Fix minimal-versions CI by constraining transitive dependencies

[Copilot]

The cargo minimal-versions check CI job fails when transitive dependencies resolve to their absolute minimum versions, which have compatibility issues with modern Rust nightly.

Changes

Updated Cargo.toml with minimum version constraints for transitive dependencies:

• hashbrown ≥ 0.14.5 - v0.14.0 pulls ahash v0.8.4 which references removed stdsimd feature
• lazy_static ≥ 1.3.0 - v1.0.0 has broken macro exports needed by sharded-slab
• tracing-subscriber ≥ 0.3.18 - v0.3.0 uses incompatible sharded-slab v0.1.0
• anyhow ≥ 1.0.40 - v1.0.0 implements removed Error::backtrace() on nightly
• thiserror ≥ 1.0.20 - v1.0.0 has incomplete #[from] attribute support
• chrono ≥ 0.4.20 - v0.4.0 lacks DateTime::default() used by derived Default

Each constraint targets the earliest version that resolves the compatibility issue.

Technical Context

The dependency chain causing the primary failure:

rust-guardian → lru v0.12 → hashbrown v0.14.0 → ahash v0.8.4
                                                   └─ uses #![feature(stdsimd)] (removed Feb 2024)

With the constraint, minimal-versions now resolves to hashbrown v0.14.5 which requires ahash ≥ 0.8.7.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• docs.rs
  • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node /home/REDACTED/work/_temp/ghcca-node/node/bin/node --enable-source-maps /home/REDACTED/work/_temp/copilot-developer-action-main/dist/index.js (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[Copilot]

Pull request overview

This pull request fixes CI failures in the cargo minimal-versions check job by adding minimum version constraints for transitive dependencies that have compatibility issues with modern Rust nightly. The PR includes a version bump from 0.1.0 to 0.1.1.

Changes:

• Added minimum version constraints for six transitive dependencies (hashbrown, lazy_static, tracing-subscriber, anyhow, thiserror, chrono) to ensure compatibility with Rust nightly
• Bumped version from 0.1.0 to 0.1.1 in Cargo.toml, main.rs, and report/mod.rs
• Removed the inaccurate "Zero Dependencies" claim from README.md
• Updated CHANGELOG.md with details of the dependency constraint fixes

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
Cargo.toml	Version bump to 0.1.1, added minimum version constraints for transitive dependencies, added hashbrown to cache feature
src/main.rs	Updated CLI version string from 0.1.0 to 0.1.1
src/report/mod.rs	Updated SARIF output version string from 0.1.0 to 0.1.1 (with syntax error)
README.md	Removed inaccurate "Zero Dependencies" feature claim
CHANGELOG.md	Added [Unreleased] section documenting the minimal-versions compatibility fixes