release: version packages#8759
Open
silverhand-bot wants to merge 1 commit into
Open
Conversation
silverhand-bot
requested review from
charIeszhao,
gao-sun,
simeng-li and
wangsijie
as code owners
COMPARE TO
|
| Name | Diff |
|---|---|
| .changeset/add-mailjunky-email-connector.md | 📈 +132 Bytes |
| .changeset/add-smsbao-sms-connector.md | 📈 +107 Bytes |
| .changeset/clarify-two-step-toggle-label.md | 📈 +124 Bytes |
| .changeset/console-audit-logs-time-picker.md | 📈 +434 Bytes |
| .changeset/enforce-terms-on-signin-to-register.md | 📈 +550 Bytes |
| .changeset/fast-ligers-arrive.md | 📈 +97 Bytes |
| .changeset/fix-account-social-callback-connector-id.md | 📈 +282 Bytes |
| .changeset/fix-openapi-arbitrary-object-types.md | 📈 +335 Bytes |
| .changeset/fix-passkey-zh-translation.md | 📈 +109 Bytes |
| .changeset/fix-smtp-auth-empty-credentials.md | 📈 +190 Bytes |
| .changeset/index-organization-role-user-relations-org-user.md | 📈 +554 Bytes |
| .changeset/index-organization-user-relations-user-id.md | 📈 +505 Bytes |
| .changeset/initial-password-setup.md | 📈 +183 Bytes |
| .changeset/logs-enable-cap-docs.md | 📈 +360 Bytes |
| .changeset/logs-enable-cap.md | 📈 +696 Bytes |
| .changeset/logs-time-window.md | 📈 +731 Bytes |
| .changeset/membership-webhook-delta-ga.md | 📈 +1.57 KB |
| .changeset/nervous-bats-bow.md | 📈 +97 Bytes |
| .changeset/odd-pans-battle.md | 📈 +88 Bytes |
| .changeset/perf-list-org-users-lateral.md | 📈 +1.05 KB |
| .changeset/perf-relation-queries-replace-delta.md | 📈 +1.36 KB |
| .changeset/protected-app-v2-ga.md | 📈 +433 Bytes |
| .changeset/quiet-rivers-tag.md | 📈 +678 Bytes |
| .changeset/silent-account-reauth.md | 📈 +591 Bytes |
| .changeset/soft-plums-return.md | 📈 +116 Bytes |
| .changeset/tough-apes-obey.md | 📈 +98 Bytes |
| packages/account/CHANGELOG.md | 📈 +1.01 KB |
| packages/account/package.json | 0 Bytes |
| packages/api/CHANGELOG.md | 📈 +11 Bytes |
| packages/api/package.json | 0 Bytes |
| packages/cli/CHANGELOG.md | 📈 +230 Bytes |
| packages/cli/package.json | 0 Bytes |
| packages/connectors/connector-alipay-native/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-alipay-native/package.json | 0 Bytes |
| packages/connectors/connector-alipay-web/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-alipay-web/package.json | 0 Bytes |
| packages/connectors/connector-aliyun-dm/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-aliyun-dm/package.json | 0 Bytes |
| packages/connectors/connector-aliyun-sms-mas/CHANGELOG.md | 📈 +213 Bytes |
| packages/connectors/connector-aliyun-sms-mas/package.json | 0 Bytes |
| packages/connectors/connector-aliyun-sms/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-aliyun-sms/package.json | 0 Bytes |
| packages/connectors/connector-amazon/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-amazon/package.json | 0 Bytes |
| packages/connectors/connector-apple/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-apple/package.json | 0 Bytes |
| packages/connectors/connector-aws-ses/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-aws-ses/package.json | 0 Bytes |
| packages/connectors/connector-azuread/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-azuread/package.json | 0 Bytes |
| packages/connectors/connector-dingtalk-web/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-dingtalk-web/package.json | 0 Bytes |
| packages/connectors/connector-discord/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-discord/package.json | 0 Bytes |
| packages/connectors/connector-facebook/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-facebook/package.json | 0 Bytes |
| packages/connectors/connector-feishu-web/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-feishu-web/package.json | 0 Bytes |
| packages/connectors/connector-gatewayapi-sms/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-gatewayapi-sms/package.json | 0 Bytes |
| packages/connectors/connector-github/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-github/package.json | 0 Bytes |
| packages/connectors/connector-gitlab/CHANGELOG.md | 📈 +130 Bytes |
| packages/connectors/connector-gitlab/package.json | 0 Bytes |
| packages/connectors/connector-google/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-google/package.json | 0 Bytes |
| packages/connectors/connector-http-email/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-http-email/package.json | 0 Bytes |
| packages/connectors/connector-huggingface/CHANGELOG.md | 📈 +130 Bytes |
| packages/connectors/connector-huggingface/package.json | 0 Bytes |
| packages/connectors/connector-kakao/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-kakao/package.json | 0 Bytes |
| packages/connectors/connector-kook/CHANGELOG.md | 📈 +130 Bytes |
| packages/connectors/connector-kook/package.json | 0 Bytes |
| packages/connectors/connector-line/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-line/package.json | 0 Bytes |
| packages/connectors/connector-linkedin/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-linkedin/package.json | 0 Bytes |
| packages/connectors/connector-logto-email/CHANGELOG.md | 📈 +161 Bytes |
| packages/connectors/connector-logto-email/package.json | 0 Bytes |
| packages/connectors/connector-logto-social-demo/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-logto-social-demo/package.json | 0 Bytes |
| packages/connectors/connector-mailgun/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-mailgun/package.json | 0 Bytes |
| packages/connectors/connector-mailjunky/CHANGELOG.md | 📈 +247 Bytes |
| packages/connectors/connector-mailjunky/package.json | 0 Bytes |
| packages/connectors/connector-mock-email-alternative/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-mock-email-alternative/package.json | 0 Bytes |
| packages/connectors/connector-mock-email/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-mock-email/package.json | 0 Bytes |
| packages/connectors/connector-mock-sms/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-mock-sms/package.json | 0 Bytes |
| packages/connectors/connector-mock-social/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-mock-social/package.json | 0 Bytes |
| packages/connectors/connector-naver/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-naver/package.json | 0 Bytes |
| packages/connectors/connector-oauth2/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-oauth2/package.json | 0 Bytes |
| packages/connectors/connector-oidc/CHANGELOG.md | 📈 +130 Bytes |
| packages/connectors/connector-oidc/package.json | 0 Bytes |
| packages/connectors/connector-patreon/CHANGELOG.md | 📈 +130 Bytes |
| packages/connectors/connector-patreon/package.json | 0 Bytes |
| packages/connectors/connector-postmark/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-postmark/package.json | 0 Bytes |
| packages/connectors/connector-qq/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-qq/package.json | 0 Bytes |
| packages/connectors/connector-saml/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-saml/package.json | 0 Bytes |
| packages/connectors/connector-sendgrid-email/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-sendgrid-email/package.json | 0 Bytes |
| packages/connectors/connector-slack/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-slack/package.json | 0 Bytes |
| packages/connectors/connector-smsaero/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-smsaero/package.json | 0 Bytes |
| packages/connectors/connector-smsbao-sms/CHANGELOG.md | 📈 +192 Bytes |
| packages/connectors/connector-smsbao-sms/package.json | 📈 +21 Bytes |
| packages/connectors/connector-smtp/CHANGELOG.md | 📈 +261 Bytes |
| packages/connectors/connector-smtp/package.json | 0 Bytes |
| packages/connectors/connector-tencent-sms/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-tencent-sms/package.json | 0 Bytes |
| packages/connectors/connector-twilio-sms/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-twilio-sms/package.json | 0 Bytes |
| packages/connectors/connector-vonage-sms/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-vonage-sms/package.json | 0 Bytes |
| packages/connectors/connector-wechat-native/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-wechat-native/package.json | 0 Bytes |
| packages/connectors/connector-wechat-web/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-wechat-web/package.json | 0 Bytes |
| packages/connectors/connector-wecom/CHANGELOG.md | 📈 +178 Bytes |
| packages/connectors/connector-wecom/package.json | 0 Bytes |
| packages/connectors/connector-whatsapp/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-whatsapp/package.json | 0 Bytes |
| packages/connectors/connector-x/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-x/package.json | 0 Bytes |
| packages/connectors/connector-xiaomi/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-xiaomi/package.json | 0 Bytes |
| packages/connectors/connector-yunpian-sms/CHANGELOG.md | 📈 +97 Bytes |
| packages/connectors/connector-yunpian-sms/package.json | 0 Bytes |
| packages/console/CHANGELOG.md | 📈 +1.18 KB |
| packages/console/package.json | 0 Bytes |
| packages/core/CHANGELOG.md | 📈 +7.57 KB |
| packages/core/package.json | 0 Bytes |
| packages/create/CHANGELOG.md | 📈 +51 Bytes |
| packages/create/package.json | 0 Bytes |
| packages/experience/CHANGELOG.md | 📈 +561 Bytes |
| packages/experience/package.json | 0 Bytes |
| packages/phrases-experience/CHANGELOG.md | 📈 +179 Bytes |
| packages/phrases-experience/package.json | 0 Bytes |
| packages/schemas/CHANGELOG.md | 📈 +1.83 KB |
| packages/schemas/alterations/1.40.0-1776516232-add-account-center-profile-fields.ts | 📈 +455 Bytes |
| packages/schemas/alterations/1.40.0-1778318116-add-custom-ui-csp-to-sie.ts | 📈 +490 Bytes |
| packages/schemas/alterations/1.40.0-1778500000-add-organization-user-relations-user-id-index.ts | 📈 +1.58 KB |
| packages/schemas/alterations/1.40.0-1778500001-add-organization-role-user-relations-org-user-index.ts | 📈 +1.7 KB |
| packages/schemas/alterations/1.40.0-1779421396-add-application-access-control-schema.ts | 📈 +3.7 KB |
| packages/schemas/alterations/next-1776516232-add-account-center-profile-fields.ts | 📈 +455 Bytes |
| packages/schemas/alterations/next-1778318116-add-custom-ui-csp-to-sie.ts | 📈 +490 Bytes |
| packages/schemas/alterations/next-1778500000-add-organization-user-relations-user-id-index.ts | 📈 +1.58 KB |
| packages/schemas/alterations/next-1778500001-add-organization-role-user-relations-org-user-index.ts | 📈 +1.7 KB |
| packages/schemas/alterations/next-1779421396-add-application-access-control-schema.ts | 📈 +3.7 KB |
| packages/schemas/package.json | 0 Bytes |
| packages/toolkit/connector-kit/CHANGELOG.md | 📈 +102 Bytes |
| packages/toolkit/connector-kit/package.json | 0 Bytes |
| packages/translate/CHANGELOG.md | 📈 +139 Bytes |
| packages/translate/package.json | 0 Bytes |
| pnpm-lock.yaml | 📈 +385 Bytes |
silverhand-bot
force-pushed
the
changeset-release/master
branch
from
936f8cc to
610a1cb
Compare
silverhand-bot
force-pushed
the
changeset-release/master
branch
from
610a1cb to
105cf09
Compare
silverhand-bot
force-pushed
the
changeset-release/master
branch
from
105cf09 to
b843c86
Compare
silverhand-bot
force-pushed
the
changeset-release/master
branch
from
b843c86 to
bd5d6c0
Compare
silverhand-bot
force-pushed
the
changeset-release/master
branch
from
bd5d6c0 to
82665db
Compare
silverhand-bot
force-pushed
the
changeset-release/master
branch
from
82665db to
7227784
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
This PR is an automated Changesets release PR to bump package versions and update changelogs/lockfile in preparation for publishing updated @logto/* packages to npm.
Changes:
- Bump package versions for
@logto/cli,@logto/create,@logto/core,@logto/api,@logto/schemas, and@logto/account. - Update package changelogs for the new release versions and remove the consumed changeset file.
- Refresh
pnpm-lock.yamlto reflect updated workspace ranges and lock metadata (e.g.,libcfields, git-hosted resolution metadata).
Reviewed changes
Copilot reviewed 13 out of 14 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| pnpm-lock.yaml | Updates workspace dependency specifiers and lock metadata for the release. |
| packages/schemas/package.json | Bumps @logto/schemas version to 1.39.1. |
| packages/schemas/CHANGELOG.md | Adds a 1.39.1 release entry. |
| packages/create/package.json | Bumps @logto/create to 1.39.1 and updates @logto/cli workspace range. |
| packages/create/CHANGELOG.md | Adds 1.39.1 entry referencing updated @logto/cli. |
| packages/core/package.json | Bumps @logto/core version to 1.39.1. |
| packages/core/CHANGELOG.md | Adds 1.39.1 entry listing updated internal dependencies. |
| packages/cli/package.json | Bumps @logto/cli version to 1.39.1. |
| packages/cli/CHANGELOG.md | Adds 1.39.1 entry referencing updated @logto/schemas. |
| packages/api/package.json | Bumps @logto/api version to 1.39.1. |
| packages/api/CHANGELOG.md | Adds 1.39.1 release entry. |
| packages/account/package.json | Bumps @logto/account version to 0.4.1. |
| packages/account/CHANGELOG.md | Adds 0.4.1 entry documenting the social linking callback fix. |
| .changeset/fix-account-social-callback-connector-id.md | Removes the changeset file now included in the release. |
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # Change Log | ||
|
|
||
| ## 1.39.1 | ||
|
|
silverhand-bot
force-pushed
the
changeset-release/master
branch
from
7227784 to
58264e2
Compare
|
|
||
| ### Minor Changes | ||
|
|
||
| - cc0d703356: add `enableCap=true` query parameter to `GET /logs` and `GET /hooks/:id/recent-logs` to reduce the chance of `statement_timeout` on tenants with very large log volumes. |
|
|
||
| ### Minor Changes | ||
|
|
||
| - cc0d703356: add `enableCap=true` query parameter to `GET /logs` and `GET /hooks/:id/recent-logs` to reduce the chance of `statement_timeout` on tenants with very large log volumes. |
|
|
||
| ### Minor Changes | ||
|
|
||
| - cc0d703356: add `enableCap=true` query parameter to `GET /logs` and `GET /hooks/:id/recent-logs` to reduce the chance of `statement_timeout` on tenants with very large log volumes. |
|
|
||
| ## 1.40.0 | ||
|
|
||
| ### Patch Changes |
|
|
||
| ### Minor Changes | ||
|
|
||
| - cc0d703356: add `enableCap=true` query parameter to `GET /logs` and `GET /hooks/:id/recent-logs` to reduce the chance of `statement_timeout` on tenants with very large log volumes. |
|
|
||
| On `GET /api/hooks/{id}/recent-logs`, supplying either `start_time` or `end_time` replaces the endpoint's default 24-hour lower bound so callers can query an arbitrary historical window. Default behavior (no time params supplied) is unchanged: the endpoint still returns logs from the last 24 hours. | ||
|
|
||
| ### Patch Changes |
Comment on lines
+5
to
+8
| ### Patch Changes | ||
|
|
||
| - 32c40b1adf: clarify Account Center 2-step verification toggle label | ||
| - 2ae0a420f7: fix social linking callback in Account Center to preserve connector id |
| - 7b7a5c8f68: the Audit Logs page now opts into the count-cap behavior introduced in `@logto/core` by passing `?enableCap=true` to `GET /api/logs`. | ||
|
|
||
| For tenants with very large log volumes (more than 10,000 matching entries), the page renders a Prev/Next layout when the server reports a capped count instead of hitting `statement_timeout`. | ||
|
|
|
|
||
| ### Minor Changes | ||
|
|
||
| - cc0d703356: add `enableCap=true` query parameter to `GET /logs` and `GET /hooks/:id/recent-logs` to reduce the chance of `statement_timeout` on tenants with very large log volumes. |
Comment on lines
+7
to
+17
| - cc0d703356: add `enableCap=true` query parameter to `GET /logs` and `GET /hooks/:id/recent-logs` to reduce the chance of `statement_timeout` on tenants with very large log volumes. | ||
|
|
||
| When the param is passed: | ||
|
|
||
| - The count query short-circuits at ~10,000 rows, returning `10001` as a saturation sentinel. | ||
| - The response includes a `Total-Number-Is-Capped: true` header when the cap is hit. | ||
| - In capped responses, both `Link: rel="last"` and `Link: rel="next"` are omitted because the saturated count makes the derived page count unreliable. Clients should construct page URLs themselves and stop on an empty response. | ||
|
|
||
| Default request behavior (without `enableCap`) is unchanged. | ||
|
|
||
| - 57c27d42f9: add `start_time` and `end_time` query parameters to `GET /api/logs` and `GET /api/hooks/{id}/recent-logs` for filtering logs by a time window. |
Comment on lines
+3
to
+17
| ## 1.40.0 | ||
|
|
||
| ### Patch Changes | ||
|
|
||
| - fafe81e8f3: add secondary index on `organization_role_user_relations (tenant_id, organization_id, user_id)` to speed up per-user role lookups | ||
|
|
||
| The primary key column order is `(tenant_id, organization_id, organization_role_id, user_id)`, which prevents queries that filter by `(organization_id, user_id)` without specifying `organization_role_id` from using the index. This pattern is hit by `getUserScopes` (called on every `GET /organizations/:id/users/:userId/scopes`) and by the per-user role join in `getUsersByOrganizationId`. | ||
|
|
||
| - 6172751589: add secondary index on `organization_user_relations (tenant_id, user_id)` to speed up reverse lookups | ||
|
|
||
| The primary key column order is `(tenant_id, organization_id, user_id)`, which prevents queries that filter by `user_id` without specifying `organization_id` from using the index. This pattern is hit on every sign-in (via `getOrganizationsByUserId`) and on every request to the `/organizations/:id/users/:userId/roles` family (via the membership-existence middleware). | ||
|
|
||
| - 16553c027a: expose `isCurrent` on the Account API sessions response | ||
|
|
||
| `GET /api/my-account/sessions` now returns `isCurrent: boolean` on every entry. The session whose OIDC uid backs the calling access token is `true`; the others are `false`. Use this to mark the "This device" entry in session-management UIs and to avoid revoking the caller's own session. |
Comment on lines
+3
to
+7
| ## 1.40.0 | ||
|
|
||
| ### Patch Changes | ||
|
|
||
| - fafe81e8f3: add secondary index on `organization_role_user_relations (tenant_id, organization_id, user_id)` to speed up per-user role lookups |
Comment on lines
18
to
23
| "files": [ | ||
| "lib", | ||
| "docs", | ||
| "logo.svg" | ||
| "logo.svg", | ||
| "logo-dark.svg" | ||
| ], |
Comment on lines
18
to
23
| "files": [ | ||
| "lib", | ||
| "docs", | ||
| "logo.svg" | ||
| "logo.svg", | ||
| "logo-dark.svg" | ||
| ], |
Comment on lines
+8
to
+10
|
|
||
| the picker offers preset windows (`Last 1 hour` / `Last 24 hours` / `Last 7 days` / `Last 30 days`) plus a custom date range. it scopes every request to a bounded `start_time` / `end_time` window — reducing latency on tenants with very large log volumes — while keeping older logs reachable by widening the range. | ||
|
|
|
|
||
| ### Patch Changes | ||
|
|
||
| - 7b7a5c8f68: the Audit Logs page now opts into the count-cap behavior introduced in `@logto/core` by passing `?enableCap=true` to `GET /api/logs`. |
Comment on lines
+7
to
+9
| - 8407ecd410: add a time-range picker to the audit logs page with a default of the last 7 days. | ||
|
|
||
| the picker offers preset windows (`Last 1 hour` / `Last 24 hours` / `Last 7 days` / `Last 30 days`) plus a custom date range. it scopes every request to a bounded `start_time` / `end_time` window — reducing latency on tenants with very large log volumes — while keeping older logs reachable by widening the range. |
Comment on lines
17
to
22
| "files": [ | ||
| "lib", | ||
| "docs", | ||
| "logo.png" | ||
| "logo.svg", | ||
| "logo-dark.svg" | ||
| ], |
Comment on lines
17
to
22
| "files": [ | ||
| "lib", | ||
| "docs", | ||
| "logo.png" | ||
| "logo.svg", | ||
| "logo-dark.svg" | ||
| ], |
Comment on lines
17
to
22
| "files": [ | ||
| "lib", | ||
| "docs", | ||
| "logo.png" | ||
| "logo.svg", | ||
| "logo-dark.svg" | ||
| ], |
Comment on lines
17
to
+21
| "files": [ | ||
| "lib", | ||
| "docs", | ||
| "logo.png" | ||
| "logo.svg", | ||
| "logo-dark.svg" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and publish to npm yourself or setup this action to publish automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to master, this PR will be updated.
Releases
@logto/connector-aliyun-sms-mas@1.1.0
Minor Changes
Patch Changes
@logto/connector-mailjunky@1.6.0
Minor Changes
Patch Changes
@logto/connector-smsbao-sms@1.1.0
Minor Changes
Patch Changes
@logto/connector-wecom@0.6.0
Minor Changes
Patch Changes
@logto/cli@1.40.0
Patch Changes
@logto/connector-alipay-native@1.4.5
Patch Changes
@logto/connector-alipay-web@1.6.4
Patch Changes
@logto/connector-aliyun-dm@1.5.3
Patch Changes
@logto/connector-aliyun-sms@1.5.3
Patch Changes
@logto/connector-amazon@0.3.4
Patch Changes
@logto/connector-apple@1.6.6
Patch Changes
@logto/connector-aws-ses@1.5.3
Patch Changes
@logto/connector-azuread@1.6.4
Patch Changes
@logto/connector-dingtalk-web@0.4.4
Patch Changes
@logto/connector-discord@1.6.4
Patch Changes
@logto/connector-facebook@1.6.4
Patch Changes
@logto/connector-feishu-web@1.4.5
Patch Changes
@logto/connector-gatewayapi-sms@1.2.3
Patch Changes
@logto/connector-github@1.7.4
Patch Changes
@logto/connector-gitlab@1.2.6
Patch Changes
@logto/connector-google@1.8.4
Patch Changes
@logto/connector-http-email@0.4.2
Patch Changes
@logto/connector-huggingface@0.4.6
Patch Changes
@logto/connector-kakao@1.4.5
Patch Changes
@logto/connector-kook@0.4.6
Patch Changes
@logto/connector-line@0.3.4
Patch Changes
@logto/connector-linkedin@0.3.4
Patch Changes
@logto/connector-logto-email@1.3.5
Patch Changes
@logto/connector-logto-social-demo@1.3.5
Patch Changes
@logto/connector-mailgun@1.5.5
Patch Changes
@logto/connector-mock-email@3.0.1
Patch Changes
@logto/connector-mock-standard-email@3.0.1
Patch Changes
@logto/connector-mock-sms@3.0.1
Patch Changes
@logto/connector-mock-social@1.5.4
Patch Changes
@logto/connector-naver@1.4.5
Patch Changes
@logto/connector-oauth@1.7.6
Patch Changes
@logto/connector-oidc@1.7.3
Patch Changes
@logto/connector-patreon@1.2.6
Patch Changes
@logto/connector-postmark@1.2.3
Patch Changes
@logto/connector-qq@1.1.4
Patch Changes
@logto/connector-saml@1.3.5
Patch Changes
@logto/connector-sendgrid-email@1.5.3
Patch Changes
@logto/connector-slack@0.3.4
Patch Changes
@logto/connector-smsaero@1.5.3
Patch Changes
@logto/connector-smtp@1.5.3
Patch Changes
authto omituserandpassso relays that authorize by source (e.g. IP/VLAN) can be configured without forging credentials@logto/connector-tencent-sms@1.4.3
Patch Changes
@logto/connector-twilio-sms@1.4.3
Patch Changes
@logto/connector-vonage-sms@0.2.3
Patch Changes
@logto/connector-wechat-native@1.4.5
Patch Changes
@logto/connector-wechat-web@1.6.4
Patch Changes
@logto/connector-whatsapp-sms@1.0.2
Patch Changes
@logto/connector-x@0.4.3
Patch Changes
@logto/connector-xiaomi@1.2.4
Patch Changes
@logto/connector-yunpian-sms@1.2.3
Patch Changes
@logto/create@1.40.0
Patch Changes
@logto/phrases-experience@1.13.2
Patch Changes
@logto/schemas@1.40.0
Patch Changes
fafe81e: add secondary index on
organization_role_user_relations (tenant_id, organization_id, user_id)to speed up per-user role lookupsThe primary key column order is
(tenant_id, organization_id, organization_role_id, user_id), which prevents queries that filter by(organization_id, user_id)without specifyingorganization_role_idfrom using the index. This pattern is hit bygetUserScopes(called on everyGET /organizations/:id/users/:userId/scopes) and by the per-user role join ingetUsersByOrganizationId.6172751: add secondary index on
organization_user_relations (tenant_id, user_id)to speed up reverse lookupsThe primary key column order is
(tenant_id, organization_id, user_id), which prevents queries that filter byuser_idwithout specifyingorganization_idfrom using the index. This pattern is hit on every sign-in (viagetOrganizationsByUserId) and on every request to the/organizations/:id/users/:userId/rolesfamily (via the membership-existence middleware).16553c0: expose
isCurrenton the Account API sessions responseGET /api/my-account/sessionsnow returnsisCurrent: booleanon every entry. The session whose OIDC uid backs the calling access token istrue; the others arefalse. Use this to mark the "This device" entry in session-management UIs and to avoid revoking the caller's own session.The admin user-sessions endpoints (
GET /users/:userId/sessionsandGET /users/:userId/sessions/:sessionId) are unchanged — they have no caller-session concept and continue to use the original response shape.Closes #8681.
Updated dependencies [32c40b1]
Updated dependencies [6b9944d]
Updated dependencies [41a56f7]
@logto/connector-kit@5.0.1
Patch Changes
@logto/translate@0.2.13
Patch Changes
@logto/api@1.40.0
@logto/console@1.37.0
Minor Changes
8407ecd: add a time-range picker to the audit logs page with a default of the last 7 days.
the picker offers preset windows (
Last 1 hour/Last 24 hours/Last 7 days/Last 30 days) plus a custom date range. it scopes every request to a boundedstart_time/end_timewindow — reducing latency on tenants with very large log volumes — while keeping older logs reachable by widening the range.42f3969: add protected app ID token claim scopes and tenant custom domain SDK endpoint support
Protected App settings in Console let you choose which ID token claims (such as
roles,custom_data, andorganizations) are forwarded to your origin via theLogto-ID-Tokenheader. When a tenant custom domain is active, Protected App remote config uses that domain as the SDK endpoint.Patch Changes
7b7a5c8: the Audit Logs page now opts into the count-cap behavior introduced in
@logto/coreby passing?enableCap=truetoGET /api/logs.For tenants with very large log volumes (more than 10,000 matching entries), the page renders a Prev/Next layout when the server reports a capped count instead of hitting
statement_timeout.@logto/core@1.40.0
Minor Changes
cc0d703: add
enableCap=truequery parameter toGET /logsandGET /hooks/:id/recent-logsto reduce the chance ofstatement_timeouton tenants with very large log volumes.When the param is passed:
10001as a saturation sentinel.Total-Number-Is-Capped: trueheader when the cap is hit.Link: rel="last"andLink: rel="next"are omitted because the saturated count makes the derived page count unreliable. Clients should construct page URLs themselves and stop on an empty response.Default request behavior (without
enableCap) is unchanged.57c27d4: add
start_timeandend_timequery parameters toGET /api/logsandGET /api/hooks/{id}/recent-logsfor filtering logs by a time window.Both are exclusive bounds in unix milliseconds (
createdAt > start_time AND createdAt < end_time). Either value is optional; when both are present, the endpoint returns400ifstart_time >= end_time. Either value being non-numeric also returns400.On
GET /api/hooks/{id}/recent-logs, supplying eitherstart_timeorend_timereplaces the endpoint's default 24-hour lower bound so callers can query an arbitrary historical window. Default behavior (no time params supplied) is unchanged: the endpoint still returns logs from the last 24 hours.c4c34e6: enrich
Organization.Membership.Updatedwebhook payload with explicit delta fields describing the exact membership change:addedUserIds/removedUserIdsonPOST /organizations/:id/users,PUT /organizations/:id/users, andDELETE /organizations/:id/users/:userId.addedApplicationIds/removedApplicationIdsonPOST /organizations/:id/applications,PUT /organizations/:id/applications, andDELETE /organizations/:id/applications/:applicationId.addedUserIdson invitation accept (PUT /organization-invitations/:id/status) and experience-flow just-in-time provisioning (email-domain JIT and enterprise SSO JIT during sign-up / sign-in).Each delta array is capped silently at 5000 entries; for bulk operations that exceed the cap, consumers should reconcile authoritative membership via
GET /organizations/:id/usersorGET /organizations/:id/applications. Empty deltas are omitted from the payload entirely, and consumers must treat a missing field as "no change on that side," not as "an empty change." ThePUTreplace handlers report the truly-new and truly-removed IDs (not the entire declared set). Re-accepting an invitation by a user who is already a member still produces the legacy{ organizationId }-only shape.No breaking change: the four delta fields are additive optional fields; the previously emitted
data: nullfield is unchanged. See the webhook reference for the full payload contract.Supersedes feat(core): adds addedUserIds and removedUserIds to Organization.Membership.Updated webhook #8752, thanks @chiche84.
42f3969: add protected app ID token claim scopes and tenant custom domain SDK endpoint support
Protected App settings in Console let you choose which ID token claims (such as
roles,custom_data, andorganizations) are forwarded to your origin via theLogto-ID-Tokenheader. When a tenant custom domain is active, Protected App remote config uses that domain as the SDK endpoint.Patch Changes
ebbc8f4: declare
additionalProperties: trueon arbitrary JSON object schemas in the OpenAPI document. Generated TypeScript clients (e.g.@logto/api) now type fields such ascustomDataas{ [key: string]: unknown }instead ofRecord<string, never>, which previously forbade every property at compile timea27d813: allow users who have no password, no primary email, and no primary phone to set their initial password without a verification record through Account API
3edda52: speed up
GET /organizations/:id/userson large memberships by aggregating roles viaLATERALThe entities query for
getUsersByOrganizationIdjoinedorganization_role_user_relationsandorganization_rolesbefore applyingGROUP BY users.id+LIMIT. Postgres had to build the entiremembers × roles_per_memberintermediate result on every paginated request, aggregate it, then slice. A 20-row page over a 10k-member org with 3 roles each materialized ~30k intermediate rows regardless of page size.The rewrite moves the role aggregation into a
LATERALsubquery joined per user row.LIMITnow prunes the outer user set before the role-table lookups fire, so the aggregation runslimittimes instead of once over the full join, and each lateral lookup hitsorganization_role_user_relations__tenant_id_org_id_user_id(added in the prior Phase 0.5 migration) directly. The row ordering, previously incidental under theGROUP BYplan, is now pinned by an explicitORDER BYso pagination is deterministic across calls.26c8c3f: add
TwoRelationsQueries.replaceWithDelta()for high-cardinality relation tables; switchPUT /organizations/:id/usersto use itThe existing
replace()runsDELETE WHERE schema1_id = X+ bulkINSERTinside a transaction, rewriting O(N) rows on every call. The newreplaceWithDelta()computes the added/removed sets in a single CTE statement, so a no-op call writes zero rows and a one-row delta writes exactly one row. It returns{ added, removed }so downstream consumers (notably the membership-webhook payload work in LOG-13462) can read the delta without a re-query.replace()is unchanged. The new method is opt-in. This PR migrates one call site —PUT /organizations/:id/users— where organization membership can grow into the 10k+ range. The other nineTwoRelationsQueriessubclasses continue to usereplace().For relation tables upstream of an
on delete cascadeFK (e.g.organization_user_relations→organization_role_user_relations),replace()cascades for every current row on every call — silently dropping dependents of unchanged members.replaceWithDelta()only cascades for truly-departing rows, so dependents of surviving members are preserved. The migratedPUT /organizations/:id/usersnow keeps a member's role assignments when their membership survives the PUT; a new integration test guards this.16553c0: expose
isCurrenton the Account API sessions responseGET /api/my-account/sessionsnow returnsisCurrent: booleanon every entry. The session whose OIDC uid backs the calling access token istrue; the others arefalse. Use this to mark the "This device" entry in session-management UIs and to avoid revoking the caller's own session.The admin user-sessions endpoints (
GET /users/:userId/sessionsandGET /users/:userId/sessions/:sessionId) are unchanged — they have no caller-session concept and continue to use the original response shape.Closes #8681.
Updated dependencies [32c40b1]
Updated dependencies [8407ecd]
Updated dependencies [346816a]
Updated dependencies [2ae0a42]
Updated dependencies [6b9944d]
Updated dependencies [fafe81e]
Updated dependencies [6172751]
Updated dependencies [7b7a5c8]
Updated dependencies [41a56f7]
Updated dependencies [42f3969]
Updated dependencies [16553c0]
Updated dependencies [7c30c2a]
Updated dependencies [be5fa48]
@logto/account@0.4.1
Patch Changes
32c40b1: clarify Account Center 2-step verification toggle label
2ae0a42: fix social linking callback in Account Center to preserve connector id
Render the callback through React Router so
useParams()can correctly read theconnectorIdfrom the URL and avoid incorrectly showing "social sign-in method is not enabled"7c30c2a: fix: silently re-authenticate Account Center on user info error instead of forcing the login screen
When
/api/my-accountreturns an error (e.g. a stale access token after a user switch on the same browser), Account Center now redirects withprompt=noneso the OIDC provider can re-authenticate via the existing session cookie. If no valid session is available the provider answers witherror=login_requiredand Account Center falls back to the previousprompt=loginbehavior, preserving the stale-state cleanup invariant from fix(account): sync auth state with server #8313 / fix(account): upgrade Logto React SDK for logout consistency #8554 / bug: Account Center localStorage is not cleared on user switch, causing previous user's data to persist #8590.be5fa48: redirect expired account center sessions without flashing the manual sign-in error
@logto/experience@1.19.2
Patch Changes
346816a: fix: require terms agreement when the sign-in flow turns into a registration
When the agreement policy is
ManualRegistrationOnly("Require checkbox agreement on registration only"), signing in with an unregistered email or phone and then confirming "create a new account" used to create the account without ever asking the user to agree to the terms. The terms agreement is now prompted before the account is created on this path, matching the dedicated registration form and the social/SSO registration flows.