GitHub Action: Bump microsoft/mu_devops/.github/workflows/AutoMerger.yml from 13.0.0 to 18.0.3

[dependabot]

Bumps microsoft/mu_devops/.github/workflows/AutoMerger.yml from 13.0.0 to 18.0.3.

Release notes

Sourced from microsoft/mu_devops/.github/workflows/AutoMerger.yml's releases.

v18.0.3

What's Changed

For repos without any valid pkgs, the codeql workflow will generate an empty matrix. Adding a package_count variable to differentiate this scenario and gate creating and empty matrix.

Most repos list the codeql Analyze task as a required check. With an empty matrix, this would fail. Skipping the Analyze task would result in a pending check that will never execute.

Modify the codeql to create an empty sarif file when the package_count is zero and upload this. This will allow the Analyze step to run and pass CI when a repo contains no valid packages that can have results uploaded.

This is being handled in this manor to allow the same CI checks to exist for repos which still contain a valid release/202502 branch, and a release/202511 branch which deprecates the repo.

... (truncated)

Commits

• b013777 Version.njk: Update the Mu DevOps version to v18.0.3 (#527)
• a35b11d Version.njk: Update n,n-1 to 202511, 202502 (#526)
• 9e9450f CodeQl: Support repos with no packages. (#525)
• 57fca6d CodeQl: Update to verify IA32/X64 package compat (#523)
• 381bbf8 GitHub Action: Bump release-drafter/release-drafter from 6.1.0 to 6.2.0 (#522)
• 8090adb Update cache action to v5 (#521)
• a7cb9fb .sync: Update checkout action from v5 to v6 (#520)
• 8b4aa53 Repo File Sync: Update to Rust 1.92 (#519)
• 8d93e2b rust_toolchain update to 1.92.0 (#518)
• de89554 GitHub Action: Bump actions/checkout from 5 to 6 (#516)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[apop5]

@dependabot close

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.