ci(leak-detect): bump reusable to skip bot-authored PRs

[klodr]

Picks up klodr/.github#39 (33ff8e51) — leak-detect scan now skips when endsWith(github.actor, '[bot]'), so Dependabot bumps and klodr-release-please[bot] PRs merge without needing a manual ruleset bypass. Human PRs unchanged.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: abf42bff-fc1e-4359-9575-39dbfa49432d

📥 Commits

Reviewing files that changed from the base of the PR and between 228af2a and 104d824.

📒 Files selected for processing (1)

• .github/workflows/leak-detect.yml

---

Summary by CodeRabbit

• Chores
  • Updated internal workflow infrastructure.

Walkthrough

The .github/workflows/leak-detect.yml workflow is updated to reference a newer pinned commit of the centralized reusable leak-detection workflow.

Changes

Workflow Dependency Update

Layer / File(s)	Summary
Reusable leak-detect workflow repin .github/workflows/leak-detect.yml	The leak-detect job's uses: reference to the shared reusable leak-detect workflow is updated from commit 7987f59050ff9ee614d21b603e4ba87ace27f7d9 to 33ff8e518ecb7a799f114dc83ba06c9f0d660845.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• klodr/eslint-plugin-security-mcp#47: Both PRs update the same leak-detect workflow uses: reference to a newer revision of the reusable workflow.
• klodr/eslint-plugin-security-mcp#25: Both PRs update GitHub Actions workflow uses: references to pinned commits of org-level reusable workflows.
• klodr/eslint-plugin-security-mcp#24: Both PRs repin uses: references in workflows to newer pinned commits of reusable workflows.

Suggested labels

github_actions

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title follows conventional commits format with ci type and scope, uses imperative mood, is lowercase without trailing period, and is 55 characters (well under 72 limit).
Description check	✅ Passed	The description clearly explains the purpose of the PR: updating the leak-detect workflow to skip bot-authored PRs by picking up a specific upstream commit.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch ci/leak-detect-skip-bots

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.53%. Comparing base (228af2a) to head (104d824).

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #51   +/-   ##
=======================================
  Coverage   97.53%   97.53%           
=======================================
  Files           3        3           
  Lines          81       81           
  Branches       21       21           
=======================================
  Hits           79       79           
  Misses          2        2           

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 228af2a...104d824. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 104d8248a6

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Check the PR author instead of the trigger actor

This pins the caller to reusable workflow 33ff8e5, whose new skip guard tests github.actor rather than the PR author. This workflow also runs on pull_request edited and reopened events, so when a maintainer edits or reopens a Dependabot / release-please PR, the triggering actor is the human, the bot PR is not skipped, and it can still enter the private-key token step and fail—the case this bump is meant to unblock. Please point at a reusable ref that checks github.event.pull_request.user.login (or otherwise keys the skip off the PR author).

Useful? React with 👍 / 👎.