deps: update rustls v0.20.1 -> v0.21.0 #1791
Conversation
|
As a side note, part of my point of making h3 "experimental" is specifically so we can update rustls if need be, and "break" the h3 code for a time. At the same time, if the upgrade isn't urgent, it'd be kinder to keep the h3 stuff from being turned off. |
cpu
force-pushed
the
cpu-rustls-0.21.0-prep
branch
from
80f4bc2 to
cb672e1
Compare
I don't think there's a particularly pressing need (e.g. a security issue), but the upcoming Rustls release will bring IP address subject support and there's been a lot of user demand for that feature. I don't know if that sways your opinion one way or the other :-) My motivation for looking at this was to ensure rustls-platform-verifier would be ready to go when the release is available, and it takes a |
cpu
force-pushed
the
cpu-rustls-0.21.0-prep
branch
2 times, most recently
from
9be5652 to
3fe7e81
Compare
|
FWIW, the h3-quinn crate was just able to update to quinn 0.9, at least. |
|
Excellent news! Thanks for sharing. The quinn update is approved and waiting merge. I'm close to having the tokio-rustls and hyper-rustls dependencies ready. I will rebase this branch shortly. |
cpu
force-pushed
the
cpu-rustls-0.21.0-prep
branch
5 times, most recently
from
3f5109e to
3f5c4e8
Compare
|
Yay, looking forward to this as I want to migrate to rustls and need the ip address feature. |
I'm in the same boat. The IP address feature is a blocker on a feature I am currently working on so I'm really keen to upgrade Reqwest when Rustls is bumped to v0.21. |
hyper is still blocked on seanmonstar/reqwest#1791
cpu
force-pushed
the
cpu-rustls-0.21.0-prep
branch
from
3f5c4e8 to
3466e3d
Compare
cpu
force-pushed
the
cpu-rustls-0.21.0-prep
branch
from
3466e3d to
bbc0c2c
Compare
|
@seanmonstar The Quinn project cut a 0.10 release and I've opened a PR against h3 to update Quinn/Rustls there as well: hyperium/h3#190 For the time being I've put a |
|
I just published h3-quinn v0.0.3 with your changes. |
This commit updates reqwest to use rustls 0.21.0, both as a direct dependency and through an update of tokio-rustls to 0.24.0, hyper-rustls to 0.24.0, quinn 0.10.0, and h3-quinn to 0.0.3. One change is required in the reqwest codebase to adjust the import location of the `DigtallySignedStruct` type.
cpu
force-pushed
the
cpu-rustls-0.21.0-prep
branch
from
bbc0c2c to
9646979
Compare
cpu
changed the title
Thanks! I've removed the h3/h3-quinn Cargo patches and rebased. CI seems happy and the This branch should be ready for review now. |
|
@seanmonstar can we expect a new |
|
yes, preparing in #1834 |
|
I've followed up these changes with #1835, which updates |
Bumps reqwest from 0.11.17 to 0.11.18. Release notes Sourced from reqwest's releases. v0.11.18 What's Changed Fix RequestBuilder::json() method from overriding a previously set content-type header. An existing value will be left in place. Upgrade internal dependencies for rustls and compression. New Contributors @flyingalex made their first contribution in seanmonstar/reqwest#1833 @cpu made their first contribution in seanmonstar/reqwest#1791 Changelog Sourced from reqwest's changelog. v0.11.18 Fix RequestBuilder::json() method from overriding a previously set content-type header. An existing value will be left in place. Upgrade internal dependencies for rustls and compression. Commits 00be85e v0.11.18 a0b5ea5 deps: update rustls v0.20.1 -> v0.21.0 (#1791) b13ca4b bug: fix custom content-type overidden by json method (#1833) eca2a2f CI: Enable dependabot for GitHub Action Workflow (#1831) 9de702c Speedup CI (#1830) 7e7b116 deps: Update async-compression v0.3.13 => v0.4.0 (#1828) See full diff in compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase. Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: @dependabot rebase will rebase this PR @dependabot recreate will recreate this PR, overwriting any edits that have been made to it @dependabot merge will merge this PR after your CI passes on it @dependabot squash and merge will squash and merge this PR after your CI passes on it @dependabot cancel merge will cancel a previously requested merge and block automerging @dependabot reopen will reopen this PR if it is closed @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
|
Yay! |
This commit updates reqwest to use rustls 0.21.0, both as a direct dependency and through an update of tokio-rustls to 0.24.0, hyper-rustls to 0.24.0, quinn 0.10.0, and h3-quinn to 0.0.3. One change is required in the reqwest codebase to adjust the import location of the `DigtallySignedStruct` type.
Description
This commit updates reqwest to use rustls 0.21.0, both as a direct dependency and through an update of tokio-rustls to 0.24.0, hyper-rustls to 0.24.0, quinn 0.10.0, and h3-quinn to 0.0.3.
One change is required in the reqwest codebase to adjust the import location of the
DigtallySignedStructtype.Remaining work