proc-macro-error is unmaintained
Opened this issue · 5 comments
jayvdb commented
syn_derive> cargo deny check advisories
2024-09-05 23:40:22 [WARN] unable to find a config path, falling back to default config
error[unmaintained]: proc-macro-error is unmaintained
┌─ /home/jayvdb/rust/syn_derive/Cargo.lock:1:1
│
1 │ proc-macro-error 1.0.4 registry+https://github.com/rust-lang/crates.io-index
│ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unmaintained advisory detected
│
├ ID: RUSTSEC-2024-0370
├ Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0370
├ proc-macro-error's maintainer seems to be unreachable, with no commits for 2 years, no releases pushed for 4 years, and no activity on the GitLab repo or response to email.
proc-macro-error also depends on `syn 1.x`, which may be bringing duplicate dependencies into dependant build trees.
## Possible Alternative(s)
- [proc-macro-error2](https://crates.io/crates/proc-macro-error2)
├ Announcement: https://gitlab.com/CreepySkeleton/proc-macro-error/-/issues/20
├ Solution: No safe upgrade is available!
├ proc-macro-error v1.0.4
└── syn_derive v0.1.8
advisories FAILED
https://crates.io/crates/proc-macro-error2 is the only published replacement so far as I can see. There are a few other forks around tho.
Kyuuhachi commented
I appreciate the thought, but I'm a bit skeptical to switching from a 125M dl crate to a 7k one. I'll wait a bit and see if it gets anywhere first.
jayvdb commented
https://crates.io/crates/proc-macro2-diagnostics looks to be another alternative.
c.f. TeXitoi/structopt#536
jayvdb commented
https://crates.io/crates/manyhow is another option
jayvdb commented
fwiw, manyhow is quite nice IMO, c.f. nvksv/maybe-async-cfg#9
Sytten commented
Its better now in terms of adoption @Kyuuhachi