Skip to content

Update reqwest to 0.13#395

Merged
Gankra merged 1 commit intoaxodotdev:mainfrom
konstin:konsti/reqwest-0.13
Feb 12, 2026
Merged

Update reqwest to 0.13#395
Gankra merged 1 commit intoaxodotdev:mainfrom
konstin:konsti/reqwest-0.13

Conversation

@konstin
Copy link
Copy Markdown
Contributor

@konstin konstin commented Feb 11, 2026

reqwest 0.13 switched from native-tls by default to rustls by default, and also switched to rustls-platform-verifier (seanmonstar/reqwest#2891). This means that two features that axoasset currently uses or exposes, rustls-tls-native-roots and rustls-tls-webpki-roots, don't exist anymore. While axoasset is technically compatible with reqwest 0.13, cargo blocks the update due to the missing features:

error: failed to select a version for `reqwest`.
    ... required by package `axoasset v1.5.0 (/home/konsti/projects/axoasset)`
versions that meet the requirements `>=0.13.0` are: 0.13.2, 0.13.1, 0.13.0

package `axoasset` depends on `reqwest` with feature `rustls-tls-webpki-roots` but `reqwest` does not have that feature.

failed to select a version for `reqwest` which could resolve this conflict

I'm not aware of a way to expose feature conditionally depending on the package version with Cargo. This PR proposes to bump reqwest to a minimum of 0.13.

I'm not sure if to consider that a breaking change, as we do update inside a compatible range, but if you have axoasset::AxoClient::with_reqwest(reqwest::Client::new()) in your code and use reqwest 0.12, it will cause an error. Cargo doesn't see that reqwest as a dependency is part of the public API and needs to match the caller's version.

@mistydemeo
Copy link
Copy Markdown
Contributor

mistydemeo commented Feb 11, 2026

Well, that's an unfortunate breaking change. I guess it is still in the 0.x range, haha.

Thanks for bumping axoasset to 2.0.0; that feels right given this change.

@mistydemeo
Copy link
Copy Markdown
Contributor

mistydemeo commented Feb 11, 2026
edited
Loading

Reading the PR:

For example, instead of adding webpki-roots with a feature flag, you should use the webpki-roots crate yourself, and pass them into tls_certs_only(certs).

I wonder if axoasset wants to be doing this, to try to preserve OS certificate store support?

@Gankra
Copy link
Copy Markdown
Contributor

Gankra commented Feb 11, 2026

Additional context on compatibility concerns here: astral-sh/uv#17427

@Gankra
Copy link
Copy Markdown
Contributor

Gankra commented Feb 11, 2026

Having looked it over a few times it seems like the fact that you need to pass a reqwest::Client to axoasset, and the new relevant API is on ClientBuilder means this is out of its hands, so I don't think we need to add anything.

@konstin
Copy link
Copy Markdown
Contributor Author

konstin commented Feb 12, 2026

I'm surprised no one complained about this in uv before, but we weren't using the same client before: axodotdev/axoupdater#334

@konstin konstin force-pushed the konsti/reqwest-0.13 branch from 5a77357 to ba0b591 Compare February 12, 2026 09:15
@konstin
Update reqwest to 0.13
a26e773 
reqwest 0.13 switched from native-tls by default to rustls by default, and also switched to rustls-platform-verifier (seanmonstar/reqwest#2891). This means that two features that axoasset currently uses or exposes, rustls-tls-native-roots and rustls-tls-webpki-roots, don't exist anymore. While axoasset is technically compatible with reqwest 0.13, cargo blocks the update due to the missing features:

```
error: failed to select a version for `reqwest`.
    ... required by package `axoasset v1.5.0 (/home/konsti/projects/axoasset)`
versions that meet the requirements `>=0.13.0` are: 0.13.2, 0.13.1, 0.13.0

package `axoasset` depends on `reqwest` with feature `rustls-tls-webpki-roots` but `reqwest` does not have that feature.

failed to select a version for `reqwest` which could resolve this conflict
```

I'm not aware of a way to expose feature conditionally depending on the package version with Cargo. This PR proposes to bump reqwest to a minimum of 0.13.

I'm not sure if to consider that a breaking change, as we do update inside a compatible range, but if you have `axoasset::AxoClient::with_reqwest(reqwest::Client::new())` in your code and use reqwest 0.12, it will cause an error. Cargo doesn't see that reqwest as a dependency is part of the public API and needs to match the caller's version.
@konstin konstin force-pushed the konsti/reqwest-0.13 branch from ba0b591 to a26e773 Compare February 12, 2026 09:15
@Gankra Gankra merged commit 6cafa66 into axodotdev:main Feb 12, 2026
14 checks passed
This was referenced Feb 18, 2026
Closed
Closed
mistydemeo added a commit that referenced this pull request Feb 20, 2026
@mistydemeo
deps: reenable reqwest-tls
85e0568 
An oversight in #395 meant that we removed the TLS feature we were
using before without adding a replacement, and with
`default-features = false` still enabled. Consequently, we accidentally
built reqwest with no TLS support at all
@mistydemeo mistydemeo mentioned this pull request Feb 20, 2026
Merged
mistydemeo added a commit that referenced this pull request Feb 20, 2026
@mistydemeo
deps: reenable reqwest-tls
7429925 
An oversight in #395 meant that we removed the TLS feature we were
using before without adding a replacement, and with
`default-features = false` still enabled. Consequently, we accidentally
built reqwest with no TLS support at all
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Gankra Gankra Gankra approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@konstin @mistydemeo @Gankra