Bump x402-reqwest from 1.1.0 to 1.3.0

[dependabot]

Bumps x402-reqwest from 1.1.0 to 1.3.0.

Release notes

Sourced from x402-reqwest's releases.

Permit2 Support & Usage-Based Payments

This release brings significant enhancements to the x402-rs implementation with full Permit2 support for the V2 EIP-155 "exact" scheme and introduces the new "upto" payment scheme for usage-based payments.

🎉 Major Features

Permit2 Support for V2 EIP-155 Exact Scheme (#69)

Added comprehensive support for Uniswap's Permit2 universal token approval system as an alternative asset transfer method for V2 EIP-155 exact payments.

Key Features:

• Universal Token Support: Permit2 enables gasless transfers for any ERC-20 token, not just those with native EIP-3009 support
• Dual Transfer Methods: V2 payment requirements can now specify either eip3009 or permit2 as the asset transfer method
• Smart Wallet Support: Full support for EIP-1271 (deployed) and EIP-6492 (counterfactual) smart wallet signatures
• Precondition Handling: Returns HTTP 412 when Permit2 allowance is required, signaling clients to approve Permit2 first
• Witness Pattern: Cryptographically binds recipient address to authorization for enhanced security

Contract Addresses:

• Permit2 (Canonical): 0x000000000022D473030F116dDEE9F6B43aC78BA3
• X402ExactPermit2Proxy: 0x4020615294c913F045dc10f0a5cdEbd86c280001

V2 EIP-155 "Upto" Payment Scheme (WIP)

Introduced the new "upto" payment scheme enabling usage-based payments where clients authorize a maximum amount and servers settle for actual consumption.

⚠️ Work In Progress: Rust facilitator and client implementations are complete, but Axum server integration is not yet available.

Key Features:

• Variable Settlement: Client signs maximum amount, server settles for actual usage (0 to max)
• Permit2 Exclusive: Uses Permit2's permitWitnessTransferFrom exclusively
• Zero Settlement: Supports $0 settlements without on-chain transactions
• Single-Request Pattern: Designed for variable-cost resources in single requests

Use Cases:

• LLM token generation (charge per token generated)
• Bandwidth metering (pay per byte transferred)
• Dynamic compute pricing (charge based on resources consumed)

Specification Status:

• Based on Draft spec: coinbase/x402#1074
• Uses draft contracts from: coinbase/x402#1009
• Subject to changes before finalization

🔐 Security Considerations

Permit2 Security

• One-time ERC-20 approval to Permit2 contract required
• Nonce mechanism prevents signature reuse
• Witness pattern binds recipient address to authorization
• Time constraints (deadline, validAfter) limit authorization lifetime

Upto Scheme Security

• Clients must trust servers to charge fair amounts based on actual usage

... (truncated)

Changelog

Sourced from x402-reqwest's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Commits

• ce6cfbb chore: bump crate versions to 1.3.0 and update dependencies across the project
• c1e910d chore: bump version to 1.2.0 across crates
• 0ec4628 test: unify test timeouts with centralized TEST_CONFIG
• 6191f0d chore(protocol-compliance): remove debug logging and update dependencies
• 04689f7 chore: remove #![cfg_attr(docsrs, feature(doc_auto_cfg))] and address minor...
• eda2630 feat: add WIP support for v2-eip155-upto scheme with TS client, TS server, ...
• 5d8300c test: upto seems to work in ts-ts-rs combo
• f5248da test: implement Permit2-based payment support in upto-evm-scheme and extend...
• 2185b07 wip
• f4086d2 test: add v2-eip155-exact-rs-rs-rs test and refactor existing tests with sh...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)