Bump zizmorcore/zizmor from 1.12.1 to 1.16.3

[dependabot]

Bumps zizmorcore/zizmor from 1.12.1 to 1.16.3.

Release notes

Sourced from zizmorcore/zizmor's releases.

v1.16.3

Bug Fixes 🐛🔗

• Fixed a bug where zizmor would crash on an unexpected caching middleware state. zizmor will now exit with a controlled error instead (#1319)

v1.16.2

Enhancements 🌱🔗

• The concurrency-limits audit no longer flags explicit user concurrency overrides, e.g. cancel-in-progress: false (#1302)
• zizmor now detects CI environments and specializes its panic handling accordingly, improving the quality of panic reports when running in CI (#1307)

Bug Fixes 🐛🔗

• Fixed a bug where zizmor would reject some Dependabot configuration files with logically unsound schedules (but that are accepted by GitHub regardless) (#1308)

v1.16.1

Enhancements 🌱🔗

• zizmor now produces a more useful error message when asked to indirectly access a nonexistent or private repository via a uses: clause (without a sufficiently privileged GitHub token) (#1293)

v1.16.0

New Features 🌈🔗

• New audit: concurrency-limits detects insufficient concurrency limits in workflows (#1227)

  Many thanks to @​jwallwork23 for proposing and implementing this audit!

Performance Improvements 🚄🔗

• zizmor's online mode is now significantly (40% to over 95%) faster on common workloads, thanks to a combination of caching improvements and conversion of GitHub API requests into Git remote lookups (#1257)

  Many thanks to @​Bo98 for implementing these improvements!

Enhancements 🌱🔗

• When running in --fix mode and all fixes are successfully applied, zizmor now has similar exit code behavior as the --no-exit-codes and --format=sarif flags (#1242)

  Many thanks to @​cnaples79 for implementing this improvement!

• The dependabot-cooldown audit now supports auto-fixes for many findings (#1229)

  Many thanks to @​mostafa for implementing this improvement!

• The dependabot-execution audit now supports auto-fixes for many findings (#1229)

  Many thanks to @​mostafa for implementing this improvement!

• zizmor now has limited, experimental support for handling inputs that contain YAML anchors (#1266)

v1.15.2

... (truncated)

Changelog

Sourced from zizmorcore/zizmor's changelog.

1.16.3

Bug Fixes 🐛

• Fixed a bug where zizmor would crash on an unexpected caching middleware state. zizmor will now exit with a controlled error instead (#1319)

1.16.2

Enhancements 🌱

• The [concurrency-limits] audit no longer flags explicit user concurrency overrides, e.g. cancel-in-progress: false (#1302)
• zizmor now detects CI environments and specializes its panic handling accordingly, improving the quality of panic reports when running in CI (#1307)

Bug Fixes 🐛

• Fixed a bug where zizmor would reject some Dependabot configuration files with logically unsound schedules (but that are accepted by GitHub regardless) (#1308)

1.16.1

Enhancements 🌱

• zizmor now produces a more useful error message when asked to indirectly access a nonexistent or private repository via a uses: clause (without a sufficiently privileged GitHub token) (#1293)

1.16.0

New Features 🌈

• New audit: [concurrency-limits] detects insufficient concurrency limits in workflows (#1227)

  Many thanks to @​jwallwork23 for proposing and implementing this audit!

Performance Improvements 🚄

• zizmor's online mode is now significantly (40% to over 95%) faster on common workloads, thanks to a combination of caching improvements and conversion of GitHub API requests into Git remote lookups (#1257)

  Many thanks to @​Bo98 for implementing these improvements!

Enhancements 🌱

... (truncated)

Commits

• d94931b chore: prep 1.16.3 release (#1320)
• 7341ad1 fix: fix error bubbling in GitHub requests (#1319)
• 78fc281 chore(deps): bump the cargo group with 2 updates (#1316)
• 4f3235c chore(deps): bump the github-actions group with 3 updates (#1317)
• 57f9102 chore: prep release 1.16.2 (#1311)
• 6db45b5 chore: bump support crate versions (#1310)
• 91efe72 docs: add a troubleshooting section on YAML anchors (#1309)
• 70d3561 fix: dependabot: allow 'day' field for non-weekly intervals (#1308)
• 96a96bc feat: improve panic handling in CI environments (#1307)
• ade712d refactor: forbid all unwrap usage (#1306)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)