Update to work with Rust 1.85

[mleonhard]

This PR fixes

• Unrecognized literal c"" #517
• Cannot read new Cargo.lock files #530

Changes:

• Migrate from syn v1 to v2 to support new C-style string literals. This fixes the panic: Unrecognized literal: c"".
• Upgrades krates dep
  • This adds support for new version 4 Cargo.lock files
  • This adds support for the new package-ID format (fix(metadata): Stabilize id format as PackageIDSpec  rust-lang/cargo#12914). Without this change, cargo-geiger built with Rust 1.77 or newer would fail with:

    thread 'scan::scan_tests::list_files_used_but_not_scanned_test::case_1' panicked at /Users/user/.cargo/registry/src/index.crates.io-6f17d22bba15001f/krates-0.11.0/src/builder.rs:919:36:
    called `Option::unwrap()` on a `None` value
    
• Upgrades other libraries to match the versions used in krates and its dependencies
• Upgrades other libraries to their latest versions
• Updates tests
  • Some snapshot tests seem to be looking at dependencies of the crate, so when we change versions these tests break. It would be good to remove these so the tests only depend on code in the repo.
• I had trouble updating some snapshots because my editor was removing trailing whitespace. Rather than work around this, I updated the report code to stop adding trailing whitespace.
• Set Minimum Support Rust Version (MSRV) to 1.85.

I apologize for the size of this PR. I'm happy to split it up however you wish - just let me know in the comments. If you want to review it as-is, it's probably good to review it one commit at a time.

Testing

The package tests pass on my laptop, with an M4 Pro and macOS 15.3.1, and Rust 1.85.0.

fork-cargo-geiger % cargo test                                          
   Compiling cargo-geiger v0.11.7 (/Users/user/fork-cargo-geiger/cargo-geiger)
    Finished `test` profile [unoptimized + debuginfo] target(s) in 2.16s
     Running unittests src/lib.rs (target/debug/deps/cargo_geiger-4780110dd1419ab3)

running 188 tests
...
   Doc-tests geiger

running 0 tests

test result: ok. 0 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s

fork-cargo-geiger %

I also built the cargo-geiger binary and ran it locally on another project (https://github.com/mleonhard/jtoo-rs) and confirmed that it worked as expected.

cargo-geiger % cargo install cargo-geiger --path . --features vendored-openssl
...
jtoo % ../update-readme.sh 
PWD=/Users/user/jtoo-rs/jtoo
+ cargo readme --no-title --no-indent-headings
+ set +x
+ cargo geiger --all-features --update-readme --readme-path Readme.md --output-format GitHubMarkdown --build-dependencies
Failed to match (ignoring source) package: registry+https://github.com/rust-lang/crates.io-index#itoa@1.0.15 
...
{"$message_type":"artifact","artifact":"/Users/user/jtoo-rs/target/debug/deps/libjtoo-2cfeeafbee32deed.rmeta","emit":"metadata"}
    Finished `dev` profile [unoptimized + debuginfo] target(s) in 2.51s
    Scanning done
WARNING: Dependency file was never scanned: /Users/user/jtoo-rs/target/debug/build/rust_decimal-5ad8237b90038475/out/README-lib.md
error: Found 1 warnings
+ true
+ set +x

real	0m2.957s
user	0m3.325s
sys	0m1.085s
Done.
jtoo % git diff Readme.md 
diff --git a/jtoo/Readme.md b/jtoo/Readme.md
index a537833..e9340d9 100644
--- a/jtoo/Readme.md
+++ b/jtoo/Readme.md
@@ -46,7 +46,48 @@ assert_eq!(text, &text2);
 - jtoo: 225ns (33% slower)
 
 # Cargo Geiger Safety Report
+```
+
+Metric output format: x/y
+    x = unsafe code used by the build
+    y = total unsafe code found in the crate
+
+Symbols:
+    🔒  = No `unsafe` usage found, declares #![forbid(unsafe_code)]
+    ❓  = No `unsafe` usage found, missing #![forbid(unsafe_code)]
+    ☢️  = `unsafe` usage found
+
+Functions  Expressions  Impls  Traits  Methods  Dependency
 
+0/0        0/0          0/0    0/0     0/0      🔒  jtoo 0.1.0
+0/0        0/0          0/0    0/0     0/0      🔒  ├── jtoo_derive 0.1.0
+0/0        0/0          0/0    0/0     0/0      🔒  │   ├── jtoo_derive_impl 0.1.0
+0/0        14/14        0/0    0/0     3/3      ☢️  │   │   ├── proc-macro2 1.0.94
+0/0        4/4          0/0    0/0     0/0      ☢️  │   │   │   └── unicode-ident 1.0.18
+0/0        0/0          0/0    0/0     0/0      ❓  │   │   ├── quote 1.0.39
+0/0        14/14        0/0    0/0     3/3      ☢️  │   │   │   └── proc-macro2 1.0.94
+0/0        88/88        3/3    0/0     2/2      ☢️  │   │   └── syn 2.0.99
+0/0        14/14        0/0    0/0     3/3      ☢️  │   │       ├── proc-macro2 1.0.94
+0/0        0/0          0/0    0/0     0/0      ❓  │   │       ├── quote 1.0.39
+0/0        4/4          0/0    0/0     0/0      ☢️  │   │       └── unicode-ident 1.0.18
+0/0        14/14        0/0    0/0     3/3      ☢️  │   ├── proc-macro2 1.0.94
+0/0        88/88        3/3    0/0     2/2      ☢️  │   └── syn 2.0.99
+0/0        0/0          0/0    0/0     0/0      🔒  ├── rust_decimal 1.36.0
+2/2        340/340      2/2    0/0     7/7      ☢️  │   ├── arrayvec 0.7.6
+0/0        0/0          0/0    0/0     0/0      ❓  │   └── num-traits 0.2.19
+                                                       │       [build-dependencies]
+0/0        0/0          0/0    0/0     0/0      ❓  │       └── autocfg 1.4.0
+2/5        314/342      0/0    0/0     6/6      ☢️  └── time 0.3.39
+1/1        4/4          0/0    0/0     1/1      ☢️      ├── deranged 0.3.11
+0/0        0/0          0/0    0/0     0/0      ❓      │   ├── num-traits 0.2.19
+2/2        29/29        0/0    0/0     0/0      ☢️      │   └── powerfmt 0.2.0
+0/0        0/0          0/0    0/0     0/0      ❓      ├── num-conv 0.1.0
+2/2        29/29        0/0    0/0     0/0      ☢️      ├── powerfmt 0.2.0
+0/0        0/0          0/0    0/0     0/0      ❓      └── time-core 0.1.3
+
+7/10       793/821      5/5    0/0     19/19
+
+```
 # Changelog
 - v0.1.0 - Initial version.

[mleonhard]

This PR keeps growing and growing as I fix more tests. I would love to hear suggestions for splitting it up. It would also be great if there was a way to get syn v2 to parse the same way as v1 so expression counts would match.

[pinkforest]

We're re-writing much of the core incl. to break the cargo-reliance so messy PR is ok for now to fix the techdebt np.

Thanks so much for doing this 🚀

[mleonhard]

I updated the PR so the tests pass under latest stable Rust 1.85.0. It's ready for review.

[mleonhard]

I used rustfmt to fix the formatting.

[eirnym]

Any news when it can land?

[boozook]

Bump, +1, we really need c-literal support.