Skip to content

chore(deps): resolve RUSTSEC-2025-0134 — rustls-pemfile is unmaintained #1950

New issue
New issue
Open
Open
chore(deps): resolve RUSTSEC-2025-0134 — rustls-pemfile is unmaintained#1950
Labels
P0Blocking — security advisory or compile errorchoreMaintenance tasksdependenciesDependency updates
@bug-ops

Description

@bug-ops
bug-ops
opened on Mar 17, 2026

Summary

Security advisory RUSTSEC-2025-0134 detected:

  • Crate: rustls-pemfile v2.2.0 is unmaintained (archived Aug 2025)
  • Current dependency chain: zeph → zeph-mcp → qdrant-client v1.17.0 → tonic v0.12.3 → rustls-pemfile
  • Recommendation: Migrate to rustls-pki-types (1.9.0+) using PemObject trait

Impact

  • Qdrant integration (memory backend) affected transitively
  • No immediate security vulnerability, but unmaintained status means no future patches

Action Items

  • Check if qdrant-client has a newer version with updated rustls dependencies
  • If not available, file issue with qdrant-client or migrate to alternative Qdrant client
  • Update dependency when available
  • Re-run cargo deny check advisories to verify resolution

References

Metadata

Metadata

Assignees

No one assigned

    Labels

    P0Blocking — security advisory or compile errorchoreMaintenance tasksdependenciesDependency updates

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions