Update rpm requirement from 0.13 to 0.18

[dependabot]

Updates the requirements on rpm to permit the latest version.

Changelog

Sourced from rpm's changelog.

0.18.4

Added

• Built "v6" packages will set the RPMFORMAT tag
• Built "v6" packages will set the PAYLOADSIZE and PAYLOADSIZEALT tags

Fixed

• The "v6" BuildConfig options were incorrectly failing to use v6 defaults

0.18.3

Fixed

• Packages built with the RPMv4 configuration now populate payload length tags in the signature header. Newly built RPMs will have this set automatically.
  • If editing a pre-built RPM (e.g., for signing) the tag will be preserved if already present.
  • RPMv4 requires the presence of this tag.

Changed

• Bump pgp to 0.17.0

0.18.2

Changed

• Made the fields of FileDigest public

0.18.1

Fixed

• Only set verbatim permissions on unix allowing the crate to build on Windows again.

0.18.0

Added

• Added support for multiple signatures on a package as supported by upstream RPM.
• RPMs that internally use the stripped-cpio format for the archive (v6 RPMs, or older ones with a file larger than 4gb) are now supported.
• Added support for Sha3 checksums in headers and payloads - includes the addition of these checksums to newly-built packages.
• Added support for Sha512 checksums for payload verification, including addition to new packages.
• Can now use PackageBuilder::using_config() to provide a configuration that may be common across many package builds.
• PackageMetadata::get_nevra(), which is useful for sorting the packages or generating NEVRA strings.

Fixed

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies, rust. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.