Support sparse registry references in Lockfiles

[rbtcollins]

Closes #604

Signed-off-by: Robert Collins robert.collins@cognite.com

[rbtcollins]

Note that this doesn't on its own fix the cargo-audit bug with sparse+ references in lockfiles because of the non-local use of cargo-lock by cargo-audit: a release of cargo-lock and then an update to use the released version will be required to fully fix the bug.

[rbtcollins]

Looking more closely at #604 it is possible that it is describing a different problem : the one this patch solves is explicitly annotated sparse registries, such as happens when a company or organisation has an internal registry for internal crates, and that internal registry happens to be sparse.

[tarcieri]

source.rs is effectively vendored from what is now https://github.com/rust-lang/cargo/blob/master/src/cargo/core/source/source_id.rs

Making any changes which diverge from upstream does not make sense to me.

[rbtcollins]

Ok. Well I can redo the change to be aligned with cargo's own form. Is the vendoring automated, or just a copy+fix-up until it builds?

[tarcieri]

It’s manually vendored

[rbtcollins]

I've changed the change to match the Cargo expression of the logic.

[rbtcollins]

@tarcieri ping - I think this meets your needs vis-a-vis not diverging now

[tarcieri]

Since these enums aren't marked #[non_exhaustive], this is a breaking change which necessitates a major version bump (something I can take care of).

We could also bump MSRV as part of it in order to better retain compatibility with the upstream code.

[rbtcollins]

I'm happy to push up a change to be 1.56 compatible, and add #[non_exhaustive] to save future compat friction; or I can push up one bumping the MSRV; let me know.

[tarcieri]

Let's go ahead and bump MSRV to stay compatible with the upstream code

[rbtcollins]

MSRV bump pushed

[tarcieri]

Looks like the clippy MSRV needs to be bumped

[rbtcollins]

Have bumped MSRV pervasively now.

[tarcieri]

Looks good now, thanks!