fix(ci): replace dependency-audit stub with canonical @v1 form

[don-petry]

Summary

• Replaces the SHA-pinned reusable reference (@ee22b427cbce9ecadcf2b436acb57c3adf0cb63d # v1) with the org-standard tag form (@v1) as required by the Tier 1 stub contract in ci-standards.md
• File copied verbatim from petry-projects/.github/standards/workflows/dependency-audit.yml
• No functional behaviour change — the SHA was the resolved commit behind v1 at pinning time; reverting to the tag restores forward-compatibility with future v1 bumps

Compliance

Addresses the non-stub-dependency-audit.yml compliance finding: Tier 1 stubs must use @v1 (not a SHA) so downstream repos automatically pick up backward-compatible updates when the v1 tag is bumped.

Closes #148

Generated with Claude Code

[coderabbitai]

Warning

Rate limit exceeded

@github-actions[bot] has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 5 minutes and 33 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 2c3f81ac-acb0-4d4d-8fd5-a2c29cdb7e74

📥 Commits

Reviewing files that changed from the base of the PR and between 66a318b and 1d1810e.

📒 Files selected for processing (1)

• .github/workflows/dependency-audit.yml

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch claude/issue-148-20260501-1332

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 0/1 reviews remaining, refill in 5 minutes and 33 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[don-petry]

@don-petry — this PR is ready for review. It's a one-line change that replaces the SHA-pinned reusable reference with the canonical @v1 tag form, as required by the Tier 1 stub contract in ci-standards.md. All content is copied verbatim from the org standards template.

[sonarqubecloud]

Quality Gate failed

Failed conditions
1 Security Hotspot

See analysis details on SonarQube Cloud

[Copilot]

Pull request overview

Updates the repository’s Tier-1 “dependency-audit” workflow stub to match the org-standard reusable workflow reference format, aligning with the CI standards/compliance requirement in issue #148.

Changes:

• Replace the SHA-pinned reusable workflow reference with the canonical @v1 tag reference.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

Auto-rebase failed — merge conflict — this branch has conflicts with main that must be resolved manually.

Please resolve the conflicts and push:

git fetch origin
git merge origin/main
# resolve conflicts, then:
git add .
git commit
git push