Release PR

[ryanbas21]

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

@forgerock/davinci-client@2.1.0

Minor Changes

• #572 eafe277 Thanks @ryanbas21! - Add ValidatedPasswordCollector alongside PasswordCollector. The reducer routes by field.type: PASSWORD always produces a PasswordCollector, PASSWORD_VERIFY always produces a ValidatedPasswordCollector. ValidatedPasswordCollector.output.passwordPolicy carries the embedded policy from the field; when the field has no policy, an empty policy object is emitted and the validator treats it as no rules. Consumers can render password requirements directly from the collector.

  Both collectors now expose a verify: boolean on output (defaults to false), propagated from the field when the server sends verify: true.

  store.validate(collector) accepts a ValidatedPasswordCollector and returns a validator that enforces the policy's length, unique-character, repeated-character, and per-charset minimum rules. Passing a PasswordCollector returns the standard "cannot be validated" error.

• #562 63e94aa Thanks @ryanbas21! - Add QR code collector support to davinci-client

• #573 77ecd01 Thanks @ancheetah! - A new PhoneNumberExtensionCollector has been added to support phone number fields that include an extension. When a DaVinci PHONE_NUMBER field has showExtension: true, the SDK now produces a PhoneNumberExtensionCollector instead of a PhoneNumberCollector.

• #563 ec39137 Thanks @ancheetah! - Adds pollStatus() method and PollingCollector to @forgerock/davinci-client for polling support in DaVinci flows.

  Pass a PollingCollector to davinciClient.pollStatus(collector) to get a poller function. The polling mode is detected automatically from the collector:

  • Challenge polling: Periodically calls the /status endpoint until the challenge is resolved.
  • Continue polling: Performs a delay and returns a status based on remaining poll retries. Call the returned poller function repeatedly in a loop until it resolves with the next node in the flow or an error.

  Adds ability to intercept the polling request with middleware.

• #568 df2e9e2 Thanks @ryanbas21! - A new ReadOnlyCollector.output.richContent property is always present and contains the structured link data when a LABEL field includes richContent. Its shape is CollectorRichContent — a template string with {{key}} placeholders (content) and a validated replacements array (ValidatedReplacement[]). When no richContent is present, replacements is an empty array.

  New type exports: RichContentLink, ValidatedReplacement, CollectorRichContent

• #579 6c13d93 Thanks @ancheetah! - Support form agreements with AgreementCollector

Patch Changes

• #564 15d5af3 Thanks @ryanbas21! - Update interfaces and types that are missing from exports

• Updated dependencies [ec39137, d849256]:

  • @forgerock/sdk-request-middleware@2.1.0
  • @forgerock/storage@2.1.0
  • @forgerock/sdk-logger@2.1.0
  • @forgerock/sdk-oidc@2.1.0
  • @forgerock/sdk-types@2.1.0
  • @forgerock/sdk-utilities@2.1.0

@forgerock/journey-client@2.1.0

Minor Changes

• #581 07015a2 Thanks @vatsalparikh! - Add WebAuthn conditional mediation (passkey autofill) support.
  • WebAuthn.authenticate(step, signal?) derives mediation from WebAuthn metadata (meta.mediation).
  • When meta.mediation is 'conditional', an AbortSignal is used (caller-provided if present, otherwise created by the SDK).
  • If conditional mediation is requested but not supported, authenticate() throws NotSupportedError (and the existing error handling sets the hidden outcome to unsupported).
  • Adds WebAuthn.isConditionalMediationSupported() helper, docs, and unit tests.

Patch Changes

• #564 15d5af3 Thanks @ryanbas21! - Update interfaces and types that are missing from exports

• #583 b081582 Thanks @vatsalparikh! - Restore legacy resume() redirect query-param handling.

  resume() now parses and forwards additional URL params (error, errorCode, errorMessage, nonce, RelayState, scope, suspendedId) and uses authIndexValue as a fallback journey value.

• #557 5fe2f41 Thanks @ryanbas21! - Extend JourneyClientConfig from AsyncLegacyConfigOptions so the same config object can be shared across journey-client, davinci-client, and oidc-client

  • clientId, scope, redirectUri, and other inherited properties are now accepted but ignored — a warning is logged when they are provided
  • serverConfig.wellknown remains required

• #578 096733d Thanks @SteinGabriel! - Support signalsInitializationOptions pass-through config from AM in PingOneProtectInitializeCallback.

  • getConfig() detects signalsInitializationOptions in the callback output; if it is a valid plain object, returns it directly as SignalsInitializationOptions
  • Falls back to the existing ProtectConfig construction when the property is absent or invalid (null, string, array)
  • protect() now accepts ProtectConfig | SignalsInitializationOptions so the pass-through config flows in without type assertions
  • Updates vendored Signals SDK from v5.6.0w to v5.6.9w

• Updated dependencies [ec39137, d849256]:

  • @forgerock/sdk-request-middleware@2.1.0
  • @forgerock/storage@2.1.0
  • @forgerock/sdk-logger@2.1.0
  • @forgerock/sdk-oidc@2.1.0
  • @forgerock/sdk-types@2.1.0
  • @forgerock/sdk-utilities@2.1.0

@forgerock/sdk-request-middleware@2.1.0

Minor Changes

• #563 ec39137 Thanks @ancheetah! - Adds pollStatus() method and PollingCollector to @forgerock/davinci-client for polling support in DaVinci flows.

  Pass a PollingCollector to davinciClient.pollStatus(collector) to get a poller function. The polling mode is detected automatically from the collector:

  • Challenge polling: Periodically calls the /status endpoint until the challenge is resolved.
  • Continue polling: Performs a delay and returns a status based on remaining poll retries. Call the returned poller function repeatedly in a loop until it resolves with the next node in the flow or an error.

  Adds ability to intercept the polling request with middleware.

Patch Changes

• #555 d849256 Thanks @ancheetah! - Fixes files distributed in sdk-effects packages. Excludes files not in /dist folder.

@forgerock/device-client@2.1.0

Patch Changes

• #564 15d5af3 Thanks @ryanbas21! - Update interfaces and types that are missing from exports

@forgerock/oidc-client@2.1.0

Patch Changes

• #564 15d5af3 Thanks @ryanbas21! - Update interfaces and types that are missing from exports

• Updated dependencies [ec39137, d849256]:

  • @forgerock/sdk-request-middleware@2.1.0
  • @forgerock/iframe-manager@2.1.0
  • @forgerock/storage@2.1.0
  • @forgerock/sdk-logger@2.1.0
  • @forgerock/sdk-oidc@2.1.0
  • @forgerock/sdk-types@2.1.0

@forgerock/protect@2.1.0

Patch Changes

• #578 096733d Thanks @SteinGabriel! - Support signalsInitializationOptions pass-through config from AM in PingOneProtectInitializeCallback.
  • getConfig() detects signalsInitializationOptions in the callback output; if it is a valid plain object, returns it directly as SignalsInitializationOptions
  • Falls back to the existing ProtectConfig construction when the property is absent or invalid (null, string, array)
  • protect() now accepts ProtectConfig | SignalsInitializationOptions so the pass-through config flows in without type assertions
  • Updates vendored Signals SDK from v5.6.0w to v5.6.9w

@forgerock/iframe-manager@2.1.0

Patch Changes

• #555 d849256 Thanks @ancheetah! - Fixes files distributed in sdk-effects packages. Excludes files not in /dist folder.

@forgerock/sdk-logger@2.1.0

Patch Changes

• #555 d849256 Thanks @ancheetah! - Fixes files distributed in sdk-effects packages. Excludes files not in /dist folder.

@forgerock/sdk-oidc@2.1.0

Patch Changes

• #555 d849256 Thanks @ancheetah! - Fixes files distributed in sdk-effects packages. Excludes files not in /dist folder.

• Updated dependencies []:

  • @forgerock/sdk-types@2.1.0
  • @forgerock/sdk-utilities@2.1.0

@forgerock/storage@2.1.0

Patch Changes

• #555 d849256 Thanks @ancheetah! - Fixes files distributed in sdk-effects packages. Excludes files not in /dist folder.

• Updated dependencies []:

  • @forgerock/sdk-types@2.1.0

@forgerock/sdk-utilities@2.1.0

Patch Changes

• Updated dependencies []:
  • @forgerock/sdk-types@2.1.0

@forgerock/sdk-types@2.1.0

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Removed several changeset files and bumped many package versions from 2.0.0 → 2.1.0 with corresponding 2.1.0 changelog entries (noting dependency bumps and sdk-effects distribution fixes).

Changes

Cohort / File(s)	Summary
Changeset Cleanup \.changeset/odd-parents-joke.md, \.changeset/fast-ways-rest.md, \.changeset/journey-client-config-alignment.md, \.changeset/deep-spies-kick.md, \.changeset/lucky-parts-own.md	Deleted multiple changeset files that previously declared pending patch/minor releases and noted feature/config changes.
Core Client Manifests packages/davinci-client/package.json, packages/device-client/package.json, packages/journey-client/package.json, packages/oidc-client/package.json, packages/protect/package.json	Updated version fields from 2.0.0 → 2.1.0 only.
Core Client Changelogs packages/davinci-client/CHANGELOG.md, packages/device-client/CHANGELOG.md, packages/journey-client/CHANGELOG.md, packages/oidc-client/CHANGELOG.md, packages/protect/CHANGELOG.md	Added ## 2.1.0 entries documenting dependency bumps and package-specific notes (QR code collector, resume() behavior, export fixes).
SDK-Effects Manifests packages/sdk-effects/.../package.json packages/sdk-effects/iframe-manager/package.json, packages/sdk-effects/logger/package.json, packages/sdk-effects/oidc/package.json, packages/sdk-effects/sdk-request-middleware/package.json, packages/sdk-effects/storage/package.json	Bumped version fields from 2.0.0 → 2.1.0.
SDK-Effects Changelogs packages/sdk-effects/.../CHANGELOG.md packages/sdk-effects/iframe-manager/CHANGELOG.md, packages/sdk-effects/logger/CHANGELOG.md, packages/sdk-effects/oidc/CHANGELOG.md, packages/sdk-effects/sdk-request-middleware/CHANGELOG.md, packages/sdk-effects/storage/CHANGELOG.md	Added 2.1.0 Patch Changes entries describing packaging fix to exclude files outside /dist.
Utility Manifests packages/sdk-types/package.json, packages/sdk-utilities/package.json	Bumped version fields from 2.0.0 → 2.1.0.
Utility Changelogs packages/sdk-types/CHANGELOG.md, packages/sdk-utilities/CHANGELOG.md	Added ## 2.1.0 headers and notes about dependency updates.
Misc Changelogs packages/davinci-client/CHANGELOG.md, packages/sdk-effects/sdk-request-middleware/CHANGELOG.md	Inserted notes on DaVinci polling behavior and QR code collector support where applicable.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• fix(journey-client): align config with DaVinci and OIDC clients #557: touches the same journey-client changeset entry and related config notes.
• feat: add interface mapping, api-report tool, and client re-export guards #564: aligns with exported-interface/type fixes referenced across changelogs.
• chore: fix files distributed in effect packages #555: addresses sdk-effects packaging fix (exclude non-/dist files) noted in multiple changelogs.

Suggested reviewers

• cerebrl
• ancheetah

Poem

🐇
I hopped through versions, soft and bright,
From two-dot-oh to two-dot-one tonight.
Distories trimmed and changelogs in tune,
A tiny nibble, a happy release boon —
Hooray for tidy packages under the moon!

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'Release PR' is vague and generic, providing minimal information about the actual changes despite being a release PR with multiple package version bumps.	Consider using a more descriptive title such as 'Release: Bump multiple packages to v2.1.0' or 'Release v2.1.0 for davinci-client, journey-client, device-client, and others' to clearly convey the primary purpose.
Description check	❓ Inconclusive	The PR description is auto-generated by the Changesets release action and lacks required sections from the template (JIRA ticket and description fields).	Consider if auto-generated Changesets release PRs should follow the repository's PR description template, or if they should be exempt from this requirement.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch changeset-release/main

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[nx-cloud]

View your CI Pipeline Execution ↗ for commit 0c90273

Command	Status	Duration	Result
nx run-many -t build --no-agents	✅ Succeeded	<1s	View ↗
nx affected -t build lint test typecheck e2e-ci	✅ Succeeded	1m 29s	View ↗

---

☁️ Nx Cloud last updated this comment at 2026-05-12 17:07:25 UTC

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@packages/sdk-utilities/CHANGELOG.md`:
- Line 7: Replace the malformed changelog entry string "Updated dependencies
[]:" with a proper heading such as "Updated dependencies:" or, if there are
specific packages, replace the empty brackets with a comma-separated list of the
updated packages; locate the exact token "Updated dependencies []:" in
CHANGELOG.md and remove the empty square brackets or populate them with the
dependency names so the line reads correctly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 80c258cc-8a08-4435-80ff-d329f5cf4beb

📥 Commits

Reviewing files that changed from the base of the PR and between 67c2191 and 70d5261.

📒 Files selected for processing (25)

• .changeset/odd-parents-joke.md
• packages/davinci-client/CHANGELOG.md
• packages/davinci-client/package.json
• packages/device-client/CHANGELOG.md
• packages/device-client/package.json
• packages/journey-client/CHANGELOG.md
• packages/journey-client/package.json
• packages/oidc-client/CHANGELOG.md
• packages/oidc-client/package.json
• packages/protect/CHANGELOG.md
• packages/protect/package.json
• packages/sdk-effects/iframe-manager/CHANGELOG.md
• packages/sdk-effects/iframe-manager/package.json
• packages/sdk-effects/logger/CHANGELOG.md
• packages/sdk-effects/logger/package.json
• packages/sdk-effects/oidc/CHANGELOG.md
• packages/sdk-effects/oidc/package.json
• packages/sdk-effects/sdk-request-middleware/CHANGELOG.md
• packages/sdk-effects/sdk-request-middleware/package.json
• packages/sdk-effects/storage/CHANGELOG.md
• packages/sdk-effects/storage/package.json
• packages/sdk-types/CHANGELOG.md
• packages/sdk-types/package.json
• packages/sdk-utilities/CHANGELOG.md
• packages/sdk-utilities/package.json

💤 Files with no reviewable changes (1)

• .changeset/odd-parents-joke.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Fix malformed dependency note formatting.

Line 7 includes empty brackets (Updated dependencies []:), which reads like a broken reference token in the published changelog.

Suggested fix

-- Updated dependencies []:
+- Updated dependencies:

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- Updated dependencies []:
	- Updated dependencies:

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/sdk-utilities/CHANGELOG.md` at line 7, Replace the malformed
changelog entry string "Updated dependencies []:" with a proper heading such as
"Updated dependencies:" or, if there are specific packages, replace the empty
brackets with a comma-separated list of the updated packages; locate the exact
token "Updated dependencies []:" in CHANGELOG.md and remove the empty square
brackets or populate them with the dependency names so the line reads correctly.

[pkg-pr-new]

Open in StackBlitz

@forgerock/davinci-client

pnpm add https://pkg.pr.new/@forgerock/davinci-client@561

@forgerock/device-client

pnpm add https://pkg.pr.new/@forgerock/device-client@561

@forgerock/journey-client

pnpm add https://pkg.pr.new/@forgerock/journey-client@561

@forgerock/oidc-client

pnpm add https://pkg.pr.new/@forgerock/oidc-client@561

@forgerock/protect

pnpm add https://pkg.pr.new/@forgerock/protect@561

@forgerock/sdk-types

pnpm add https://pkg.pr.new/@forgerock/sdk-types@561

@forgerock/sdk-utilities

pnpm add https://pkg.pr.new/@forgerock/sdk-utilities@561

@forgerock/iframe-manager

pnpm add https://pkg.pr.new/@forgerock/iframe-manager@561

@forgerock/sdk-logger

pnpm add https://pkg.pr.new/@forgerock/sdk-logger@561

@forgerock/sdk-oidc

pnpm add https://pkg.pr.new/@forgerock/sdk-oidc@561

@forgerock/sdk-request-middleware

pnpm add https://pkg.pr.new/@forgerock/sdk-request-middleware@561

@forgerock/storage

pnpm add https://pkg.pr.new/@forgerock/storage@561

commit: 0c90273

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 18.07%. Comparing base (5d6747a) to head (0c90273).
⚠️ Report is 98 commits behind head on main.

❌ Your project status has failed because the head coverage (18.07%) is below the target coverage (40.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files

@@             Coverage Diff             @@
##             main     #561       +/-   ##
===========================================
- Coverage   70.90%   18.07%   -52.84%     
===========================================
  Files          53      155      +102     
  Lines        2021    24398    +22377     
  Branches      377     1203      +826     
===========================================
+ Hits         1433     4410     +2977     
- Misses        588    19988    +19400     

see 101 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[github-actions]

Deployed ec79f5e to https://ForgeRock.github.io/ping-javascript-sdk/pr-561/ec79f5ed56b25b2df1136f937434e15081947c49 branch gh-pages in ForgeRock/ping-javascript-sdk

[github-actions]

📦 Bundle Size Analysis

📦 Bundle Size Analysis

🚨 Significant Changes

🔻 @forgerock/device-client - 0.0 KB (-10.0 KB, -100.0%)
🔻 @forgerock/journey-client - 0.0 KB (-91.9 KB, -100.0%)

➖ No Changes

➖ @forgerock/device-client - 10.0 KB
➖ @forgerock/davinci-client - 53.5 KB
➖ @forgerock/oidc-client - 25.2 KB
➖ @forgerock/sdk-utilities - 11.2 KB
➖ @forgerock/sdk-types - 7.9 KB
➖ @forgerock/protect - 144.6 KB
➖ @forgerock/journey-client - 91.9 KB
➖ @forgerock/storage - 1.5 KB
➖ @forgerock/sdk-oidc - 4.8 KB
➖ @forgerock/sdk-request-middleware - 4.5 KB
➖ @forgerock/sdk-logger - 1.6 KB
➖ @forgerock/iframe-manager - 2.4 KB

---

14 packages analyzed • Baseline from latest main build

Legend

🆕 New package
🔺 Size increased
🔻 Size decreased
➖ No change

ℹ️ How bundle sizes are calculated

• Current Size: Total gzipped size of all files in the package's dist directory
• Baseline: Comparison against the latest build from the main branch
• Files included: All build outputs except source maps and TypeScript build cache
• Exclusions: .map, .tsbuildinfo, and .d.ts.map files

---

_{🔄 Updated automatically on each push to this PR}