Depend on quinn/rustls-aws-lc-rs to avoid ring dependency#2917
Merged
seanmonstar merged 1 commit intoseanmonstar:masterfrom Dec 30, 2025
Merged
Depend on quinn/rustls-aws-lc-rs to avoid ring dependency#2917seanmonstar merged 1 commit intoseanmonstar:masterfrom
seanmonstar merged 1 commit intoseanmonstar:masterfrom
Conversation
seanmonstar
approved these changes
Dec 30, 2025
kodiakhq bot
pushed a commit
to pdylanross/fatigue
that referenced
this pull request
Dec 31, 2025
Bumps reqwest from 0.12.28 to 0.13.1. Release notes Sourced from reqwest's releases. v0.13.1 What's Changed http3: depend on quinn/rustls-aws-lc-rs to avoid ring dependency by @djc in seanmonstar/reqwest#2917 fix rustls on android by @seanmonstar in seanmonstar/reqwest#2918 Full Changelog: seanmonstar/reqwest@v0.13.0...v0.13.1 v0.13.0 Breaking changes rustls is now the default TLS backend, instead of native-tls. rustls crypto provider defaults to aws-lc instead of ring. (rustls-no-provider exists if you want a different crypto provider) rustls-tls has been renamed to rustls. rustls roots features removed, rustls-platform-verifier is used by default. To use different roots, call tls_certs_only(your_roots). native-tls now includes ALPN. To disable, use native-tls-no-alpn. query and form are now crate features, disabled by default. Long-deprecated methods and crate features have been removed (such as trust-dns, which was renamed hickory-dns a while ago). Many TLS-related methods renamed to improve autocompletion and discovery, but previous name left in place with a "soft" deprecation. (just documented, no warnings) For example, prefer tls_backend_rustls() over use_rustls_tls(). Pull Requests in General start 0.13 dev by @seanmonstar in seanmonstar/reqwest#2894 Make serde optional by introducing query, form features, and re-working WASM header parsing by @CathalMullan in seanmonstar/reqwest#2858 replace ClientBuilder::dns_resolver with dns_resolver2 by @seanmonstar in seanmonstar/reqwest#2898 feat: make Rustls the default TLS provider by @calavera in seanmonstar/reqwest#2897 feat: consolidate TLS options with rustls-platform-verifier by @seanmonstar in seanmonstar/reqwest#2891 remove long-deprecated methods: trust-dns and non-wasm-cors by @seanmonstar in seanmonstar/reqwest#2899 rename rustls-tls feature to just rustls by @seanmonstar in seanmonstar/reqwest#2900 remove deprecated features trust-dns and macos-system-configuration by @seanmonstar in seanmonstar/reqwest#2901 chore: separate rustls and rustls-no-provider features by @seanmonstar in seanmonstar/reqwest#2903 rustls: allow windows to use extra roots by @seanmonstar in seanmonstar/reqwest#2904 v0.13.0-rc.1 by @seanmonstar in seanmonstar/reqwest#2905 Enable ALPN by default in native-tls by @ducaale in seanmonstar/reqwest#2907 v0.13.0 by @seanmonstar in seanmonstar/reqwest#2915 New Contributors @CathalMullan made their first contribution in seanmonstar/reqwest#2858 Full Changelog: seanmonstar/reqwest@v0.12.28...v0.13.0 v0.13.0-rc.1 👀 Discussion here if you give it try, thanks! Main breaking changes rustls is now default instead of native-tls rustls provider defaults to aws-lc instead of ring (rustls-no-provider exists if you want to enable a different one) rustls-tls renamed to rustls rustls roots features removed, platform-verifier is used instead ... (truncated) Changelog Sourced from reqwest's changelog. v0.13.1 Fixes compiling with rustls on Android targets. v0.13.0 Breaking changes: rustls is now the default TLS backend, instead of native-tls. rustls crypto provider defaults to aws-lc instead of ring. (rustls-no-provider exists if you want a different crypto provider) rustls-tls has been renamed to rustls. rustls roots features removed, rustls-platform-verifier is used by default. To use different roots, call tls_certs_only(your_roots). native-tls now includes ALPN. To disable, use native-tls-no-alpn. query and form are now crate features, disabled by default. Long-deprecated methods and crate features have been removed (such as trust-dns, which was renamed hickory-dns a while ago). Many TLS-related methods renamed to improve autocompletion and discovery, but previous name left in place with a "soft" deprecation. (just documented, no warnings) For example, prefer tls_backend_rustls() over use_rustls_tls(). Commits 10fb98c v0.13.1 438098a chore: refer to h2 as dep:h2 (#2919) 43aac91 chore(ci): bump actions/checkout from 5 to 6 (#2864) 175f5b2 fix rustls on android (#2918) 1afe88e Depend on quinn/rustls-aws-lc-rs to avoid ring dependency (#2917) 62a80af v0.13.0 e8d89f4 enable ALPN by default in native-tls (#2907) 9a9daa7 v0.13.0-rc.1 d518e45 rustls: allow windows to use extra roots (#2904) 934bc84 chore: separate rustls and rustls-no-provider features (#2903) Additional commits viewable in compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase. Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: @dependabot rebase will rebase this PR @dependabot recreate will recreate this PR, overwriting any edits that have been made to it @dependabot merge will merge this PR after your CI passes on it @dependabot squash and merge will squash and merge this PR after your CI passes on it @dependabot cancel merge will cancel a previously requested merge and block automerging @dependabot reopen will reopen this PR if it is closed @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Alternatively, we could drop the
rustlsfeature from quinn and enablequinn/rustls-aws-lc-rsin thehttp3feature only?