chore(deps): bump cloud.google.com/go/auth from 0.17.0 to 0.18.0 in /firestore

[dependabot]

Bumps cloud.google.com/go/auth from 0.17.0 to 0.18.0.

Release notes

Sourced from cloud.google.com/go/auth's releases.

auth 0.18.0

0.18.0 (2025-12-15)

Features

• deprecate unsafe credentials JSON loading options (#13397) (0dd2a3bd)

• Support scopes field from impersonated credential json (#13308) (e3f62e10)

• add support for parsing EC private key (#13317) (ea6bc62f)

Changelog

Sourced from cloud.google.com/go/auth's changelog.

v0.18.0

• bigquery:

  • Marked stable.
  • Schema inference of nullable fields supported.
  • Added TimePartitioning to QueryConfig.

• firestore: Data provided to DocumentRef.Set with a Merge option can contain Delete sentinels.

• logging: Clients can accept parent resources other than projects.

• pubsub:

  • pubsub/pstest: A lighweight fake for pubsub. Experimental; feedback welcome.
  • Support updating more subscription metadata: AckDeadline, RetainAckedMessages and RetentionDuration.

• oslogin/apiv1beta: New client for the Cloud OS Login API.

• rpcreplay: A package for recording and replaying gRPC traffic.

• spanner:

  • Add a ReadWithOptions that supports a row limit, as well as an index.
  • Support query plan and execution statistics.
  • Added OpenCensus support.

• storage: Clarify checksum validation for gzipped files (it is not validated when the file is served uncompressed).

Commits

• 767c40d all: update version and README
• f757f0d firestore: clarify how to check if a document doesn't exist.
• aa64de2 spanner: handle breaking change in opencensus trace
• eb1cc5f bigtable: use localhost instead of 127.0.0.1
• 566ccf3 Fix ReadRows() reading bug
• 31bbc66 pstest: misc small changes
• afc02e1 oslogin/apiv1beta: generate oslogin client
• 0fdc913 pubsub: resumable stream implementation
• a0fa192 all: remove path functions from generated files
• 8e80142 pubsub: remove gRPC blocking-dial option
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[ReneWerner87]

@dependabot rebase