RUSTSEC-2024-0370: proc-macro-error is unmaintained

[github-actions[bot]]

proc-macro-error is unmaintained

Details
Status	unmaintained
Package	proc-macro-error
Version	1.0.4
URL	https://gitlab.com/CreepySkeleton/proc-macro-error/-/issues/20
Date	2024-09-01

proc-macro-error's maintainer seems to be unreachable, with no commits for 2 years, no releases pushed for 4 years, and no activity on the GitLab repo or response to email.

proc-macro-error also depends on syn 1.x, which may be bringing duplicate dependencies into dependant build trees.

Possible Alternative(s)

• proc-macro-error2

See advisory page for additional details.

[DanielVoogsgerd]

According to cargo tree -i this is a transient dependency we get from the following packages:

• enum_debug
• enum_debug_derive
• juniper_codegen

@Lut99 Could you take action on the first two as you are the author?

The juniper_codegen dependency has been removed in the latest version bump from 0.15.x -> 0.16.0, so could you maybe also take a look at bumping that version?

It looks like we are affected by one of the backwards compatibility as bumping the version causes some compile time errors.

The relevant changelog entry is here: https://github.com/graphql-rust/juniper/blob/juniper_codegen-v0.16.0/juniper_codegen/CHANGELOG.md#0160--2024-03-20

[Lut99]

Oh no the graphql toolchain, that'll be a thing.

But OK I'll give it a look! :+1:

[Lut99]

See #155 here and Lut99/enum-debug@4305405 over there.

Should I push a new version of enum-debug?

[DanielVoogsgerd]

Yeah, sounds good to me.