ci(repo): Version packages

[clerk-cookie]

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

@clerk/backend@3.5.0

Minor Changes

• Add support for new Backend API user endpoints: (#8694) by @dmoerner
  • users.replaceUserEmailAddress(userId, { emailAddress }) replaces all of a user's email addresses with a single verified, primary email address (PUT /users/{user_id}/email_address).
  • users.replaceUserPhoneNumber(userId, { phoneNumber }) replaces all of a user's phone numbers with a single verified, primary phone number (PUT /users/{user_id}/phone_number).
  • users.createUser now accepts banned and locked parameters to create a user that is already banned or locked.

Patch Changes

• Emit the "session token from cookie is missing the azp claim" warning once per process instead of on every authenticated request. An azp-less cookie token is reused across requests, so the previous unguarded console.warn could flood production logs. (#8698) by @jacekradko

• Preserve custom claims when verifying JWT-format M2M tokens. M2MToken.fromJwtPayload previously hardcoded claims to null, so client.m2m.verify() (and request-level auth()) dropped any custom claims embedded in the token. Custom claims are now reconstructed from the verified payload by stripping only the structural claims the backend adds when minting the token (iss, sub, exp, nbf, iat, jti). User-supplied claims such as aud are preserved. Tokens without custom claims still return claims: null, consistent with the opaque-token path. (#8697) by @jacekradko

• Updated dependencies [c3df67a]:

  • @clerk/shared@4.14.1

@clerk/astro@3.3.3

Patch Changes

• Updated dependencies [1c42351, 1701e0f, c3df67a, be55c4e]:
  • @clerk/backend@3.5.0
  • @clerk/shared@4.14.1

@clerk/chrome-extension@3.1.32

Patch Changes

• Updated dependencies [c3df67a, 152c255, 846a145, b09788e, b07afc4, a1d96f1]:
  • @clerk/shared@4.14.1
  • @clerk/ui@1.14.1
  • @clerk/react@6.7.3
  • @clerk/clerk-js@6.13.1

@clerk/clerk-js@6.13.1

Patch Changes

• Updated dependencies [c3df67a]:
  • @clerk/shared@4.14.1

@clerk/expo@3.3.1

Patch Changes

• Updated dependencies [c3df67a]:
  • @clerk/shared@4.14.1
  • @clerk/react@6.7.3
  • @clerk/clerk-js@6.13.1

@clerk/expo-passkeys@1.1.1

Patch Changes

• Updated dependencies [c3df67a]:
  • @clerk/shared@4.14.1

@clerk/express@2.1.23

Patch Changes

• Updated dependencies [1c42351, 1701e0f, c3df67a, be55c4e]:
  • @clerk/backend@3.5.0
  • @clerk/shared@4.14.1

@clerk/fastify@3.1.33

Patch Changes

• Fixed clerkPlugin() to honor publishableKey and secretKey passed in plugin options when authenticating Fastify requests. The plugin now also exposes request.clerk, which uses the same plugin keys and resolves the correct Clerk API host for non-production publishable keys. (#8640) by @wobsoriano

• Updated dependencies [1c42351, 1701e0f, c3df67a, be55c4e]:

  • @clerk/backend@3.5.0
  • @clerk/shared@4.14.1

@clerk/hono@0.1.33

Patch Changes

• Updated dependencies [1c42351, 1701e0f, c3df67a, be55c4e]:
  • @clerk/backend@3.5.0
  • @clerk/shared@4.14.1

@clerk/localizations@4.7.1

Patch Changes

• Layer architecture for configure steps per IdP and protocol on <ConfigureSSO /> (#8651) by @LauraBeatris

• Updated dependencies [c3df67a]:

  • @clerk/shared@4.14.1

@clerk/nextjs@7.4.3

Patch Changes

• Updated dependencies [1c42351, 1701e0f, c3df67a, be55c4e]:
  • @clerk/backend@3.5.0
  • @clerk/shared@4.14.1
  • @clerk/react@6.7.3

@clerk/nuxt@2.5.3

Patch Changes

• Updated dependencies [1c42351, 1701e0f, c3df67a, be55c4e]:
  • @clerk/backend@3.5.0
  • @clerk/shared@4.14.1
  • @clerk/vue@2.3.3

@clerk/react@6.7.3

Patch Changes

• Updated dependencies [c3df67a]:
  • @clerk/shared@4.14.1

@clerk/react-router@3.3.3

Patch Changes

• Read VITE_CLERK_UNSAFE_DISABLE_DEVELOPMENT_MODE_CONSOLE_WARNING on the client when React Router is used in SPA mode (or as a library). Previously the env-var shortcut only took effect through the SSR rootAuthLoader, so client-only setups had no way to suppress the development-keys warning without passing unsafe_disableDevelopmentModeConsoleWarning to <ClerkProvider> directly. (#8682) by @jacekradko

• Updated dependencies [1c42351, 1701e0f, c3df67a, be55c4e]:

  • @clerk/backend@3.5.0
  • @clerk/shared@4.14.1
  • @clerk/react@6.7.3

@clerk/shared@4.14.1

Patch Changes

• Layer architecture for configure steps per IdP and protocol on <ConfigureSSO /> (#8651) by @LauraBeatris

@clerk/tanstack-react-start@1.3.3

Patch Changes

• Updated dependencies [1c42351, 1701e0f, c3df67a, be55c4e]:
  • @clerk/backend@3.5.0
  • @clerk/shared@4.14.1
  • @clerk/react@6.7.3

@clerk/testing@2.0.35

Patch Changes

• Updated dependencies [1c42351, 1701e0f, c3df67a, be55c4e]:
  • @clerk/backend@3.5.0
  • @clerk/shared@4.14.1

@clerk/ui@1.14.1

Patch Changes

• Layer architecture for configure steps per IdP and protocol on <ConfigureSSO /> (#8651) by @LauraBeatris

• Fix the legal consent checkbox growing in size when its label wraps to a second line while using the simple theme. The checkbox is now aligned to the start of the row so it no longer stretches to match the label height. (#8705) by @dmoerner

• Avoid sending duplicate verification codes when persisted email or phone code verifications are already pending. (#8548) by @jacekradko

• Fix stepper chevron wrapping in <ConfigureSSO /> (#8693) by @alexcarpenter

• Add mobile support for <ConfigureSSO /> navbar to display application name, logo and organization name (#8675) by @LauraBeatris

• Scope the UserProfile active-devices fetch cache by user.id so a session switch or sign-out/sign-in on a shared device no longer renders the previous user's device activity (IP, location, browser/device) from the module-scoped cache. (#8703) by @dominic-clerk

• Updated dependencies [c3df67a]:

  • @clerk/localizations@4.7.1
  • @clerk/shared@4.14.1

@clerk/upgrade@2.0.3

Patch Changes

• Removed unused generate-changelog script (#8686) by @dominic-clerk

@clerk/vue@2.3.3

Patch Changes

• Updated dependencies [c3df67a]:
  • @clerk/shared@4.14.1

@clerk/msw@0.0.31

Patch Changes

• Updated dependencies [c3df67a]:
  • @clerk/shared@4.14.1

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
clerk-js-sandbox	Ready	Preview, Comment	May 29, 2026 8:49pm

[github-actions]

Snapi: no API changes detected in @clerk/backend, @clerk/clerk-js, @clerk/nextjs, @clerk/react, @clerk/shared, @clerk/ui.

[pkg-pr-new]

Open in StackBlitz

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@8679

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@8679

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@8679

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@8679

@clerk/expo

npm i https://pkg.pr.new/@clerk/expo@8679

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@8679

@clerk/express

npm i https://pkg.pr.new/@clerk/express@8679

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@8679

@clerk/hono

npm i https://pkg.pr.new/@clerk/hono@8679

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@8679

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@8679

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@8679

@clerk/react

npm i https://pkg.pr.new/@clerk/react@8679

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@8679

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@8679

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@8679

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@8679

@clerk/ui

npm i https://pkg.pr.new/@clerk/ui@8679

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@8679

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@8679

commit: 7e3c640