Some maintenance #371
Some maintenance #371
Conversation
The `proc-macro-error` crate is deprecated, hence use `proc-macro-error2` instead. Closes #370.
There was a more recent release which needs a different config. Also make it as strict as it was intended by the original author. And finally use the official GitHub Action to run it on CI.
| @@ -13,7 +13,7 @@ proc-macro = true | |||
| [dependencies] | |||
| proc-macro2 = { version = "1.0.24", features = ["span-locations"] } | |||
| proc-macro-crate = "3.1.0" | |||
| proc-macro-error = "1.0.4" | |||
| proc-macro-error2 = "2.0.1" | |||
There was a problem hiding this comment.
This crate doesn't seem too popular. What's the issue with keeping the old one?
There was a problem hiding this comment.
The reason is https://rustsec.org/advisories/RUSTSEC-2024-0370.html. And if you run something like cargo-deny (which we do on CI), it will complain about it. And I would expect that maybe someone will complain, hence it's easier to upgrade to that one. Another point is that crates are moving on to syn v2, so you would've less duplicated deps as proc-macro-error is still using v1.
There was a problem hiding this comment.
I'd be more concerned about using a random crate than using a so-called "unmaintained" crate, from a supply-chain perspective at least.
There was a problem hiding this comment.
The supply-chain perspective is a good point. I'll update that PR when I find time.
There was a problem hiding this comment.
(I have to wonder if we could just vendor it)
This is a PR that bundles some maintenance work. With all these changes, the dependencies are up to date and the CI is green. It doesn't contain any major changes.
This PR shouldn't be squashed when merged as it's really individual changes only bundles as they are so small.