diff --git a/actix-http-test/Cargo.toml b/actix-http-test/Cargo.toml
index 1162c0a38..d70de6164 100644
--- a/actix-http-test/Cargo.toml
+++ b/actix-http-test/Cargo.toml
@@ -37,7 +37,6 @@ actix-rt = "2.2"
 actix-server = "2"
 awc = { version = "3", default-features = false }
 
-base64 = "0.13"
 bytes = "1"
 futures-core = { version = "0.3.17", default-features = false }
 http = "0.2.5"
diff --git a/actix-http/Cargo.toml b/actix-http/Cargo.toml
index 9939089b9..f10a069c6 100644
--- a/actix-http/Cargo.toml
+++ b/actix-http/Cargo.toml
@@ -86,7 +86,7 @@ h2 = { version = "0.3.9", optional = true }
 
 # websockets
 local-channel = { version = "0.1", optional = true }
-base64 = { version = "0.13", optional = true }
+base64 = { version = "0.21", optional = true }
 rand = { version = "0.8", optional = true }
 sha1 = { version = "0.10", optional = true }
 
diff --git a/actix-http/src/ws/proto.rs b/actix-http/src/ws/proto.rs
index 7222168b7..0653c00b0 100644
--- a/actix-http/src/ws/proto.rs
+++ b/actix-http/src/ws/proto.rs
@@ -3,6 +3,7 @@ use std::{
     fmt,
 };
 
+use base64::prelude::*;
 use tracing::error;
 
 /// Operation codes defined in [RFC 6455 §11.8].
@@ -244,7 +245,7 @@ pub fn hash_key(key: &[u8]) -> [u8; 28] {
     };
 
     let mut hash_b64 = [0; 28];
-    let n = base64::encode_config_slice(hash, base64::STANDARD, &mut hash_b64);
+    let n = BASE64_STANDARD.encode_slice(hash, &mut hash_b64).unwrap();
     assert_eq!(n, 28);
 
     hash_b64
diff --git a/awc/Cargo.toml b/awc/Cargo.toml
index 41be3ef83..c1ad669a9 100644
--- a/awc/Cargo.toml
+++ b/awc/Cargo.toml
@@ -63,7 +63,7 @@ actix-tls = { version = "3", features = ["connect", "uri"] }
 actix-utils = "3"
 
 ahash = "0.7"
-base64 = "0.13"
+base64 = "0.21"
 bytes = "1"
 cfg-if = "1"
 derive_more = "0.99.5"
diff --git a/awc/src/builder.rs b/awc/src/builder.rs
index 34a5f8505..79838a3f6 100644
--- a/awc/src/builder.rs
+++ b/awc/src/builder.rs
@@ -1,5 +1,7 @@
 use std::{convert::TryFrom, fmt, net::IpAddr, rc::Rc, time::Duration};
 
+use base64::prelude::*;
+
 use actix_http::{
     error::HttpError,
     header::{self, HeaderMap, HeaderName, TryIntoHeaderPair},
@@ -210,7 +212,7 @@ where
         };
         self.add_default_header((
             header::AUTHORIZATION,
-            format!("Basic {}", base64::encode(auth)),
+            format!("Basic {}", BASE64_STANDARD.encode(auth)),
         ))
     }
 
diff --git a/awc/src/request.rs b/awc/src/request.rs
index 331c80af7..d3a4eda8c 100644
--- a/awc/src/request.rs
+++ b/awc/src/request.rs
@@ -1,5 +1,6 @@
 use std::{convert::TryFrom, fmt, net, rc::Rc, time::Duration};
 
+use base64::prelude::*;
 use bytes::Bytes;
 use futures_core::Stream;
 use serde::Serialize;
@@ -238,7 +239,7 @@ impl ClientRequest {
 
         self.insert_header((
             header::AUTHORIZATION,
-            format!("Basic {}", base64::encode(auth)),
+            format!("Basic {}", BASE64_STANDARD.encode(auth)),
         ))
     }
 
diff --git a/awc/src/ws.rs b/awc/src/ws.rs
index f905b8ef2..406368e62 100644
--- a/awc/src/ws.rs
+++ b/awc/src/ws.rs
@@ -28,6 +28,8 @@
 
 use std::{convert::TryFrom, fmt, net::SocketAddr, str};
 
+use base64::prelude::*;
+
 use actix_codec::Framed;
 use actix_http::{ws, Payload, RequestHead};
 use actix_rt::time::timeout;
@@ -236,7 +238,10 @@ impl WebsocketsRequest {
             Some(password) => format!("{}:{}", username, password),
             None => format!("{}:", username),
         };
-        self.header(AUTHORIZATION, format!("Basic {}", base64::encode(auth)))
+        self.header(
+            AUTHORIZATION,
+            format!("Basic {}", BASE64_STANDARD.encode(auth)),
+        )
     }
 
     /// Set HTTP bearer authentication header
@@ -321,7 +326,7 @@ impl WebsocketsRequest {
         // Generate a random key for the `Sec-WebSocket-Key` header which is a base64-encoded
         // (see RFC 4648 §4) value that, when decoded, is 16 bytes in length (RFC 6455 §1.3).
         let sec_key: [u8; 16] = rand::random();
-        let key = base64::encode(sec_key);
+        let key = BASE64_STANDARD.encode(sec_key);
 
         self.head.headers.insert(
             header::SEC_WEBSOCKET_KEY,
diff --git a/awc/tests/test_client.rs b/awc/tests/test_client.rs
index 0949595cb..9c3543ff0 100644
--- a/awc/tests/test_client.rs
+++ b/awc/tests/test_client.rs
@@ -13,6 +13,7 @@ use std::{
 };
 
 use actix_utils::future::ok;
+use base64::prelude::*;
 use bytes::Bytes;
 use cookie::Cookie;
 use futures_util::stream;
@@ -783,7 +784,7 @@ async fn client_basic_auth() {
                     .unwrap()
                     .to_str()
                     .unwrap()
-                    == format!("Basic {}", base64::encode("username:password"))
+                    == format!("Basic {}", BASE64_STANDARD.encode("username:password"))
                 {
                     HttpResponse::Ok()
                 } else {