rustypaste icon indicating copy to clipboard operation
rustypaste copied to clipboard
verified publisher icon orhun

RUSTSEC-2024-0370: proc-macro-error is unmaintained

Open github-actions[bot] opened this issue 1 year ago • 17 comments

proc-macro-error is unmaintained

Details
Status unmaintained
Package proc-macro-error
Version 1.0.4
URL https://gitlab.com/CreepySkeleton/proc-macro-error/-/issues/20
Date 2024-09-01

proc-macro-error's maintainer seems to be unreachable, with no commits for 2 years, no releases pushed for 4 years, and no activity on the GitLab repo or response to email.

proc-macro-error also depends on syn 1.x, which may be bringing duplicate dependencies into dependant build trees.

Possible Alternative(s)

See advisory page for additional details.

github-actions[bot] avatar Sep 08 '24 00:09 github-actions[bot]

Unless these are root dependencies, such advisories are freaking useless. We can't do shit about them unless we use them directly.

tessus avatar Sep 08 '24 14:09 tessus

Yup, it seems too deep in the dependency chain :/

orhun avatar Sep 08 '24 17:09 orhun

Is there a way to configure the bot so that only advisories are given for root dependencies? Baceause those are the onlt ones we can actually fix...

tessus avatar Sep 08 '24 17:09 tessus

Btw @orhun, in case you are in Austria in the next month, please give me a ping. We could grab a coffee or beer... both are pretty good in Austria.

tessus avatar Sep 08 '24 17:09 tessus

Is there a way to configure the bot so that only advisories are given for root dependencies?

Hmm not sure.

Baceause those are the onlt ones we can actually fix...

Actually these ones are not that bad sometimes since we can do cargo update <dep> to upgrade in case of critical security vulnerabilities.

Btw @orhun, in case you are in Austria in the next month, please give me a ping. We could grab a coffee or beer... both are pretty good in Austria.

Yup, let's do it :) I will be in Vienna (for EuroRust) between 9-14th if I remember correctly.

orhun avatar Sep 09 '24 08:09 orhun

Actually these ones are not that bad sometimes since we can do cargo update to upgrade in case of critical security vulnerabilities.

Ok, good to know.

Yup, let's do it :) I will be in Vienna (for EuroRust) between 9-14th if I remember correctly.

Awesome. That week I am about 1h away from Vienna. The 13th in the afternoon would be great for me.

tessus avatar Sep 09 '24 08:09 tessus

The airline cancelled my flight on 9th 💀 I'm trying to re-book it but it takes time for some reason. I will ping you once I have everything confirmed 🙏🏼

Fingers crossed.

orhun avatar Sep 12 '24 14:09 orhun

I hope for the best. Fingers crossed. 🤞

tessus avatar Sep 12 '24 15:09 tessus

@tessus it's confirmed!

I will be on Vienna on 9th and returning on 14th. I haven't booked any hotels - I actually want to go and check out Bratislava on one of my free days. I think meeting up on 13th might work :)

orhun avatar Sep 20 '24 19:09 orhun

@orhun nice. please let me know a few days in advance and I'll reserve a table at the Café Schwarzenberg in the afternoon around 2pm or so.

tessus avatar Sep 22 '24 08:09 tessus

aight bet

orhun avatar Sep 22 '24 08:09 orhun

Btw, what's your gpg key? The one I found is expired....

tessus avatar Sep 22 '24 08:09 tessus

it's on my website: https://orhun.dev

orhun avatar Sep 22 '24 08:09 orhun

let's book the place 🙏🏼

orhun avatar Oct 08 '24 16:10 orhun

Ok, I'll reserve a table for 2 people at 14:00 on Sunday the 13th at the Café Schwarzenberg. Or is later better for you? e.g. 15:00 or 16:00? For me all is good as long as it is at or after 14:00.

tessus avatar Oct 08 '24 16:10 tessus

I think 15:00 would be great 👍🏼

orhun avatar Oct 08 '24 16:10 orhun

Done. I've sent you the reservation details per mail.

tessus avatar Oct 08 '24 16:10 tessus