Skip to content

deps(deps): bump reqwest from 0.13.2 to 0.13.3#167

Merged
EffortlessSteven merged 1 commit into
mainfrom
dependabot/cargo/reqwest-0.13.3
May 11, 2026
Merged

deps(deps): bump reqwest from 0.13.2 to 0.13.3#167
EffortlessSteven merged 1 commit into
mainfrom
dependabot/cargo/reqwest-0.13.3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 4, 2026

Copy link
Copy Markdown
Contributor

Bumps reqwest from 0.13.2 to 0.13.3.

Release notes

Sourced from reqwest's releases.

v0.13.3

tl;dr

  • Fix CertificateRevocationList parsing of PEM values.
  • Fix logging in resolver to only show host, not full URL.
  • Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
  • Fix HTTP/3 to handle STOP_SENDING as not an error.
  • Fix HTTP/3 pool to remove timed out QUIC connections.
  • Fix HTTP/3 connection establishment picking IPv4 and IPv6.
  • Upgrade rustls-platform-verifier.
  • (wasm) Only use wasm-bindgen on unknown-* targets.

What's Changed

New Contributors

Full Changelog: seanmonstar/reqwest@v0.13.2...v0.13.3

Changelog

Sourced from reqwest's changelog.

v0.13.3

  • Fix CertificateRevocationList parsing of PEM values.
  • Fix logging in resolver to only show host, not full URL.
  • Fix hickory-dns to fallback to a default if /etc/resolv.conf fails.
  • Fix HTTP/3 to handle STOP_SENDING as not an error.
  • Fix HTTP/3 pool to remove timed out QUIC connections.
  • Fix HTTP/3 connection establishment picking IPv4 and IPv6.
  • Upgrade rustls-platform-verifier.
  • (wasm) Only use wasm-bindgen on unknown-* targets.
Commits

@dependabot @github

dependabot Bot commented on behalf of github May 4, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies, rust. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@codecov

codecov Bot commented May 4, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@dependabot dependabot Bot force-pushed the dependabot/cargo/reqwest-0.13.3 branch from 2eb7654 to 80c7525 Compare May 11, 2026 16:45
@factory-droid

factory-droid Bot commented May 11, 2026

Copy link
Copy Markdown

Droid finished @dependabot[bot]'s task —— View job


Droid Review Summary — PR #167

Status: approved

No actionable findings emitted.

Inspected surfaces:

  • Cargo.lock: reqwest version and checksum diff
  • crates/shipper-core/Cargo.toml: reqwest version spec change

Checks performed:

  • Verified diff scope (version-only dependency bump, no source code changes)
  • Verified no breaking API changes per reqwest 0.13.3 release notes
  • Verified security-relevant fixes in 0.13.3 (CRL PEM parsing, rustls-platform-verifier upgrade)
  • Verified no publish-state, registry-truth, or resume logic changes

Why no comments:

  • Pure dependency version patch; no source code touched
  • No changes to shipper-core engine, shipper-cli adapter, or shipper façade
  • No changes to events.jsonl, state.json, or receipt.json contract surfaces
  • No token handling, registry interaction, or preflight/publish/resume logic affected

Residual risk:

  • Registry-side ambiguity remains unaddressed (not relevant to this dependency bump)

Validation signal:

  • Observed: Diff limited to Cargo.lock and Cargo.toml version/checksum updates
  • Reported: reqwest 0.13.3 release notes cite security fixes (CRL PEM parsing, rustls upgrade)
  • Not verified: Integration testing with new reqwest version (CI will verify)

View validated review JSON

@EffortlessSteven

Copy link
Copy Markdown
Member

@dependabot rebase

Bumps [reqwest](https://github.com/seanmonstar/reqwest) from 0.13.2 to 0.13.3.
- [Release notes](https://github.com/seanmonstar/reqwest/releases)
- [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md)
- [Commits](seanmonstar/reqwest@v0.13.2...v0.13.3)

---
updated-dependencies:
- dependency-name: reqwest
  dependency-version: 0.13.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/cargo/reqwest-0.13.3 branch from 80c7525 to a3cf005 Compare May 11, 2026 18:14
@factory-droid

factory-droid Bot commented May 11, 2026

Copy link
Copy Markdown

Droid finished @dependabot[bot]'s task —— View job



Droid Validation Summary — PR #167

Status: approved

No candidates emitted in this pass.

Validation signal:

  • Review candidates: none emitted (pure dependency version bump, no source code changes)
  • Diff scope limited to Cargo.lock and Cargo.toml version/checksum updates
  • Prior review cycle comment (factory-droid[bot]) already posted and covers the assessment

View validated review JSON

@EffortlessSteven EffortlessSteven merged commit 8d3d37d into main May 11, 2026
20 checks passed
@EffortlessSteven EffortlessSteven deleted the dependabot/cargo/reqwest-0.13.3 branch May 11, 2026 18:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant