From 650a12970eeeba0bffe406085c2ffc1496430f78 Mon Sep 17 00:00:00 2001 From: Taiki Endo Date: Tue, 10 Sep 2024 11:07:01 +0900 Subject: [PATCH] Ignore RUSTSEC-2024-0370 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ``` error[unmaintained]: proc-macro-error is unmaintained ┌─ /home/runner/work/urdf-viz/urdf-viz/Cargo.lock:190:1 │ 190 │ proc-macro-error 1.0.4 registry+https://github.com/rust-lang/crates.io-index │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unmaintained advisory detected │ ├ ID: RUSTSEC-2024-0370 ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0370 ├ proc-macro-error's maintainer seems to be unreachable, with no commits for 2 years, no releases pushed for 4 years, and no activity on the GitLab repo or response to email. proc-macro-error also depends on `syn 1.x`, which may be bringing duplicate dependencies into dependant build trees. ## Possible Alternative(s) - [manyhow](https://crates.io/crates/manyhow) - [proc-macro-error2](https://crates.io/crates/proc-macro-error2) - [proc-macro2-diagnostics](https://github.com/SergioBenitez/proc-macro2-diagnostics) ├ Announcement: https://gitlab.com/CreepySkeleton/proc-macro-error/-/issues/20 ├ Solution: No safe upgrade is available! ├ proc-macro-error v1.0.4 └── structopt-derive v0.4.18 └── structopt v0.3.26 └── urdf-viz v0.45.2 └── urdf-viz-wasm v0.0.0 ``` --- .deny.toml | 1 + 1 file changed, 1 insertion(+) diff --git a/.deny.toml b/.deny.toml index 1aec554..52128b4 100644 --- a/.deny.toml +++ b/.deny.toml @@ -11,6 +11,7 @@ ignore = [ "RUSTSEC-2021-0139", # unmaintained (ansi_term), transitively dep of structopt (via old clap) "RUSTSEC-2021-0140", # unmaintained (rusttype), dep of kiss3d "RUSTSEC-2021-0150", # unmaintained (ncollide3d), dep of kiss3d + "RUSTSEC-2024-0370", # unmaintained (proc-macro-error), transitively dep of structopt ] # https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html