`cargo deny` fails on account of RUSTSEC-2024-0388 (`derivative` crate is unmaintained)

[phi-gamma]

Describe the bug

The mongodb crate depends on derivative which has been flagged
unmaintained; the rustsec advisory is out since 2024-11-10:
https://rustsec.org/advisories/RUSTSEC-2024-0388
This makes cargo deny check advisories fail:

error[unmaintained]: `derivative` is unmaintained; consider using an alternative
   ┌─ /home/phg/src/rust/mongo-rust-driver/Cargo.lock:39:1
   │
39 │ derivative 2.2.0 registry+https://github.com/rust-lang/crates.io-index
   │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unmaintained advisory detected
   │
   ├ ID: RUSTSEC-2024-0388
   ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0388
   ├ The [`derivative`](https://crates.io/crates/derivative) crate is no longer maintained.
     Consider using any alternative, for instance:
     - [derive_more](https://crates.io/crates/derive_more)
     - [derive-where](https://crates.io/crates/derive-where)
     - [educe](https://crates.io/crates/educe)
   ├ Announcement: https://github.com/mcarton/rust-derivative/issues/117
   ├ Solution: No safe upgrade is available!
   ├ derivative v2.2.0
     └── mongodb v3.1.0

advisories FAILED, bans ok, licenses ok, sources ok

Versions/Environment

1. What version of Rust are you using?: rustc 1.78.0 (9b00956e5 2024-04-29)
2. What operating system are you using?: Arch on WSL.
3. What versions of the driver and its dependencies are you using? (Run
   cargo pkgid mongodb & cargo pkgid bson)
   • mongodb: 3.0.0 and 3.1.0.
   • bson: 2.13.0.
4. What version of MongoDB are you using? (Check with the MongoDB shell using db.version()): some Docker image
5. What is your MongoDB topology (standalone, replica set, sharded cluster, serverless)?: there's replicas, yup.

BE SPECIFIC:

• What is the expected behavior and what is actually happening?
  cargo deny check advisories should pass.

• Do you have any particular output that demonstrates this problem?
  -- see above.

• Do you have any ideas on why this may be happening that could give us a
  clue in the right direction?
  -- See the advisory.

• Did this issue arise out of nowhere, or after an update (of the driver,
  server, and/or Rust)?
  -- Since this PR was merged: Assigned RUSTSEC-2024-0388 to derivative rustsec/advisory-db#2119

• Are there multiple ways of triggering this bug (perhaps more than one
  function produce a crash)?
  -- Idk.

To Reproduce

Check out repo and then run cargo deny check.

(OT: This bug report template says in a comment: "Make sure you have
read CONTRIBUTING.md completely before you file a new issue!" -- but
there is no such file in the tree.)

[abr-egn]

Thanks for the report! We're tracking this in https://jira.mongodb.org/browse/RUST-2097 - you can follow that ticket for further updates.