Skip to content

chore(deps): update reqwest requirement from 0.11 to 0.13 in /tools/cli-wallet#18

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/tools/cli-wallet/reqwest-0.13
Open

chore(deps): update reqwest requirement from 0.11 to 0.13 in /tools/cli-wallet#18
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/tools/cli-wallet/reqwest-0.13

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Updates the requirements on reqwest to permit the latest version.

Release notes

Sourced from reqwest's releases.

v0.13.4

tl;dr

  • Add ClientBuilder::tls_sslkeylogfile(bool) option to allow using the related environment variable.
  • Add ClientBuilder::http2_keep_alive_* options for the blocking client.
  • Add TLS 1.3 support when using native-tls backend.
  • Fix redirect handling to strip sensitive headers when the scheme changes.
  • Fix HTTP/3 happy-eyeball connection creation.
  • Upgrade hickory-resolver to 0.26.

What's Changed

New Contributors

Full Changelog: seanmonstar/reqwest@v0.13.3...v0.13.4

Changelog

Sourced from reqwest's changelog.

v0.13.4

  • Add ClientBuilder::tls_sslkeylogfile(bool) option to allow using the related environment variable.
  • Add ClientBuilder::http2_keep_alive_* options for the blocking client.
  • Add TLS 1.3 support when using native-tls backend.
  • Fix redirect handling to strip sensitive headers when the scheme changes.
  • Fix HTTP/3 happy-eyeball connection creation.
  • Upgrade hickory-resolver to 0.26.

v0.13.3

  • Fix CertificateRevocationList parsing of PEM values.
  • Fix logging in resolver to only show host, not full URL.
  • Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
  • Fix HTTP/3 to handle STOP_SENDING as not an error.
  • Fix HTTP/3 pool to remove timed out QUIC connections.
  • Fix HTTP/3 connection establishment picking IPv4 and IPv6.
  • Upgrade rustls-platform-verifier.
  • (wasm) Only use wasm-bindgen on unknown-* targets.

v0.13.2

  • Fix HTTP/2 and native-tls ALPN feature combinations.
  • Fix HTTP/3 to send h3 ALPN.
  • (wasm) fix RequestBuilder::json() from override previously set content-type.

v0.13.1

  • Fixes compiling with rustls on Android targets.

v0.13.0

  • Breaking changes:
    • rustls is now the default TLS backend, instead of native-tls.
    • rustls crypto provider defaults to aws-lc instead of ring. (rustls-no-provider exists if you want a different crypto provider)
    • rustls-tls has been renamed to rustls.
    • rustls roots features removed, rustls-platform-verifier is used by default.
      • To use different roots, call tls_certs_only(your_roots).
    • native-tls now includes ALPN. To disable, use native-tls-no-alpn.
    • query and form are now crate features, disabled by default.
    • Long-deprecated methods and crate features have been removed (such as trust-dns, which was renamed hickory-dns a while ago).
  • Many TLS-related methods renamed to improve autocompletion and discovery, but previous name left in place with a "soft" deprecation. (just documented, no warnings)
    • For example, prefer tls_backend_rustls() over use_rustls_tls().

v0.12.28

  • Fix compiling on Windows if TLS and SOCKS features are not enabled.

v0.12.27

... (truncated)

Commits
  • 11489b3 v0.13.4
  • d31ffbb feat: Expose HTTP2 keep alive configurations in blocking client (#3043)
  • 79ed0d7 feat: support TLS 1.3 as min version under native-tls 🎉 (#2975)
  • fb7bf6a fix: remove unwrap in hickory initialization (#3041)
  • 3da616f fix: update hickory-resolver to 0.26 and adjust code accordingly (#3040)
  • c77e7b2 fix(http3): use happy eyeballs for h3 connect (#3030)
  • 9cbb65b chore: clean up minimal-versions CI job (#3039)
  • 17a7dc5 chore: upgrade MSRV to 1.85 (#3038)
  • 03db63a fix(redirect): strip sensitive headers on scheme change across redirects (#3034)
  • 4b813a8 feat: add tls_sslkeylogfile builder method (#2923)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Updates the requirements on [reqwest](https://github.com/seanmonstar/reqwest) to permit the latest version.
- [Release notes](https://github.com/seanmonstar/reqwest/releases)
- [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md)
- [Commits](seanmonstar/reqwest@v0.11.0...v0.13.4)

---
updated-dependencies:
- dependency-name: reqwest
  dependency-version: 0.13.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies, rust. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Welcome to RustChain! Thanks for your first pull request.

Before we review, please make sure:

  • Non-doc PRs have a BCOS-L1 or BCOS-L2 label
  • Doc-only PRs are exempt from BCOS tier labels when they only touch docs/**, *.md, or common image/PDF files
  • New code files include an SPDX license header
  • You've tested your changes against the live node

Bounty tiers: Micro (1-10 RTC) | Standard (20-50) | Major (75-100) | Critical (100-150)

A maintainer will review your PR soon. Thanks for contributing!

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

⚠️ BCOS v2 Scan Results

Metric Value
Trust Score 48/100
Certificate ID BCOS-5eccc7c4
Tier L1 (not met)

BCOS Badge

What does this mean?

The BCOS (Beacon Certified Open Source) engine scans for:

  • SPDX license header compliance
  • Known CVE vulnerabilities (OSV database)
  • Static analysis findings (Semgrep)
  • SBOM completeness
  • Dependency freshness
  • Test infrastructure evidence
  • Review attestation tier

Full report | What is BCOS?


BCOS v2 Engine - Free & Open Source (MIT) - Elyan Labs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants