Hello,
Our container vulnerability scan is reporting GHSA-82j2-j2ch-gfr8 / RUSTSEC-2026-0104 from the Rust dependency rustls-webpki bundled inside the temporalio Python wheel.
RUSTSEC-2026-0104 / GHSA-82j2-j2ch-gfr8 affects rustls-webpki and is patched in 0.103.13.
Could the SDK's Rust bridge dependencies be updated so the published Python wheels include rustls-webpki >=0.103.13, and could a new temporalio release be published with that fix?
Thanks.
Hello,
Our container vulnerability scan is reporting
GHSA-82j2-j2ch-gfr8/RUSTSEC-2026-0104from the Rust dependencyrustls-webpkibundled inside thetemporalioPython wheel.RUSTSEC-2026-0104 / GHSA-82j2-j2ch-gfr8 affects rustls-webpki and is patched in 0.103.13.
Could the SDK's Rust bridge dependencies be updated so the published Python wheels include rustls-webpki >=0.103.13, and could a new temporalio release be published with that fix?
Thanks.