Cargo cannot authenticate to private HTTPS Git repo

I have a Rust + Cargo project, using stable ie. Cargo 1.48.0 via rustup. One of my dependencies is another such project in a private Git repo which I can access via both SSH and HTTPS. For CI purposes (Gitlab's constraints) it needs to be HTTPS to work. So in my Cargo.toml file I have:

[dependencies]
pvt-dep = { version = "1.0", git = "https://gitlab.com/myorg/myproj/pvt-dep.git" }

However when I do cargo update --verbose:

cargo update --verbose
    Updating git repository `https://gitlab.com/myorg/myproj/pvt-dep.git`
error: failed to get `pvt-dep` as a dependency of package `my-project v0.1.0 (/home/jason/Code/my-project)`

Caused by:
  failed to load source for dependency `pvt-dep`

Caused by:
  Unable to update https://gitlab.com/myorg/myproj/pvt-dep.git

Caused by:
  the given reference name 'refs/heads/' is not valid; class=Reference (4)
  • I have set helper = store in my global git config (~/.gitconfig).
  • I have checked that I can clone the repo using HTTPS without entering the password myself.
  • I have removed ~/.cargo/git and retried.
  • I have tried CARGO_NET_GIT_FETCH_WITH_CLI=true.

How do I get Cargo to use a private HTTPS repo as a dependency?