Release PR

[ryanbas21]

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

@forgerock/davinci-client@2.1.0

Minor Changes

• #562 63e94aa Thanks @ryanbas21! - Add QR code collector support to davinci-client

• #563 ec39137 Thanks @ancheetah! - Adds pollStatus() method and PollingCollector to @forgerock/davinci-client for polling support in DaVinci flows.

  Pass a PollingCollector to davinciClient.pollStatus(collector) to get a poller function. The polling mode is detected automatically from the collector:

  • Challenge polling: Periodically calls the /status endpoint until the challenge is resolved.
  • Continue polling: Performs a delay and returns a status based on remaining poll retries. Call the returned poller function repeatedly in a loop until it resolves with the next node in the flow or an error.

  Adds ability to intercept the polling request with middleware.

• #579 6c13d93 Thanks @ancheetah! - Support form agreements with AgreementCollector

Patch Changes

• #564 15d5af3 Thanks @ryanbas21! - Update interfaces and types that are missing from exports

• Updated dependencies [ec39137, d849256]:

  • @forgerock/sdk-request-middleware@2.1.0
  • @forgerock/storage@2.1.0
  • @forgerock/sdk-logger@2.1.0
  • @forgerock/sdk-oidc@2.1.0
  • @forgerock/sdk-types@2.1.0
  • @forgerock/sdk-utilities@2.1.0

@forgerock/journey-client@2.1.0

Minor Changes

• #581 07015a2 Thanks @vatsalparikh! - Add WebAuthn conditional mediation (passkey autofill) support.
  • WebAuthn.authenticate(step, signal?) derives mediation from WebAuthn metadata (meta.mediation).
  • When meta.mediation is 'conditional', an AbortSignal is used (caller-provided if present, otherwise created by the SDK).
  • If conditional mediation is requested but not supported, authenticate() throws NotSupportedError (and the existing error handling sets the hidden outcome to unsupported).
  • Adds WebAuthn.isConditionalMediationSupported() helper, docs, and unit tests.

Patch Changes

• #564 15d5af3 Thanks @ryanbas21! - Update interfaces and types that are missing from exports

• #583 b081582 Thanks @vatsalparikh! - Restore legacy resume() redirect query-param handling.

  resume() now parses and forwards additional URL params (error, errorCode, errorMessage, nonce, RelayState, scope, suspendedId) and uses authIndexValue as a fallback journey value.

• #557 5fe2f41 Thanks @ryanbas21! - Extend JourneyClientConfig from AsyncLegacyConfigOptions so the same config object can be shared across journey-client, davinci-client, and oidc-client

  • clientId, scope, redirectUri, and other inherited properties are now accepted but ignored — a warning is logged when they are provided
  • serverConfig.wellknown remains required

• #578 096733d Thanks @SteinGabriel! - Support signalsInitializationOptions pass-through config from AM in PingOneProtectInitializeCallback.

  • getConfig() detects signalsInitializationOptions in the callback output; if it is a valid plain object, returns it directly as SignalsInitializationOptions
  • Falls back to the existing ProtectConfig construction when the property is absent or invalid (null, string, array)
  • protect() now accepts ProtectConfig | SignalsInitializationOptions so the pass-through config flows in without type assertions
  • Updates vendored Signals SDK from v5.6.0w to v5.6.9w

• Updated dependencies [ec39137, d849256]:

  • @forgerock/sdk-request-middleware@2.1.0
  • @forgerock/storage@2.1.0
  • @forgerock/sdk-logger@2.1.0
  • @forgerock/sdk-oidc@2.1.0
  • @forgerock/sdk-types@2.1.0
  • @forgerock/sdk-utilities@2.1.0

@forgerock/sdk-request-middleware@2.1.0

Minor Changes

• #563 ec39137 Thanks @ancheetah! - Adds pollStatus() method and PollingCollector to @forgerock/davinci-client for polling support in DaVinci flows.

  Pass a PollingCollector to davinciClient.pollStatus(collector) to get a poller function. The polling mode is detected automatically from the collector:

  • Challenge polling: Periodically calls the /status endpoint until the challenge is resolved.
  • Continue polling: Performs a delay and returns a status based on remaining poll retries. Call the returned poller function repeatedly in a loop until it resolves with the next node in the flow or an error.

  Adds ability to intercept the polling request with middleware.

Patch Changes

• #555 d849256 Thanks @ancheetah! - Fixes files distributed in sdk-effects packages. Excludes files not in /dist folder.

@forgerock/device-client@2.1.0

Patch Changes

• #564 15d5af3 Thanks @ryanbas21! - Update interfaces and types that are missing from exports

@forgerock/oidc-client@2.1.0

Patch Changes

• #564 15d5af3 Thanks @ryanbas21! - Update interfaces and types that are missing from exports

• Updated dependencies [ec39137, d849256]:

  • @forgerock/sdk-request-middleware@2.1.0
  • @forgerock/iframe-manager@2.1.0
  • @forgerock/storage@2.1.0
  • @forgerock/sdk-logger@2.1.0
  • @forgerock/sdk-oidc@2.1.0
  • @forgerock/sdk-types@2.1.0

@forgerock/protect@2.1.0

Patch Changes

• #578 096733d Thanks @SteinGabriel! - Support signalsInitializationOptions pass-through config from AM in PingOneProtectInitializeCallback.
  • getConfig() detects signalsInitializationOptions in the callback output; if it is a valid plain object, returns it directly as SignalsInitializationOptions
  • Falls back to the existing ProtectConfig construction when the property is absent or invalid (null, string, array)
  • protect() now accepts ProtectConfig | SignalsInitializationOptions so the pass-through config flows in without type assertions
  • Updates vendored Signals SDK from v5.6.0w to v5.6.9w

@forgerock/iframe-manager@2.1.0

Patch Changes

• #555 d849256 Thanks @ancheetah! - Fixes files distributed in sdk-effects packages. Excludes files not in /dist folder.

@forgerock/sdk-logger@2.1.0

Patch Changes

• #555 d849256 Thanks @ancheetah! - Fixes files distributed in sdk-effects packages. Excludes files not in /dist folder.

@forgerock/sdk-oidc@2.1.0

Patch Changes

• #555 d849256 Thanks @ancheetah! - Fixes files distributed in sdk-effects packages. Excludes files not in /dist folder.

• Updated dependencies []:

  • @forgerock/sdk-types@2.1.0
  • @forgerock/sdk-utilities@2.1.0

@forgerock/storage@2.1.0

Patch Changes

• #555 d849256 Thanks @ancheetah! - Fixes files distributed in sdk-effects packages. Excludes files not in /dist folder.

• Updated dependencies []:

  • @forgerock/sdk-types@2.1.0

@forgerock/sdk-utilities@2.1.0

Patch Changes

• Updated dependencies []:
  • @forgerock/sdk-types@2.1.0

@forgerock/sdk-types@2.1.0

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Removed several changeset files and bumped many package versions from 2.0.0 → 2.1.0 with corresponding 2.1.0 changelog entries (noting dependency bumps and sdk-effects distribution fixes).

Changes

Cohort / File(s)	Summary
Changeset Cleanup \.changeset/odd-parents-joke.md, \.changeset/fast-ways-rest.md, \.changeset/journey-client-config-alignment.md, \.changeset/deep-spies-kick.md, \.changeset/lucky-parts-own.md	Deleted multiple changeset files that previously declared pending patch/minor releases and noted feature/config changes.
Core Client Manifests packages/davinci-client/package.json, packages/device-client/package.json, packages/journey-client/package.json, packages/oidc-client/package.json, packages/protect/package.json	Updated version fields from 2.0.0 → 2.1.0 only.
Core Client Changelogs packages/davinci-client/CHANGELOG.md, packages/device-client/CHANGELOG.md, packages/journey-client/CHANGELOG.md, packages/oidc-client/CHANGELOG.md, packages/protect/CHANGELOG.md	Added ## 2.1.0 entries documenting dependency bumps and package-specific notes (QR code collector, resume() behavior, export fixes).
SDK-Effects Manifests packages/sdk-effects/.../package.json packages/sdk-effects/iframe-manager/package.json, packages/sdk-effects/logger/package.json, packages/sdk-effects/oidc/package.json, packages/sdk-effects/sdk-request-middleware/package.json, packages/sdk-effects/storage/package.json	Bumped version fields from 2.0.0 → 2.1.0.
SDK-Effects Changelogs packages/sdk-effects/.../CHANGELOG.md packages/sdk-effects/iframe-manager/CHANGELOG.md, packages/sdk-effects/logger/CHANGELOG.md, packages/sdk-effects/oidc/CHANGELOG.md, packages/sdk-effects/sdk-request-middleware/CHANGELOG.md, packages/sdk-effects/storage/CHANGELOG.md	Added 2.1.0 Patch Changes entries describing packaging fix to exclude files outside /dist.
Utility Manifests packages/sdk-types/package.json, packages/sdk-utilities/package.json	Bumped version fields from 2.0.0 → 2.1.0.
Utility Changelogs packages/sdk-types/CHANGELOG.md, packages/sdk-utilities/CHANGELOG.md	Added ## 2.1.0 headers and notes about dependency updates.
Misc Changelogs packages/davinci-client/CHANGELOG.md, packages/sdk-effects/sdk-request-middleware/CHANGELOG.md	Inserted notes on DaVinci polling behavior and QR code collector support where applicable.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• fix(journey-client): align config with DaVinci and OIDC clients #557: touches the same journey-client changeset entry and related config notes.
• feat: add interface mapping, api-report tool, and client re-export guards #564: aligns with exported-interface/type fixes referenced across changelogs.
• chore: fix files distributed in effect packages #555: addresses sdk-effects packaging fix (exclude non-/dist files) noted in multiple changelogs.

Suggested reviewers

• cerebrl
• ancheetah

Poem

🐇
I hopped through versions, soft and bright,
From two-dot-oh to two-dot-one tonight.
Distories trimmed and changelogs in tune,
A tiny nibble, a happy release boon —
Hooray for tidy packages under the moon!

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The pull request description lacks a JIRA ticket reference and provides minimal technical context. The description is auto-generated by Changesets and does not follow the repository template.	Add a JIRA ticket reference if applicable and provide a brief description of the changes or release objectives beyond the auto-generated changelog content.
Title check	❓ Inconclusive	The title 'Release PR' is vague and generic, providing minimal information about the actual changes despite being a release PR with multiple package version bumps.	Consider using a more descriptive title such as 'Release: Bump multiple packages to v2.1.0' or 'Release v2.1.0 for davinci-client, journey-client, device-client, and others' to clearly convey the primary purpose.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch changeset-release/main

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[nx-cloud]

View your CI Pipeline Execution ↗ for commit 3ea55ca

Command	Status	Duration	Result
nx affected -t build lint test typecheck e2e-ci	❌ Failed	1m 47s	View ↗

---

☁️ Nx Cloud last updated this comment at 2026-05-04 15:59:00 UTC

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@packages/sdk-utilities/CHANGELOG.md`:
- Line 7: Replace the malformed changelog entry string "Updated dependencies
[]:" with a proper heading such as "Updated dependencies:" or, if there are
specific packages, replace the empty brackets with a comma-separated list of the
updated packages; locate the exact token "Updated dependencies []:" in
CHANGELOG.md and remove the empty square brackets or populate them with the
dependency names so the line reads correctly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 80c258cc-8a08-4435-80ff-d329f5cf4beb

📥 Commits

Reviewing files that changed from the base of the PR and between 67c2191 and 70d5261.

📒 Files selected for processing (25)

• .changeset/odd-parents-joke.md
• packages/davinci-client/CHANGELOG.md
• packages/davinci-client/package.json
• packages/device-client/CHANGELOG.md
• packages/device-client/package.json
• packages/journey-client/CHANGELOG.md
• packages/journey-client/package.json
• packages/oidc-client/CHANGELOG.md
• packages/oidc-client/package.json
• packages/protect/CHANGELOG.md
• packages/protect/package.json
• packages/sdk-effects/iframe-manager/CHANGELOG.md
• packages/sdk-effects/iframe-manager/package.json
• packages/sdk-effects/logger/CHANGELOG.md
• packages/sdk-effects/logger/package.json
• packages/sdk-effects/oidc/CHANGELOG.md
• packages/sdk-effects/oidc/package.json
• packages/sdk-effects/sdk-request-middleware/CHANGELOG.md
• packages/sdk-effects/sdk-request-middleware/package.json
• packages/sdk-effects/storage/CHANGELOG.md
• packages/sdk-effects/storage/package.json
• packages/sdk-types/CHANGELOG.md
• packages/sdk-types/package.json
• packages/sdk-utilities/CHANGELOG.md
• packages/sdk-utilities/package.json

💤 Files with no reviewable changes (1)

• .changeset/odd-parents-joke.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Fix malformed dependency note formatting.

Line 7 includes empty brackets (Updated dependencies []:), which reads like a broken reference token in the published changelog.

Suggested fix

-- Updated dependencies []:
+- Updated dependencies:

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- Updated dependencies []:
	- Updated dependencies:

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/sdk-utilities/CHANGELOG.md` at line 7, Replace the malformed
changelog entry string "Updated dependencies []:" with a proper heading such as
"Updated dependencies:" or, if there are specific packages, replace the empty
brackets with a comma-separated list of the updated packages; locate the exact
token "Updated dependencies []:" in CHANGELOG.md and remove the empty square
brackets or populate them with the dependency names so the line reads correctly.

[pkg-pr-new]

Open in StackBlitz

@forgerock/davinci-client

pnpm add https://pkg.pr.new/@forgerock/davinci-client@561

@forgerock/device-client

pnpm add https://pkg.pr.new/@forgerock/device-client@561

@forgerock/journey-client

pnpm add https://pkg.pr.new/@forgerock/journey-client@561

@forgerock/oidc-client

pnpm add https://pkg.pr.new/@forgerock/oidc-client@561

@forgerock/protect

pnpm add https://pkg.pr.new/@forgerock/protect@561

@forgerock/sdk-types

pnpm add https://pkg.pr.new/@forgerock/sdk-types@561

@forgerock/sdk-utilities

pnpm add https://pkg.pr.new/@forgerock/sdk-utilities@561

@forgerock/iframe-manager

pnpm add https://pkg.pr.new/@forgerock/iframe-manager@561

@forgerock/sdk-logger

pnpm add https://pkg.pr.new/@forgerock/sdk-logger@561

@forgerock/sdk-oidc

pnpm add https://pkg.pr.new/@forgerock/sdk-oidc@561

@forgerock/sdk-request-middleware

pnpm add https://pkg.pr.new/@forgerock/sdk-request-middleware@561

@forgerock/storage

pnpm add https://pkg.pr.new/@forgerock/storage@561

commit: 56dfa21

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 17.51%. Comparing base (5d6747a) to head (56dfa21).
⚠️ Report is 83 commits behind head on main.

❌ Your project status has failed because the head coverage (17.51%) is below the target coverage (40.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files

@@             Coverage Diff             @@
##             main     #561       +/-   ##
===========================================
- Coverage   70.90%   17.51%   -53.40%     
===========================================
  Files          53      154      +101     
  Lines        2021    24151    +22130     
  Branches      377     1145      +768     
===========================================
+ Hits         1433     4229     +2796     
- Misses        588    19922    +19334     

see 101 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[github-actions]

Deployed b43028e to https://ForgeRock.github.io/ping-javascript-sdk/pr-561/b43028e6d2bd8034034687fbd5cc37512239745f branch gh-pages in ForgeRock/ping-javascript-sdk

[github-actions]

📦 Bundle Size Analysis

📦 Bundle Size Analysis

🚨 Significant Changes

🔻 @forgerock/device-client - 0.0 KB (-10.0 KB, -100.0%)
🔻 @forgerock/journey-client - 0.0 KB (-90.3 KB, -100.0%)

➖ No Changes

➖ @forgerock/device-client - 10.0 KB
➖ @forgerock/davinci-client - 48.3 KB
➖ @forgerock/oidc-client - 25.2 KB
➖ @forgerock/sdk-utilities - 11.2 KB
➖ @forgerock/sdk-types - 7.9 KB
➖ @forgerock/protect - 144.6 KB
➖ @forgerock/journey-client - 90.3 KB
➖ @forgerock/storage - 1.5 KB
➖ @forgerock/sdk-oidc - 4.8 KB
➖ @forgerock/sdk-request-middleware - 4.5 KB
➖ @forgerock/sdk-logger - 1.6 KB
➖ @forgerock/iframe-manager - 2.4 KB

---

14 packages analyzed • Baseline from latest main build

Legend

🆕 New package
🔺 Size increased
🔻 Size decreased
➖ No change

ℹ️ How bundle sizes are calculated

• Current Size: Total gzipped size of all files in the package's dist directory
• Baseline: Comparison against the latest build from the main branch
• Files included: All build outputs except source maps and TypeScript build cache
• Exclusions: .map, .tsbuildinfo, and .d.ts.map files

---

_{🔄 Updated automatically on each push to this PR}