diff --git a/src/gitlab.rs b/src/gitlab.rs
index c3bd5ea..f5b6ee3 100644
--- a/src/gitlab.rs
+++ b/src/gitlab.rs
@@ -103,8 +103,10 @@ pub async fn enumerate_repo_urls(
                 // nothing
             }
         }
-
-        let projects_ep = builder.build()?; // now no borrows of a temporary
+        
+        // Extract the builder to a separate variable to avoid borrowing a temporary,
+        // allowing us to modify its fields before building the endpoint.
+        let projects_ep = builder.build()?;
         let projects: Vec<SimpleProject> = projects_ep.query(&client)?;
 
         for proj in projects {
diff --git a/src/validation/jwt.rs b/src/validation/jwt.rs
index c5649a9..bf4fc5f 100644
--- a/src/validation/jwt.rs
+++ b/src/validation/jwt.rs
@@ -94,7 +94,7 @@ pub async fn validate_jwt(token: &str) -> Result<(bool, String)> {
     let aud_strings = extract_aud_strings(&claims);
 
     if issuer.trim().is_empty() && aud_strings.iter().all(|s| s.trim().is_empty()) {
-        return Ok((false, "JWT missing issuer and audience".to_string()));
+        return Ok((false, "JWT missing issuer and audience".into()));
     }
     if let Some(iss) = claims.iss.clone() {
         // parse header now (kid, alg)
diff --git a/tests/int_rules_no_validated_findings.rs b/tests/int_rules_no_validated_findings.rs
index aea1cb0..a6d171d 100644
--- a/tests/int_rules_no_validated_findings.rs
+++ b/tests/int_rules_no_validated_findings.rs
@@ -62,7 +62,7 @@ fn scan_rules_has_no_validated_findings() -> Result<()> {
 
         // Fail only on genuinely validated secrets
         assert_ne!(
-            status.as_str(),
+            &status,
             "active credential",
             "Validated finding detected in rule {rule_id}"
         );