fix: pin dependency-audit reusable workflow to SHA

[don-petry]

Pins the reusable workflow reference from @v1 to the resolved commit SHA to satisfy the Action Pinning Policy.

Changes

# Before
uses: petry-projects/.github/.github/workflows/dependency-audit-reusable.yml@v1

# After
uses: petry-projects/.github/.github/workflows/dependency-audit-reusable.yml@ee22b427cbce9ecadcf2b436acb57c3adf0cb63d # v1

The SHA ee22b427cbce9ecadcf2b436acb57c3adf0cb63d was resolved from the v1 tag via gh api repos/petry-projects/.github/git/refs/tags/v1.

Closes #158

Generated with Claude Code

[coderabbitai]

Warning

Rate limit exceeded

@github-actions[bot] has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 46 minutes and 9 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 46 minutes and 9 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 442eb7e8-8778-4c8c-afee-d6548be50dce

📥 Commits

Reviewing files that changed from the base of the PR and between 32e618b and 095160e.

📒 Files selected for processing (1)

• .github/workflows/dependency-audit.yml

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch claude/issue-158-20260418-1852

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[don-petry]

PR #182 (from a previous attempt) is still open with an older SHA (ae9709f4466dec60a5733c9e7487f69dcd004e05). The v1 tag has since moved to ee22b427cbce9ecadcf2b436acb57c3adf0cb63d. This PR uses the current SHA — please close #182 and merge this one instead.

@don-petry — this is ready for your review. Once CI is green, please merge to resolve issue #158.

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Pins the dependency-audit reusable workflow reference to an immutable commit SHA to comply with the repo’s Action Pinning Policy and close #158.

Changes:

• Replaced the @v1 tag reference with the resolved commit SHA for the reusable workflow
• Annotated the pinned SHA with a # v1 comment for readability

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud