Update to `reqwest^0.13`

[mgoldenberg]

Problem Statement

I was curious if sentry plans to update to reqwest^0.13.

One of the benefits of updating (for my use case) is that newer versions of reqwest have better TLS v1.3 integration with Apple operating systems. This is because earlier versions of reqwest relied on either native-tls or rustls-native-certs. Newer versions, starting with v0.13.0, may be configured to rely on rustls-platform-verifier.

native-tls

In the case of native-tls, there is no support for TLS v1.3 on Apple operating systems. native-tls uses Apple's SecureTransport API, which is deprecated.

From Apple's TLS Best Practices.

Don’t use Secure Transport for your TLS implementation. It’s been deprecated since 2019 and doesn’t support TLS 1.3. If you have existing code that uses Secure Transport, make a plan to migrate off it.

(Note that native-tls developers have acknowledged this limitation here).

rustls-native-certs

In the case of rustls-native-certs, this seems to have support for Apple operating systems, but the developers recommend using rustls-platform-verifier, which isn't available before reqwest@0.13.0.

From rustls-native-certs README

Instead of this crate, we suggest using rustls-platform-verifier, which provides a more robust solution with a simpler API. This crate is still maintained, but mostly for use inside the platform verifier on platforms where no other solution is available.

Solution Brainstorm

Update to reqwest^0.13!

I have not tried to do this, but may be able to give it a shot if you all have your hands tied.

[linear]

RUST-152

[csett86]

See #998

[mgoldenberg]

Thanks so much! I must have missed that!

[szokeasaurusrex]

We will try to get that PR merged and released within the next few weeks! I have linked this issue to the PR, so it will get closed once the PR is merged