RUSTSEC-2024-0370: proc-macro-error is unmaintained

[github-actions]

proc-macro-error is unmaintained

Details
Status	unmaintained
Package	proc-macro-error
Version	1.0.4
URL	https://gitlab.com/CreepySkeleton/proc-macro-error/-/issues/20
Date	2024-09-01

proc-macro-error's maintainer seems to be unreachable, with no commits for 2 years, no releases pushed for 4 years, and no activity on the GitLab repo or response to email.

proc-macro-error also depends on syn 1.x, which may be bringing duplicate dependencies into dependant build trees.

Possible Alternative(s)

• proc-macro-error2

See advisory page for additional details.

[tessus]

Unless these are root dependencies, such advisories are freaking useless. We can't do shit about them unless we use them directly.

[orhun]

Yup, it seems too deep in the dependency chain :/

[tessus]

Is there a way to configure the bot so that only advisories are given for root dependencies?
Baceause those are the onlt ones we can actually fix...

[tessus]

Btw @orhun, in case you are in Austria in the next month, please give me a ping. We could grab a coffee or beer... both are pretty good in Austria.

[orhun]

Is there a way to configure the bot so that only advisories are given for root dependencies?

Hmm not sure.

Baceause those are the onlt ones we can actually fix...

Actually these ones are not that bad sometimes since we can do cargo update <dep> to upgrade in case of critical security vulnerabilities.

Btw @orhun, in case you are in Austria in the next month, please give me a ping. We could grab a coffee or beer... both are pretty good in Austria.

Yup, let's do it :) I will be in Vienna (for EuroRust) between 9-14th if I remember correctly.

[tessus]

Actually these ones are not that bad sometimes since we can do cargo update to upgrade in case of critical security vulnerabilities.

Ok, good to know.

Yup, let's do it :) I will be in Vienna (for EuroRust) between 9-14th if I remember correctly.

Awesome. That week I am about 1h away from Vienna. The 13th in the afternoon would be great for me.

[orhun]

The airline cancelled my flight on 9th 💀 I'm trying to re-book it but it takes time for some reason. I will ping you once I have everything confirmed 🙏🏼

Fingers crossed.

[tessus]

I hope for the best. Fingers crossed. 🤞

[orhun]

@tessus it's confirmed!

I will be on Vienna on 9th and returning on 14th. I haven't booked any hotels - I actually want to go and check out Bratislava on one of my free days. I think meeting up on 13th might work :)

[tessus]

@orhun nice. please let me know a few days in advance and I'll reserve a table at the Café Schwarzenberg in the afternoon around 2pm or so.

[orhun]

aight bet

[tessus]

Btw, what's your gpg key? The one I found is expired....

[orhun]

it's on my website: https://orhun.dev

[orhun]

let's book the place 🙏🏼

[tessus]

Ok, I'll reserve a table for 2 people at 14:00 on Sunday the 13th at the Café Schwarzenberg. Or is later better for you? e.g. 15:00 or 16:00? For me all is good as long as it is at or after 14:00.

[orhun]

I think 15:00 would be great 👍🏼

[tessus]

Done. I've sent you the reservation details per mail.