There is a RUSTSEC advisory out that affects cmd_lib since it uses proc-macro-errro.
Automated tools like cargo deny detect the crate in project dependency trees and issue warnings like this:
error[unmaintained]: proc-macro-error is unmaintained
┌─ /Users/ryan.butler/P/wc/orb-software/Cargo.lock:377:1
│
377 │ proc-macro-error 1.0.4 registry+https://github.com/rust-lang/crates.io-index
│ ---------------------------------------------------------------------------- unmaintained advisory detected
│
= ID: RUSTSEC-2024-0370
= Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0370
= proc-macro-error's maintainer seems to be unreachable, with no commits for 2 years, no releases pushed for 4 years, and no activity on the GitLab repo or response to email.
proc-macro-error also depends on `syn 1.x`, which may be bringing duplicate dependencies into dependant build trees.
## Possible Alternative(s)
- [proc-macro-error2](https://crates.io/crates/proc-macro-error2)
= Announcement: https://gitlab.com/CreepySkeleton/proc-macro-error/-/issues/20
It would be awesome to silence the robots by switching to a different crate, or eliminating it altogether :)
There is a RUSTSEC advisory out that affects
cmd_libsince it usesproc-macro-errro.Automated tools like
cargo denydetect the crate in project dependency trees and issue warnings like this:It would be awesome to silence the robots by switching to a different crate, or eliminating it altogether :)