mgattozzi opened a new issue, #564: URL: https://github.com/apache/arrow-rs-object-store/issues/564
**Describe the bug** <!-- A clear and concise description of what the bug is. --> Cargo audit produces a warning for a dep. This has caused some CI problems for us over at https://github.com/influxdata/influxdb/pull/27009 where we would deny deps. **To Reproduce** <!-- Steps to reproduce the behavior: --> Running cargo audit produces this warning: ``` arrow-rs-object-store on HEAD (1a9758b) is 📦 v0.12.4 via 🦀 v1.91.1 ✦ ❯ cargo audit Updating crates.io index Locking 239 packages to latest Rust 1.85 compatible versions Adding generic-array v0.14.7 (available: v0.14.9) Adding getrandom v0.2.16 (available: v0.3.4) Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 883 security advisories (from /home/michael/.cargo/advisory-db) Updating crates.io index Scanning Cargo.lock for vulnerabilities (240 crate dependencies) Crate: rustls-pemfile Version: 2.2.0 Warning: unmaintained Title: rustls-pemfile is unmaintained Date: 2025-11-28 ID: RUSTSEC-2025-0134 URL: https://rustsec.org/advisories/RUSTSEC-2025-0134 Dependency tree: rustls-pemfile 2.2.0 └── object_store 0.12.4 warning: 1 allowed warning found ``` **Expected behavior** <!-- A clear and concise description of what you expected to happen. --> cargo audit would not produce this warning **Additional context** <!-- Add any other context about the problem here. --> I'm working on a PR to update this dep. We can ignore it for now in our CI, but it would be nice in a point release or a future one to have this since the dep is unmaintained. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
