proc-macro-error is unmaintained

[jayvdb]

c.f. https://github.com/rustsec/advisory-db/pull/2057

syn_derive> cargo deny check advisories
2024-09-05 23:40:22 [WARN] unable to find a config path, falling back to default config
error[unmaintained]: proc-macro-error is unmaintained
  ┌─ /home/jayvdb/rust/syn_derive/Cargo.lock:1:1
  │
1 │ proc-macro-error 1.0.4 registry+https://github.com/rust-lang/crates.io-index
  │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unmaintained advisory detected
  │
  ├ ID: RUSTSEC-2024-0370
  ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0370
  ├ proc-macro-error's maintainer seems to be unreachable, with no commits for 2 years, no releases pushed for 4 years, and no activity on the GitLab repo or response to email.

    proc-macro-error also depends on `syn 1.x`, which may be bringing duplicate dependencies into dependant build trees.

    ## Possible Alternative(s)

    - [proc-macro-error2](https://crates.io/crates/proc-macro-error2)
  ├ Announcement: https://gitlab.com/CreepySkeleton/proc-macro-error/-/issues/20
  ├ Solution: No safe upgrade is available!
  ├ proc-macro-error v1.0.4
    └── syn_derive v0.1.8

advisories FAILED

https://crates.io/crates/proc-macro-error2 is the only published replacement so far as I can see. There are a few other forks around tho.

[Kyuuhachi]

I appreciate the thought, but I'm a bit skeptical to switching from a 125M dl crate to a 7k one. I'll wait a bit and see if it gets anywhere first.

[jayvdb]

https://crates.io/crates/proc-macro2-diagnostics looks to be another alternative. c.f. https://github.com/TeXitoi/structopt/pull/536

[jayvdb]

https://crates.io/crates/manyhow is another option

[jayvdb]

fwiw, manyhow is quite nice IMO, c.f. https://github.com/nvksv/maybe-async-cfg/pull/9