deps: bump pypi-publish (#83)

Author: woodruffw

.github/workflows/CI.yml

@@ -244,6 +244,6 @@ jobs:
           merge-multiple: true
 
       - name: Publish distributions
-        uses: pypa/gh-action-pypi-publish@15c56dba361d8335944d31a2ecd17d700fc7bcbc # release/v1
+        uses: pypa/gh-action-pypi-publish@67339c736fd9354cd4f8cb0b744f2b82a74b5c70 # v1.12.3
         with:
           attestations: true

.github/workflows/zizmor.yml

@@ -8,7 +8,7 @@ on:
 
 jobs:
   zizmor:
-    name: zizmor latest via Cargo
+    name: zizmor latest via PyPI
     runs-on: ubuntu-latest
     permissions:
       security-events: write
@@ -20,14 +20,15 @@ jobs:
         uses: actions/checkout@v4
         with:
           persist-credentials: false
-      - name: Setup Rust
-        uses: actions-rust-lang/setup-rust-toolchain@v1
-      - name: Get zizmor
-        run: cargo install zizmor
+
+      - name: Install the latest version of uv
+        uses: astral-sh/setup-uv@v4
+
       - name: Run zizmor 🌈
-        run: zizmor --format sarif . > results.sarif
+        run: uvx zizmor --format sarif . > results.sarif
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Upload SARIF file
         uses: github/codeql-action/upload-sarif@v3
         with: