release: version packages (#6850)

* release: version packages

* chore: update new connectors version number

---------

Co-authored-by: Darcy Ye <darcyye@silverhand.io>

.changeset/brown-donkeys-share.md

@@ -1,5 +0,0 @@
----
-"@logto/connector-yunpian-sms": minor
----
-
-add YunPian SMS connector

.changeset/chilled-radios-cover.md

@@ -1,9 +0,0 @@
----
-"@logto/cli": patch
----
-
-fix fetch official connector list CLI command error
-
-Due to changes in the npm registry API (`https://registry.npmjs.org/-/v1/search`) that our CLI add official connector depends on, the new API behavior returns irrelevant search results.
-
-We need to manually filter out these irrelevant results to avoid potential infinite loops, where each loop triggers an API call, eventually hitting a rate limit and resulting in a status code 429.

.changeset/hot-oranges-join.md

@@ -1,24 +0,0 @@
----
-"@logto/experience-legacy": minor
-"@logto/integration-tests": minor
-"@logto/experience": minor
-"@logto/console": minor
-"@logto/phrases": minor
-"@logto/schemas": minor
-"@logto/core": minor
----
-
-new MFA prompt policy
-
-You can now cutomize the MFA prompt policy in the Console.
-
-First, choose if you want to enable **Require MFA**:
-
-- **Enable**: Users will be prompted to set up MFA during the sign-in process which cannot be skipped. If the user fails to set up MFA or deletes their MFA settings, they will be locked out of their account until they set up MFA again.
-- **Disable**: Users can skip the MFA setup process during sign-up flow.
-
-If you choose to **Disable**, you can choose the MFA setup prompt:
-
-- Do not ask users to set up MFA.
-- Ask users to set up MFA during registration (skippable, one-time prompt). **The same prompt as previous policy (UserControlled)**
-- Ask users to set up MFA on their sign-in after registration (skippable, one-time prompt)

.changeset/nervous-apes-suffer.md

@@ -1,20 +0,0 @@
----
-"@logto/integration-tests": patch
-"@logto/core-kit": patch
-"@logto/console": patch
-"@logto/phrases": patch
-"@logto/core": patch
----
-
-loose redirect uri restrictions
-
-Logto has been following the industry best practices for OAuth2.0 and OIDC from the start. However, in the real world, there are things we cannot control, like third-party services or operation systems like Windows.
-
-This update relaxes restrictions on redirect URIs to allow the following:
-
-1. A mix of native and HTTP(S) redirect URIs. For example, a native app can now use a redirect URI like `https://example.com`.
-2. Native schemes without a period (`.`). For example, `myapp://callback` is now allowed.
-
-When such URIs are configured, Logto Console will display a prominent warning. This change is backward-compatible and will not affect existing applications.
-
-We hope this change will make it easier for you to integrate Logto with your applications.

.changeset/rotten-lizards-buy.md

@@ -1,5 +0,0 @@
----
-"@logto/connector-xiaomi": minor
----
-
-add Xiaomi social connector

packages/cli/CHANGELOG.md

@@ -1,5 +1,20 @@
 # Change Log
 
+## 1.23.0
+
+### Patch Changes
+
+- 217858950: fix fetch official connector list CLI command error
+
+  Due to changes in the npm registry API (`https://registry.npmjs.org/-/v1/search`) that our CLI add official connector depends on, the new API behavior returns irrelevant search results.
+
+  We need to manually filter out these irrelevant results to avoid potential infinite loops, where each loop triggers an API call, eventually hitting a rate limit and resulting in a status code 429.
+
+- Updated dependencies [f1b1d9e95]
+- Updated dependencies [239b81e31]
+  - @logto/schemas@1.23.0
+  - @logto/core-kit@2.5.2
+
 ## 1.22.0
 
 ### Patch Changes

packages/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logto/cli",
-  "version": "1.22.0",
+  "version": "1.23.0",
   "description": "Logto CLI.",
   "author": "Silverhand Inc. <contact@silverhand.io>",
   "homepage": "https://github.com/logto-io/logto#readme",
@@ -43,8 +43,8 @@
   },
   "dependencies": {
     "@logto/connector-kit": "workspace:^4.1.0",
-    "@logto/core-kit": "workspace:^2.5.0",
-    "@logto/schemas": "workspace:1.22.0",
+    "@logto/core-kit": "workspace:^2.5.2",
+    "@logto/schemas": "workspace:1.23.0",
     "@logto/shared": "workspace:^3.1.2",
     "@silverhand/essentials": "^2.9.1",
     "@silverhand/slonik": "31.0.0-beta.2",

packages/connectors/connector-xiaomi/CHANGELOG.md

@@ -0,0 +1,7 @@
+# @logto/connector-xiaomi
+
+## 1.0.0
+
+### Minor Changes
+
+- 3fa2b796e: add Xiaomi social connector

packages/connectors/connector-yunpian-sms/CHANGELOG.md

@@ -0,0 +1,7 @@
+# @logto/connector-yunpian-sms
+
+## 1.0.0
+
+### Minor Changes
+
+- 3004ae9a6: add YunPian SMS connector

packages/console/CHANGELOG.md

@@ -1,5 +1,39 @@
 # Change Log
 
+## 1.20.0
+
+### Minor Changes
+
+- f1b1d9e95: new MFA prompt policy
+
+  You can now cutomize the MFA prompt policy in the Console.
+
+  First, choose if you want to enable **Require MFA**:
+
+  - **Enable**: Users will be prompted to set up MFA during the sign-in process which cannot be skipped. If the user fails to set up MFA or deletes their MFA settings, they will be locked out of their account until they set up MFA again.
+  - **Disable**: Users can skip the MFA setup process during sign-up flow.
+
+  If you choose to **Disable**, you can choose the MFA setup prompt:
+
+  - Do not ask users to set up MFA.
+  - Ask users to set up MFA during registration (skippable, one-time prompt). **The same prompt as previous policy (UserControlled)**
+  - Ask users to set up MFA on their sign-in after registration (skippable, one-time prompt)
+
+### Patch Changes
+
+- 239b81e31: loose redirect uri restrictions
+
+  Logto has been following the industry best practices for OAuth2.0 and OIDC from the start. However, in the real world, there are things we cannot control, like third-party services or operation systems like Windows.
+
+  This update relaxes restrictions on redirect URIs to allow the following:
+
+  1. A mix of native and HTTP(S) redirect URIs. For example, a native app can now use a redirect URI like `https://example.com`.
+  2. Native schemes without a period (`.`). For example, `myapp://callback` is now allowed.
+
+  When such URIs are configured, Logto Console will display a prominent warning. This change is backward-compatible and will not affect existing applications.
+
+  We hope this change will make it easier for you to integrate Logto with your applications.
+
 ## 1.19.0
 
 ### Minor Changes

packages/console/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logto/console",
-  "version": "1.19.0",
+  "version": "1.20.0",
   "description": "> TODO: description",
   "author": "Silverhand Inc. <contact@silverhand.io>",
   "homepage": "https://github.com/logto-io/logto#readme",
@@ -29,12 +29,12 @@
     "@jest/types": "^29.5.0",
     "@logto/cloud": "0.2.5-aac51e9",
     "@logto/connector-kit": "workspace:^4.1.0",
-    "@logto/core-kit": "workspace:^2.5.0",
+    "@logto/core-kit": "workspace:^2.5.2",
     "@logto/language-kit": "workspace:^1.1.0",
-    "@logto/phrases": "workspace:^1.15.0",
+    "@logto/phrases": "workspace:^1.16.0",
     "@logto/phrases-experience": "workspace:^1.9.0",
     "@logto/react": "^3.0.12",
-    "@logto/schemas": "workspace:^1.22.0",
+    "@logto/schemas": "workspace:^1.23.0",
     "@logto/shared": "workspace:^3.1.2",
     "@mdx-js/react": "^3.0.1",
     "@mdx-js/rollup": "^3.0.1",

packages/core/CHANGELOG.md

@@ -1,5 +1,50 @@
 # Change Log
 
+## 1.23.0
+
+### Minor Changes
+
+- f1b1d9e95: new MFA prompt policy
+
+  You can now cutomize the MFA prompt policy in the Console.
+
+  First, choose if you want to enable **Require MFA**:
+
+  - **Enable**: Users will be prompted to set up MFA during the sign-in process which cannot be skipped. If the user fails to set up MFA or deletes their MFA settings, they will be locked out of their account until they set up MFA again.
+  - **Disable**: Users can skip the MFA setup process during sign-up flow.
+
+  If you choose to **Disable**, you can choose the MFA setup prompt:
+
+  - Do not ask users to set up MFA.
+  - Ask users to set up MFA during registration (skippable, one-time prompt). **The same prompt as previous policy (UserControlled)**
+  - Ask users to set up MFA on their sign-in after registration (skippable, one-time prompt)
+
+### Patch Changes
+
+- 239b81e31: loose redirect uri restrictions
+
+  Logto has been following the industry best practices for OAuth2.0 and OIDC from the start. However, in the real world, there are things we cannot control, like third-party services or operation systems like Windows.
+
+  This update relaxes restrictions on redirect URIs to allow the following:
+
+  1. A mix of native and HTTP(S) redirect URIs. For example, a native app can now use a redirect URI like `https://example.com`.
+  2. Native schemes without a period (`.`). For example, `myapp://callback` is now allowed.
+
+  When such URIs are configured, Logto Console will display a prominent warning. This change is backward-compatible and will not affect existing applications.
+
+  We hope this change will make it easier for you to integrate Logto with your applications.
+
+- Updated dependencies [217858950]
+- Updated dependencies [f1b1d9e95]
+- Updated dependencies [239b81e31]
+  - @logto/cli@1.23.0
+  - @logto/experience-legacy@1.11.0
+  - @logto/experience@1.11.0
+  - @logto/console@1.20.0
+  - @logto/phrases@1.16.0
+  - @logto/schemas@1.23.0
+  - @logto/core-kit@2.5.2
+
 ## 1.22.0
 
 ### Minor Changes

packages/core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logto/core",
-  "version": "1.22.0",
+  "version": "1.23.0",
   "description": "The open source identity solution.",
   "main": "build/index.js",
   "author": "Silverhand Inc. <contact@silverhand.io>",
@@ -33,18 +33,18 @@
     "@koa/cors": "^5.0.0",
     "@logto/affiliate": "^0.1.0",
     "@logto/app-insights": "workspace:^2.0.0",
-    "@logto/cli": "workspace:^1.22.0",
+    "@logto/cli": "workspace:^1.23.0",
     "@logto/connector-kit": "workspace:^4.1.0",
     "@logto/console": "workspace:*",
-    "@logto/core-kit": "workspace:^2.5.0",
+    "@logto/core-kit": "workspace:^2.5.2",
     "@logto/demo-app": "workspace:*",
     "@logto/experience": "workspace:*",
     "@logto/experience-legacy": "workspace:*",
     "@logto/js": "^4.1.4",
     "@logto/language-kit": "workspace:^1.1.0",
-    "@logto/phrases": "workspace:^1.15.0",
+    "@logto/phrases": "workspace:^1.16.0",
     "@logto/phrases-experience": "workspace:^1.9.0",
-    "@logto/schemas": "workspace:^1.22.0",
+    "@logto/schemas": "workspace:^1.23.0",
     "@logto/shared": "workspace:^3.1.2",
     "@silverhand/essentials": "^2.9.1",
     "@silverhand/slonik": "31.0.0-beta.2",

packages/create/CHANGELOG.md

@@ -1,5 +1,12 @@
 # Change Log
 
+## 1.23.0
+
+### Patch Changes
+
+- Updated dependencies [217858950]
+  - @logto/cli@1.23.0
+
 ## 1.22.0
 
 ### Patch Changes

packages/create/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logto/create",
-  "version": "1.22.0",
+  "version": "1.23.0",
   "author": "Silverhand Inc. <contact@silverhand.io>",
   "license": "MPL-2.0",
   "type": "module",
@@ -15,6 +15,6 @@
     "node": "^20.9.0"
   },
   "dependencies": {
-    "@logto/cli": "workspace:^1.22.0"
+    "@logto/cli": "workspace:^1.23.0"
   }
 }

packages/experience-legacy/CHANGELOG.md

@@ -1,5 +1,24 @@
 # Change Log
 
+## 1.11.0
+
+### Minor Changes
+
+- f1b1d9e95: new MFA prompt policy
+
+  You can now cutomize the MFA prompt policy in the Console.
+
+  First, choose if you want to enable **Require MFA**:
+
+  - **Enable**: Users will be prompted to set up MFA during the sign-in process which cannot be skipped. If the user fails to set up MFA or deletes their MFA settings, they will be locked out of their account until they set up MFA again.
+  - **Disable**: Users can skip the MFA setup process during sign-up flow.
+
+  If you choose to **Disable**, you can choose the MFA setup prompt:
+
+  - Do not ask users to set up MFA.
+  - Ask users to set up MFA during registration (skippable, one-time prompt). **The same prompt as previous policy (UserControlled)**
+  - Ask users to set up MFA on their sign-in after registration (skippable, one-time prompt)
+
 ## 1.10.0
 
 ### Minor Changes

packages/experience-legacy/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logto/experience-legacy",
-  "version": "1.10.0",
+  "version": "1.11.0",
   "license": "MPL-2.0",
   "type": "module",
   "private": true,
@@ -22,11 +22,11 @@
   "devDependencies": {
     "@jest/types": "^29.5.0",
     "@logto/connector-kit": "workspace:^4.1.0",
-    "@logto/core-kit": "workspace:^2.5.0",
+    "@logto/core-kit": "workspace:^2.5.2",
     "@logto/language-kit": "workspace:^1.1.0",
-    "@logto/phrases": "workspace:^1.15.0",
+    "@logto/phrases": "workspace:^1.16.0",
     "@logto/phrases-experience": "workspace:^1.9.0",
-    "@logto/schemas": "workspace:^1.22.0",
+    "@logto/schemas": "workspace:^1.23.0",
     "@react-spring/shared": "^9.6.1",
     "@react-spring/web": "^9.6.1",
     "@silverhand/eslint-config": "6.0.1",

packages/experience/CHANGELOG.md

@@ -1,5 +1,24 @@
 # Change Log
 
+## 1.11.0
+
+### Minor Changes
+
+- f1b1d9e95: new MFA prompt policy
+
+  You can now cutomize the MFA prompt policy in the Console.
+
+  First, choose if you want to enable **Require MFA**:
+
+  - **Enable**: Users will be prompted to set up MFA during the sign-in process which cannot be skipped. If the user fails to set up MFA or deletes their MFA settings, they will be locked out of their account until they set up MFA again.
+  - **Disable**: Users can skip the MFA setup process during sign-up flow.
+
+  If you choose to **Disable**, you can choose the MFA setup prompt:
+
+  - Do not ask users to set up MFA.
+  - Ask users to set up MFA during registration (skippable, one-time prompt). **The same prompt as previous policy (UserControlled)**
+  - Ask users to set up MFA on their sign-in after registration (skippable, one-time prompt)
+
 ## 1.10.0
 
 ### Minor Changes

packages/experience/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logto/experience",
-  "version": "1.10.0",
+  "version": "1.11.0",
   "license": "MPL-2.0",
   "type": "module",
   "private": true,
@@ -22,11 +22,11 @@
   "devDependencies": {
     "@jest/types": "^29.5.0",
     "@logto/connector-kit": "workspace:^4.1.0",
-    "@logto/core-kit": "workspace:^2.5.0",
+    "@logto/core-kit": "workspace:^2.5.2",
     "@logto/language-kit": "workspace:^1.1.0",
-    "@logto/phrases": "workspace:^1.15.0",
+    "@logto/phrases": "workspace:^1.16.0",
     "@logto/phrases-experience": "workspace:^1.9.0",
-    "@logto/schemas": "workspace:^1.22.0",
+    "@logto/schemas": "workspace:^1.23.0",
     "@react-spring/shared": "^9.6.1",
     "@react-spring/web": "^9.6.1",
     "@silverhand/eslint-config": "6.0.1",

packages/integration-tests/CHANGELOG.md

@@ -1,5 +1,39 @@
 # Change Log
 
+## 1.11.0
+
+### Minor Changes
+
+- f1b1d9e95: new MFA prompt policy
+
+  You can now cutomize the MFA prompt policy in the Console.
+
+  First, choose if you want to enable **Require MFA**:
+
+  - **Enable**: Users will be prompted to set up MFA during the sign-in process which cannot be skipped. If the user fails to set up MFA or deletes their MFA settings, they will be locked out of their account until they set up MFA again.
+  - **Disable**: Users can skip the MFA setup process during sign-up flow.
+
+  If you choose to **Disable**, you can choose the MFA setup prompt:
+
+  - Do not ask users to set up MFA.
+  - Ask users to set up MFA during registration (skippable, one-time prompt). **The same prompt as previous policy (UserControlled)**
+  - Ask users to set up MFA on their sign-in after registration (skippable, one-time prompt)
+
+### Patch Changes
+
+- 239b81e31: loose redirect uri restrictions
+
+  Logto has been following the industry best practices for OAuth2.0 and OIDC from the start. However, in the real world, there are things we cannot control, like third-party services or operation systems like Windows.
+
+  This update relaxes restrictions on redirect URIs to allow the following:
+
+  1. A mix of native and HTTP(S) redirect URIs. For example, a native app can now use a redirect URI like `https://example.com`.
+  2. Native schemes without a period (`.`). For example, `myapp://callback` is now allowed.
+
+  When such URIs are configured, Logto Console will display a prominent warning. This change is backward-compatible and will not affect existing applications.
+
+  We hope this change will make it easier for you to integrate Logto with your applications.
+
 ## 1.10.0
 
 ### Minor Changes

packages/integration-tests/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logto/integration-tests",
-  "version": "1.10.0",
+  "version": "1.11.0",
   "description": "Integration tests for Logto.",
   "author": "Silverhand Inc. <contact@silverhand.io>",
   "license": "MPL-2.0",
@@ -29,7 +29,7 @@
     "@logto/core-kit": "workspace:^",
     "@logto/js": "^4.1.4",
     "@logto/node": "^2.5.4",
-    "@logto/schemas": "workspace:^1.22.0",
+    "@logto/schemas": "workspace:^1.23.0",
     "@logto/shared": "workspace:^3.1.1",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/essentials": "^2.9.1",

packages/phrases/CHANGELOG.md

@@ -1,5 +1,39 @@
 # Change Log
 
+## 1.16.0
+
+### Minor Changes
+
+- f1b1d9e95: new MFA prompt policy
+
+  You can now cutomize the MFA prompt policy in the Console.
+
+  First, choose if you want to enable **Require MFA**:
+
+  - **Enable**: Users will be prompted to set up MFA during the sign-in process which cannot be skipped. If the user fails to set up MFA or deletes their MFA settings, they will be locked out of their account until they set up MFA again.
+  - **Disable**: Users can skip the MFA setup process during sign-up flow.
+
+  If you choose to **Disable**, you can choose the MFA setup prompt:
+
+  - Do not ask users to set up MFA.
+  - Ask users to set up MFA during registration (skippable, one-time prompt). **The same prompt as previous policy (UserControlled)**
+  - Ask users to set up MFA on their sign-in after registration (skippable, one-time prompt)
+
+### Patch Changes
+
+- 239b81e31: loose redirect uri restrictions
+
+  Logto has been following the industry best practices for OAuth2.0 and OIDC from the start. However, in the real world, there are things we cannot control, like third-party services or operation systems like Windows.
+
+  This update relaxes restrictions on redirect URIs to allow the following:
+
+  1. A mix of native and HTTP(S) redirect URIs. For example, a native app can now use a redirect URI like `https://example.com`.
+  2. Native schemes without a period (`.`). For example, `myapp://callback` is now allowed.
+
+  When such URIs are configured, Logto Console will display a prominent warning. This change is backward-compatible and will not affect existing applications.
+
+  We hope this change will make it easier for you to integrate Logto with your applications.
+
 ## 1.15.0
 
 ### Minor Changes

packages/phrases/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logto/phrases",
-  "version": "1.15.0",
+  "version": "1.16.0",
   "description": "Logto shared phrases (i18n).",
   "author": "Silverhand Inc. <contact@silverhand.io>",
   "homepage": "https://github.com/logto-io/logto#readme",

packages/schemas/CHANGELOG.md

@@ -1,5 +1,31 @@
 # Change Log
 
+## 1.23.0
+
+### Minor Changes
+
+- f1b1d9e95: new MFA prompt policy
+
+  You can now cutomize the MFA prompt policy in the Console.
+
+  First, choose if you want to enable **Require MFA**:
+
+  - **Enable**: Users will be prompted to set up MFA during the sign-in process which cannot be skipped. If the user fails to set up MFA or deletes their MFA settings, they will be locked out of their account until they set up MFA again.
+  - **Disable**: Users can skip the MFA setup process during sign-up flow.
+
+  If you choose to **Disable**, you can choose the MFA setup prompt:
+
+  - Do not ask users to set up MFA.
+  - Ask users to set up MFA during registration (skippable, one-time prompt). **The same prompt as previous policy (UserControlled)**
+  - Ask users to set up MFA on their sign-in after registration (skippable, one-time prompt)
+
+### Patch Changes
+
+- Updated dependencies [f1b1d9e95]
+- Updated dependencies [239b81e31]
+  - @logto/phrases@1.16.0
+  - @logto/core-kit@2.5.2
+
 ## 1.22.0
 
 ### Minor Changes

packages/schemas/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logto/schemas",
-  "version": "1.22.0",
+  "version": "1.23.0",
   "author": "Silverhand Inc. <contact@silverhand.io>",
   "license": "MPL-2.0",
   "type": "module",
@@ -79,9 +79,9 @@
   "prettier": "@silverhand/eslint-config/.prettierrc",
   "dependencies": {
     "@logto/connector-kit": "workspace:^4.1.0",
-    "@logto/core-kit": "workspace:^2.5.0",
+    "@logto/core-kit": "workspace:^2.5.2",
     "@logto/language-kit": "workspace:^1.1.0",
-    "@logto/phrases": "workspace:^1.15.0",
+    "@logto/phrases": "workspace:^1.16.0",
     "@logto/phrases-experience": "workspace:^1.9.0",
     "@logto/shared": "workspace:^3.1.2",
     "@withtyped/server": "^0.14.0",

packages/toolkit/core-kit/CHANGELOG.md

@@ -1,5 +1,22 @@
 # Change Log
 
+## 2.5.2
+
+### Patch Changes
+
+- 239b81e31: loose redirect uri restrictions
+
+  Logto has been following the industry best practices for OAuth2.0 and OIDC from the start. However, in the real world, there are things we cannot control, like third-party services or operation systems like Windows.
+
+  This update relaxes restrictions on redirect URIs to allow the following:
+
+  1. A mix of native and HTTP(S) redirect URIs. For example, a native app can now use a redirect URI like `https://example.com`.
+  2. Native schemes without a period (`.`). For example, `myapp://callback` is now allowed.
+
+  When such URIs are configured, Logto Console will display a prominent warning. This change is backward-compatible and will not affect existing applications.
+
+  We hope this change will make it easier for you to integrate Logto with your applications.
+
 ## 2.5.1
 
 ### Patch Changes

packages/toolkit/core-kit/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logto/core-kit",
-  "version": "2.5.1",
+  "version": "2.5.2",
   "author": "Silverhand Inc. <contact@silverhand.io>",
   "homepage": "https://github.com/logto-io/toolkit#readme",
   "repository": {

packages/tunnel/CHANGELOG.md

@@ -1,5 +1,12 @@
 # @logto/tunnel
 
+## 0.2.3
+
+### Patch Changes
+
+- Updated dependencies [239b81e31]
+  - @logto/core-kit@2.5.2
+
 ## 0.2.2
 
 ### Patch Changes

packages/tunnel/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logto/tunnel",
-  "version": "0.2.2",
+  "version": "0.2.3",
   "description": "A CLI tool that creates tunnel service to Logto Cloud for local development.",
   "author": "Silverhand Inc. <contact@silverhand.io>",
   "homepage": "https://github.com/logto-io/logto#readme",

pnpm-lock.yaml

@@ -107,10 +107,10 @@ importers:
         specifier: workspace:^4.1.0
         version: link:../toolkit/connector-kit
       '@logto/core-kit':
-        specifier: workspace:^2.5.0
+        specifier: workspace:^2.5.2
         version: link:../toolkit/core-kit
       '@logto/schemas':
-        specifier: workspace:1.22.0
+        specifier: workspace:1.23.0
         version: link:../schemas
       '@logto/shared':
         specifier: workspace:^3.1.2
@@ -2864,13 +2864,13 @@ importers:
         specifier: workspace:^4.1.0
         version: link:../toolkit/connector-kit
       '@logto/core-kit':
-        specifier: workspace:^2.5.0
+        specifier: workspace:^2.5.2
         version: link:../toolkit/core-kit
       '@logto/language-kit':
         specifier: workspace:^1.1.0
         version: link:../toolkit/language-kit
       '@logto/phrases':
-        specifier: workspace:^1.15.0
+        specifier: workspace:^1.16.0
         version: link:../phrases
       '@logto/phrases-experience':
         specifier: workspace:^1.9.0
@@ -2879,7 +2879,7 @@ importers:
         specifier: ^3.0.12
         version: 3.0.13(react@18.3.1)
       '@logto/schemas':
-        specifier: workspace:^1.22.0
+        specifier: workspace:^1.23.0
         version: link:../schemas
       '@logto/shared':
         specifier: workspace:^3.1.2
@@ -3161,7 +3161,7 @@ importers:
         specifier: workspace:^2.0.0
         version: link:../app-insights
       '@logto/cli':
-        specifier: workspace:^1.22.0
+        specifier: workspace:^1.23.0
         version: link:../cli
       '@logto/connector-kit':
         specifier: workspace:^4.1.0
@@ -3170,7 +3170,7 @@ importers:
         specifier: workspace:*
         version: link:../console
       '@logto/core-kit':
-        specifier: workspace:^2.5.0
+        specifier: workspace:^2.5.2
         version: link:../toolkit/core-kit
       '@logto/demo-app':
         specifier: workspace:*
@@ -3188,13 +3188,13 @@ importers:
         specifier: workspace:^1.1.0
         version: link:../toolkit/language-kit
       '@logto/phrases':
-        specifier: workspace:^1.15.0
+        specifier: workspace:^1.16.0
         version: link:../phrases
       '@logto/phrases-experience':
         specifier: workspace:^1.9.0
         version: link:../phrases-experience
       '@logto/schemas':
-        specifier: workspace:^1.22.0
+        specifier: workspace:^1.23.0
         version: link:../schemas
       '@logto/shared':
         specifier: workspace:^3.1.2
@@ -3468,7 +3468,7 @@ importers:
   packages/create:
     dependencies:
       '@logto/cli':
-        specifier: workspace:^1.22.0
+        specifier: workspace:^1.23.0
         version: link:../cli
 
   packages/demo-app:
@@ -3640,19 +3640,19 @@ importers:
         specifier: workspace:^4.1.0
         version: link:../toolkit/connector-kit
       '@logto/core-kit':
-        specifier: workspace:^2.5.0
+        specifier: workspace:^2.5.2
         version: link:../toolkit/core-kit
       '@logto/language-kit':
         specifier: workspace:^1.1.0
         version: link:../toolkit/language-kit
       '@logto/phrases':
-        specifier: workspace:^1.15.0
+        specifier: workspace:^1.16.0
         version: link:../phrases
       '@logto/phrases-experience':
         specifier: workspace:^1.9.0
         version: link:../phrases-experience
       '@logto/schemas':
-        specifier: workspace:^1.22.0
+        specifier: workspace:^1.23.0
         version: link:../schemas
       '@react-spring/shared':
         specifier: ^9.6.1
@@ -3847,19 +3847,19 @@ importers:
         specifier: workspace:^4.1.0
         version: link:../toolkit/connector-kit
       '@logto/core-kit':
-        specifier: workspace:^2.5.0
+        specifier: workspace:^2.5.2
         version: link:../toolkit/core-kit
       '@logto/language-kit':
         specifier: workspace:^1.1.0
         version: link:../toolkit/language-kit
       '@logto/phrases':
-        specifier: workspace:^1.15.0
+        specifier: workspace:^1.16.0
         version: link:../phrases
       '@logto/phrases-experience':
         specifier: workspace:^1.9.0
         version: link:../phrases-experience
       '@logto/schemas':
-        specifier: workspace:^1.22.0
+        specifier: workspace:^1.23.0
         version: link:../schemas
       '@react-spring/shared':
         specifier: ^9.6.1
@@ -4073,7 +4073,7 @@ importers:
         specifier: ^2.5.4
         version: 2.5.4
       '@logto/schemas':
-        specifier: workspace:^1.22.0
+        specifier: workspace:^1.23.0
         version: link:../schemas
       '@logto/shared':
         specifier: workspace:^3.1.1
@@ -4210,13 +4210,13 @@ importers:
         specifier: workspace:^4.1.0
         version: link:../toolkit/connector-kit
       '@logto/core-kit':
-        specifier: workspace:^2.5.0
+        specifier: workspace:^2.5.2
         version: link:../toolkit/core-kit
       '@logto/language-kit':
         specifier: workspace:^1.1.0
         version: link:../toolkit/language-kit
       '@logto/phrases':
-        specifier: workspace:^1.15.0
+        specifier: workspace:^1.16.0
         version: link:../phrases
       '@logto/phrases-experience':
         specifier: workspace:^1.9.0