Updated Cargo.toml to mitigate CVE-2021-26951

[evensolberg]

• Updated generate-fit-profile/Cargo.toml to mitigate https://github.com/advisories/GHSA-ppqp-78xx-3r38
• Ran cargo clippy -- -W clippy::pedantic -W clippy::nursery -W clippy::unwrap_used in the generate-fit-profile/ subdirectory and cleaned up a bunch of messages.

PLEASE enable Dependabot on this repository, if you haven't already. (Settings --> Code Security and Analysis)

[stadelmanma]

@evensolberg thanks for this. As far as I can tell dependabot is enabled, I just never setup a config file for it. It popped the calamine warning awhile ago which I fixed by pointing it to the master branch back in Nov. 2022. The CVE was fixed but there was a bug introduced back in 0.17.0 that didn't get fixed until after 0.19.1 dropped, glad to see they cut a new release.

Also, can you separate the clippy stuff into a separate merge request? I'm seeing changes that remove places where the profile generation code would panic that at a glance I'm not sure are valid in the larger context. The garmin folks like to fiddle with the profile.xlsx file from time to time and in lieu of proper error handling and propagation we probably want those panics to happen.

[evensolberg]

Sure thing. I was wondering if that might be the case.

[evensolberg]

It may be better to replace some of the un-handled unwrap()s with expect() instead. At least then you're explicit.

[stadelmanma]

I don't disagree, the whole profile generation code is pretty rough. Since I only run it occasionally when I download a new SDK and "it works" it gets neglected. I had started on some local changes a few months ago to clean it up that I never finished but looking at those now I think that's probably not the route I'd want to go with for refactoring anymore.