Consider replacing getset crate

[flavio]

The getset is consuming the proc-macro-error dependency.

The RUSTSEC-2024-0370 advisory has just been issued because proc-macro-error is no longer maintained.

getset looks unmaintained too, but doesn't have a RUSTSEC advisory assigned to it, yet.

While IMHO this is nothing serious from a security POV, it would be nice to evaluate the feasibility of replacing getset with a similar crate that is actively maintained and doesn't pull in unmaintained dependencies.

[saschagrunert]

@flavio thank you for the report.

@Hoverbear do you think we can make getset independent from proc-macro-error?

[Hoverbear]

I imagine it would be possible to make that change. @jbaublitz took over the crate sometime a couple years back, perhaps he would be willing to review a PR. (Thanks for reminding me to pass over crate ownership on crates.io)

[jbaublitz]

Hi @saschagrunert. I have reviewed a PR upstream to update syn to version 2. I have to look into what's pulling in the I unmaintained version a little bit more and see if just updating syn will resolve the issue (out of office at the moment but should have time to take a look at this later today).