build: Update reqwest to same version as objectstore#5669
build: Update reqwest to same version as objectstore#5669
reqwest to same version as objectstore#5669Conversation
jjbayer
changed the title
reqwest to same version as objectstore
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| regex = "1.11.3" | ||
| regex-lite = "0.1.7" | ||
| reqwest = "0.12.23" | ||
| reqwest = { version = "0.13.2", features = ["blocking"] } |
There was a problem hiding this comment.
Default TLS backend silently switches to rustls
Medium Severity
Upgrading reqwest from 0.12 to 0.13 silently changes the default TLS backend from native-tls to rustls. The ClientBuilder::new() calls in upstream.rs and healthcheck.rs don't explicitly select a TLS backend, so they'll now use rustls instead of native-tls. The native-tls-vendored feature is still enabled in both relay/Cargo.toml and relay-server/Cargo.toml, compiling vendored OpenSSL that relay's own HTTP clients no longer use. This suggests the switch may be unintentional.
There was a problem hiding this comment.
Correct, we need to be careful here.
| regex = "1.11.3" | ||
| regex-lite = "0.1.7" | ||
| reqwest = "0.12.23" | ||
| reqwest = { version = "0.13.2", features = ["blocking"] } |
There was a problem hiding this comment.
Correct, we need to be careful here.
| regex = "1.11.3" | ||
| regex-lite = "0.1.7" | ||
| reqwest = "0.12.23" | ||
| reqwest = { version = "0.13.2", features = ["blocking"] } |
There was a problem hiding this comment.
The workspace should be default-features = false and we can enable blocking in just the relay crate which needs it. Alternatively we can also asyncify that code path.
2 participants
No description provided.