[PR #467] [MERGED] Update reqwest requirement from 0.11.4 to 0.12.1 #476

New issue

Closed

opened 2026-02-27 20:24:52 +03:00 by kerem · 0 comments

kerem commented 2026-02-27 20:24:52 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/ramsayleung/rspotify/pull/467
Author: @dependabot[bot]
Created: 3/22/2024
Status: ✅ Merged
Merged: 3/24/2024
Merged by: @ramsayleung

Base: master ← Head: dependabot/cargo/reqwest-0.12.1

---

📝 Commits (1)

• 45f8d98 Update reqwest requirement from 0.11.4 to 0.12.1

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 rspotify-http/Cargo.toml (+1 -1)

📄 Description

Updates the requirements on reqwest to permit the latest version.

Release notes

Sourced from reqwest's releases.

v0.12.1

What's Changed

• Fix ClientBuilder::interface() when no TLS is enabled.
• Fix TlsInfo::peer_certificate() being truncated with rustls.
• Fix panic if http2 feature disabled but TLS negotiated h2 in ALPN.
• Fix Display for Error to not include its source error.

New Contributors

• @​atouchet made their first contribution in seanmonstar/reqwest#2193
• @​mbme made their first contribution in seanmonstar/reqwest#2195

Full Changelog: https://github.com/seanmonstar/reqwest/compare/v0.12.0...v0.12.1

Changelog

Sourced from reqwest's changelog.

v0.12.1

• Fix ClientBuilder::interface() when no TLS is enabled.
• Fix TlsInfo::peer_certificate() being truncated with rustls.
• Fix panic if http2 feature disabled but TLS negotiated h2 in ALPN.
• Fix Display for Error to not include its source error.

v0.12.0

• Upgrade to hyper, http, and http-body v1.
• Add better support for converting to and from http::Request and http::Response.
• Add http2 optional cargo feature, default on.
• Add charset optional cargo feature, default on.
• Add macos-system-configuration cargo feature, default on.
• Change all optional dependencies to no longer be exposed as implicit features.
• Add ClientBuilder::interface(str) to specify the local interface to bind to.
• Experimental: disables the http3 feature temporarily.

v0.11.27

• Add hickory-dns feature, deprecating trust-dns.
• (wasm) Fix Form::text() to not set octet-stream for plain text fields.

v0.11.26

• Revert system-configuration upgrade, which broke MSRV on macOS.

v0.11.25

• Fix Certificate::from_pem_bundle() parsing.
• Fix Apple linker errors from detecting system proxies.

v0.11.24

• Add Certificate::from_pem_bundle() to add a bundle.
• Add http3_prior_knowledge() to blocking client builder.
• Remove Sync bounds requirement for Body::wrap_stream().
• Fix HTTP/2 to retry REFUSED_STREAM requests.
• Fix instances of converting Url to Uri that could panic.

v0.11.23

• Add Proxy::custom_http_auth(val) for setting the raw Proxy-Authorization header when connecting to proxies.
• Fix redirect to reject locations that are not http:// or https://.
• Fix setting nodelay when TLS is enabled but URL is HTTP.
• (wasm) Add ClientBuilder::user_agent(val).
• (wasm) add multipart::Form::headers(headers).

v0.11.22

... (truncated)

Commits

• e0ea15b v0.12.1
• 3d78fcb fix: Display for Error shouldn't include source (#2199)
• c535724 Fix binding interface when no TLS is used (#2200)
• d5adcba fix: rustls extraction of TlsInfo::peer_certificate() being truncated (#2195)
• 7a5df21 fix: could panic if http2 disabled but TLS negotiated h2 (#2194)
• d5051f9 Update version number in Readme
• 92aa28c v0.12.0
• 6c6170b feat: Make encoding_rs an optional dependency called charset
• d1022b3 Support conversion to http::Response
• a29c7f9 Add macos-system-configuration feature flag
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/ramsayleung/rspotify/pull/467 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 3/22/2024 **Status:** ✅ Merged **Merged:** 3/24/2024 **Merged by:** [@ramsayleung](https://github.com/ramsayleung) **Base:** `master` ← **Head:** `dependabot/cargo/reqwest-0.12.1` --- ### 📝 Commits (1) - [`45f8d98`](https://github.com/ramsayleung/rspotify/commit/45f8d98bbc250d89c7794ce46e23ac48e5a67430) Update reqwest requirement from 0.11.4 to 0.12.1 ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `rspotify-http/Cargo.toml` (+1 -1) </details> ### 📄 Description Updates the requirements on [reqwest](https://github.com/seanmonstar/reqwest) to permit the latest version. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/seanmonstar/reqwest/releases">reqwest's releases</a>.</em></p> <blockquote> <h2>v0.12.1</h2> <h2>What's Changed</h2> <ul> <li>Fix <code>ClientBuilder::interface()</code> when no TLS is enabled.</li> <li>Fix <code>TlsInfo::peer_certificate()</code> being truncated with rustls.</li> <li>Fix panic if <code>http2</code> feature disabled but TLS negotiated h2 in ALPN.</li> <li>Fix <code>Display</code> for <code>Error</code> to not include its source error.</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/atouchet"><code>@​atouchet</code></a> made their first contribution in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2193">seanmonstar/reqwest#2193</a></li> <li><a href="https://github.com/mbme"><code>@​mbme</code></a> made their first contribution in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2195">seanmonstar/reqwest#2195</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/seanmonstar/reqwest/compare/v0.12.0...v0.12.1">https://github.com/seanmonstar/reqwest/compare/v0.12.0...v0.12.1</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md">reqwest's changelog</a>.</em></p> <blockquote> <h2>v0.12.1</h2> <ul> <li>Fix <code>ClientBuilder::interface()</code> when no TLS is enabled.</li> <li>Fix <code>TlsInfo::peer_certificate()</code> being truncated with rustls.</li> <li>Fix panic if <code>http2</code> feature disabled but TLS negotiated h2 in ALPN.</li> <li>Fix <code>Display</code> for <code>Error</code> to not include its source error.</li> </ul> <h1>v0.12.0</h1> <ul> <li>Upgrade to <code>hyper</code>, <code>http</code>, and <code>http-body</code> v1.</li> <li>Add better support for converting to and from <code>http::Request</code> and <code>http::Response</code>.</li> <li>Add <code>http2</code> optional cargo feature, default on.</li> <li>Add <code>charset</code> optional cargo feature, default on.</li> <li>Add <code>macos-system-configuration</code> cargo feature, default on.</li> <li>Change all optional dependencies to no longer be exposed as implicit features.</li> <li>Add <code>ClientBuilder::interface(str)</code> to specify the local interface to bind to.</li> <li>Experimental: disables the <code>http3</code> feature temporarily.</li> </ul> <h2>v0.11.27</h2> <ul> <li>Add <code>hickory-dns</code> feature, deprecating <code>trust-dns</code>.</li> <li>(wasm) Fix <code>Form::text()</code> to not set octet-stream for plain text fields.</li> </ul> <h2>v0.11.26</h2> <ul> <li>Revert <code>system-configuration</code> upgrade, which broke MSRV on macOS.</li> </ul> <h2>v0.11.25</h2> <ul> <li>Fix <code>Certificate::from_pem_bundle()</code> parsing.</li> <li>Fix Apple linker errors from detecting system proxies.</li> </ul> <h2>v0.11.24</h2> <ul> <li>Add <code>Certificate::from_pem_bundle()</code> to add a bundle.</li> <li>Add <code>http3_prior_knowledge()</code> to blocking client builder.</li> <li>Remove <code>Sync</code> bounds requirement for <code>Body::wrap_stream()</code>.</li> <li>Fix HTTP/2 to retry <code>REFUSED_STREAM</code> requests.</li> <li>Fix instances of converting <code>Url</code> to <code>Uri</code> that could panic.</li> </ul> <h2>v0.11.23</h2> <ul> <li>Add <code>Proxy::custom_http_auth(val)</code> for setting the raw <code>Proxy-Authorization</code> header when connecting to proxies.</li> <li>Fix redirect to reject locations that are not <code>http://</code> or <code>https://</code>.</li> <li>Fix setting <code>nodelay</code> when TLS is enabled but URL is HTTP.</li> <li>(wasm) Add <code>ClientBuilder::user_agent(val)</code>.</li> <li>(wasm) add <code>multipart::Form::headers(headers)</code>.</li> </ul> <h2>v0.11.22</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/seanmonstar/reqwest/commit/e0ea15bd659561b236e8e507a0f704dca7091e1f"><code>e0ea15b</code></a> v0.12.1</li> <li><a href="https://github.com/seanmonstar/reqwest/commit/3d78fcbbb5af7eaf0aeef9b9c30a508ce44b4b08"><code>3d78fcb</code></a> fix: Display for Error shouldn't include source (<a href="https://redirect.github.com/seanmonstar/reqwest/issues/2199">#2199</a>)</li> <li><a href="https://github.com/seanmonstar/reqwest/commit/c53572410dcc6bc6a0b4c15b3ddf09450da0358b"><code>c535724</code></a> Fix binding interface when no TLS is used (<a href="https://redirect.github.com/seanmonstar/reqwest/issues/2200">#2200</a>)</li> <li><a href="https://github.com/seanmonstar/reqwest/commit/d5adcba6a2d7a6431d8cb1a193c8a6710fe40741"><code>d5adcba</code></a> fix: rustls extraction of <code>TlsInfo::peer_certificate()</code> being truncated (<a href="https://redirect.github.com/seanmonstar/reqwest/issues/2195">#2195</a>)</li> <li><a href="https://github.com/seanmonstar/reqwest/commit/7a5df2126081b83d29758ef31f9f38369ac85ae4"><code>7a5df21</code></a> fix: could panic if http2 disabled but TLS negotiated h2 (<a href="https://redirect.github.com/seanmonstar/reqwest/issues/2194">#2194</a>)</li> <li><a href="https://github.com/seanmonstar/reqwest/commit/d5051f9bee34378e86faba0a9c8399e6e27e79fd"><code>d5051f9</code></a> Update version number in Readme</li> <li><a href="https://github.com/seanmonstar/reqwest/commit/92aa28caab7ed60e79544e917b8369acd6693863"><code>92aa28c</code></a> v0.12.0</li> <li><a href="https://github.com/seanmonstar/reqwest/commit/6c6170b1a7d4453ad88216a2b19a36ecf1bc4dae"><code>6c6170b</code></a> feat: Make encoding_rs an optional dependency called <code>charset</code></li> <li><a href="https://github.com/seanmonstar/reqwest/commit/d1022b3b9fe7054fce249f644f934cc1c1816236"><code>d1022b3</code></a> Support conversion to http::Response</li> <li><a href="https://github.com/seanmonstar/reqwest/commit/a29c7f901109beed0da2a69cc5bcc87c05425a86"><code>a29c7f9</code></a> Add macos-system-configuration feature flag</li> <li>Additional commits viewable in <a href="https://github.com/seanmonstar/reqwest/compare/v0.11.4...v0.12.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-02-27 20:24:52 +03:00

• closed this issue
• added the
  pull-request
  label

kerem referenced this issue 2026-02-27 20:24:53 +03:00

[PR #476] [MERGED] security: Disable TLS1.0/1.1 for ureq-native-tls #482

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

ramsay/upgrade-0.16.1

dependabot/cargo/sha2-0.11.0

ramsay/upgrade-to-v0.16

ramsay/deprecate-removed-renamed-field

ramsay/migrate-to-new-endpoint

ramsay/deprecate-removed-endpoints

dependabot/cargo/strum-0.28.0

dependabot/cargo/reqwest-middleware-0.5.1

dependabot/cargo/reqwest-0.13.1

ramsay/upgrade-to-0.15.3

ramsay/upgrade-to-0.15.2

dependabot/cargo/ureq-3.1.2

ramsay/upgrade-dependencies

ramsay/upgrade-to-0.15.1

ramsay/fix-malformed-json

ramsay/upgrade-to-v0.15.0

ramsay/allow-enum-unknown-variant

ramsay/upgrade-to-0.14

ramsay/add_tcplistern_for_callback

ramsay/fix-clippy-error

ramsay/update-doc

ramsay/fix-endless-sequence

ramsay/publish-crate-workflow-test

ramsay/fix-pkce-refresh-token

ramsay/pkce_auth_refresh_token

ramsay_add_test_for_collectionyourepisodes

better-webapp

ramsay_fix_token_expired

percent-search

refresh_token_rwlock

ramsay_convert_result_inside_endpoint

streaming

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.0

v0.13.3

v0.13.2

v0.13.1

v0.13.0

v0.12.0

v0.11.7

v0.11.6

v0.10.0

v0.11.5

v0.11.5.0

v0.11.4

v0.11.3

v0.11.2

v0.11.1

v0.11.0

v0.11.5.1

v0.9

v0.9-alpha

Labels

Clear labels   

Stale

  

bug

  

discussion

  

enhancement

  

good first issue

  

good first issue

  

help wanted

  

pull-request

Mirrored from GitHub Pull Request

  

question

No labels

Stale

bug

discussion

enhancement

good first issue

good first issue

help wanted

pull-request

question

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/rspotify#476

No description provided.