Summary
cargo deny check advisories reports RUSTSEC-2025-0134: rustls-pemfile v2.2.0 is unmaintained.
Dependency chain
qdrant-client v1.17.0 → tonic v0.12.3 → rustls-pemfile v2.2.0
Status
- Not a vulnerability — unmaintained crate advisory only
- No safe upgrade available (transitive dep)
- Resolution requires either: qdrant-client updating tonic, or tonic 0.13+ adoption
rustls-pki-types >= 1.9.0 includes the PEM parsing code directly (no rustls-pemfile needed)
Action required
Monitor qdrant-client releases; upgrade when a version with tonic ≥ 0.13 is available (uses rustls-pki-types directly).
Priority
Low — cosmetic advisory, no active vulnerability.
Summary
cargo deny check advisoriesreports RUSTSEC-2025-0134:rustls-pemfile v2.2.0is unmaintained.Dependency chain
qdrant-client v1.17.0 → tonic v0.12.3 → rustls-pemfile v2.2.0Status
rustls-pki-types >= 1.9.0includes the PEM parsing code directly (no rustls-pemfile needed)Action required
Monitor qdrant-client releases; upgrade when a version with tonic ≥ 0.13 is available (uses rustls-pki-types directly).
Priority
Low — cosmetic advisory, no active vulnerability.