fix: update MSRV to 1.85.0 and fix workflow issues

Jonathan D.A. Jewell · Jonathan D.A. Jewell · commit 21f04d34fd64 · 2026-02-07T23:09:06.000Z
- Update MSRV from 1.75.0 to 1.85.0 (required for Cargo.lock v4)
- Fix EditorConfig indentation in src/xray/mod.rs
- Fix TruffleHog configuration (use --max-depth instead of --since-commit)
- Use version tags instead of SHA pins for codeql-action (Scorecard verification)
- Update MSRV in Cargo.toml, README, and rust-ci.yml workflow
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -27,14 +27,14 @@ jobs:
         uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@33119e582d3ab4ed79c2610af108cb08ff983917 # v3
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@33119e582d3ab4ed79c2610af108cb08ff983917 # v3
+        uses: github/codeql-action/autobuild@v3
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@33119e582d3ab4ed79c2610af108cb08ff983917 # v3
+        uses: github/codeql-action/analyze@v3
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/quality.yml b/.github/workflows/quality.yml
@@ -24,7 +24,7 @@ jobs:
         uses: trufflesecurity/trufflehog@e9734c1ff25106f68d4266f0b09c1fcfc915dad1 # main
         with:
           path: ./
-          extra_args: --since-commit HEAD~10 --only-verified
+          extra_args: --only-verified --max-depth=10
 
   editorconfig:
     name: EditorConfig Check
diff --git a/.github/workflows/rust-ci.yml b/.github/workflows/rust-ci.yml
@@ -53,16 +53,16 @@ jobs:
           echo "✅ Zero warnings"
 
   msrv:
-    name: Check MSRV (1.75.0)
+    name: Check MSRV (1.85.0)
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
         uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
 
-      - name: Install Rust 1.75.0
+      - name: Install Rust 1.85.0
         uses: dtolnay/rust-toolchain@4be9e76fd7c4901c61fb841f559994984270fce7 # stable
         with:
-          toolchain: 1.75.0
+          toolchain: 1.85.0
 
       - name: Cache cargo registry
         uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -31,6 +31,6 @@ jobs:
           publish_results: true
 
       - name: Upload to code-scanning
-        uses: github/codeql-action/upload-sarif@33119e582d3ab4ed79c2610af108cb08ff983917 # v3
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: results.sarif
diff --git a/Cargo.toml b/Cargo.toml
@@ -3,6 +3,7 @@
 name = "panic-attacker"
 version = "1.0.0"
 edition = "2021"
+rust-version = "1.85.0"
 authors = ["Jonathan D.A. Jewell <jonathan.jewell@open.ac.uk>"]
 license = "PMPL-1.0-or-later"
 description = "Universal stress testing and logic-based bug signature detection"
diff --git a/README.md b/README.md
@@ -5,7 +5,7 @@
 [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/hyperpolymath/panic-attacker/badge)](https://securityscorecards.dev/viewer/?uri=github.com/hyperpolymath/panic-attacker)
 [![codecov](https://codecov.io/gh/hyperpolymath/panic-attacker/branch/main/graph/badge.svg)](https://codecov.io/gh/hyperpolymath/panic-attacker)
 [![License: PMPL](https://img.shields.io/badge/License-PMPL--1.0--or--later-blue.svg)](LICENSE)
-[![MSRV](https://img.shields.io/badge/MSRV-1.75.0-blue)](Cargo.toml)
+[![MSRV](https://img.shields.io/badge/MSRV-1.85.0-blue)](Cargo.toml)
 
 Universal stress testing and logic-based bug signature detection tool.
 
@@ -78,7 +78,7 @@ cargo install --path .
 
 ### Requirements
 
-- Rust 1.75.0 or later
+- Rust 1.85.0 or later
 - Cargo
 
 ## Quick Start
@@ -338,4 +338,4 @@ If you use panic-attacker in your research, please cite:
 
 ---
 
-**Status**: Active development | **Version**: 0.2.0 | **MSRV**: 1.75.0
+**Status**: Active development | **Version**: 0.2.0 | **MSRV**: 1.85.0
diff --git a/src/xray/mod.rs b/src/xray/mod.rs
@@ -50,7 +50,7 @@ pub fn analyze_verbose<P: AsRef<Path>>(target: P) -> Result<XRayReport> {
         for (rank, (risk, fs)) in scored.iter().take(10).enumerate() {
             println!(
                 "    {}. {} (risk: {}, lines: {}, unsafe: {}, panics: {}, \
-                 unwraps: {}, alloc: {}, io: {}, threads: {})",
+                unwraps: {}, alloc: {}, io: {}, threads: {})",
                 rank + 1,
                 fs.file_path,
                 risk,
