fix(release): revert v14.3.0 and fix release pipeline Node.js regression (#2774)

### Changes

The` v14.3.0` release was triggered via PR #2773 but failed in CI before
npm publish completed. The version bump was merged to master but the
package was never actually published to npm, leaving master in an
inconsistent state with a version number that doesn't exist on the
registry.

**Revert v14.3.0 version bum**p

Reverts `package.json`, `package-lock.json`, `.version`, `README.md`,
and `CHANGELOG.md` back to **14.2.5**. Since **14.3.0** was never
published to npm, the next successful release will use 14.3.0 again,
this revert simply clears the failed release state so the release
tooling can re-bump cleanly.

**Pin Node.js to `22.22.1` in `release.yml`**

The root cause of the release failure: **Node.js** `22.22.2 `(the
version currently resolved by node-version: 22 on the latest GitHub
Actions runner images) ships with a broken bundled npm that is missing
the promise-retry internal module. This causes the npm install -g npm@11
step to fail with Cannot find module 'promise-retry'.

This is a confirmed upstream regression tracked at `nodejs/node#62425`.
Pinning to `22.22.1` is the recommended temporary workaround until a
fixed patch is released upstream, at which point node-version: 22 can be
restored.

### References

- Failed release: #2773
- Node.js regression: `nodejs/node#62425`

### Testing

* [ ] This change adds unit test coverage
* [ ] This change adds integration test coverage
* [ ] This change has been tested on the latest version of the
platform/language

### Checklist

* [ ] I have read the [Auth0 general contribution
guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md)
* [ ] I have read the [Auth0 Code of
Conduct](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md)
* [ ] All code quality tools/guidelines have been run/followed
* [ ] All relevant assets have been compiled

Author: ankita10119

.github/workflows/release.yml

@@ -18,7 +18,10 @@ jobs:
   release:
     uses: ./.github/workflows/npm-release.yml
     with:
-      node-version: 22
+      # Pinned to 22.22.1 — 22.22.2 has a regression (nodejs/node#62425) where
+      # the bundled npm is missing promise-retry, breaking npm install -g npm@11.
+      # Revert to node-version: 22 once the upstream fix is released.
+      node-version: 22.22.1
       require-build: true
     secrets:
       github-token: ${{ secrets.GITHUB_TOKEN }}

.version

@@ -1 +1 @@
-v14.3.0
+v14.2.5

CHANGELOG.md

@@ -1,20 +1,5 @@
 # Change Log
 
-## [v14.3.0](https://github.com/auth0/lock/tree/v14.3.0) (2026-04-06)
-[Full Changelog](https://github.com/auth0/lock/compare/v14.2.5...v14.3.0)
-
-**Added**
-- feat(types): ship TypeScript definitions directly from the lock repo, supersedes `@types/auth0-lock` [\#2763](https://github.com/auth0/lock/pull/2763) ([ankita10119](https://github.com/ankita10119))
-
-**Changed**
-- chore(deps): upgrade webpack-dev-server to v5, auth0-password-policies to 3.1.0, and fix dev setup  [\#2771](https://github.com/auth0/lock/pull/2771) ([ankita10119](https://github.com/ankita10119))
-
-**Deprecated**
-- chore: remove deprecated yammer, renren, miicard strategies [\#2747](https://github.com/auth0/lock/pull/2747) ([omarquazi-okta](https://github.com/omarquazi-okta))
-
-**Fixed**
-- Fix: TypeError in matchConnection and findADConnectionWithoutDomain for enterprise connections with null/undefined domains (#2749)  [\#2758](https://github.com/auth0/lock/pull/2758) ([ankita10119](https://github.com/ankita10119))
-
 ## [v14.2.5](https://github.com/auth0/lock/tree/v14.2.5) (2026-03-19)
 [Full Changelog](https://github.com/auth0/lock/compare/v14.2.4...v14.2.5)
 

README.md

@@ -31,7 +31,7 @@ From CDN
 
 ```html
 <!-- Latest patch release (recommended for production) -->
-<script src="https://cdn.auth0.com/js/lock/14.3.0/lock.min.js"></script>
+<script src="https://cdn.auth0.com/js/lock/14.2.5/lock.min.js"></script>
 ```
 
 ### Configure Auth0

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "auth0-lock",
-  "version": "14.3.0",
+  "version": "14.2.5",
   "description": "Auth0 Lock",
   "author": "Auth0 <support@auth0.com> (http://auth0.com)",
   "license": "MIT",