Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

iOS: Use objc2 #87

Merged
merged 12 commits into from
May 4, 2024
Merged

iOS: Use objc2 #87

merged 12 commits into from
May 4, 2024

Conversation

madsmtm
Copy link
Contributor

@madsmtm madsmtm commented Apr 24, 2024

objc2 is a refinement of objc with the following benefits to webbrowser:

  • Less error prone msg_send! macro invocations (I've refactored the rest into a separate function as recommended by the docs).
  • Prevents a leak of the options dictionary.
  • Catches errors when passing an invalid URL to NSURL.
  • Makes it easier to do something in the completion handler in the future.

Builds upon #86 to avoid a merge conflict.

madsmtm added 2 commits April 23, 2024 23:32
Concrete benefits to `webbrowser`:
- Less error prone `msg_send!` macro invocations (I've refactored the
  rest into a separate function as recommended by the docs).
- Prevents a leak of the `options` dictionary.
- Catches errors when passing an invalid URL to `NSURL`.
- Makes it easier to do something in the completion handler in the
  future.
@amodm
Copy link
Owner

amodm commented Apr 24, 2024

Thanks @madsmtm. I remember the thread between you and the objc maintainer. While I do want to walk away from a 4+ yr stale crate, the following considerations come up:

  1. Like most maintainers, I try to be mindful of supply chain attacks*, and the recent xz issue has only highlighted the need for it. In the absence of being able to audit a codebase as large as yours, I tend to rely on the proxy of relative size of deployment base because that maximises the chances of a vulnerability being caught.
  2. There's no Security policy defined yet for objc2. Irrespective of the outcome of this PR, I'll encourage you to do that. You can look at this crate's SECURITY.md as an example.
  3. MSRV - this is a ✅

The first issue is the main blocker here, and while I do want to be supportive of migration away from objc (given the maintainer's stance on it), I'd like to make sure that I feel comfortable with security for my downstream users first. I don't have any suggestions for you on this, just sharing what's top of mind for me here.

I'm leaving this PR open for now, to allow myself more time to think through this, and for alternative perspectives to be shared.

* Edit: I want to be clear that I'm not insinuating that this is a supply chain attack. I'm just explaining why I've continued to stick with objc till now, despite it being so stale.

@madsmtm
Copy link
Contributor Author

madsmtm commented Apr 30, 2024

Thanks for the thoughtful reply!

Security policy

Thanks for the heads-up, I've added one in madsmtm/objc2@469a36f and enabled the ability to report vulnerabilities using GitHub's advisories.

MSRV

I'll note that it isn't defined by policy yet, so I may still decide to bump it in a minor version. Would be interested in your input on it, preferably in madsmtm/objc2#203.

In the absence of being able to audit a codebase as large as yours

One idea to slightly reduce the review surface would be to not use objc2-foundation, and instead only use objc2 (that's still by itself fairly large, but it can't really be split due to orphan rules and ease-of-use).

Although, objc2-foundation is automatically generated, so should also be fairly easy to review for unintended changes (assuming you also run the code generator yourself, and verify that it matches), and both crates are still under my control, so in the end probably doesn't really matter that much.

supply chain attacks
relative size of deployment base

Totally understandable worry (especially given that I'm opening the PR myself, I can definitely see how this could be negatively interpreted).

In general, I'm looking to replace objc with objc2 in major projects in the ecosystem to increase soundness, stability and performance for macOS/iOS users of Rust. But part of the reason why I opened this PR is also to gain exactly the "relative size of deployment base" that you're talking about; the more downloads/usage objc2 has compared to objc, the easier it is for me to convince other projects to use objc2, and the safer the entire ecosystem gets. And your crate is quite a popular one ;)

That said, I'm totally fine with it (and really quite respect) if you want to hold out on this for a while!

If you think of other ways I can help prove the sincerity and security of the project, please don't hesitate to tell me!

@amodm
Copy link
Owner

amodm commented May 1, 2024

Thanks @madsmtm, for deciding to have a security policy, as well as your inputs on the surface area to assess. I don't have a well defined time frame in mind currently, but I do plan to take a first look at it this weekend.

@amodm
Copy link
Owner

amodm commented May 4, 2024

This is good to go after the tests. Thanks @madsmtm, and hope that you find wider adoption quickly enough.

To document my thought process for later reference:

  1. objc2 is clearly more actively maintained. As an example, in the current case, I was able to build for visionOS using objc2, but not able to do it using objc.
  2. Concerns about security stemming from a lesser deployment base is significantly mitigated in current case because we're using it for ios/tvos/visionos, each of which is very strongly sandboxed. That leaves only build.rs as an attack vector, which is a lot more easily monitored.

@amodm amodm mentioned this pull request May 4, 2024
@amodm amodm merged commit e81d11c into amodm:main May 4, 2024
9 of 10 checks passed
@amodm
Copy link
Owner

amodm commented May 4, 2024

Proceeding with merging this, despite the ios test failure. I'm currently of the opinion that the test failure has something to do with some recent changes to the macos-latest image, or how ios simulator is now run on macos-latest.

I'll figure that out separately from this PR. Release will happen only after this has been figured out.

@madsmtm
Copy link
Contributor Author

madsmtm commented May 4, 2024

Thanks for caring so much about the security of your project, it's been really nice to see and to discuss with you!

Proceeding with merging this, despite the ios test failure. I'm currently of the opinion that the test failure has something to do with some recent changes to the macos-latest image, or how ios simulator is now run on macos-latest.

macos-latest recently changed from being run on x86_64 to ARM64, so that might be part of it?

@madsmtm madsmtm deleted the objc2 branch May 4, 2024 15:02
@amodm
Copy link
Owner

amodm commented May 6, 2024

This is released as v1.0.1

kjuulh added a commit to kjuulh/coffee that referenced this pull request Aug 21, 2024
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [axum](https://github.com/tokio-rs/axum) | workspace.dependencies | minor | `0.6.20` -> `0.7.0` |
| [inquire](https://github.com/mikaelmello/inquire) | workspace.dependencies | minor | `0.6.2` -> `0.7.0` |
| [reqwest](https://github.com/seanmonstar/reqwest) | dependencies | minor | `0.11.18` -> `0.12.0` |
| [webbrowser](https://github.com/amodm/webbrowser-rs) | dependencies | major | `0.8.10` -> `1.0.0` |

---

### Release Notes

<details>
<summary>tokio-rs/axum (axum)</summary>

### [`v0.7.5`](https://github.com/tokio-rs/axum/releases/tag/axum-v0.7.5): axum - v0.7.5

[Compare Source](tokio-rs/axum@axum-v0.7.4...axum-v0.7.5)

-   **fixed:** Fixed layers being cloned when calling `axum::serve` directly with
    a `Router` or `MethodRouter` ([#&#8203;2586])
-   **fixed:** `h2` is no longer pulled as a dependency unless the `http2` feature
    is enabled ([#&#8203;2605])

[#&#8203;2586]: tokio-rs/axum#2586

[#&#8203;2605]: tokio-rs/axum#2605

### [`v0.7.4`](https://github.com/tokio-rs/axum/releases/tag/axum-v0.7.4): axum - v0.7.4

[Compare Source](tokio-rs/axum@axum-v0.7.3...axum-v0.7.4)

-   **fixed:** Fix performance regression present since axum 0.7.0 ([#&#8203;2483])
-   **fixed:** Improve `debug_handler` on tuple response types ([#&#8203;2201])
-   **added:** Add `must_use` attribute to `Serve` and `WithGracefulShutdown` ([#&#8203;2484])
-   **added:** Re-export `axum_core::body::BodyDataStream` from axum

[#&#8203;2201]: tokio-rs/axum#2201

[#&#8203;2483]: tokio-rs/axum#2483

[#&#8203;2201]: tokio-rs/axum#2201

[#&#8203;2484]: tokio-rs/axum#2484

### [`v0.7.3`](https://github.com/tokio-rs/axum/releases/tag/axum-v0.7.3): axum - v0.7.3

[Compare Source](tokio-rs/axum@axum-v0.7.2...axum-v0.7.3)

-   **added:** `Body` implements `From<()>` now ([#&#8203;2411])
-   **change:** Update version of multer used internally for multipart ([#&#8203;2433])
-   **change:** Update tokio-tungstenite to 0.21 ([#&#8203;2435])
-   **added:** Enable `tracing` feature by default ([#&#8203;2460])
-   **added:** Support graceful shutdown on `serve` ([#&#8203;2398])
-   **added:** `RouterIntoService` implements `Clone` ([#&#8203;2456])

[#&#8203;2411]: tokio-rs/axum#2411

[#&#8203;2433]: tokio-rs/axum#2433

[#&#8203;2435]: tokio-rs/axum#2435

[#&#8203;2460]: tokio-rs/axum#2460

[#&#8203;2398]: tokio-rs/axum#2398

[#&#8203;2456]: tokio-rs/axum#2456

### [`v0.7.2`](https://github.com/tokio-rs/axum/releases/tag/axum-v0.7.2): axum - v0.7.2

[Compare Source](tokio-rs/axum@axum-v0.7.1...axum-v0.7.2)

-   **added:** Add `axum::body::to_bytes` ([#&#8203;2373])
-   **fixed:** Gracefully handle accept errors in `serve` ([#&#8203;2400])

[#&#8203;2373]: tokio-rs/axum#2373

[#&#8203;2400]: tokio-rs/axum#2400

### [`v0.7.1`](https://github.com/tokio-rs/axum/releases/tag/axum-v0.7.1): axum - v0.7.1

[Compare Source](tokio-rs/axum@axum-v0.7.0...axum-v0.7.1)

-   **fix**: Fix readme.

### [`v0.7.0`](https://github.com/tokio-rs/axum/releases/tag/axum-v0.7.0): axum - v0.7.0

[Compare Source](tokio-rs/axum@axum-v0.6.20...axum-v0.7.0)

-   **breaking:** Update public dependencies. axum now requires
    -   [hyper](https://crates.io/crates/hyper) 1.0
    -   [http](https://crates.io/crates/http) 1.0
    -   [http-body](https://crates.io/crates/http-body) 1.0
-   **breaking:** axum now requires [tower-http](https://crates.io/crates/tower-http) 0.5
-   **breaking:** Remove deprecated `WebSocketUpgrade::max_send_queue`
-   **breaking:** The following types/traits are no longer generic over the request body
    (i.e. the `B` type param has been removed) ([#&#8203;1751] and [#&#8203;1789]):
    -   `FromRequestParts`
    -   `FromRequest`
    -   `HandlerService`
    -   `HandlerWithoutStateExt`
    -   `Handler`
    -   `LayeredFuture`
    -   `Layered`
    -   `MethodRouter`
    -   `Next`
    -   `RequestExt`
    -   `RouteFuture`
    -   `Route`
    -   `Router`
-   **breaking:** axum no longer re-exports `hyper::Body` as that type is removed
    in hyper 1.0. Instead axum has its own body type at `axum::body::Body` ([#&#8203;1751])
-   **breaking:** `extract::BodyStream` has been removed as `body::Body`
    implements `Stream` and `FromRequest` directly ([#&#8203;1751])
-   **breaking:** Change `sse::Event::json_data` to use `axum_core::Error` as its error type ([#&#8203;1762])
-   **breaking:** Rename `DefaultOnFailedUpdgrade` to `DefaultOnFailedUpgrade` ([#&#8203;1664])
-   **breaking:** Rename `OnFailedUpdgrade` to `OnFailedUpgrade` ([#&#8203;1664])
-   **breaking:** `TypedHeader` has been move to `axum-extra` ([#&#8203;1850])
-   **breaking:** Removed re-exports of `Empty` and `Full`. Use
    `axum::body::Body::empty` and `axum::body::Body::from` respectively ([#&#8203;1789])
-   **breaking:** The response returned by `IntoResponse::into_response` must use
    `axum::body::Body` as the body type. `axum::response::Response` does this
    ([#&#8203;1789])
-   **breaking:** Removed the `BoxBody` type alias and its `box_body`
    constructor. Use `axum::body::Body::new` instead ([#&#8203;1789])
-   **breaking:** Remove `RawBody` extractor. `axum::body::Body` implements `FromRequest` directly ([#&#8203;1789])
-   **breaking:** The following types from `http-body` no longer implement `IntoResponse`:
    -   `Full`, use `Body::from` instead
    -   `Empty`, use `Body::empty` instead
    -   `BoxBody`, use `Body::new` instead
    -   `UnsyncBoxBody`, use `Body::new` instead
    -   `MapData`, use `Body::new` instead
    -   `MapErr`, use `Body::new` instead
-   **added:** Add `axum::extract::Request` type alias where the body is `axum::body::Body` ([#&#8203;1789])
-   **added:** Add `Router::as_service` and `Router::into_service` to workaround
    type inference issues when calling `ServiceExt` methods on a `Router` ([#&#8203;1835])
-   **breaking:** Removed `axum::Server` as it was removed in hyper 1.0. Instead
    use `axum::serve(listener, service)` or hyper/hyper-util for more configuration options ([#&#8203;1868])
-   **breaking:** Only inherit fallbacks for routers nested with `Router::nest`.
    Routers nested with `Router::nest_service` will no longer inherit fallbacks ([#&#8203;1956])
-   **fixed:** Don't remove the `Sec-WebSocket-Key` header in `WebSocketUpgrade` ([#&#8203;1972])
-   **added:** Add `axum::extract::Query::try_from_uri` ([#&#8203;2058])
-   **added:** Implement `IntoResponse` for `Box<str>` and `Box<[u8]>` (\[[#&#8203;2035](tokio-rs/axum#2035)])
-   **breaking:** Simplify `MethodFilter`. It no longer uses bitflags ([#&#8203;2073])
-   **fixed:** Fix bugs around merging routers with nested fallbacks ([#&#8203;2096])
-   **fixed:** Fix `.source()` of composite rejections ([#&#8203;2030])
-   **fixed:** Allow unreachable code in `#[debug_handler]` ([#&#8203;2014])
-   **change:** axum's MSRV is now 1.66 ([#&#8203;1882])
-   **added:** Implement `IntoResponse` for `(R,) where R: IntoResponse` ([#&#8203;2143])
-   **changed:** For SSE, add space between field and value for compatibility ([#&#8203;2149])
-   **added:** Add `NestedPath` extractor ([#&#8203;1924])
-   **added:** Add `handle_error` function to existing `ServiceExt` trait ([#&#8203;2235])
-   **breaking:** `impl<T> IntoResponse(Parts) for Extension<T>` now requires
    `T: Clone`, as that is required by the http crate ([#&#8203;1882])
-   **added:** Add `axum::Json::from_bytes` ([#&#8203;2244])
-   **added:** Implement `FromRequestParts` for `http::request::Parts` ([#&#8203;2328])
-   **added:** Implement `FromRequestParts` for `http::Extensions` ([#&#8203;2328])
-   **fixed:** Clearly document applying `DefaultBodyLimit` to individual routes ([#&#8203;2157])

[#&#8203;1664]: tokio-rs/axum#1664

[#&#8203;1751]: tokio-rs/axum#1751

[#&#8203;1762]: tokio-rs/axum#1762

[#&#8203;1789]: tokio-rs/axum#1789

[#&#8203;1835]: tokio-rs/axum#1835

[#&#8203;1850]: tokio-rs/axum#1850

[#&#8203;1868]: tokio-rs/axum#1868

[#&#8203;1882]: tokio-rs/axum#1882

[#&#8203;1924]: tokio-rs/axum#1924

[#&#8203;1956]: tokio-rs/axum#1956

[#&#8203;1972]: tokio-rs/axum#1972

[#&#8203;2014]: tokio-rs/axum#2014

[#&#8203;2021]: tokio-rs/axum#2021

[#&#8203;2030]: tokio-rs/axum#2030

[#&#8203;2058]: tokio-rs/axum#2058

[#&#8203;2073]: tokio-rs/axum#2073

[#&#8203;2096]: tokio-rs/axum#2096

[#&#8203;2140]: tokio-rs/axum#2140

[#&#8203;2143]: tokio-rs/axum#2143

[#&#8203;2149]: tokio-rs/axum#2149

[#&#8203;2157]: tokio-rs/axum#2157

[#&#8203;2235]: tokio-rs/axum#2235

[#&#8203;2244]: tokio-rs/axum#2244

[#&#8203;2328]: tokio-rs/axum#2328

</details>

<details>
<summary>mikaelmello/inquire (inquire)</summary>

### [`v0.7.5`](https://github.com/mikaelmello/inquire/blob/HEAD/CHANGELOG.md#075---2024-04-23)

[Compare Source](mikaelmello/inquire@v0.7.4...v0.7.5)

-   Fix user-provided ANSI escape codes from being removed when rendering.
    -   Introduced on 0.7.0, this regression was making it impossible to have colorised text inside the prompt.
    -   Now ANSI escape codes are properly emitted when rendering the prompt in the terminal.

### [`v0.7.4`](https://github.com/mikaelmello/inquire/blob/HEAD/CHANGELOG.md#074---2024-03-25)

[Compare Source](mikaelmello/inquire@v0.7.3...v0.7.4)

-   Fix unexpected behaviors of `keep_filter` option in MultiSelect prompts:
    -   Filter input is now correcly getting reset **only when** `keep_filter == false`.
    -   When the filter input is reset, the list of options is now correctly reset as well. Thanks [@&#8203;Swivelgames](https://github.com/Swivelgames) for reporting [#&#8203;238](mikaelmello/inquire#238).

### [`v0.7.3`](https://github.com/mikaelmello/inquire/blob/HEAD/CHANGELOG.md#073---2024-03-21)

[Compare Source](mikaelmello/inquire@v0.7.2...v0.7.3)

-   Fix cursor occasionally blinking in unexpected places.

### [`v0.7.2`](https://github.com/mikaelmello/inquire/blob/HEAD/CHANGELOG.md#072---2024-03-17)

[Compare Source](mikaelmello/inquire@v0.7.1...v0.7.2)

-   Pressing Ctrl+D now cancels the prompt. Thanks [@&#8203;mikecvet](https://github.com/mikecvet) for the PR!
-   Add support for `h` and `l` bindings when vim_mode is enabled on MultiSelect prompts, clearing or selecting all options respectively. Thanks [@&#8203;afh](https://github.com/afh) for the PR!
-   Fix render issue [#&#8203;233](mikaelmello/inquire#233) where cursor positioning at the end of a prompt was incorrect. Thanks [@&#8203;msrd0](https://github.com/msrd0) and [@&#8203;Sydonian](https://github.com/Sydonian) for reporting!

### [`v0.7.1`](https://github.com/mikaelmello/inquire/blob/HEAD/CHANGELOG.md#071---2024-03-10)

[Compare Source](mikaelmello/inquire@v0.7.0...v0.7.1)

-   Fix render issue [#&#8203;228](mikaelmello/inquire#228) when using `console` crate as the terminal backend. Thanks [@&#8203;maospr](https://github.com/maospr) for reporting.

### [`v0.7.0`](https://github.com/mikaelmello/inquire/blob/HEAD/CHANGELOG.md#070---2024-02-24)

[Compare Source](mikaelmello/inquire@v0.6.2...v0.7.0)

##### Breaking Changes

-   The Select and Multiselect Filter now scores input and is now expected to return an `Option<i64>`, making it possible to order/rank the list of options. [#&#8203;176](mikaelmello/inquire#176)
    `None`: Will not be displayed in the list of options.
    `Some(score)`: score determines the order of options, higher score, higher on the list of options.
-   Improved user experience on Password prompts. When there is a validation error, the input is cleared if the password is rendered using the `Hidden` display mode, matching the user expectation of having to write the password from scratch again. Thanks to [@&#8203;CM-IV](https://github.com/CM-IV) for the questions on [#&#8203;149](mikaelmello/inquire#149)!
-   Allow lifetime customization of RenderConfig. [#&#8203;101](mikaelmello/inquire#101). Thanks to [@&#8203;arturfast](https://github.com/arturfast) for the suggestion [#&#8203;95](mikaelmello/inquire#95).
-   Implement fuzzy search as default on Select and MultiSelect prompts. [#&#8203;176](mikaelmello/inquire#176)
-   Revamped keybindings for DateSelect.

##### Features

-   Add one-liner helpers for quick scripts. [#&#8203;144](mikaelmello/inquire#144).
-   Add new option on MultiSelect prompts to set all options to be selected by default. Thanks to [@&#8203;conikeec](https://github.com/conikeec) for the suggestion ([#&#8203;151](mikaelmello/inquire#151))!
-   Add new option on Select/MultiSelect prompts allowing to reset selection to the first item on filter-input changes. [#&#8203;176](mikaelmello/inquire#176)
-   Emacs-like keybindings added where applicable:
    -   Ctrl-p/Ctrl-n for up/down
    -   Ctrl-b/Ctrl-f for left/right
    -   Ctrl-j/Ctrl-g for enter/cancel
-   Vim keybindings are always supported in DateSelect prompts.
-   Added 'with_starting_filter_input' to both Select and MultiSelect, which allows for setting an initial value to the filter section of the prompt.
-   Added starting_input for CustomType. [#&#8203;194](mikaelmello/inquire#194)
-   Added 'without_filtering' to both Select and MultiSelect, useful when you want to simplify the UX if the filter does not add any value, such as when the list is already short.
-   Added 'with_answered_prompt_prefix' to RenderConfig to allow customization of answered prompt prefix.
-   Improved rendering, with optimizations on incremental rendering and terminal resizing.

##### Fixes

-   Fixed typos in the code's comments.
-   Fixed issue where inquire, using termion, would crash when receiving piped inputs.

##### Dependency changes (some breaking)

-   Upgraded underlying `termion` crate from v1.5 to v2.0.
-   Upgraded underlying `bitflags` from v1 to v2, which affects the `Attributes` and `KeyModifiers` crates. If you use any of bitflag's methods directly, you might be affected, refer to the [bitflags changelog](https://github.com/bitflags/bitflags/releases/tag/2.0.0) for more information.
-   Removed `thiserror` dependency in favor of implementing `InquireError` by hand. [#&#8203;146](mikaelmello/inquire#146)
-   Raised MSRV to 1.66 due to requirements in downstream dependencies.
-   MSRV is now explicitly set in the package definition.
-   Replaced `lazy_static` with `once_cell` as `once_cell::sync::Lazy` is being standardized and `lazy_static` is not actively maintained anymore.
-   Added `fuzzy-matcher` as an optional dependency for fuzzy filtering in Select and MultiSelect prompts [#&#8203;176](mikaelmello/inquire#176)

</details>

<details>
<summary>seanmonstar/reqwest (reqwest)</summary>

### [`v0.12.7`](https://github.com/seanmonstar/reqwest/blob/HEAD/CHANGELOG.md#v0127)

[Compare Source](seanmonstar/reqwest@v0.12.6...v0.12.7)

-   Revert adding `impl Service<http::Request<_>>` for `Client`.

### [`v0.12.6`](https://github.com/seanmonstar/reqwest/blob/HEAD/CHANGELOG.md#v0126)

[Compare Source](seanmonstar/reqwest@v0.12.5...v0.12.6)

-   Add support for `danger_accept_invalid_hostnames` for `rustls`.
-   Add `impl Service<http::Request<Body>>` for `Client` and `&'_ Client`.
-   Add support for `!Sync` bodies in `Body::wrap_stream()`.
-   Enable happy eyeballs when `hickory-dns` is used.
-   Fix `Proxy` so that `HTTP(S)_PROXY` values take precendence over `ALL_PROXY`.
-   Fix `blocking::RequestBuilder::header()` from unsetting `sensitive` on passed header values.

### [`v0.12.5`](https://github.com/seanmonstar/reqwest/blob/HEAD/CHANGELOG.md#v0125)

[Compare Source](seanmonstar/reqwest@v0.12.4...v0.12.5)

-   Add `blocking::ClientBuilder::dns_resolver()` method to change DNS resolver in blocking client.
-   Add `http3` feature back, still requiring `reqwest_unstable`.
-   Add `rustls-tls-no-provider` Cargo feature to use rustls without a crypto provider.
-   Fix `Accept-Encoding` header combinations.
-   Fix http3 resolving IPv6 addresses.
-   Internal: upgrade to rustls 0.23.

### [`v0.12.4`](https://github.com/seanmonstar/reqwest/blob/HEAD/CHANGELOG.md#v0124)

[Compare Source](seanmonstar/reqwest@v0.12.3...v0.12.4)

-   Add `zstd` support, enabled with `zstd` Cargo feature.
-   Add `ClientBuilder::read_timeout(Duration)`, which applies the duration for each read operation. The timeout resets after a successful read.

### [`v0.12.3`](https://github.com/seanmonstar/reqwest/blob/HEAD/CHANGELOG.md#v0123)

[Compare Source](seanmonstar/reqwest@v0.12.2...v0.12.3)

-   Add `FromStr` for `dns::Name`.
-   Add `ClientBuilder::built_in_webpki_certs(bool)` to enable them separately.
-   Add `ClientBuilder::built_in_native_certs(bool)` to enable them separately.
-   Fix sending `content-length: 0` for GET requests.
-   Fix response body `content_length()` to return value when timeout is configured.
-   Fix `ClientBuilder::resolve()` to use lowercase domain names.

### [`v0.12.2`](https://github.com/seanmonstar/reqwest/blob/HEAD/CHANGELOG.md#v0122)

[Compare Source](seanmonstar/reqwest@v0.12.1...v0.12.2)

-   Fix missing ALPN when connecting to socks5 proxy with rustls.
-   Fix TLS version limits with rustls.
-   Fix not detected ALPN h2 from server with native-tls.

### [`v0.12.1`](https://github.com/seanmonstar/reqwest/blob/HEAD/CHANGELOG.md#v0121)

[Compare Source](seanmonstar/reqwest@v0.12.0...v0.12.1)

-   Fix `ClientBuilder::interface()` when no TLS is enabled.
-   Fix `TlsInfo::peer_certificate()` being truncated with rustls.
-   Fix panic if `http2` feature disabled but TLS negotiated h2 in ALPN.
-   Fix `Display` for `Error` to not include its source error.

### [`v0.12.0`](https://github.com/seanmonstar/reqwest/blob/HEAD/CHANGELOG.md#v0120)

[Compare Source](seanmonstar/reqwest@v0.11.27...v0.12.0)

-   Upgrade to `hyper`, `http`, and `http-body` v1.
-   Add better support for converting to and from `http::Request` and `http::Response`.
-   Add `http2` optional cargo feature, default on.
-   Add `charset` optional cargo feature, default on.
-   Add `macos-system-configuration` cargo feature, default on.
-   Change all optional dependencies to no longer be exposed as implicit features.
-   Add `ClientBuilder::interface(str)` to specify the local interface to bind to.
-   Experimental: disables the `http3` feature temporarily.

#### v0.11.27

-   Add `hickory-dns` feature, deprecating `trust-dns`.
-   (wasm) Fix `Form::text()` to not set octet-stream for plain text fields.

#### v0.11.26

-   Revert `system-configuration` upgrade, which broke MSRV on macOS.

#### v0.11.25

-   Fix `Certificate::from_pem_bundle()` parsing.
-   Fix Apple linker errors from detecting system proxies.

#### v0.11.24

-   Add `Certificate::from_pem_bundle()` to add a bundle.
-   Add `http3_prior_knowledge()` to blocking client builder.
-   Remove `Sync` bounds requirement for `Body::wrap_stream()`.
-   Fix HTTP/2 to retry `REFUSED_STREAM` requests.
-   Fix instances of converting `Url` to `Uri` that could panic.

#### v0.11.23

-   Add `Proxy::custom_http_auth(val)` for setting the raw `Proxy-Authorization` header when connecting to proxies.
-   Fix redirect to reject locations that are not `http://` or `https://`.
-   Fix setting `nodelay` when TLS is enabled but URL is HTTP.
-   (wasm) Add `ClientBuilder::user_agent(val)`.
-   (wasm) add `multipart::Form::headers(headers)`.

#### v0.11.22

-   Fix compilation on Windows when `trust-dns` is enabled.

#### v0.11.21

-   Add automatically detecting macOS proxy settings.
-   Add `ClientBuilder::tls_info(bool)`, which will put `tls::TlsInfo` into the response extensions.
-   Fix trust-dns resolver from possible hangs.
-   Fix connect timeout to be split among multiple IP addresses.

#### v0.11.20

-   Fix `deflate` decompression back to using zlib, as outlined in the spec.

#### v0.11.19

-   Add `ClientBuilder::http1_ignore_invalid_headers_in_responses()` option.
-   Add `ClientBuilder::http1_allow_spaces_after_header_name_in_responses()` option.
-   Add support for `ALL_PROXY` environment variable.
-   Add support for `use_preconfigured_tls` when combined with HTTP/3.
-   Fix `deflate` decompression from using the zlib decoder.
-   Fix `Response::{text, text_with_charset}()` to strip BOM characters.
-   Fix a panic when HTTP/3 is used if UDP isn't able to connect.
-   Fix some dependencies for HTTP/3.
-   Increase MSRV to 1.63.

#### v0.11.18

-   Fix `RequestBuilder::json()` method from overriding a previously set `content-type` header. An existing value will be left in place.
-   Upgrade internal dependencies for rustls and compression.

#### v0.11.17

-   Upgrade internal dependencies of Experimental HTTP/3 to use quinn v0.9
-   (wasm) Fix blob url support

#### v0.11.16

-   Chore: set MSRV in `Cargo.toml`.
-   Docs: fix build on docs.rs

#### v0.11.15

-   Add `RequestBuilder` methods to split and reconstruct from its parts.
-   Add experimental HTTP/3 support.
-   Fix `connection_verbose` to log `write_vectored` calls.
-   (wasm) Make requests actually cancel if the future is dropped.

#### v0.11.14

-   Adds `Proxy::no_proxy(url)` that works like the NO_PROXY environment variable.
-   Adds `multipart::Part::headers(headers)` method to add custom headers.
-   (wasm) Add `Response::bytes_stream()`.
-   Perf: several internal optimizations reducing copies and memory allocations.

#### v0.11.13

-   Add `ClientBuilder::dns_resolver()` option for custom DNS resolvers.
-   Add `ClientBuilder::tls_sni(bool)` option to enable or disable TLS Server Name Indication.
-   Add `Identity::from_pkcs8_pem()` constructor when using `native-tls`.
-   Fix `redirect::Policy::limited(0)` from following any redirects.

#### v0.11.12

-   Add `ClientBuilder::resolve_to_addrs()` which allows a slice of IP addresses to be specified for a single host.
-   Add `Response::upgrade()` to await whether the server agrees to an HTTP upgrade.

#### v0.11.11

-   Add HTTP/2 keep-alive configuration methods on `ClientBuilder`.
-   Add `ClientBuilder::http1_allow_obsolete_multiline_headers_in_responses()`.
-   Add `impl Service<Request>` for `Client` and `&'_ Client`.
-   (wasm) Add `RequestBuilder::basic_auth()`.
-   Fix `RequestBuilder::header` to not override `sensitive` if user explicitly set on a `HeaderValue`.
-   Fix rustls parsing of elliptic curve private keys.
-   Fix Proxy URL parsing of some invalid targets.

#### v0.11.10

-   Add `Error::url()` to access the URL of an error.
-   Add `Response::extensions()` to access the `http::Extensions` of a response.
-   Fix `rustls-native-certs` to log an error instead of panicking when loading an invalid system certificate.
-   Fix passing Basic Authorization header to proxies.

#### v0.11.9

-   Add `ClientBuilder::http09_responses(bool)` option to allow receiving HTTP/0.9 responses.
-   Fix HTTP/2 to retry requests interrupted by an HTTP/2 graceful shutdown.
-   Fix proxy loading from environment variables to ignore empty values.

#### v0.11.8

-   Update internal webpki-roots dependency.

#### v0.11.7

-   Add `blocking::ClientBuilder::resolve()` option, matching the async builder.
-   Implement `From<tokio::fs::File>` for `Body`.
-   Fix `blocking` request-scoped timeout applying to bodies as well.
-   (wasm) Fix request bodies using multipart vs formdata.
-   Update internal `rustls` to 0.20.

#### v0.11.6

-   (wasm) Fix request bodies more.

#### v0.11.5

-   Add `ClientBuilder::http1_only()` method.
-   Add `tls::Version` type, and `ClientBuilder::min_tls_version()` and `ClientBuilder::max_tls_version()` methods.
-   Implement `TryFrom<Request>` for `http::Request`.
-   Implement `Clone` for `Identity`.
-   Fix `NO_PROXY`environment variable parsing to more closely match curl's. Comma-separated entries are now trimmed for whitespace, and `*` is allowed to match everything.
-   Fix redirection to respect `https_only` option.
-   (wasm) Add `Body::as_bytes()` method.
-   (wasm) Fix sometimes wrong conversation of bytes into a `JsValue`.
-   (wasm) Avoid dependency on serde-serialize feature.

#### v0.11.4

-   Add `ClientBuilder::resolve()` option to override DNS resolution for specific domains.
-   Add `native-tls-alpn` Cargo feature to use ALPN with the native-tls backend.
-   Add `ClientBuilder::deflate()` option and `deflate` Cargo feature to support decoding response bodies using deflate.
-   Add `RequestBuilder::version()` to allow setting the HTTP version of a request.
-   Fix allowing "invalid" certificates with the `rustls-tls` backend, when the server uses TLS v1.2 or v1.3.
-   (wasm) Add `try_clone` to `Request` and `RequestBuilder`

#### v0.11.3

-   Add `impl From<hyper::Body> for reqwest::Body`.
-   (wasm) Add credentials mode methods to `RequestBuilder`.

#### v0.11.2

-   Add `CookieStore` trait to customize the type that stores and retrieves cookies for a session.
-   Add `cookie::Jar` as a default `CookieStore`, easing creating some session cookies before creating the `Client`.
-   Add `ClientBuilder::http2_adaptive_window()` option to configure an adaptive HTTP2 flow control behavior.
-   Add `ClientBuilder::http2_max_frame_size()` option to adjust the maximum HTTP2 frame size that can be received.
-   Implement `IntoUrl` for `String`, making it more convenient to create requests with `format!`.

#### v0.11.1

-   Add `ClientBuilder::tls_built_in_root_certs()` option to disable built-in root certificates.
-   Fix `rustls-tls` glue to more often support ALPN to upgrade to HTTP/2.
-   Fix proxy parsing to assume `http://` if no scheme is found.
-   Fix connection pool idle reaping by enabling hyper's `runtime` feature.
-   (wasm) Add `Request::new()` constructor.

</details>

<details>
<summary>amodm/webbrowser-rs (webbrowser)</summary>

### [`v1.0.1`](https://github.com/amodm/webbrowser-rs/blob/HEAD/CHANGELOG.md#101---2024-05-06-a-name101a)

[Compare Source](amodm/webbrowser-rs@v1.0.0...v1.0.1)

##### Added

-   Support for visionOS. See PR [#&#8203;86](amodm/webbrowser-rs#86) and [#&#8203;87](amodm/webbrowser-rs#87)

### [`v1.0.0`](https://github.com/amodm/webbrowser-rs/blob/HEAD/CHANGELOG.md#100---2024-04-20-a-name100a)

[Compare Source](amodm/webbrowser-rs@v0.8.15...v1.0.0)

##### Added

-   Move to 1.0! MSRV has now been defined too.

##### Fixed

-   Unix: default to standard unix implementation, instead of whitelisting each flavour of unix
-   WASM: return an error on dry_run if window object isn't available

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC4xNjAuMCIsInVwZGF0ZWRJblZlciI6IjM3LjQyNC4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Reviewed-on: https://git.front.kjuulh.io/kjuulh/coffee/pulls/14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants