Have `cargo vet prune` remove old redundant policy fields

[repi]

If you have removed a dependency that you had a [policy.crate-name] for in your config.toml you get the following nice and clear warning:

ERROR   × There are some issues with your third-party policy entries

Error:   × some versioned policy entries don't correspond to crates being used
  │   crate-name
  help: Remove the `policy` entries

though instead of having to remove that manually in your config file, is this something cargo prune could do for you to streamline things?

[bholley]

I'm not sure how easy it would be to implement in practice, because this surfaces as an error, whereas cargo vet prune expects to be run in a passing state.

We could of course just make the tool automatically remove the irrelevant entries, but we went with an explicit error so that (1) it would be less mysterious why a policy entry was disappearing, and (2) users would be less likely to inadvertently drop an important policy when a crate was renamed or something.

[mystor]

The audit-as checking is actually handled independently from the rest of the resolver, so I don't think it would technically interfere with cargo vet prune. We'd effectively need to make cargo vet prune start by running a pared-down version of cargo vet regenerate audit-as-crates-io which is only allowed to fix a subset of the issues before carrying on as-before (e.g. we wouldn't want it to add new audit-as entries like the regenerate command does IIRC).

On that note, if you weren't aware of that subcommand, I believe you should be able to run it rather than removing the entries manually as well.

[repi]

does cargo vet regenerate audit-as-crates-io remove [policy] elements for unused crates, regardless if they contained the audit-as-crates-io field or not?

[bholley]

I'm not sure. @mystor ?

[mystor]

Apparently it does not, though there is a comment in the logic considering that behaviour dating back to #368 though.

https://github.com/mozilla/cargo-vet/blob/3c3f1e0c01abfac346a4c63a7ecfa5004f769ec9/src/main.rs#L1918-L1919

At one point I think I had considered pruning completely empty [policy] entries as part of formatting or similar, though the requirements around versioned policy entries does make that a bit more complex nowadays.