chore(deps): Update GitHub Actions to a9781c9

[williaby]

Summary

Why

Scheduled patch update, bug fixes and security patches with no API changes.

Changes

This PR contains the following updates:

Package	Type	Update	Change	OpenSSF
ByronWilliamsCPA/.github (changelog)	action	digest	40ff5b5 → a9781c9

Impact

• ✅ Patch update: bug fixes and security patches only
• ✅ No breaking changes

Acceptance Criteria

• All CI checks pass

Testing

• CI gates pass (tests, lint, type checking, security scan)

Notes

---

Configuration

📅 Schedule: (in timezone America/New_York)

• Branch creation
  • "after 10pm every weekday,before 5am every weekday,every weekend"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Five GitHub Actions workflow files update their delegated org-level reusable-workflow uses: references to newer pinned commit SHAs; all job inputs and configuration remain unchanged.

Changes

Workflow delegation updates

Layer / File(s)	Summary
Reusable workflow pin updates .github/workflows/coverage.yml, .github/workflows/python-compatibility.yml, .github/workflows/sbom.yml, .github/workflows/scorecard.yml, .github/workflows/security-analysis.yml	Five workflow files update their delegated reusable workflow uses: references to pin org-level workflows to newer commit SHAs. Coverage, compatibility, SBOM, scorecard, and security-analysis jobs each reference updated commit SHAs; no other job inputs or configuration changed.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• williaby/image-generation#36: Both PRs update the same GitHub Actions reusable-workflow uses: pinned SHAs across coverage, compatibility, SBOM, scorecard, and security-analysis workflows.
• williaby/image-generation#46: Both PRs update pinned uses: SHAs for several .github/workflows/*.yml entries to newer org/reusable workflow revisions.
• williaby/image-generation#16: Overlaps on scorecard workflow changes — both PRs modify jobs.scorecard.uses to point at updated reusable workflow commits.

Suggested labels

automated

Poem

🐰 I hopped through YAML, pins in tow,
Five tiny SHAs to make things flow,
No logic altered, just a gentle tweak,
CI refreshed — the branch can speak,
A little rabbit dance, quick and neat!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The PR title references updating GitHub Actions to 'a9781c9', but the summaries show updates to multiple workflow files with a different commit SHA ('24fe3cfa') and the PR objectives mention '1561a3e' as the target digest. The actual changes are pinning reusable workflows to new commit SHAs, not the SHAs stated in the title.	Update the title to accurately reflect the actual commit SHA being pinned (e.g., 'chore(deps): Update GitHub Actions to 24fe3cfa' or '1561a3e' per the PR objectives), or clarify which digest the workflows are actually being updated to.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch renovate/org-workflow-sha-pins

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

.github/workflows/security-analysis.yml

Package	Version	License	Issue Type
ByronWilliamsCPA/.github/.github/workflows/python-security-analysis.yml	a9781c9f0f051339d5fed81b6b9f4fff2b064035	Null	Unknown License

Denied Licenses:

GPL-2.0, GPL-3.0

OpenSSF Scorecard

Package	Version	Score	Details
actions/ByronWilliamsCPA/.github/.github/workflows/python-security-analysis.yml	a9781c9f0f051339d5fed81b6b9f4fff2b064035	Unknown	Unknown

Scanned Files

• .github/workflows/security-analysis.yml

[Copilot]

Pull request overview

Updates the pinned digest for the org-level reusable GitHub Actions workflows to incorporate upstream patch fixes and security updates, without changing this repository’s workflow inputs or behavior.

Changes:

• Bump ByronWilliamsCPA/.github reusable workflow references from 40ff5b5… to 160e806… across security, scorecard, SBOM, compatibility, and coverage workflows.
• Keep existing workflow configuration/inputs unchanged while consuming the newer upstream workflow implementations.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
.github/workflows/security-analysis.yml	Updates reusable workflow digest for the security analysis workflow caller.
.github/workflows/scorecard.yml	Updates reusable workflow digest for the OpenSSF Scorecard caller.
.github/workflows/sbom.yml	Updates reusable workflow digest for SBOM generation and security scanning caller.
.github/workflows/python-compatibility.yml	Updates reusable workflow digest for the Python compatibility matrix caller.
.github/workflows/coverage.yml	Updates reusable workflow digest for the Qlty coverage upload caller.