RUSTSEC-2026-0173: proc-macro-error2 is unmaintained

[metasim]

This is arguably minor, but the use of aquamarine as a non-dev dependency is triggering a cargo deny error:

error[unmaintained]: proc-macro-error2 is unmaintained
    ┌─ /Users/sfitch/Coding/ge-device-engine/Cargo.lock:357:1
    │
357 │ proc-macro-error2 2.0.1 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unmaintained advisory detected
    │
    ├ ID: RUSTSEC-2026-0173
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0173
    ├ The author of `proc-macro-error2` has [confirmed](https://github.com/GnomedDev/proc-macro-error-2/issues/17#issuecomment-4643215473) that the crate is no longer maintained and recommends that users migrate away from it.
      
      `proc-macro-error2` was originally created as a maintained fork of [`proc-macro-error`](https://crates.io/crates/proc-macro-error) (see [RUSTSEC-2024-0370](https://rustsec.org/advisories/RUSTSEC-2024-0370)). Both the original crate and this fork are now unmaintained.
      
      ## Possible Alternative(s)
      
      - [manyhow](https://crates.io/crates/manyhow)
      - [proc-macro2-diagnostics](https://github.com/SergioBenitez/proc-macro2-diagnostics)
    ├ Announcement: https://github.com/GnomedDev/proc-macro-error-2/issues/17
    ├ Solution: No safe upgrade is available!

advisories FAILED, bans ok, licenses ok, sources ok

My 2¢: The diagrams are nice to have, but arguably not enough to have to add a blanket "ignore" to deny.toml in order to use packate_parser in an environment where validating against RUSTSEC is needed.

Not sure if moving it to dev-dependencies still works with #[cfg_attr(doc, aquamarine::aquamarine)], or there's another way of doing optional dependencies for rustdoc generation, but that would be a nice intermediate solution until aquamarine re-releases. There's already an issue filed against aquamarine.

[Akmot9]

Thanks for reporting this.

I agree that aquamarine should not force downstream users of packet_parser to pull an unmaintained transitive dependency, especially in environments where cargo deny / RustSec validation is enforced.

The diagrams are documentation-only, so I will move this behind an optional documentation feature instead of keeping it as a normal dependency. The goal is that regular users of the crate can depend on packet_parser without having to ignore RUSTSEC-2026-0173.

Planned fix:

remove aquamarine from default dependencies;

make it optional behind a doc-diagrams feature, or move it to documentation-only tooling if possible;

keep the Rustdoc diagrams available for maintainers/contributors who explicitly enable the feature.

Thanks again for pointing this out.