Skip to content

fix: cargo audit warning for rustls-pemfile #565

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
alamb merged 2 commits into from
Dec 8, 2025
Merged

fix: cargo audit warning for rustls-pemfile #565

alamb merged 2 commits into from
Dec 8, 2025

Conversation

@mgattozzi
Copy link
Contributor

@mgattozzi mgattozzi commented Dec 5, 2025

Which issue does this PR close?

Closes #564

Rationale for this change

rustls-pemfile is now unamintained: https://rustsec.org/advisories/RUSTSEC-2025-0134.html

While cargo-audit is setup in this repo to allow the warning, we deny on our CI and would like to update the dep for a point release sometime in the future.

What changes are included in this PR?

This commit updates the deps according to the advisory to use rustls-pki-types directly rather than rustls-pemfile.

Are there any user-facing changes?

There should be no user facing changes.

@mgattozzi
fix: cargo audit warning for rustls-pemfile
bf6f77f 
rustls-pemfile is now unamintained:

https://rustsec.org/advisories/RUSTSEC-2025-0134.html

This commit updates the deps according to the advisory to use
rustls-pki-types directly rather than rustls-pemfile.

Closes apache#564
@mgattozzi
fix: CI failures
32fc08a
crepererum
crepererum approved these changes Dec 8, 2025
View reviewed changes
Copy link
Contributor

@crepererum crepererum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

😍

@alamb alamb merged commit 0083f41 into apache:main Dec 8, 2025
9 checks passed
@alamb
Copy link
Contributor

alamb commented Dec 8, 2025

Thanks @crepererum and @mgattozzi

@mgattozzi mgattozzi deleted the mgattozzi/audit branch December 10, 2025 01:29
@thibault-martinez thibault-martinez mentioned this pull request Dec 15, 2025
Merged
@philjb philjb mentioned this pull request Dec 19, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@crepererum crepererum crepererum approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Cargo Audit Produces a Warning for rustls-pemfile being unmaintained

3 participants

@mgattozzi @alamb @crepererum