search

fishfolk / bones

An easy-to-use game engine for making real games.
https://fishfolk.org/development/bones/introduction/
Other
236 stars 20 forks source link

Cargo deny advisory: proc-macro-error unmaintanied (https://rustsec.org/advisories/RUSTSEC-2024-0370) #479

Closed MaxCWhitehead closed 1 month ago

MaxCWhitehead commented 1 month ago

We have this advisory triggering - (or perhaps will once iroh update is merged):

On this dep tree:

495 │ proc-macro-error 0.4.12 registry+https://github.com/rust-lang/crates.io-index
    │ ----------------------------------------------------------------------------- unmaintained advisory detected
    │
    = ID: RUSTSEC-2024-0370
    = Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0370
    = proc-macro-error's maintainer seems to be unreachable, with no commits for 2 years, no releases pushed for 4 years, and no activity on the GitLab repo or response to email.

      proc-macro-error also depends on `syn 1.x`, which may be bringing duplicate dependencies into dependant build trees.

      ## Possible Alternative(s)

      - [manyhow](https://crates.io/crates/manyhow)
      - [proc-macro-error2](https://crates.io/crates/proc-macro-error2)
      - [proc-macro2-diagnostics](https://github.com/SergioBenitez/proc-macro2-diagnostics)
    = Announcement: https://gitlab.com/CreepySkeleton/proc-macro-error/-/issues/20
    = Solution: No safe upgrade is available!
    = proc-macro-error v0.4.12
      └── genawaiter-proc-macro v0.99.1
          └── genawaiter v0.99.1
              └── iroh-net v0.26.0
                  ├── bones_framework v0.4.0
                  │   ├── bones_bevy_renderer v0.4.0
                  │   │   ├── demo_assets_minimal v0.4.0
                  │   │   ├── demo_features v0.4.0
                  │   │   ├── demo_hello_world v0.4.0
                  │   │   └── demo_scripting v0.4.0
                  │   ├── demo_assets_minimal v0.4.0 (*)
                  │   ├── demo_features v0.4.0 (*)
                  │   ├── demo_hello_world v0.4.0 (*)
                  │   └── demo_scripting v0.4.0 (*)
                  ├── bones_matchmaker v0.4.0
                  └── bones_matchmaker_proto v0.4.0
                      ├── bones_framework v0.4.0 (*)
                      └── bones_matchmaker v0.4.0 (*)

Opened an issue in genawaiter: https://github.com/whatisaphone/genawaiter/issues/40

MaxCWhitehead commented 1 month ago

I disabled this advisory as it seems unlikely will be fixed upstream + iroh is also ignoring it - linked this issue in comment, closing for now to not clog up issue queue.