Skip to content

Bump reqwest from 0.12.28 to 0.13.3#1845

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/reqwest-0.13.2
Open

Bump reqwest from 0.12.28 to 0.13.3#1845
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/reqwest-0.13.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 31, 2026
edited
Loading

Bumps reqwest from 0.12.28 to 0.13.3.

Release notes

Sourced from reqwest's releases.

v0.13.3

tl;dr

  • Fix CertificateRevocationList parsing of PEM values.
  • Fix logging in resolver to only show host, not full URL.
  • Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
  • Fix HTTP/3 to handle STOP_SENDING as not an error.
  • Fix HTTP/3 pool to remove timed out QUIC connections.
  • Fix HTTP/3 connection establishment picking IPv4 and IPv6.
  • Upgrade rustls-platform-verifier.
  • (wasm) Only use wasm-bindgen on unknown-* targets.

What's Changed

New Contributors

Full Changelog: seanmonstar/reqwest@v0.13.2...v0.13.3

v0.13.2

tl;dr

  • Fix HTTP/2 and native-tls ALPN feature combinations.
  • Fix HTTP/3 to send h3 ALPN.
  • (wasm) fix RequestBuilder::json() from override previously set content-type.

What's Changed

... (truncated)

Changelog

Sourced from reqwest's changelog.

v0.13.3

  • Fix CertificateRevocationList parsing of PEM values.
  • Fix logging in resolver to only show host, not full URL.
  • Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
  • Fix HTTP/3 to handle STOP_SENDING as not an error.
  • Fix HTTP/3 pool to remove timed out QUIC connections.
  • Fix HTTP/3 connection establishment picking IPv4 and IPv6.
  • Upgrade rustls-platform-verifier.
  • (wasm) Only use wasm-bindgen on unknown-* targets.

v0.13.2

  • Fix HTTP/2 and native-tls ALPN feature combinations.
  • Fix HTTP/3 to send h3 ALPN.
  • (wasm) fix RequestBuilder::json() from override previously set content-type.

v0.13.1

  • Fixes compiling with rustls on Android targets.

v0.13.0

  • Breaking changes:
    • rustls is now the default TLS backend, instead of native-tls.
    • rustls crypto provider defaults to aws-lc instead of ring. (rustls-no-provider exists if you want a different crypto provider)
    • rustls-tls has been renamed to rustls.
    • rustls roots features removed, rustls-platform-verifier is used by default.
      • To use different roots, call tls_certs_only(your_roots).
    • native-tls now includes ALPN. To disable, use native-tls-no-alpn.
    • query and form are now crate features, disabled by default.
    • Long-deprecated methods and crate features have been removed (such as trust-dns, which was renamed hickory-dns a while ago).
  • Many TLS-related methods renamed to improve autocompletion and discovery, but previous name left in place with a "soft" deprecation. (just documented, no warnings)
    • For example, prefer tls_backend_rustls() over use_rustls_tls().
Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code no-changelog labels Mar 31, 2026
@dependabot dependabot Bot requested a review from a team as a code owner March 31, 2026 14:43
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file no-changelog github_actions Pull requests that update GitHub Actions code labels Mar 31, 2026
@dependabot dependabot Bot mentioned this pull request Mar 31, 2026
Closed
@dependabot dependabot Bot force-pushed the dependabot/cargo/reqwest-0.13.2 branch from 82f8766 to 310ddd2 Compare April 10, 2026 00:56
@dependabot
Bump reqwest from 0.12.28 to 0.13.3
19b0eef 
Bumps [reqwest](https://github.com/seanmonstar/reqwest) from 0.12.28 to 0.13.3.
- [Release notes](https://github.com/seanmonstar/reqwest/releases)
- [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md)
- [Commits](seanmonstar/reqwest@v0.12.28...v0.13.3)

---
updated-dependencies:
- dependency-name: reqwest
  dependency-version: 0.13.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump reqwest from 0.12.28 to 0.13.2 Bump reqwest from 0.12.28 to 0.13.3 Apr 30, 2026
@dependabot dependabot Bot force-pushed the dependabot/cargo/reqwest-0.13.2 branch from 310ddd2 to 19b0eef Compare April 30, 2026 03:48
chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed Apr 30, 2026
View reviewed changes
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 19b0eefdca

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread lading/Cargo.toml
regex = { version = "1.12" }
reqwest = { version = "0.12", default-features = false, features = [
reqwest = { version = "0.13", default-features = false, features = [
"default-tls",
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot Apr 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Preserve previous TLS backend when bumping reqwest

reqwest 0.13 changed default-tls to rustls, so this dependency line now pulls in the aws-lc toolchain (aws-lc-sys/cmake) instead of the prior native-tls path. That introduces a build-time requirement on CMake/native crypto tooling and can fail source builds in common minimal CI/dev environments that previously compiled this project successfully. If the intent was only a version bump, this is a behavioral/build regression and the TLS feature should be set explicitly to preserve the old backend or avoid the new toolchain requirement.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code no-changelog

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants