Release 8.18.0 (#803)

### Changes

Security fix: Resolve CVE-2025-68129

Author: kishore7snehil

.version

@@ -1 +1 @@
-8.17.0
+8.18.0

CHANGELOG.md

@@ -1,5 +1,12 @@
 # Change Log
 
+## [8.18.0](https://github.com/auth0/auth0-PHP/tree/8.18.0) (2025-12-16)
+[Full Changelog](https://github.com/auth0/auth0-PHP/compare/8.17.0...8.18.0)
+
+**Fixed**
+
+- Security fix: Resolve CVE-2025-68129
+
 ## [8.17.0](https://github.com/auth0/auth0-PHP/tree/8.17.0) (2025-10-01)
 [Full Changelog](https://github.com/auth0/auth0-PHP/compare/8.16.0...8.17.0)
 

src/Auth0.php

@@ -21,7 +21,7 @@ final class Auth0 implements Auth0Interface
     /**
      * @var string
      */
-    public const VERSION = '8.17.0';
+    public const VERSION = '8.18.0';
 
     /**
      * Authentication Client.

tests/Utilities/TokenGenerator.php

@@ -26,7 +26,7 @@ protected static function getIdTokenClaims(
             'sid' => '__test_sid__',
             'iss' => 'https://domain.test/',
             'aud' => '__test_client_id__',
-            // 'nonce' => '__test_nonce__', Only ID tokens should have nonce claims
+            'nonce' => '__test_nonce__',
             'auth_time' => time() - 100,
             'exp' => time() + 1000,
             'iat' => time() - 1000,
@@ -43,7 +43,7 @@ protected static function getAccessTokenClaims(
             'iss' => 'https://domain.test/',
             'sid' => '__test_sid__',
             'aud' => '__test_client_id__',
-            'nonce' => '__test_nonce__',
+            // 'nonce' => '__test_nonce__', Only ID tokens should have nonce claims
             'auth_time' => time() - 100,
             'exp' => time() + 1000,
             'iat' => time() - 1000,