Bump zizmor from 1.17.0 to 1.18.0

[dependabot]

Bumps zizmor from 1.17.0 to 1.18.0.

Release notes

Sourced from zizmor's releases.

v1.18.0

Enhancements 🌱🔗

• The use-trusted-publishing audit now detects NuGet publishing commands (#1369)

• The dependabot-cooldown audit now flags cooldown periods of less than 7 days by default (#1375)

• The dependabot-cooldown audit can now be configured with a custom minimum cooldown period via rules.dependabot-cooldown.config.days (#1377)

• zizmor now produces slightly more useful error messages when the user supplies an invalid configuration for the forbidden-uses audit (#1381)

Bug Fixes 🐛🔗

• Fixed additional edge cases where auto-fixed would fail to preserve a document's final newline (#1372)

v1.18.0-rc3

No release notes provided.

v1.18.0-rc2

No release notes provided.

v1.18.0-rc1

No release notes provided.

Changelog

Sourced from zizmor's changelog.

1.18.0

Enhancements 🌱

• The [use-trusted-publishing] audit now detects NuGet publishing commands (#1369)

• The [dependabot-cooldown] audit now flags cooldown periods of less than 7 days by default (#1375)

• The [dependabot-cooldown] audit can now be configured with a custom minimum cooldown period via rules.dependabot-cooldown.config.days (#1377)

• zizmor now produces slightly more useful error messages when the user supplies an invalid configuration for the [forbidden-uses] audit (#1381)

Bug Fixes 🐛

• Fixed additional edge cases where auto-fixed would fail to preserve a document's final newline (#1372)

Commits

• f203b45 chore: prep for 1.18.0 (#1390)
• aed6f8c Update README (#1389)
• 6323373 chore: attempt to fix sdist metadata, prep another RC (#1388)
• 5f5f1fa chore: prep 1.18.0-rc2 release (#1387)
• ea64e40 chore: prep 1.18.0-rc1 release (#1386)
• 545d63a chore: bump yamlpatch to 0.7.0 (#1385)
• c393ca8 chore: bump yamlpath to 0.29.0 (#1384)
• e52043c ci: add PEP 740 attestations to PyPI release workflow (#1383)
• 097dd5d tests: remove a duped config test (#1382)
• d182743 feat: improve forbidden-uses error message on invalid config (#1381)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)