chore: bump reqwest 0.12 → 0.13

[fortunto2]

Summary

Bumps reqwest from 0.12 to 0.13 in workspace root.

• Adds explicit form feature (was implicit in 0.12)
• One-line change in Cargo.toml

Why

reqwest 0.13 is the current stable. This unblocks PR #487 (openai-oxide provider) which depends on reqwest 0.13 — without this bump, both versions would be compiled into the binary.

Breaking changes in reqwest 0.13

Minimal:

• .form() requires form feature → already added
• Some .json() calls may need type annotations if inference changed
• TLS feature renamed: rustls-tls-no-provider → rustls-no-provider (only matters if used directly)

Test plan

• CI passes
• Verify .json() calls compile (may need json::<Type>() turbofish in a few spots)

🤖 Generated with Claude Code

[greptile-apps]

Greptile Summary

This PR bumps the workspace reqwest dependency from 0.12 to 0.13 and explicitly adds the form feature (which became opt-in in 0.13). The one-line Cargo.toml change is correct in intent — 0.13 is the current stable release and the stated goal is to align with PR #487's openai-oxide provider. However, even after the known Cargo.lock issues are resolved, the binary will still compile three distinct versions of reqwest:

• 0.11.27 — pulled in by teloxide-core (Telegram integration), which cannot be changed from the workspace level
• 0.12.28 — pulled in by third-party crates such as async-openai (via reqwest-eventsource) and serenity (Discord)
• 0.13.x — the workspace crates and genai once the lock file is regenerated

The PR description frames the bump as eliminating "dual-version compilation," but the presence of teloxide-core locking in 0.11 means at least three versions will coexist regardless. This is worth acknowledging in the PR, since the motivating claim (reducing version duplication) is only partially achievable at this stage.

Confidence Score: 2/5

• Not safe to merge in current state — Cargo.lock has not been regenerated for workspace crates, and the query feature is missing; both are flagged in prior threads.
• The Cargo.toml change itself is a single correct line, but the PR as committed still has workspace crates locked to reqwest 0.12.28 in Cargo.lock. Additionally, even once the lock file is fixed, the stated goal of eliminating dual-version compilation is only partially achievable: teloxide-core pins 0.11.27 and several third-party crates (async-openai, serenity) pin 0.12.28 with no workspace-level workaround available.
• Cargo.toml and Cargo.lock both need attention before this is mergeable.

Important Files Changed

Filename	Overview
Cargo.toml	Workspace reqwest bumped 0.12 → 0.13 with form feature added; Cargo.lock workspace entries still resolve 0.12.28 and the query feature (now opt-in in 0.13) is absent — both flagged in previous review threads.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["workspace Cargo.toml\nreqwest = 0.13 + form"] -->|"feature unification"| B["reqwest 0.13.2\n(currently: only genai)"]
    A -->|"Cargo.lock NOT regenerated\nfor workspace crates"| C["reqwest 0.12.28\nmoltis-agents, moltis-cli,\nmoltis-discord, etc."]
    D["teloxide-core"] --> E["reqwest 0.11.27"]
    F["async-openai / serenity"] --> C
    G["genai"] --> B
    C -->|"compile"| H["Binary: 3 reqwest versions\n0.11 + 0.12 + 0.13"]
    B -->|"compile"| H
    E -->|"compile"| H
    style H fill:#f88,stroke:#c00
    style C fill:#fa0,stroke:#c60

Loading

_{Reviews (2): Last reviewed commit: "chore: bump reqwest 0.12 → 0.13" | Re-trigger Greptile}

[greptile-apps]

Cargo.lock not regenerated — bump has no effect

The Cargo.toml was updated to version = "0.13", but Cargo.lock was not regenerated. Because Cargo.lock is committed and takes precedence over Cargo.toml version constraints, every workspace crate is still resolved to reqwest 0.12.28. A spot-check of several crates confirms this:

• moltis-agents → reqwest 0.12.28
• moltis-discord → reqwest 0.12.28
• moltis-mcp → reqwest 0.12.28
• (and all other workspace crates similarly)

The stated goal — eliminating the dual-version compilation of 0.12 and 0.13 — is not achieved by this PR as-is.

Fix: Run cargo update reqwest (or cargo update -p reqwest) after the Cargo.toml change and commit the updated Cargo.lock alongside it.

[penso]

Fixed — ran cargo update reqwest@0.12.28 which upgraded all workspace crates to reqwest 0.13.2. Third-party crates (async-openai, chromiumoxide, matrix-sdk, oauth2) still pin 0.12; teloxide-core pins 0.11 — these can't be resolved at the workspace level.

[greptile-apps]

query feature not added (also opt-in in 0.13)

The reqwest 0.13 release notes state: "query and form are now crate features, disabled by default." The PR correctly adds the form feature, but query is not included. A search of the codebase found no existing RequestBuilder::query() calls, so this likely won't cause an immediate compile error. However, if any future code (including the openai-oxide provider in PR #487) uses .query(...) on a reqwest builder, it will silently fail to compile without this feature enabled.

Consider adding "query" to the feature list proactively:

Suggested change

	reqwest = { features = ["json", "multipart", "stream", "form"], version = "0.13" }
	reqwest = { features = ["json", "multipart", "stream", "form", "query"], version = "0.13" }

[penso]

Done — added query feature to the reqwest feature list.

[fortunto2]

No longer needed — openai-oxide now supports reqwest 0.12 natively via reqwest-012 feature flag. PR #487 updated to use it.

[fortunto2]

Reopened — this is still useful as a standalone workspace upgrade, independent of #487 (which no longer needs it thanks to reqwest-012 feature).

Note from Greptile: Cargo.lock needs to be regenerated (cargo update reqwest). Will push that fix.

[fortunto2]

Greptile is right — Cargo.lock needs regeneration. I can't run full cargo update locally (their workspace is 75MB+ build), but the fix is:

cargo update reqwest

If a maintainer can run that and push, the PR is complete. Alternatively, delete Cargo.lock from the PR and let CI regenerate it.

This PR is now independent of #487 — just a housekeeping reqwest upgrade for the workspace.

[greptile-apps]

Three reqwest versions will still coexist after this bump

The PR description says the bump is needed to avoid compiling both reqwest 0.12 and 0.13 into the binary. Inspecting the current Cargo.lock reveals three distinct versions are already present and will remain after the workspace crates are upgraded:

Version	Pulled in by
0.11.27	teloxide-core (Telegram integration)
0.12.28	async-openai (via reqwest-eventsource), serenity
0.13.x	workspace crates + genai (once lock file is regenerated)

teloxide-core hard-depends on reqwest 0.11, which is incompatible with Cargo's semver-major deduplication. There is no workspace-level knob to remove it. The binary will therefore always carry 0.11.27 alongside the upgraded workspace version.

If reducing binary size / compile time from duplicate reqwest versions is a hard requirement, the only paths forward are:

1. Upgrade or replace teloxide-core to a version that supports reqwest 0.12+
2. Accept the triple-version state and update the PR description to reflect that the goal is only partially achieved

This doesn't block the bump itself, but the motivating rationale in the PR description overstates what the change achieves.

[penso]

Acknowledged — this is expected and can't be resolved at the workspace level. teloxide-core pins 0.11, and async-openai/serenity/chromiumoxide/oauth2 pin 0.12. The PR now correctly upgrades all workspace crates to 0.13. Updated PR description would be appropriate to reflect this partial improvement.