chore(deps): rustls-pemfile RUSTSEC-2025-0134 unmaintained — track qdrant-client update

[bug-ops]

Advisory

RUSTSEC-2025-0134: rustls-pemfile is unmaintained.

Dependency Chain

qdrant-client 1.17.0 → tonic 0.12.3 → rustls-pemfile 2.2.0

This is a transitive dependency — Zeph does not depend on rustls-pemfile directly.

Impact

Severity: Low (unmaintained, not vulnerable). cargo deny check advisories fails with this warning.

Action

Monitor qdrant-client for updates that pull in a maintained alternative. No direct code change needed in Zeph.

When qdrant-client releases a version that eliminates this dependency, upgrade and verify.

[bug-ops]

CI-504 check (2026-04-06): qdrant-client is at 1.17.0 (latest). Still pulls in rustls-pemfile 2.2.0. Advisory RUSTSEC-2025-0134 still active. Blocked on upstream qdrant-client migration to rustls-pki-types. No action needed on Zeph side until qdrant-client releases a version that removes the dependency.