Bumps [@auth0/auth0-spa-js](https://github.com/auth0/auth0-spa-js) from 2.17.1 to 2.18.0. <details> <summary>Release notes</summary> Sourced from <a href="https://github.com/auth0/auth0-spa-js/releases"><code>@auth0/auth0-spa-js</code>'s releases</a>. <blockquote> <h2>v2.18.0</h2> Added <ul> <li>Feat/native to web sso support <a href="https://redirect.github.com/auth0/auth0-spa-js/pull/1547">#1547</a> (<a href="https://github.com/nelsonmaia">nelsonmaia</a>)</li> </ul> Fixed <ul> <li>fix: eliminate modulo bias in createRandomString <a href="https://redirect.github.com/auth0/auth0-spa-js/pull/1559">#1559</a> (<a href="https://github.com/yogeshchoudhary147">yogeshchoudhary147</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> Sourced from <a href="https://github.com/auth0/auth0-spa-js/blob/main/CHANGELOG.md"><code>@auth0/auth0-spa-js</code>'s changelog</a>. <blockquote> <h2><a href="https://github.com/auth0/auth0-spa-js/tree/v2.18.0">v2.18.0</a> (2026-03-19)</h2> <a href="https://github.com/auth0/auth0-spa-js/compare/v2.17.1...v2.18.0">Full Changelog</a> Added <ul> <li>Feat/native to web sso support <a href="https://redirect.github.com/auth0/auth0-spa-js/pull/1547">#1547</a> (<a href="https://github.com/nelsonmaia">nelsonmaia</a>)</li> </ul> Fixed <ul> <li>fix: eliminate modulo bias in createRandomString <a href="https://redirect.github.com/auth0/auth0-spa-js/pull/1559">#1559</a> (<a href="https://github.com/yogeshchoudhary147">yogeshchoudhary147</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/auth0/auth0-spa-js/commit/22b139a30394633a30e0445f1f0c5074cf7cdeee"><code>22b139a</code></a> Release v2.18.0 (<a href="https://redirect.github.com/auth0/auth0-spa-js/issues/1560">#1560</a>)</li> <li><a href="https://github.com/auth0/auth0-spa-js/commit/6762ac60db8b4669ad3bf737b1439eee8eac2e9c"><code>6762ac6</code></a> fix: eliminate modulo bias in createRandomString (<a href="https://redirect.github.com/auth0/auth0-spa-js/issues/1559">#1559</a>)</li> <li><a href="https://github.com/auth0/auth0-spa-js/commit/296b3ab29a0000748487bc6d3ef71721c6857c8f"><code>296b3ab</code></a> chore: add SCA scan workflow using Snyk (<a href="https://redirect.github.com/auth0/auth0-spa-js/issues/1558">#1558</a>)</li> <li><a href="https://github.com/auth0/auth0-spa-js/commit/150b0e810d5c6357f306d98c7169b39aa11e7e4c"><code>150b0e8</code></a> Feat/native to web sso support (<a href="https://redirect.github.com/auth0/auth0-spa-js/issues/1547">#1547</a>)</li> <li>See full diff in <a href="https://github.com/auth0/auth0-spa-js/compare/v2.17.1...v2.18.0">compare view</a></li> </ul> </details> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@auth0/auth0-spa-js&package-manager=npm_and_yarn&previous-version=2.17.1&new-version=2.18.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>