fix(deps): update dependency @clerk/nextjs to v7 - abandoned

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@clerk/nextjs (source)	^6.39.0 → ^7.0.5

---

Release Notes

clerk/javascript (@​clerk/nextjs)

v7.0.5

Compare Source

Patch Changes

• Updated dependencies [b9cb6e5]:
  • @​clerk/shared@​4.3.1
  • @​clerk/react@​6.1.1
  • @​clerk/backend@​3.2.1

v7.0.4

Compare Source

Patch Changes

• Updated dependencies [1f43bf7, 766ae5b, de1386f, 02ff4f2]:
  • @​clerk/backend@​3.2.0
  • @​clerk/shared@​4.3.0
  • @​clerk/react@​6.1.0

v7.0.2

Compare Source

Patch Changes

• Fix build failures when using cacheComponents: true with dynamic routes (e.g. [id]) (#​7989) by @​jacekradko

• Updated dependencies [a8c64cc, 776ee1b, 7fb870d, 398b7f9, 09cb6d4, 09088ed]:

  • @​clerk/backend@​3.0.2
  • @​clerk/shared@​4.1.0
  • @​clerk/react@​6.0.2

v7.0.1

Compare Source

Patch Changes

• Update README prerequisites to match actual package.json engine and peer dependency constraints. (#​7972) by @​jacekradko

• Updated dependencies [55ece85]:

  • @​clerk/backend@​3.0.1
  • @​clerk/react@​6.0.1

v7.0.0

Compare Source

Major Changes

• Align experimental/unstable prefixes to use consistent naming: (#​7361) by @​brkalow

  • Renamed all __unstable_* methods to __internal_* (for internal APIs)
  • Renamed all experimental__* and experimental_* methods to __experimental_* (for beta features)
  • Removed deprecated billing-related props (__unstable_manageBillingUrl, __unstable_manageBillingLabel, __unstable_manageBillingMembersLimit) and experimental__forceOauthFirst

• Renamed __unstable_invokeMiddlewareOnAuthStateChange to __internal_invokeMiddlewareOnAuthStateChange. (#​7925) by @​jacekradko

• useAuth().getToken is no longer undefined during server-side rendering, it is a function and calling it will throw. (#​7730) by @​Ephem

  • If you are only using getToken in useEffect, event handlers or with non-suspenseful data fetching libraries, no change is necessary as these only trigger on the client.
  • If you are using suspenseful data fetching libraries that do trigger during SSR, you likely have strategies in place to avoid calling getToken already, since this has never been possible.
  • If you are using getToken === undefined checks to avoid calling it, know that it will now throw instead and you should catch and handle the error.

  async function doThingWithToken(getToken: GetToken) {
    try {
      const token = await getToken();
  
      // Use token
    } catch (error) {
      if (isClerkRuntimeError(error) && error.code === 'clerk_runtime_not_browser') {
        // Handle error
      }
    }
  }

  To access auth data server-side, see the Auth object reference doc.

• Refactor React SDK hooks to subscribe to auth state via useSyncExternalStore. This is a mostly internal refactor to unlock future improvements, but includes a few breaking changes and fixes. (#​7411) by @​Ephem

  Breaking changes:

  • Removes ability to pass in initialAuthState to useAuth
    • This was added for internal use and is no longer needed
    • Instead pass in initialState to the <ClerkProvider>, or dynamic if using the Next package
    • See your specific SDK documentation for more information on Server Rendering

  Fixes:

  • A bug where useAuth would sometimes briefly return the initialState rather than undefined
    • This could in certain situations incorrectly lead to a brief user: null on the first page after signing in, indicating a signed out state
  • Hydration mismatches in certain rare scenarios where subtrees would suspend and hydrate only after clerk-js had loaded fully

• Updating minimum version of Node to v20.9.0 (#​6936) by @​jacekradko

• Throw an error when an encryption key is missing when passing a secret key at runtime clerkMiddleware(). To migrate, ensure your application specifies a CLERK_ENCRYPTION_KEY environment variable when passing secretKey as a runtime option. (#​7360) by @​brkalow

• Return 401 instead of 404 for unauthenticated server action requests in auth.protect() (#​7820) by @​jacekradko

• Remove clerkJSUrl, clerkJSVersion, clerkUIUrl, and clerkUIVersion props from all SDKs. To pin a specific version of @clerk/clerk-js, import the Clerk constructor from @clerk/clerk-js and pass it to ClerkProvider via the Clerk prop. To pin a specific version of @clerk/ui, import ui from @clerk/ui and pass it via the ui prop. This bundles the modules directly with your application instead of loading them from the CDN. (#​7879) by @​jacekradko

• Remove all previously deprecated UI props across the Next.js, React and clerk-js SDKs. The legacy afterSign(In|Up)Url/redirectUrl props, UserButton sign-out overrides, organization hideSlug flags, OrganizationSwitcher's afterSwitchOrganizationUrl, Client.activeSessions, setActive({ beforeEmit }), and the ClerkMiddlewareAuthObject type alias are no longer exported. Components now rely solely on the new redirect options and server-side configuration. (#​7243) by @​jacekradko

• Introduce <Show when={...}> as the cross-framework authorization control component and remove <Protect>, <SignedIn>, and <SignedOut> in favor of <Show>. (#​7373) by @​jacekradko

• getToken() now throws ClerkOfflineError instead of returning null when the client is offline. (#​7598) by @​bratsos

  This makes it explicit that a token fetch failure was due to network conditions, not authentication state. Previously, returning null could be misinterpreted as "user is signed out," potentially causing the cached token to be cleared.

  To handle this change, catch ClerkOfflineError from getToken() calls:

  import { ClerkOfflineError } from '@​clerk/react/errors';
  
  try {
    const token = await session.getToken();
  } catch (error) {
    if (ClerkOfflineError.is(error)) {
      // Handle offline scenario - show offline UI, retry later, etc.
    }
    throw error;
  }

• Drop support for next@13 and next@14 since they have reached EOL. Now >= next@15.2.3 is required. (#​7197) by @​panteliselef

Minor Changes

• Add unsafe_disableDevelopmentModeConsoleWarning option to disable the development mode warning that's emitted to the console when Clerk is first loaded. (#​7505) by @​dstaley

• Add Frontend API proxy support via frontendApiProxy option in clerkMiddleware (#​7602) by @​brkalow

• Introducing setup_mfa session task (#​7626) by @​octoper

• Remove clerkJSVariant option and headless bundle. Use prefetchUI={false} instead. (#​7629) by @​jacekradko

• Add ui prop to ClerkProvider for passing @clerk/ui (#​7664) by @​jacekradko

• Add standalone getToken() function for retrieving session tokens outside of framework component trees. (#​7325) by @​bratsos

  This function is safe to call from anywhere in the browser, such as API interceptors, data fetching layers (e.g., React Query, SWR), or vanilla JavaScript code. It automatically waits for Clerk to initialize before returning the token.

  import { getToken } from '@​clerk/nextjs'; // or any framework package

  // Example: Axios interceptor
  axios.interceptors.request.use(async (config) => {
  const token = await getToken();
  if (token) {
  config.headers.Authorization = Bearer ${token};
  }
  return config;
  });

• Export useOrganizationCreationDefaults hook to fetch suggested organization name and logo from default naming rules (#​7694) by @​LauraBeatris

• Add /types subpath export to re-export types from @clerk/shared/types along with SDK-specific types. This allows importing Clerk types directly from the SDK package (e.g., import type { UserResource } from '@​clerk/react/types') without needing to install @clerk/types as a separate dependency. (#​7644) by @​nikosdouvlis

• Add HandleSSOCallback component which handles the SSO callback during custom flows, including support for sign-in-or-up. (#​7678) by @​dstaley

• Introduce <UNSAFE_PortalProvider> component which allows you to specify a custom container for Clerk floating UI elements (popovers, modals, tooltips, etc.) that use portals. Only Clerk components within the provider will be affected, components outside the provider will continue to use the default document.body for portals. (#​7310) by @​alexcarpenter

  This is particularly useful when using Clerk components inside external UI libraries like Radix Dialog or React Aria Components, where portaled elements need to render within the dialog's container to remain interact-able.

  'use client';
  
  import { useRef } from 'react';
  import * as Dialog from '@​radix-ui/react-dialog';
  import { UNSAFE_PortalProvider, UserButton } from '@​clerk/nextjs';
  
  export function UserDialog() {
    const containerRef = useRef<HTMLDivElement>(null);
  
    return (
      <Dialog.Root>
        <Dialog.Trigger>Open Dialog</Dialog.Trigger>
        <Dialog.Portal>
          <Dialog.Overlay />
          <Dialog.Content ref={containerRef}>
            <UNSAFE_PortalProvider getContainer={() => containerRef.current}>
              <UserButton />
            </UNSAFE_PortalProvider>
          </Dialog.Content>
        </Dialog.Portal>
      </Dialog.Root>
    );
  }

Patch Changes

• Fix an App Router navigation edge case where duplicate in-flight redirects to the same destination could leave Clerk's awaitable navigation pending indefinitely. (#​7865) by @​bratsos

• Rename dev browser APIs to remove JWT terminology. The dev browser identifier is now a generic ID, so internal naming has been updated to reflect this. No runtime behavior changes. (#​7930) by @​brkalow

• Wire clerkUIVersion option through all framework packages (#​7740) by @​nikosdouvlis

• Fixed an issue where the CSP nonce generated by clerkMiddleware({ contentSecurityPolicy: { strict: true } }) was not forwarded as a request header. Server components can now access the nonce via headers(), allowing ClerkProvider and Next.js to apply it to <script> tags. (#​7828) by @​jacekradko

• Fix Turbopack compatibility for ui prop by adding turbopackIgnore magic comment alongside webpackIgnore on the dynamic @clerk/ui/entry import. This prevents both bundlers from statically resolving the optional dependency at build time. (#​7805) by @​jacekradko

• Fix @clerk/ui/entry bare specifier failing in browser when using ui prop with RSC (#​7809) by @​jacekradko

• Add exports for useWaitlist hook. (#​7609) by @​alexcarpenter

• Updating peerDependency for CVE-2025-55182 (#​7423) by @​dominic-clerk

• Fix race condition that could cause __clerkSharedModules is not defined error when using the shared React UI variant. (#​7685) by @​bratsos

• Add support for Next.js 16 cache components by improving error detection and providing helpful error messages when auth() or currentUser() are called inside a "use cache" function. (#​7595) by @​jacekradko

• Add image CDNs to the connect-src Content Security Policy directive (#​7610) by @​LauraBeatris

• fix: Update getAuthData to use isMachineToken (#​7755) by @​jeremy-clerk

• Add satelliteAutoSync option to optimize satellite app handshake behavior (#​7597) by @​nikosdouvlis

  Satellite apps currently trigger a handshake redirect on every first page load, even when no cookies exist. This creates unnecessary redirects to the primary domain for apps where most users aren't authenticated.

  New option: satelliteAutoSync (default: false)

  • When false (default): Skip automatic handshake if no session cookies exist, only trigger after explicit sign-in action
  • When true: Satellite apps automatically trigger handshake on first load (previous behavior)

  New query parameter: __clerk_sync

  • __clerk_sync=1 (NeedsSync): Triggers handshake after returning from primary sign-in
  • __clerk_sync=2 (Completed): Prevents re-sync loop after handshake completes

  Backwards compatible: Still reads legacy __clerk_synced=true parameter.

  SSR redirect fix: Server-side redirects (e.g., redirectToSignIn() from middleware) now correctly add __clerk_sync=1 to the return URL for satellite apps. This ensures the handshake is triggered when the user returns from sign-in on the primary domain.

  CSR redirect fix: Client-side redirects now add __clerk_sync=1 to all redirect URL variants (forceRedirectUrl, fallbackRedirectUrl) for satellite apps, not just the default redirectUrl.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) in timezone Europe/Amsterdam.

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
northware-cockpit	Ready	Preview, Comment	Mar 17, 2026 6:13pm
northware-docs	Ready	Preview, Comment	Mar 17, 2026 6:13pm
northware-storybook	Canceled		Mar 17, 2026 6:13pm

[changeset-bot]

⚠️ No Changeset found

Latest commit: 3801a04

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

[renovate]

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.