chore(deps): update rust crate reqwest to 0.12.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
reqwest	workspace.dependencies	minor	0.11.27 -> 0.12.0

---

Release Notes

seanmonstar/reqwest (reqwest)

v0.12.9

Compare Source

• Add tls::CertificateRevocationLists support.
• Add crate features to enable webpki roots without selecting a rustls provider.
• Fix connection_verbose() to output read logs.
• Fix multipart::Part::file() to automatically include content-length.
• Fix proxy to internally no longer cache system proxy settings.

v0.12.8

Compare Source

• Add support for SOCKS4 proxies.
• Add multipart::Form::file() method for adding files easily.
• Add Body::wrap() to wrap any http_body::Body type.
• Fix the pool configuration to use a timer to remove expired connections.

v0.12.7

Compare Source

• Revert adding impl Service<http::Request<_>> for Client.

v0.12.6

Compare Source

• Add support for danger_accept_invalid_hostnames for rustls.
• Add impl Service<http::Request<Body>> for Client and &'_ Client.
• Add support for !Sync bodies in Body::wrap_stream().
• Enable happy eyeballs when hickory-dns is used.
• Fix Proxy so that HTTP(S)_PROXY values take precendence over ALL_PROXY.
• Fix blocking::RequestBuilder::header() from unsetting sensitive on passed header values.

v0.12.5

Compare Source

• Add blocking::ClientBuilder::dns_resolver() method to change DNS resolver in blocking client.
• Add http3 feature back, still requiring reqwest_unstable.
• Add rustls-tls-no-provider Cargo feature to use rustls without a crypto provider.
• Fix Accept-Encoding header combinations.
• Fix http3 resolving IPv6 addresses.
• Internal: upgrade to rustls 0.23.

v0.12.4

Compare Source

• Add zstd support, enabled with zstd Cargo feature.
• Add ClientBuilder::read_timeout(Duration), which applies the duration for each read operation. The timeout resets after a successful read.

v0.12.3

Compare Source

• Add FromStr for dns::Name.
• Add ClientBuilder::built_in_webpki_certs(bool) to enable them separately.
• Add ClientBuilder::built_in_native_certs(bool) to enable them separately.
• Fix sending content-length: 0 for GET requests.
• Fix response body content_length() to return value when timeout is configured.
• Fix ClientBuilder::resolve() to use lowercase domain names.

v0.12.2

Compare Source

• Fix missing ALPN when connecting to socks5 proxy with rustls.
• Fix TLS version limits with rustls.
• Fix not detected ALPN h2 from server with native-tls.

v0.12.1

Compare Source

• Fix ClientBuilder::interface() when no TLS is enabled.
• Fix TlsInfo::peer_certificate() being truncated with rustls.
• Fix panic if http2 feature disabled but TLS negotiated h2 in ALPN.
• Fix Display for Error to not include its source error.

v0.12.0

Compare Source

• Upgrade to hyper, http, and http-body v1.
• Add better support for converting to and from http::Request and http::Response.
• Add http2 optional cargo feature, default on.
• Add charset optional cargo feature, default on.
• Add macos-system-configuration cargo feature, default on.
• Change all optional dependencies to no longer be exposed as implicit features.
• Add ClientBuilder::interface(str) to specify the local interface to bind to.
• Experimental: disables the http3 feature temporarily.

v0.11.27

• Add hickory-dns feature, deprecating trust-dns.
• (wasm) Fix Form::text() to not set octet-stream for plain text fields.

v0.11.26

• Revert system-configuration upgrade, which broke MSRV on macOS.

v0.11.25

• Fix Certificate::from_pem_bundle() parsing.
• Fix Apple linker errors from detecting system proxies.

v0.11.24

• Add Certificate::from_pem_bundle() to add a bundle.
• Add http3_prior_knowledge() to blocking client builder.
• Remove Sync bounds requirement for Body::wrap_stream().
• Fix HTTP/2 to retry REFUSED_STREAM requests.
• Fix instances of converting Url to Uri that could panic.

v0.11.23

• Add Proxy::custom_http_auth(val) for setting the raw Proxy-Authorization header when connecting to proxies.
• Fix redirect to reject locations that are not http:// or https://.
• Fix setting nodelay when TLS is enabled but URL is HTTP.
• (wasm) Add ClientBuilder::user_agent(val).
• (wasm) add multipart::Form::headers(headers).

v0.11.22

• Fix compilation on Windows when trust-dns is enabled.

v0.11.21

• Add automatically detecting macOS proxy settings.
• Add ClientBuilder::tls_info(bool), which will put tls::TlsInfo into the response extensions.
• Fix trust-dns resolver from possible hangs.
• Fix connect timeout to be split among multiple IP addresses.

v0.11.20

• Fix deflate decompression back to using zlib, as outlined in the spec.

v0.11.19

• Add ClientBuilder::http1_ignore_invalid_headers_in_responses() option.
• Add ClientBuilder::http1_allow_spaces_after_header_name_in_responses() option.
• Add support for ALL_PROXY environment variable.
• Add support for use_preconfigured_tls when combined with HTTP/3.
• Fix deflate decompression from using the zlib decoder.
• Fix Response::{text, text_with_charset}() to strip BOM characters.
• Fix a panic when HTTP/3 is used if UDP isn't able to connect.
• Fix some dependencies for HTTP/3.
• Increase MSRV to 1.63.

v0.11.18

• Fix RequestBuilder::json() method from overriding a previously set content-type header. An existing value will be left in place.
• Upgrade internal dependencies for rustls and compression.

v0.11.17

• Upgrade internal dependencies of Experimental HTTP/3 to use quinn v0.9
• (wasm) Fix blob url support

v0.11.16

• Chore: set MSRV in Cargo.toml.
• Docs: fix build on docs.rs

v0.11.15

• Add RequestBuilder methods to split and reconstruct from its parts.
• Add experimental HTTP/3 support.
• Fix connection_verbose to log write_vectored calls.
• (wasm) Make requests actually cancel if the future is dropped.

v0.11.14

• Adds Proxy::no_proxy(url) that works like the NO_PROXY environment variable.
• Adds multipart::Part::headers(headers) method to add custom headers.
• (wasm) Add Response::bytes_stream().
• Perf: several internal optimizations reducing copies and memory allocations.

v0.11.13

• Add ClientBuilder::dns_resolver() option for custom DNS resolvers.
• Add ClientBuilder::tls_sni(bool) option to enable or disable TLS Server Name Indication.
• Add Identity::from_pkcs8_pem() constructor when using native-tls.
• Fix redirect::Policy::limited(0) from following any redirects.

v0.11.12

• Add ClientBuilder::resolve_to_addrs() which allows a slice of IP addresses to be specified for a single host.
• Add Response::upgrade() to await whether the server agrees to an HTTP upgrade.

v0.11.11

• Add HTTP/2 keep-alive configuration methods on ClientBuilder.
• Add ClientBuilder::http1_allow_obsolete_multiline_headers_in_responses().
• Add impl Service<Request> for Client and &'_ Client.
• (wasm) Add RequestBuilder::basic_auth().
• Fix RequestBuilder::header to not override sensitive if user explicitly set on a HeaderValue.
• Fix rustls parsing of elliptic curve private keys.
• Fix Proxy URL parsing of some invalid targets.

v0.11.10

• Add Error::url() to access the URL of an error.
• Add Response::extensions() to access the http::Extensions of a response.
• Fix rustls-native-certs to log an error instead of panicking when loading an invalid system certificate.
• Fix passing Basic Authorization header to proxies.

v0.11.9

• Add ClientBuilder::http09_responses(bool) option to allow receiving HTTP/0.9 responses.
• Fix HTTP/2 to retry requests interrupted by an HTTP/2 graceful shutdown.
• Fix proxy loading from environment variables to ignore empty values.

v0.11.8

• Update internal webpki-roots dependency.

v0.11.7

• Add blocking::ClientBuilder::resolve() option, matching the async builder.
• Implement From<tokio::fs::File> for Body.
• Fix blocking request-scoped timeout applying to bodies as well.
• (wasm) Fix request bodies using multipart vs formdata.
• Update internal rustls to 0.20.

v0.11.6

• (wasm) Fix request bodies more.

v0.11.5

• Add ClientBuilder::http1_only() method.
• Add tls::Version type, and ClientBuilder::min_tls_version() and ClientBuilder::max_tls_version() methods.
• Implement TryFrom<Request> for http::Request.
• Implement Clone for Identity.
• Fix NO_PROXYenvironment variable parsing to more closely match curl's. Comma-separated entries are now trimmed for whitespace, and * is allowed to match everything.
• Fix redirection to respect https_only option.
• (wasm) Add Body::as_bytes() method.
• (wasm) Fix sometimes wrong conversation of bytes into a JsValue.
• (wasm) Avoid dependency on serde-serialize feature.

v0.11.4

• Add ClientBuilder::resolve() option to override DNS resolution for specific domains.
• Add native-tls-alpn Cargo feature to use ALPN with the native-tls backend.
• Add ClientBuilder::deflate() option and deflate Cargo feature to support decoding response bodies using deflate.
• Add RequestBuilder::version() to allow setting the HTTP version of a request.
• Fix allowing "invalid" certificates with the rustls-tls backend, when the server uses TLS v1.2 or v1.3.
• (wasm) Add try_clone to Request and RequestBuilder

v0.11.3

• Add impl From<hyper::Body> for reqwest::Body.
• (wasm) Add credentials mode methods to RequestBuilder.

v0.11.2

• Add CookieStore trait to customize the type that stores and retrieves cookies for a session.
• Add cookie::Jar as a default CookieStore, easing creating some session cookies before creating the Client.
• Add ClientBuilder::http2_adaptive_window() option to configure an adaptive HTTP2 flow control behavior.
• Add ClientBuilder::http2_max_frame_size() option to adjust the maximum HTTP2 frame size that can be received.
• Implement IntoUrl for String, making it more convenient to create requests with format!.

v0.11.1

• Add ClientBuilder::tls_built_in_root_certs() option to disable built-in root certificates.
• Fix rustls-tls glue to more often support ALPN to upgrade to HTTP/2.
• Fix proxy parsing to assume http:// if no scheme is found.
• Fix connection pool idle reaping by enabling hyper's runtime feature.
• (wasm) Add Request::new() constructor.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path Cargo.toml --package reqwest@0.11.27 --precise 0.12.4
    Updating crates.io index
error: failed to select a version for the requirement `reqwest = "^0.11"`
candidate versions found which didn't match: 0.12.4
location searched: crates.io index
required by package `minitrace-datadog v0.6.4`
    ... which satisfies dependency `minitrace-datadog = "^0.6.4"` (locked to 0.6.4) of package `telemetry_plugin v0.0.0 (/tmp/renovate/repos/github/the-guild-org/conductor/plugins/telemetry)`
    ... which satisfies path dependency `telemetry_plugin` (locked to 0.0.0) of package `conductor_config v0.0.0 (/tmp/renovate/repos/github/the-guild-org/conductor/libs/config)`
    ... which satisfies path dependency `conductor_config` (locked to 0.0.0) of package `conductor-cf-worker v0.1.0 (/tmp/renovate/repos/github/the-guild-org/conductor/bin/cloudflare_worker)`
perhaps a crate was updated and forgotten to be re-vendored?

[github-actions]

🚨 Rust Panic Audit: 102 Potential Panic Points Detected 🚨

Crate: federation_query_planner

📊 Total Usages: 53

• 🎁 unwrap usages: 32
• 🔢 array_index usages: 10
• 🚨 panic usages: 3
• 🔎 expect usages: 8

Crate: common

📊 Total Usages: 11

• 🔢 array_index usages: 1
• 🎁 unwrap usages: 10

Crate: telemetry

📊 Total Usages: 9

• 🔢 array_index usages: 5
• 🎁 unwrap usages: 4

Crate: cloudflare_worker

📊 Total Usages: 8

• 🚨 panic usages: 1
• 🎁 unwrap usages: 5
• 🔎 expect usages: 2

Crate: engine

📊 Total Usages: 7

• 🔎 expect usages: 1
• 🎁 unwrap usages: 6

Crate: tracing

📊 Total Usages: 6

• 🔎 expect usages: 1
• 🎁 unwrap usages: 5

Crate: conductor

📊 Total Usages: 5

• 🚨 panic usages: 1
• 🎁 unwrap usages: 1
• 🔎 expect usages: 3

Crate: config

📊 Total Usages: 3

• 🎁 unwrap usages: 2
• 🚨 panic usages: 1

📌 Expected Annotations

Crate: napi

📊 Total Expected Usages: 1

expand details

1. Reason: "we need this"

• Code: panic!("Exited process!")
• Location: ./libs/napi/src/lib.rs:18

Crate: engine

📊 Total Expected Usages: 2

expand details

1. Reason: "if we are unable to construct the endpoints and attach them onto the gateway's http server, we have to exit"

• Code: Err(e) => panic!("failed to construct endpoint: {:?}", e),
• Location: ./libs/engine/src/gateway.rs:158

2. Reason: "we can safely index here, it's inside a test with constant defined fixtures."

• Code: ConductorGateway::execute(request, &gw.routes[0].route_data).await
• Location: ./libs/engine/src/gateway.rs:190

Crate: vrl

📊 Total Expected Usages: 2

expand details

1. Reason: "if the provided VRL code in the config file can't compile, we have to exit."

• Code: panic!("failed to compile vrl program");
• Location: ./plugins/vrl/src/plugin.rs:129

2. Reason: "states is a non-user provided variable"

• Code: .expect("can't merge states when states is an empty vector!")
• Location: ./plugins/vrl/src/plugin.rs:146

Crate: jwt_auth

📊 Total Expected Usages: 1

expand details

1. Reason: "if initiating an http client fails, then we have to exit."

• Code: let client = wasm_polyfills::create_http_client().build().unwrap();
• Location: ./plugins/jwt_auth/src/jwks_provider.rs:49

Crate: cloudflare_worker

📊 Total Expected Usages: 4

expand details

1. Reason: "it panics only if the header name is not valid, and we know it is."

• Code: .unwrap()
• Location: ./bin/cloudflare_worker/src/http_tracing.rs:20

2. Reason: "it panics only if the URL source is not valid, and it's already validated before."

• Code: let url = req.url().unwrap();
• Location: ./bin/cloudflare_worker/src/http_tracing.rs:23

3. Reason: "it only panics if we are not running in a CF context, should be safe."

• Code: let cf_info = req.cf().unwrap();
• Location: ./bin/cloudflare_worker/src/http_tracing.rs:27

4. Reason: "unwraps only in special cases where "data:text" is used."

• Code: let http_host = url.host().unwrap().to_string();
• Location: ./bin/cloudflare_worker/src/http_tracing.rs:36

Crate: conductor

📊 Total Expected Usages: 2

expand details

1. Reason: "we need to exit the process, if the logger can't be correctly set."

• Code: let _guard = tracing::subscriber::set_default(subscriber);
• Location: ./bin/conductor/src/lib.rs:37

2. Reason: "we need to exit the process, if the provided configuration file is incorrect."

• Code: panic!("Failed to initialize gateway: {:?}", e);
• Location: ./bin/conductor/src/lib.rs:76

Crate: common

📊 Total Expected Usages: 1

expand details

1. Reason: "we're parsing a statically defined constant, we know it works ;)"

• Code: .unwrap()
• Location: ./libs/common/src/graphql.rs:31

Crate: config

📊 Total Expected Usages: 9

expand details

1. Reason: "statically defined regex pattern, we know it works ;)"

• Code: .unwrap();
• Location: ./libs/config/src/interpolate.rs:18

2. Reason: "part of development docgen CLI"

• Code: .expect("Failed to serialize json schema for config file!");
• Location: ./libs/config/src/generate-json-schema.rs:50

3. Reason: "part of development docgen CLI"

• Code: .expect("Failed to write the json schema to the file system!");
• Location: ./libs/config/src/generate-json-schema.rs:54

4. Reason: "👇"

• Code: let raw_contents = read_to_string(file_path)
• Location: ./libs/config/src/lib.rs:815

5. Reason: "👇"

• Code: panic!("Failed to interpolate config file, please resolve the above errors");
• Location: ./libs/config/src/lib.rs:847

6. Reason: "👇"

• Code: parse_config_from_json(&config_string).expect("Failed to parse JSON config file")
• Location: ./libs/config/src/lib.rs:854

7. Reason: "👇"

• Code: parse_config_from_yaml(&config_string).expect("Failed to parse YAML config file")
• Location: ./libs/config/src/lib.rs:858

8. Reason: "👇"

• Code: _ => panic!("Unsupported config file extension"),
• Location: ./libs/config/src/lib.rs:875

9. Reason: "👇"

• Code: None => panic!("Config file has no extension"),
• Location: ./libs/config/src/lib.rs:878