Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RustSec Warning: proc-macro-error is unmaintained #3765

Open
1 of 3 tasks
dev-bearabbit opened this issue Nov 18, 2024 · 0 comments
Open
1 of 3 tasks

RustSec Warning: proc-macro-error is unmaintained #3765

dev-bearabbit opened this issue Nov 18, 2024 · 0 comments
Labels

Comments

@dev-bearabbit
Copy link

Problem
The proc-macro-error crate, which is a dependency of yew-macro, is flagged as unmaintained by RustSec since 2024-09-01. This causes warnings during cargo audit and may lead to potential dependency issues in the future.

Steps To Reproduce

$ cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 687 security advisories (from /Users/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (161 crate dependencies)
Crate:     proc-macro-error
Version:   1.0.4
Warning:   unmaintained
Title:     proc-macro-error is unmaintained
Date:      2024-09-01
ID:        RUSTSEC-2024-0370
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0370
Dependency tree:
proc-macro-error 1.0.4
└── yew-macro 0.21.0
    └── yew 0.21.0
        └── christmas-tree 0.1.0

warning: 1 allowed warning found

Expected behavior
Yew should remove or replace proc-macro-error to prevent RustSec warnings.

Screenshots
If applicable, add screenshots to help explain your problem.

Environment:

  • Yew version: 0.21.0
  • Rust version: rustc 1.73.0
  • Features enabled: ["csr"]
  • Build tool: trunk
  • OS: MacOS

Additional Context
The advisory URL for proc-macro-error: RUSTSEC-2024-0370.
This issue impacts developer confidence, as it introduces a warning even in projects with no active vulnerabilities. It would be beneficial for Yew to migrate away from this unmaintained dependency or to ensure alternative solutions are explored.

Questionnaire

  • I'm interested in fixing this myself but don't know where to start
  • I would like to fix and I have a solution
  • I don't have time to fix this right now, but maybe later
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant