From 1cedffdadc163850c163fb5fdc6c777cbf2dd55f Mon Sep 17 00:00:00 2001
From: phelix001 <freedman.joshua@gmail.com>
Date: Tue, 24 Feb 2026 17:42:16 -0500
Subject: [PATCH] ci: pin Rust toolchain, update actions, add audit and JS
 checks

- Add rust-toolchain.toml pinning to 1.85 (MSRV for edition 2024)
- Update actions/checkout from v2 to v4
- Remove manual rustfmt/clippy install (now declared in rust-toolchain.toml)
- Add cargo audit step for dependency vulnerability scanning
- Add node --check for web extension JS syntax validation

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .github/workflows/main.yml | 11 +++++++++--
 rust-toolchain.toml        |  3 +++
 2 files changed, 12 insertions(+), 2 deletions(-)
 create mode 100644 rust-toolchain.toml

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 1d5e832..48eaf4b 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -17,10 +17,9 @@ jobs:
     name: Build
     runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
       - run: rustup show active-toolchain
-      - run: rustup component add rustfmt clippy
 
       - name: Configure Rust cache
         uses: Swatinem/rust-cache@v2
@@ -64,3 +63,11 @@ jobs:
 
       - name: Check formatting
         run: cargo fmt --all --check
+
+      - name: Audit dependencies
+        run: |
+          cargo install cargo-audit --locked
+          cargo audit
+
+      - name: Validate web extension JS syntax
+        run: node --check webext/add-on/*.js
diff --git a/rust-toolchain.toml b/rust-toolchain.toml
new file mode 100644
index 0000000..3488a6b
--- /dev/null
+++ b/rust-toolchain.toml
@@ -0,0 +1,3 @@
+[toolchain]
+channel = "1.85"
+components = ["rustfmt", "clippy"]