ci(repo): Version packages

[clerk-cookie]

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

@clerk/clerk-js@6.17.0

Minor Changes

• Add internal OAuth transport support for native desktop SDK wrappers to run Clerk's prebuilt OAuth flows through a system browser. (#8831) by @wobsoriano

Patch Changes

• Rename the <OrganizationProfile /> SSO page to "Security". The navbar entry is now labeled "Security" with a shield icon, its route path changed from organization-self-serve-sso to organization-security, and a new organizationProfile.navbar.security localization key replaces organizationProfile.navbar.selfServeSSO. (#8796) by @iagodahlem

• Upgrade build tooling to Rspack 2 (No user-facing API changes). (#8382) by @jacekradko

• Updated dependencies [f4167ec, 17e4164, 67c04a4, 51c8fdc, c2ba971, 8744728, d9b5c7d]:

  • @clerk/shared@4.18.0

@clerk/react@6.10.0

Minor Changes

• Add internal OAuth transport support for native desktop SDK wrappers to run Clerk's prebuilt OAuth flows through a system browser. (#8831) by @wobsoriano

Patch Changes

• Updated dependencies [f4167ec, 17e4164, 67c04a4, 51c8fdc, c2ba971, 8744728, d9b5c7d]:
  • @clerk/shared@4.18.0

@clerk/shared@4.18.0

Minor Changes

• Add internal OAuth transport support for native desktop SDK wrappers to run Clerk's prebuilt OAuth flows through a system browser. (#8831) by @wobsoriano

Patch Changes

• Align the HeadlessBrowserClerk.load() parameter type with the runtime behavior by accepting the full ClerkOptions, including isSatellite. The clerk-js implementation has always accepted and used isSatellite from load() options — it's the only way to configure a satellite app when using @clerk/clerk-js directly — but the type previously excluded it, producing a contradictory generated API reference and type errors for direct consumers. (#8846) by @manovotny

• Rename the <OrganizationProfile /> SSO page to "Security". The navbar entry is now labeled "Security" with a shield icon, its route path changed from organization-self-serve-sso to organization-security, and a new organizationProfile.navbar.security localization key replaces organizationProfile.navbar.selfServeSSO. (#8796) by @iagodahlem

• Ship a self-contained CookieAttributes interface from @clerk/shared/cookie and use it in createCookieHandler's set/remove signatures. The published declarations previously referenced Cookies.CookieAttributes from js-cookie, which consumers could never resolve (the import was dropped from the declaration output and js-cookie ships no types), causing TS2503 errors under skipLibCheck: false and silently degrading the option types to any otherwise. (#8841) by @jacekradko

• Resolve the browser connectivity heuristics (isValidBrowser, isBrowserOnline, and therefore isValidBrowserOnline) from the worker's navigator when window is unavailable but the code runs inside a WorkerGlobalScope. In a Web/Service Worker — most notably an MV3 extension background service worker (where @clerk/chrome-extension loads the background client) — there is no window, so these checks previously always reported "invalid/offline". That caused getToken() failures to be re-thrown as a misleading clerk_offline error and capped network retries lower than intended. The checks now read real connectivity from the worker's navigator. Server-side rendering continues to report false (the fallback requires a real worker scope, so a bare globalThis.navigator such as the one modern Node exposes is not treated as a browser), and behavior in standard browsers and React Native is unchanged. (#8827) by @royanger

• Exclude self-identified server runtimes (Cloudflare-Workers, Node.js, Deno, Bun user agents) from the worker-scope navigator fallback used by isValidBrowser, isBrowserOnline, and isValidBrowserOnline. Today Cloudflare's workerd is excluded only because its self does not satisfy instanceof WorkerGlobalScope; this guard keeps the checks returning false on server-side worker runtimes even if that implementation detail changes, while real browser web/service workers (such as MV3 extension background workers) are unaffected. (#8840) by @jacekradko

• Clarify the isSatellite JSDoc to note it must be set in load(), unlike domain, which is set in the Clerk constructor. This corrects the generated API reference for direct @clerk/clerk-js and <script> consumers, where load() is the only way to configure a satellite app. (#8845) by @SarahSoutoul

@clerk/ui@1.17.0

Minor Changes

• Add internal OAuth transport support for native desktop SDK wrappers to run Clerk's prebuilt OAuth flows through a system browser. (#8831) by @wobsoriano

Patch Changes

• Rename the <OrganizationProfile /> SSO page to "Security". The navbar entry is now labeled "Security" with a shield icon, its route path changed from organization-self-serve-sso to organization-security, and a new organizationProfile.navbar.security localization key replaces organizationProfile.navbar.selfServeSSO. (#8796) by @iagodahlem

• Upgrade build tooling to Rspack 2 (No user-facing API changes). (#8382) by @jacekradko

• Updated dependencies [f4167ec, 17e4164, 67c04a4, 51c8fdc, c2ba971, 8744728, d9b5c7d]:

  • @clerk/shared@4.18.0
  • @clerk/localizations@4.8.2

@clerk/astro@3.4.3

Patch Changes

• Align the HeadlessBrowserClerk.load() parameter type with the runtime behavior by accepting the full ClerkOptions, including isSatellite. The clerk-js implementation has always accepted and used isSatellite from load() options — it's the only way to configure a satellite app when using @clerk/clerk-js directly — but the type previously excluded it, producing a contradictory generated API reference and type errors for direct consumers. (#8846) by @manovotny

• Updated dependencies [f4167ec, 17e4164, 67c04a4, 51c8fdc, c2ba971, 8744728, d9b5c7d]:

  • @clerk/shared@4.18.0
  • @clerk/backend@3.7.1

@clerk/backend@3.7.1

Patch Changes

• Updated dependencies [f4167ec, 17e4164, 67c04a4, 51c8fdc, c2ba971, 8744728, d9b5c7d]:
  • @clerk/shared@4.18.0

@clerk/chrome-extension@3.1.36

Patch Changes

• Updated dependencies [f4167ec, 17e4164, 67c04a4, fa23ad8, 51c8fdc, c2ba971, 8744728, d9b5c7d]:
  • @clerk/shared@4.18.0
  • @clerk/clerk-js@6.17.0
  • @clerk/react@6.10.0
  • @clerk/ui@1.17.0

@clerk/expo@3.4.3

Patch Changes

• Bump the bundled clerk-ios SDK from 1.2.2 to 1.2.3. See the Clerk iOS release: https://github.com/clerk/clerk-ios/releases/tag/1.2.3. (#8854) by @clerk-cookie

• Updated dependencies [f4167ec, 17e4164, 67c04a4, fa23ad8, 51c8fdc, c2ba971, 8744728, d9b5c7d]:

  • @clerk/shared@4.18.0
  • @clerk/clerk-js@6.17.0
  • @clerk/react@6.10.0

@clerk/expo-passkeys@1.1.5

Patch Changes

• Updated dependencies [f4167ec, 17e4164, 67c04a4, 51c8fdc, c2ba971, 8744728, d9b5c7d]:
  • @clerk/shared@4.18.0

@clerk/express@2.1.27

Patch Changes

• Updated dependencies [f4167ec, 17e4164, 67c04a4, 51c8fdc, c2ba971, 8744728, d9b5c7d]:
  • @clerk/shared@4.18.0
  • @clerk/backend@3.7.1

@clerk/fastify@3.1.37

Patch Changes

• Updated dependencies [f4167ec, 17e4164, 67c04a4, 51c8fdc, c2ba971, 8744728, d9b5c7d]:
  • @clerk/shared@4.18.0
  • @clerk/backend@3.7.1

@clerk/hono@0.1.37

Patch Changes

• Updated dependencies [f4167ec, 17e4164, 67c04a4, 51c8fdc, c2ba971, 8744728, d9b5c7d]:
  • @clerk/shared@4.18.0
  • @clerk/backend@3.7.1

@clerk/localizations@4.8.2

Patch Changes

• Rename the <OrganizationProfile /> SSO page to "Security". The navbar entry is now labeled "Security" with a shield icon, its route path changed from organization-self-serve-sso to organization-security, and a new organizationProfile.navbar.security localization key replaces organizationProfile.navbar.selfServeSSO. (#8796) by @iagodahlem

• Updated dependencies [f4167ec, 17e4164, 67c04a4, 51c8fdc, c2ba971, 8744728, d9b5c7d]:

  • @clerk/shared@4.18.0

@clerk/nextjs@7.5.3

Patch Changes

• Updated dependencies [f4167ec, 17e4164, 67c04a4, 51c8fdc, c2ba971, 8744728, d9b5c7d]:
  • @clerk/shared@4.18.0
  • @clerk/react@6.10.0
  • @clerk/backend@3.7.1

@clerk/nuxt@2.6.3

Patch Changes

• Updated dependencies [f4167ec, 17e4164, 67c04a4, 51c8fdc, c2ba971, 8744728, d9b5c7d]:
  • @clerk/shared@4.18.0
  • @clerk/vue@2.4.3
  • @clerk/backend@3.7.1

@clerk/react-router@3.4.3

Patch Changes

• Updated dependencies [f4167ec, 17e4164, 67c04a4, 51c8fdc, c2ba971, 8744728, d9b5c7d]:
  • @clerk/shared@4.18.0
  • @clerk/react@6.10.0
  • @clerk/backend@3.7.1

@clerk/tanstack-react-start@1.4.3

Patch Changes

• Updated dependencies [f4167ec, 17e4164, 67c04a4, 51c8fdc, c2ba971, 8744728, d9b5c7d]:
  • @clerk/shared@4.18.0
  • @clerk/react@6.10.0
  • @clerk/backend@3.7.1

@clerk/testing@2.1.2

Patch Changes

• When a Frontend API request exhausts its retries in the Playwright setupClerkTestingToken helper, the warning now includes response diagnostics (cf-ray, retry-after, content-type, and a truncated response body) so rate-limit responses can be attributed to their source. Network-error retry exhaustion now includes the error message in the warning as well. (#8848) by @jacekradko

• Preserve the /// <reference types="cypress" /> directive in the published @clerk/testing/cypress type declarations. TypeScript's declaration emit previously dropped it, so the shipped types relied on the global Cypress namespace without declaring the dependency and failed to type-check under skipLibCheck: false. (#8841) by @jacekradko

• Updated dependencies [f4167ec, 17e4164, 67c04a4, 51c8fdc, c2ba971, 8744728, d9b5c7d]:

  • @clerk/shared@4.18.0
  • @clerk/backend@3.7.1

@clerk/vue@2.4.3

Patch Changes

• Align the HeadlessBrowserClerk.load() parameter type with the runtime behavior by accepting the full ClerkOptions, including isSatellite. The clerk-js implementation has always accepted and used isSatellite from load() options — it's the only way to configure a satellite app when using @clerk/clerk-js directly — but the type previously excluded it, producing a contradictory generated API reference and type errors for direct consumers. (#8846) by @manovotny

• Updated dependencies [f4167ec, 17e4164, 67c04a4, 51c8fdc, c2ba971, 8744728, d9b5c7d]:

  • @clerk/shared@4.18.0

@clerk/msw@0.0.35

Patch Changes

• Updated dependencies [f4167ec, 17e4164, 67c04a4, 51c8fdc, c2ba971, 8744728, d9b5c7d]:
  • @clerk/shared@4.18.0

@clerk/swingset@0.0.3

Patch Changes

• Updated dependencies [17e4164, 67c04a4, fa23ad8]:
  • @clerk/ui@1.17.0

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
clerk-js-sandbox	Ready	Preview, Comment	Jun 13, 2026 3:19am
swingset	Ready	Preview, Comment	Jun 13, 2026 3:19am

[github-actions]

API Changes Report

Generated by Break Check on 2026-06-13T03:19:57.435Z

Summary

Metric	Count
Packages analyzed	19
Packages with changes	0
🔴 Breaking changes	0
🟡 Non-breaking changes	0
🟢 Additions	0

No API Changes Detected

All packages have stable APIs with no detected changes.

---

Report generated by Break Check

_{Last ran on 8e96593.}

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

⛔ Ignored keywords (1)

• ci(repo): Version packages

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository YAML (base), Repository UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: b70d9804-86fb-4389-a9c8-d17277425a1c

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pkg-pr-new]

Open in StackBlitz

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@8836

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@8836

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@8836

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@8836

@clerk/expo

npm i https://pkg.pr.new/@clerk/expo@8836

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@8836

@clerk/express

npm i https://pkg.pr.new/@clerk/express@8836

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@8836

@clerk/hono

npm i https://pkg.pr.new/@clerk/hono@8836

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@8836

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@8836

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@8836

@clerk/react

npm i https://pkg.pr.new/@clerk/react@8836

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@8836

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@8836

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@8836

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@8836

@clerk/ui

npm i https://pkg.pr.new/@clerk/ui@8836

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@8836

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@8836

commit: 8e96593