chore(deps): Bump js-cookie and auth0-js

[dependabot]

Bumps js-cookie to 3.0.8 and updates ancestor dependency auth0-js. These dependencies need to be updated together.

Updates js-cookie from 2.2.1 to 3.0.8

Release notes

Sourced from js-cookie's releases.

v3.0.8

• Restore ES5 compatibility, inadvertently broken in 3.0.7 - #959
• Lift Node version restriction, inadvertently restricted to >= 20 in 3.0.7 - #956

v3.0.7

• Prevent cookie attribute injection: CVE-2026-46625 (eb3c40e)
• Add Partitioned attribute to readme (b994768)
• Publish to npm registry via trusted publisher exclusively (4dc71be)
• Ensure consistent behaviour for get('name') + get() (1953d30)

v3.0.5

• Remove npm version restriction in package.json - #818

v3.0.4

• Publish to npmjs.com with package provenance

v3.0.1

• Make package.json accessible in export - #727

v3.0.0

• Removed defaults in favor of a builder: now to supply an api instance with particular predefined (cookie) attributes there's Cookies.withAttributes(), e.g.:

const api = Cookies.withAttributes({
  path: '/',
  secure: true
})
api.set('key', 'value') // writes cookie with path: '/' and secure: true...

• The attributes that an api instance is configured with are exposed as attributes property; it's an immutable object and unlike defaults cannot be changed to configure the api.
• The mechanism to fall back to the standard, internal converter by returning a falsy value in a custom read converter has been removed. Instead the default converters are now exposed as Cookies.converter, which allows for implementing self-contained custom converters providing the same behavior:

const customReadConverter = (value, name) => {
  if (name === 'special') {
    return unescape(value)
  }
  return Cookies.converter.read(value)
}

• withConverter() no longer accepts a function as argument to be turned into a read converter. It is now required to always pass an object with the explicit type(s) of converter(s):

const api = Cookies.withConverter({
  read: (value, name) => unescape(value)
})

• The converter(s) that an api instance is configured with are exposed as converter property; it's an immutable object and cannot be changed to configure the api.
• Started providing library as ES module, in addition to UMD module. The module field in package.json points to an ES module variant of the library.
• Started using browser field instead of main in package.json (for the UMD variant of the library).
• Dropped support for IE < 10.
• Removed built-in JSON support, i.e. getJSON() and automatic stringifying in set(): use Cookies.set('foo', JSON.stringify({ ... })) and JSON.parse(Cookies.get('foo')) instead.
• Removed support for Bower.

... (truncated)

Commits

• d7a1096 Craft v3.0.8 release
• 248e685 Use existing Chrome with puppeteer
• fc04269 Remove QUnit related workaround in Grunt config
• 265a685 Tidy up package lock file
• 478e591 Disable Node deprecation DEP0044 for release workflow
• 331d524 Fix node version config for E2E test job
• 11d773d Ensure ECMAScript compatibility
• d788646 Remove engines property from package
• e7d9a4d Fix typo in test assertion message
• b5fca24 Make credentials use explicit in release workflow
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for js-cookie since your current version.

Updates auth0-js from 10.0.0 to 10.2.0

Release notes

Sourced from auth0-js's releases.

v10.2.0

Added

• feat(captcha): allow for passing appearance to options #1630 (travisrcory)

v10.1.0

Added

• fix(captcha): prevent injection of malicious payloads in challenge.image #1652 (amitsingh05667)

Changelog

Sourced from auth0-js's changelog.

v10.2.0 (2026-06-25)

Full Changelog

Added

• feat(captcha): allow for passing appearance to options #1630 (travisrcory)

v10.1.0 (2026-06-10)

Full Changelog

Added

• fix(captcha): prevent injection of malicious payloads in challenge.image #1652 (amitsingh05667)

Commits

• d84c76c Release v10.2.0 (#1675)
• e359c79 fix: upgrade js-cookie to v3 with ES5 transpilation (#1667)
• 960fc94 chore(deps): bump lodash from 4.17.23 to 4.18.1 (#1627)
• a7e1698 chore(deps): bump actions/checkout from 6 to 7 (#1670)
• 3a814b1 chore(deps-dev): bump yargs from 17.7.2 to 17.7.3 (#1671)
• db832cf chore(deps-dev): bump rollup from 4.62.0 to 4.62.2 (#1672)
• 2dcf079 chore(deps): bump actions/cache from 5 to 6 (#1674)
• f1a41d2 feat(captcha): allow for passing appearance to options (#1630)
• 28ff2b8 chore(deps): bump codecov/codecov-action from 6.0.1 to 7.0.0 (#1663)
• 4386148 chore(deps-dev): bump rollup from 4.60.4 to 4.62.0 (#1665)
• Additional commits viewable in compare view