Skip to content

chore(ci): Ignore RUSTSEC-2025-0134 for rustls-pemfile #24352

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
thomasqueirozb merged 1 commit into from
Dec 8, 2025
Merged

chore(ci): Ignore RUSTSEC-2025-0134 for rustls-pemfile #24352

thomasqueirozb merged 1 commit into from
Dec 8, 2025

Conversation

@thomasqueirozb
Copy link
Contributor

@thomasqueirozb thomasqueirozb commented Dec 8, 2025
edited
Loading

Summary

Ignores RUSTSEC-2025-0134 advisory in deny.toml for the rustls-pemfile crate.

The advisory indicates that rustls-pemfile is unmaintained. The repository has been archived since August 2025, and users are encouraged to depend directly on the underlying PEM parsing code included in rustls-pki-types since 1.9.0.

This migration is currently blocked by:

  • async-nats dependency
  • http 1.0.0 upgrade

Vector configuration

N/A

How did you test this PR?

Ran cargo deny check advisories to verify the advisory is properly ignored and CI passes.

Change Type

  • Bug fix
  • New feature
  • Non-functional (chore, refactoring, docs)
  • Performance

Is this a breaking change?

  • Yes
  • No

Does this PR include user facing changes?

  • Yes. Please add a changelog fragment based on our guidelines.
  • No. A maintainer will apply the no-changelog label to this PR.

References

@github-actions github-actions bot added domain: sources Anything related to the Vector's sources domain: transforms Anything related to Vector's transform components domain: sinks Anything related to the Vector's sinks labels Dec 8, 2025
@thomasqueirozb thomasqueirozb added the no-changelog Changes in this PR do not need user-facing explanations in the release changelog label Dec 8, 2025
@thomasqueirozb thomasqueirozb marked this pull request as ready for review December 8, 2025 20:52
@thomasqueirozb thomasqueirozb requested a review from a team as a code owner December 8, 2025 20:52
@github-actions github-actions bot removed domain: sources Anything related to the Vector's sources domain: transforms Anything related to Vector's transform components domain: sinks Anything related to the Vector's sinks labels Dec 8, 2025
bfung
bfung approved these changes Dec 8, 2025
View reviewed changes
Copy link
Contributor

@bfung bfung left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

async-nats project needs to migrate away from rustls-pemfile to resolve this deny exception.

@thomasqueirozb thomasqueirozb added this pull request to the merge queue Dec 8, 2025
Merged via the queue into master with commit 922d970 Dec 8, 2025
66 checks passed
@thomasqueirozb thomasqueirozb deleted the deny-rustls-pemfile branch December 8, 2025 22:15
@github-actions github-actions bot locked and limited conversation to collaborators Dec 8, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@bfung bfung bfung approved these changes

Assignees

No one assigned

Labels

no-changelog Changes in this PR do not need user-facing explanations in the release changelog

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@thomasqueirozb @bfung