Bump auth0-js to v10

[OWConnoi]

What

This bumps the production auth0-js dependency from ^9.29.0 to ^10.0.0.

Why

The current range resolves to auth0-js@9.32.0, which is covered by the public high-severity advisory GHSA-8qjv-jj2q-x832 / CWE-863. Updating to v10 clears the production dependency advisory for Lock.

Tests

• npm audit --omit=dev --json
• npm test -- src/__tests__/core/web_api/p2_api.test.js src/__tests__/core/web_api.test.js src/__tests__/core/actions.test.js

Note: Full npm audit still reports dev dependency vulnerabilities; the production-only audit is clean.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 43.60%. Comparing base (e89a37d) to head (a33f4d2).
⚠️ Report is 116 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #2797      +/-   ##
==========================================
+ Coverage   42.54%   43.60%   +1.05%     
==========================================
  Files         120      120              
  Lines        3145     3181      +36     
  Branches      337      339       +2     
==========================================
+ Hits         1338     1387      +49     
+ Misses       1713     1699      -14     
- Partials       94       95       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.