tauri-apps
RUSTSEC-2025-0134: rustls-pemfile is unmaintained
rustls-pemfile is unmaintained
| Details | |
|---|---|
| Status | unmaintained |
| Package | rustls-pemfile |
| Version | 2.2.0 |
| URL | https://github.com/rustls/pemfile/issues/61 |
| Date | 2025-11-28 |
The rustls-pemfile crate is no longer maintained. The repository has been archived since August 2025, and users are encouraged to depend directly on the underlying PEM parsing code included in rustls-pki-types since 1.9.0. The latest version of rustls-pemfile is in fact a thin wrapper around the same code used in rustls-pki-types, so migrating should be straightforward.
The new API is represented by the PemObject trait, which provides methods for
reading a single or multiple PEM objects from a file or byte slice.
See advisory page for additional details.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
hmm that's fun, reqwest and rustls-native-certs use this, the latter is used by reqwest and tungstenite and rustls-platform-verifier, so it'll probably be a while :)
oh and ureq which i didn't include above because newer versions don't use it anymore but i didn't see that we're stuck because of MSRV so unless we increase the msrv for the bundler we're stuck with this rustsec adv for v2. I don't see this as high priority anyway, nothing's wrong with the code and as the adv says it even uses the recommended code/crate under the hood 🤷