Update comment about cargo-ok
In #11665 I added some code to deal with a truncated `.cargo-ok` file. However I misunderstood the likely reason this was happening. Rust versions from 1.0 to 1.34 created empty files, and versions 1.36 to 1.49 could create empty files if they were interrupted during extraction.
This PR updates the comment to try to explain this in detail to replace the erroneous comment from before. I think the change of deleting the directory is still the safe choice, even if it causes some cache churn when dealing with crates extracted by versions before 1.34.
Error on invalid alphanumeric token for crates.io
ref #11571
When using `cargo login` and calling an api which requires authentification there will be an error if the given token is not a valid alphanumerical string.
This check is only enabled for crates.io because
only for that registry we can be certain, that the generated token should have been alphanumeric, see [the code here](7ea41e9d34/src/util/token.rs (L15)). So if I'm not mistaken, this should not be a breaking change, since crates.io only generates fitting tokens. (Should I add a comment to the crates.io code that modifying this logic can break cargo?)
I'm not sure if the fix works and is enough to close the issue, please say if you have any corrections or improvements!
I don't know if the check should also be enabled for other registries and it would be really bad if the check is too strict.
In the linked issue it was recommended to encode invalid characters, but I don't know in which encoding. I saw in [this http rfc](https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4) that only the ISO-8859-1 charset is allowed and everything else must be [encoded](https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4) but this seems somewhat complex and hard to implement. There is a crate `rust-encoding` which should be capable doing this (from a first look), but I don't know if a new dependency only for this is justified. There seems to be `percent encoding` already in the dependency tree but I have no idea if it would be correct and work.
If you have any idea about this encoding, please say so.
r? `@Eh2406` (since you suggested the encoding part)
* moved `is_empty` check into `check_token`
* improved error message (is quite long now but should explain the error
well)
* removed one helper function from new test
When using registry operations with authentication there will be now an
error if the given token is not valid.
This is a technically a breaking change because a registry might give
some tokens which will be denied by these new checks.
In practice these tokens cause issues with HTTP so no registry should
generate them.
chore: Make dependencies alphabetical order
`[dependencies]` in some `Cargo.toml` were out of alphabetical order. This made it slightly more time-consuming to find if a dependency was in a `Cargo.toml`.
This PR makes it so that they are in alphabetical order.
Note: `rustc-workspace-hack` was left alone at the bottom as it is a special dependency.
chore: bump mdbook to 0.4.27
Previously mdbook was bumped in #11646 for contrib.yml worflow
but main.yaml workflow. This makes the two in sync and also
upgrades to the latest 0.4.27. (Though there is nothing really
changed for application users as us)
Previously mdbook was bumped in #11646 for contrib.yml worflow
but main.yaml workflow. This makes the two in sync and also
upgrades to the latest 0.4.27. (Though there is nothing really
changed for application users as us)
