Skip to content

chore(deps): resolve RUSTSEC-2025-0134 — rustls-pemfile is unmaintained #1950

New issue
New issue
Open
Open
chore(deps): resolve RUSTSEC-2025-0134 — rustls-pemfile is unmaintained#1950
Labels
choreMaintenance tasksdependenciesDependency updates
@bug-ops

Description

@bug-ops
bug-ops
opened on Mar 17, 2026

Summary

Security advisory RUSTSEC-2025-0134 detected:

  • Crate: rustls-pemfile v2.2.0 is unmaintained (archived Aug 2025)
  • Current dependency chain: zeph → zeph-mcp → qdrant-client v1.17.0 → tonic v0.12.3 → rustls-pemfile
  • Recommendation: Migrate to rustls-pki-types (1.9.0+) using PemObject trait

Impact

  • Qdrant integration (memory backend) affected transitively
  • No immediate security vulnerability, but unmaintained status means no future patches

Action Items

  • Check if qdrant-client has a newer version with updated rustls dependencies
  • If not available, file issue with qdrant-client or migrate to alternative Qdrant client
  • Update dependency when available
  • Re-run cargo deny check advisories to verify resolution

References

Metadata

Metadata

Assignees

No one assigned

    Labels

    choreMaintenance tasksdependenciesDependency updates

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions