Skip to content

chore(deps): Bump http to 1.4.1 via transitive reqwest 0.12 dependency#1841

Merged
notheotherben merged 2 commits into
mainfrom
dependabot/cargo/http-1.4.1
Jun 4, 2026
Merged

chore(deps): Bump http to 1.4.1 via transitive reqwest 0.12 dependency#1841
notheotherben merged 2 commits into
mainfrom
dependabot/cargo/http-1.4.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 27, 2026
edited by Copilot AI
Loading

Bumps http from 0.2.12 to 1.4.1.

To use the latest http crate without depending on it directly, reqwest is upgraded from 0.11 to 0.12 (which uses http 1.x internally), so http 1.4.1 is now pulled in transitively.

Changes Made

  • reqwest 0.11 → 0.12: brings http 1.x in transitively.
  • Removed the direct http production dependency from Cargo.toml.
  • Production code now uses reqwest re-exports: reqwest::StatusCode (in github_registry.rs, update/github.rs, errors/reqwest.rs) and reqwest::header::InvalidHeaderValue. The unused InvalidUri HumanErrorExt impl was removed as it was dead code and the last production reference to http.
  • Moved http to [dev-dependencies]: still required by the test mock to build a reqwest::Response via http::response::Builder, since reqwest does not expose a response builder.

Testing

  • cargo build succeeds
  • cargo clippy and cargo fmt --check are clean
  • ✅ The pure-tests suite passes (198 tests)

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update Rust code labels May 27, 2026
notheotherben
notheotherben approved these changes May 27, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@notheotherben notheotherben left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR has been automatically approved because it was created by @dependabot.

@notheotherben notheotherben enabled auto-merge May 27, 2026 09:04
@dependabot dependabot Bot force-pushed the dependabot/cargo/http-1.4.1 branch from 3e0474c to 14418cf Compare May 27, 2026 09:16
@dependabot
chore(deps): Bump http from 0.2.12 to 1.4.1
89453dc 
Bumps [http](https://github.com/hyperium/http) from 0.2.12 to 1.4.1.
- [Release notes](https://github.com/hyperium/http/releases)
- [Changelog](https://github.com/hyperium/http/blob/master/CHANGELOG.md)
- [Commits](hyperium/http@v0.2.12...v1.4.1)

---
updated-dependencies:
- dependency-name: http
  dependency-version: 1.4.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/cargo/http-1.4.1 branch from 14418cf to 89453dc Compare June 1, 2026 23:48
@notheotherben
Copy link
Copy Markdown
Member

notheotherben commented Jun 4, 2026

@copilot can you fix the build to allow us to use the latest version of the http crate? Ideally we shouldn't need to depend directly on this crate and can rely on the transitive dependency instead.

auto-merge was automatically disabled June 4, 2026 15:54

Head branch was pushed to by a user without write access

Copy link
Copy Markdown
Contributor

Copilot AI commented Jun 4, 2026

@copilot can you fix the build to allow us to use the latest version of the http crate? Ideally we shouldn't need to depend directly on this crate and can rely on the transitive depend...

Done in 422a190. I bumped reqwest to 0.12 so that http 1.x is now pulled in transitively, and removed the direct http production dependency. Production code now uses the reqwest re-exports (reqwest::StatusCode, reqwest::header::InvalidHeaderValue) and the unused InvalidUri impl was dropped. http remains only as a dev-dependency for the test mock response builder, since reqwest doesn't re-export a response builder. Build, clippy, fmt and the pure-tests suite all pass.

Copilot AI changed the title chore(deps): Bump http from 0.2.12 to 1.4.1 chore(deps): Bump http to 1.4.1 via transitive reqwest 0.12 dependency Jun 4, 2026
Copilot AI requested a review from notheotherben June 4, 2026 15:56
@notheotherben notheotherben enabled auto-merge June 4, 2026 15:57
@codecov
Copy link
Copy Markdown

codecov Bot commented Jun 4, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 88.69%. Comparing base (5d05695) to head (422a190).
⚠️ Report is 5 commits behind head on main.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #1841      +/-   ##
==========================================
+ Coverage   88.61%   88.69%   +0.07%     
==========================================
  Files          99       99              
  Lines        7779     7772       -7     
==========================================
  Hits         6893     6893              
+ Misses        886      879       -7
Files with missing lines Coverage Δ
src/errors/reqwest.rs 0.00% <ø> (ø)
src/online/registry/github_registry.rs 87.87% <ø> (ø)
src/update/github.rs 85.85% <100.00%> (ø)
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@notheotherben notheotherben merged commit 2416429 into main Jun 4, 2026
12 checks passed
@notheotherben notheotherben deleted the dependabot/cargo/http-1.4.1 branch June 4, 2026 16:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@notheotherben notheotherben Awaiting requested review from notheotherben

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update Rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@notheotherben