security: update rmcp to fix quinn-udp DoS vulnerability

Related to #391

## Summary
RUSTSEC-2025-0005: `quinn-udp` versions before 0.5.9 have a potential denial-of-service vulnerability. Our dependency via `rmcp` → `quinn` → `quinn-udp 0.5.8` affects MCP HTTP transport.

## Severity
Medium — DoS vector exists in MCP client (admin-controlled servers limit risk).

## Location
Transitive: `zeph → rmcp 0.14.2 → quinn 0.11.7 → quinn-udp 0.5.8`

## Recommendation
Update `rmcp` to a version that depends on `quinn-udp >= 0.5.9`.

If unavailable, add temporary ignore:
```toml
[[advisories.ignore]]
id = "RUSTSEC-2025-0005"
reason = "waiting for rmcp upgrade, MCP servers admin-controlled"
```

## References
- Advisory: https://rustsec.org/advisories/RUSTSEC-2025-0005
- Security audit: `.local/audit/security-audit.md` (SEC-2)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

security: update rmcp to fix quinn-udp DoS vulnerability #411

Summary

Severity

Location

Recommendation

References

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

security: update rmcp to fix quinn-udp DoS vulnerability #411

Description

Summary

Severity

Location

Recommendation

References

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions