-
Notifications
You must be signed in to change notification settings - Fork 59
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Some maintenance #371
base: master
Are you sure you want to change the base?
Some maintenance #371
Conversation
The `proc-macro-error` crate is deprecated, hence use `proc-macro-error2` instead. Closes #370.
There was a more recent release which needs a different config. Also make it as strict as it was intended by the original author. And finally use the official GitHub Action to run it on CI.
@@ -13,7 +13,7 @@ proc-macro = true | |||
[dependencies] | |||
proc-macro2 = { version = "1.0.24", features = ["span-locations"] } | |||
proc-macro-crate = "3.1.0" | |||
proc-macro-error = "1.0.4" | |||
proc-macro-error2 = "2.0.1" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This crate doesn't seem too popular. What's the issue with keeping the old one?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The reason is https://rustsec.org/advisories/RUSTSEC-2024-0370.html. And if you run something like cargo-deny (which we do on CI), it will complain about it. And I would expect that maybe someone will complain, hence it's easier to upgrade to that one. Another point is that crates are moving on to syn
v2, so you would've less duplicated deps as proc-macro-error
is still using v1.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd be more concerned about using a random crate than using a so-called "unmaintained" crate, from a supply-chain perspective at least.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The supply-chain perspective is a good point. I'll update that PR when I find time.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(I have to wonder if we could just vendor it)
This is a PR that bundles some maintenance work. With all these changes, the dependencies are up to date and the CI is green. It doesn't contain any major changes.
This PR shouldn't be squashed when merged as it's really individual changes only bundles as they are so small.