RustSec Warning: proc-macro-error is unmaintained

[dev-bearabbit]

Problem
The proc-macro-error crate, which is a dependency of yew-macro, is flagged as unmaintained by RustSec since 2024-09-01. This causes warnings during cargo audit and may lead to potential dependency issues in the future.

Steps To Reproduce

$ cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 687 security advisories (from /Users/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (161 crate dependencies)
Crate:     proc-macro-error
Version:   1.0.4
Warning:   unmaintained
Title:     proc-macro-error is unmaintained
Date:      2024-09-01
ID:        RUSTSEC-2024-0370
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0370
Dependency tree:
proc-macro-error 1.0.4
└── yew-macro 0.21.0
    └── yew 0.21.0
        └── christmas-tree 0.1.0

warning: 1 allowed warning found

Expected behavior
Yew should remove or replace proc-macro-error to prevent RustSec warnings.

Screenshots
If applicable, add screenshots to help explain your problem.

Environment:

• Yew version: 0.21.0
• Rust version: rustc 1.73.0
• Features enabled: ["csr"]
• Build tool: trunk
• OS: MacOS

Additional Context
The advisory URL for proc-macro-error: RUSTSEC-2024-0370.
This issue impacts developer confidence, as it introduces a warning even in projects with no active vulnerabilities. It would be beneficial for Yew to migrate away from this unmaintained dependency or to ensure alternative solutions are explored.

Questionnaire

• I'm interested in fixing this myself but don't know where to start
• I would like to fix and I have a solution
• I don't have time to fix this right now, but maybe later