set -euo pipefail
PKG="packages/nextjs/package.json"
CL="packages/nextjs/CHANGELOG.md"
if [[ ! -f "$PKG" ]]; then
echo "ERROR: ${PKG} not found"
exit 1
fi
echo "Using $PKG"
echo
# Combine deps into single object
jq '(.dependencies // {}) + (.peerDependencies // {}) + (.devDependencies // {})' "$PKG" > /tmp/combined_deps.json
for pkg in "@clerk/backend" "@clerk/types" "@clerk/shared" "@clerk/clerk-react"; do
ver=$(jq -r --arg p "$pkg" 'if has($p) then .[$p] else empty end' /tmp/combined_deps.json || true)
if [[ -z "$ver" ]]; then
echo "$pkg: NOT FOUND"
else
norm=$(sed -E 's/^[\^~]//' <<< "$ver")
echo "$pkg: declared \"$ver\" -> normalized \"$norm\""
fi
done
echo
if [[ -f "$CL" ]]; then
echo "Occurrences of commit hash 69498df in $CL:"
grep -n '69498df' "$CL" || echo "none"
echo
echo "CHANGELOG snippet (lines 1-40):"
sed -n '1,40p' "$CL"
else
echo "CHANGELOG not found at $CL"
fiLength of output: 5878
Remove duplicate commit hash in CHANGELOG & verify listed versions
- packages/nextjs/CHANGELOG.md — line 11: the commit hash
69498dfappears twice; remove the duplicate (or replace the second entry if a different commit was intended). - packages/nextjs/package.json — this package declares the four @clerk/* deps using the workspace protocol (value = "workspace:^"), so the changelog's explicit versions (2.9.0, 4.77.0, 3.20.1, 5.42.0) cannot be verified from that file. Confirm the actual versions in each package's own package.json (e.g., packages/backend/package.json, packages/types/package.json, packages/shared/package.json, packages/clerk-react/package.json) or via the published release tags.
Suggested CHANGELOG snippet with the duplicate removed:
- Updated dependencies [[`d400782`](https://github.com/clerk/javascript/commit/d400782b7016c1232c0aa1e3399c61b61e4f0709), [`69498df`](https://github.com/clerk/javascript/commit/69498dfca3e6bb388eb8c94313eac06347dd5a27), [`307dc3f`](https://github.com/clerk/javascript/commit/307dc3f05ba1bd3b30b491b198d9e65eebcc95f9), [`2db7431`](https://github.com/clerk/javascript/commit/2db743147827fb69fb8fe73a1e26545aeb7be7aa), [`59f1559`](https://github.com/clerk/javascript/commit/59f15593bab708b9e13eebfff6780c2d52b31b0a)]:
- @clerk/[email protected]
- @clerk/[email protected]
- @clerk/[email protected]
- @clerk/[email protected]
0357f13 to
e6b4292
Compare
This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.
Releases
@clerk/[email protected]
Minor Changes
Remove
secretin favor oftokenin m2m response. (#6542) by @wobsorianoBefore:
After:
Rename M2M namespace from
m2mTokenstom2min Backend API client (#6544) by @wobsorianoBefore:
After:
The
verifySecret()method is removed. Please use.verifyToken()instead.Deprecates
clerkClient.m2mTokens.verifySecret({ secret: 'mt_xxx' })in favor orclerkClient.m2mTokens.verifyToken({ token: 'mt_xxx' })(#6536) by @wobsorianoPatch Changes
4db1e58,69498df,59f1559]:@clerk/[email protected]
Minor Changes
Add
navigateparameter toclerk.setActive()for custom navigation before the session and/or organization is set. (#6486) by @LauraBeatrisIt's useful for handling pending session tasks for after-auth flows:
Patch Changes
Introduce debugLogger for internal debugging support (#6452) by @jacekradko
Updated dependencies [
4db1e58,69498df,59f1559]:@clerk/[email protected]
Minor Changes
RedirectToTaskcontrol component toRedirectToTasks(#6486) by @LauraBeatrisPatch Changes
4db1e58,d400782,69498df,307dc3f,2db7431,59f1559,69498df]:@clerk/[email protected]
Minor Changes
RedirectToTaskcontrol component toRedirectToTasks(#6486) by @LauraBeatrisPatch Changes
4db1e58,69498df,59f1559]:@clerk/[email protected]
Minor Changes
RedirectToTaskcontrol component toRedirectToTasks(#6486) by @LauraBeatrisPatch Changes
4db1e58,d400782,69498df,307dc3f,2db7431,59f1559,69498df]:@clerk/[email protected]
Minor Changes
RedirectToTaskcontrol component toRedirectToTasks(#6486) by @LauraBeatrisPatch Changes
4db1e58,d400782,69498df,307dc3f,2db7431,59f1559,69498df]:@clerk/[email protected]
Minor Changes
RedirectToTaskcontrol component toRedirectToTasks(#6486) by @LauraBeatrisPatch Changes
4db1e58,d400782,69498df,307dc3f,2db7431,59f1559,69498df]:@clerk/[email protected]
Minor Changes
Add
navigateparameter toclerk.setActive()for custom navigation before the session and/or organization is set. (#6486) by @LauraBeatrisIt's useful for handling pending session tasks for after-auth flows:
Patch Changes
@clerk/[email protected]
Minor Changes
RedirectToTaskcontrol component toRedirectToTasks(#6486) by @LauraBeatrisPatch Changes
4db1e58,69498df,59f1559]:@clerk/[email protected]
Patch Changes
4db1e58,d400782,69498df,307dc3f,2db7431,59f1559]:@clerk/[email protected]
Patch Changes
4db1e58,d400782,69498df,307dc3f,2db7431,59f1559]:@clerk/[email protected]
Patch Changes
4db1e58,69498df,59f1559,69498df]:@clerk/[email protected]
Patch Changes
4db1e58,69498df,59f1559,69498df]:@clerk/[email protected]
Patch Changes
4db1e58,69498df,59f1559,69498df]:@clerk/[email protected]
Patch Changes
4db1e58,69498df,59f1559]:@clerk/[email protected]
Patch Changes
4db1e58,d400782,69498df,307dc3f,2db7431,59f1559]:@clerk/[email protected]
Patch Changes
4db1e58,d400782,69498df,307dc3f,2db7431,59f1559]:@clerk/[email protected]
Patch Changes
4db1e58,69498df]:@clerk/[email protected]
Patch Changes
4db1e58,d400782,69498df,307dc3f,2db7431,59f1559,69498df]:@clerk/[email protected]
Patch Changes
Invalidate organization memberships based on client user (#6530) by @iagodahlem
Updated dependencies [
4db1e58,69498df]:@clerk/[email protected]
Patch Changes
4db1e58,d400782,69498df,307dc3f,2db7431,59f1559]:@clerk/[email protected]
Patch Changes
4db1e58,69498df]:Summary by CodeRabbit
New Features
Refactor
Chores