Update mopa to avoid safety issue (no longer maintained)

[Cypher1]

Dependabots recently opened an advisory on one of my projects https://github.com/Cypher1/tako/ because I'm using specs, which depends on shred, which depends on a version of mopa, whose latest version contains an unsound pattern which can cause segfaults.

Issue here: https://github.com/chris-morgan/mopa/issues/13

Currently the thread's contributors state that mopa is not maintained, but one has set up mopa-maintained, as an alternative where they have added a fix.

Please investigate and update your deps so we can all avoid potential for segfaults :)

Cheers!

[Cypher1]

Links to dependabots security issues:

https://github.com/Cypher1/tako/security/dependabot/1 https://github.com/Cypher1/tako/security/dependabot/4

[torkleyy]

Thanks for reporting the issue @Cypher1! At this point, I'm wondering if the dependency is even worth it, we're using the macro once in the entire crate, maybe that code should just be inlined instead? Would you be willing to create a PR for that?

[torkleyy]

Interesting that you're building a compiler with an ECS, I was thinking about the same thing yesterday, since I'm writing a compiler for a toy language myself. It seemed cumbersome to repeat the structures of your language for every intermediate representation, so I thought why not assign everything an ID and use tables to store related information for the current phase. And ECS seems like the perfect fit for that :)

[torkleyy]

FYI, there's also bevy_ecs, which I think can be used independently and is more actively maintained.

[torkleyy]

I went ahead an created a PR: https://github.com/amethyst/shred/pull/218

[Cypher1]

Thanks @torkleyy I'll check out bevy ECS. I'm really glad you opened the pr as I don't know my way around shred internals