fix: upgrade reqwest to 0.13 with native CA cert support for non-Windows#1067
fix: upgrade reqwest to 0.13 with native CA cert support for non-Windows#1067dwhoban wants to merge 7 commits intovoidzero-dev:mainfrom
Conversation
Co-authored-by: dwhoban <5687870+dwhoban@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Dan Hoban <5687870+dwhoban@users.noreply.github.com>
fix: upgrade reqwest to 0.13 with native CA cert support for non-Windows
✅ Deploy Preview for viteplus-preview canceled.
|
There was a problem hiding this comment.
Pull request overview
This PR updates the workspace’s reqwest dependency pin and adjusts per-platform TLS feature flags, aiming to ensure non-Windows builds use system/native CA certificates (to work behind MITM proxies as described in #1014).
Changes:
- Pinned workspace
reqwestfrom"0.12"to"0.12.28"in the rootCargo.toml. - Updated non-Windows
reqwestfeature flags in several crates fromrustls-tlstorustls+rustls-native-certs. - Kept Windows using
native-tls-vendoredforreqwest.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| Cargo.toml | Pins reqwest to a specific 0.12.x patch release. |
| crates/vite_error/Cargo.toml | Switches non-Windows reqwest TLS features to native cert support. |
| crates/vite_install/Cargo.toml | Switches non-Windows reqwest TLS features to native cert support (incl. JSON). |
| crates/vite_js_runtime/Cargo.toml | Switches non-Windows reqwest TLS features to native cert support. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| regex = "1.11.1" | ||
| regress = "0.11.0" | ||
| reqwest = { version = "0.12", default-features = false } | ||
| reqwest = { version = "0.12.28", default-features = false } |
There was a problem hiding this comment.
The PR title/description says reqwest is being upgraded to 0.13, but the workspace dependency is still pinned to 0.12.28. Either bump reqwest to 0.13.x (and adjust features accordingly) or update the PR title/description to match the actual version change.
There was a problem hiding this comment.
@copilot open a new pull request to apply changes based on this feedback
|
|
||
| [target.'cfg(not(target_os = "windows"))'.dependencies] | ||
| reqwest = { workspace = true, features = ["stream", "rustls-tls"] } | ||
| reqwest = { workspace = true, features = ["stream", "rustls", "rustls-native-certs"] } |
There was a problem hiding this comment.
Non-Windows reqwest is now configured with ["rustls", "rustls-native-certs"], but the workspace dependency remains reqwest 0.12.28. Please ensure the selected feature flags are supported by that version and that the lockfile shows native cert support is pulled in; otherwise this change may not resolve the proxy/CA issue on Linux/macOS.
| reqwest = { workspace = true, features = ["stream", "rustls", "rustls-native-certs"] } | |
| reqwest = { workspace = true, features = ["stream", "rustls-tls-native-roots"] } |
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Dan Hoban <5687870+dwhoban@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Dan Hoban <5687870+dwhoban@users.noreply.github.com>
This pull request updates the
reqwestdependency across the workspace, both to a newer patch version and by adjusting its features for non-Windows platforms. The changes ensure more secure and compatible TLS support by switching from the deprecatedrustls-tlsfeature to the recommendedrustlsandrustls-native-certsfeatures.Resolves #1014.
Dependency version and feature updates:
reqwestcrate version from0.12to0.12.28in the rootCargo.tomlfor improved stability and bug fixes.TLS configuration improvements for non-Windows platforms:
rustls-tlsfeature withrustlsand addedrustls-native-certstoreqwestdependencies incrates/vite_error/Cargo.toml,crates/vite_install/Cargo.toml, andcrates/vite_js_runtime/Cargo.tomlto ensure better certificate handling and compatibility. [1] [2] [3]