Skip to content

Bump reqwest from 0.12.28 to 0.13.3 in /sidecar#5

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/sidecar/reqwest-0.13.3
Closed

Bump reqwest from 0.12.28 to 0.13.3 in /sidecar#5
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/sidecar/reqwest-0.13.3

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 15, 2026
edited
Loading

Bumps reqwest from 0.12.28 to 0.13.3.

Release notes

Sourced from reqwest's releases.

v0.13.3

tl;dr

  • Fix CertificateRevocationList parsing of PEM values.
  • Fix logging in resolver to only show host, not full URL.
  • Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
  • Fix HTTP/3 to handle STOP_SENDING as not an error.
  • Fix HTTP/3 pool to remove timed out QUIC connections.
  • Fix HTTP/3 connection establishment picking IPv4 and IPv6.
  • Upgrade rustls-platform-verifier.
  • (wasm) Only use wasm-bindgen on unknown-* targets.

What's Changed

New Contributors

Full Changelog: seanmonstar/reqwest@v0.13.2...v0.13.3

v0.13.2

tl;dr

  • Fix HTTP/2 and native-tls ALPN feature combinations.
  • Fix HTTP/3 to send h3 ALPN.
  • (wasm) fix RequestBuilder::json() from override previously set content-type.

What's Changed

... (truncated)

Changelog

Sourced from reqwest's changelog.

v0.13.3

  • Fix CertificateRevocationList parsing of PEM values.
  • Fix logging in resolver to only show host, not full URL.
  • Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
  • Fix HTTP/3 to handle STOP_SENDING as not an error.
  • Fix HTTP/3 pool to remove timed out QUIC connections.
  • Fix HTTP/3 connection establishment picking IPv4 and IPv6.
  • Upgrade rustls-platform-verifier.
  • (wasm) Only use wasm-bindgen on unknown-* targets.

v0.13.2

  • Fix HTTP/2 and native-tls ALPN feature combinations.
  • Fix HTTP/3 to send h3 ALPN.
  • (wasm) fix RequestBuilder::json() from override previously set content-type.

v0.13.1

  • Fixes compiling with rustls on Android targets.

v0.13.0

  • Breaking changes:
    • rustls is now the default TLS backend, instead of native-tls.
    • rustls crypto provider defaults to aws-lc instead of ring. (rustls-no-provider exists if you want a different crypto provider)
    • rustls-tls has been renamed to rustls.
    • rustls roots features removed, rustls-platform-verifier is used by default.
      • To use different roots, call tls_certs_only(your_roots).
    • native-tls now includes ALPN. To disable, use native-tls-no-alpn.
    • query and form are now crate features, disabled by default.
    • Long-deprecated methods and crate features have been removed (such as trust-dns, which was renamed hickory-dns a while ago).
  • Many TLS-related methods renamed to improve autocompletion and discovery, but previous name left in place with a "soft" deprecation. (just documented, no warnings)
    • For example, prefer tls_backend_rustls() over use_rustls_tls().
Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels May 15, 2026
@dependabot dependabot Bot changed the base branch from master to main May 16, 2026 02:26
@dependabot
Bump reqwest from 0.12.28 to 0.13.3 in /sidecar
34a1f56 
Bumps [reqwest](https://github.com/seanmonstar/reqwest) from 0.12.28 to 0.13.3.
- [Release notes](https://github.com/seanmonstar/reqwest/releases)
- [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md)
- [Commits](seanmonstar/reqwest@v0.12.28...v0.13.3)

---
updated-dependencies:
- dependency-name: reqwest
  dependency-version: 0.13.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/cargo/sidecar/reqwest-0.13.3 branch from 1c6db6c to 34a1f56 Compare May 16, 2026 16:48
@snapetech
Copy link
Copy Markdown
Owner

snapetech commented May 16, 2026

Superseded by #21, which consolidated this dependency update with the related peer/lockfile updates and was merged after local verification.

@snapetech snapetech closed this May 16, 2026
@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github May 16, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@snapetech snapetech deleted the dependabot/cargo/sidecar/reqwest-0.13.3 branch May 16, 2026 16:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@snapetech