deps: bump the rust-dependencies group across 1 directory with 10 updates

[dependabot]

Bumps the rust-dependencies group with 10 updates in the / directory:

Package	From	To
clap_complete	4.6.4	4.6.5
const-oid	0.9.6	0.10.2
der	0.7.10	0.8.0
open	5.3.4	5.3.5
opentelemetry	0.31.0	0.32.0
opentelemetry_sdk	0.31.0	0.32.0
opentelemetry-otlp	0.31.1	0.32.0
sha2	0.10.9	0.11.0
signature	2.2.0	3.0.0
spki	0.7.3	0.8.0

Updates clap_complete from 4.6.4 to 4.6.5

Commits

• c8c9355 chore: Release
• af74def docs: Update changelog
• c96f222 Merge pull request #6368 from truffle-dev/fix/fish-env-escaping
• 49a05cd fix(complete): Two-pass quote fish env-completer
• e791004 test(complete): Snapshot fish env quoting cases
• See full diff in compare view

Updates const-oid from 0.9.6 to 0.10.2

Commits

• e5c7e4c const-oid v0.10.2 (#2163)
• 8b9ae29 chore(deps): bump the all-deps group with 8 updates (#2161)
• 16aca51 chore(deps): bump crate-ci/typos from 1.40.0 to 1.41.0 (#2160)
• 7d46f25 Bump rand to v0.10.0-rc.6 (#2159)
• d76c2ce x509-cert v0.3.0-rc.3 (#2158)
• 4120b6b pkcs5 v0.8.0-rc.11 (#2157)
• 7a58866 sec1 v0.8.0-rc.11 (#2156)
• 124d796 Cargo.lock: bump dependencies (#2155)
• 2236024 Bump x509-cert to v0.10.0-rc.11 (#2154)
• 2cc7e23 mcf v0.6.0-rc.2 (#2153)
• Additional commits viewable in compare view

Updates der from 0.7.10 to 0.8.0

Commits

• 7784544 der v0.8.0 (#2234)
• 3a39d5e der: remove obsolete lint configs (#2235)
• 8ede832 der: followup to docs changes (#2233)
• 610211c der: remove deprecated SetOf(Vec)::add methods (#2232)
• f362dac der: add workspace-level clippy config (#2231)
• b5b3ee2 der: expand CI coverage (#2230)
• 65ae3d7 Add heapless::Vec-backed SequenceOf and SetOf (#2229)
• 302dd3f pkcs8 v0.11.0-rc.11 (#2228)
• bc1c747 der v0.8.0-rc.12 (#2227)
• 8ce90ef der_derive: fix trusted publishing workflow
• Additional commits viewable in compare view

Updates open from 5.3.4 to 5.3.5

Release notes

Sourced from open's releases.

v5.3.5

Bug Fixes

• delegate to winebrowser under Wine When running a Windows-targeted binary under Wine, open requests previously fell back to Wine's bundled explorer.exe, which lacks proper host desktop integration.

  This change detects the Wine environment at runtime (via WINEPREFIX, WINELOADER, or WINEDEBUG) and prepends a winebrowser command to the launcher list. winebrowser is Wine's official utility for forwarding file/URL requests to the host OS's default handler (e.g., xdg-open on Linux, open on macOS).

  If winebrowser is unavailable or fails, the existing cmd /c start fallback is used automatically, preserving backward compatibility. No public API changes or compile-time flags are introduced.

Commit Statistics

• 3 commits contributed to the release.
• 22 days passed between releases.
• 1 commit was understood as conventional.
• 0 issues like '(#ID)' were seen in commit messages

Commit Details

• Uncategorized
  • Merge pull request #121 from gsurrel/wine-awareness (bb28d04)
  • Review (f72e644)
  • Delegate to winebrowser under Wine (db81369)

Changelog

Sourced from open's changelog.

5.3.5 (2026-05-12)

Bug Fixes

• delegate to winebrowser under Wine When running a Windows-targeted binary under Wine, open requests previously fell back to Wine's bundled explorer.exe, which lacks proper host desktop integration.

  This change detects the Wine environment at runtime (via WINEPREFIX, WINELOADER, or WINEDEBUG) and prepends a winebrowser command to the launcher list. winebrowser is Wine's official utility for forwarding file/URL requests to the host OS's default handler (e.g., xdg-open on Linux, open on macOS).

  If winebrowser is unavailable or fails, the existing cmd /c start fallback is used automatically, preserving backward compatibility. No public API changes or compile-time flags are introduced.

Commit Statistics

• 3 commits contributed to the release.
• 22 days passed between releases.
• 1 commit was understood as conventional.
• 0 issues like '(#ID)' were seen in commit messages

Commit Details

• Uncategorized
  • Merge pull request #121 from gsurrel/wine-awareness (bb28d04)
  • Review (f72e644)
  • Delegate to winebrowser under Wine (db81369)

Commits

• b98fc01 Release open v5.3.5
• bb28d04 Merge pull request #121 from gsurrel/wine-awareness
• f72e644 review
• db81369 fix(windows): delegate to winebrowser under Wine
• See full diff in compare view

Updates opentelemetry from 0.31.0 to 0.32.0

Release notes

Sourced from opentelemetry's releases.

0.32.0

See release notes: https://github.com/open-telemetry/opentelemetry-rust/blob/main/docs/release_0.32.md

opentelemetry-otlp 0.31.1

What's Changed

• feat(OTLP): add tls-ring, tls-aws-lc, and tls-provider-agnostic feature flags [patch release v0.31.1] by @​lalitb in open-telemetry/opentelemetry-rust#3426

Full Changelog: open-telemetry/opentelemetry-rust@v0.31.0...opentelemetry-otlp-0.31.1

Changelog

Sourced from opentelemetry's changelog.

Release Notes 0.32

OpenTelemetry Rust 0.32 continues to drive the Logs, Metrics, and Distributed Tracing components forward. The Logs and Metrics API and SDK remain stable, with no breaking changes in this release. The OTLP Exporters and the Distributed Tracing API/SDK remain in pre-stable states (Release-Candidate and Beta respectively), and this release introduces a small number of intentional breaking changes in those areas to prepare them for stabilization.

For detailed changelogs of individual crates, please refer to their respective changelog files. This document serves as a summary of the main changes.

Key Changes

Metrics SDK

1. Bound instruments (experimental): Added Counter::bind() and Histogram::bind() returning pre-bound measurement handles (BoundCounter<T>, BoundHistogram<T>). Bound instruments resolve the attribute-to-aggregator mapping once at bind time and cache the result, eliminating per-call HashMap lookups on the hot path. Benchmarks show ~28x speedup for counter operations and ~9x for histograms. Gated behind the experimental_metrics_bound_instruments feature flag.

2. Delta collection efficiency: Delta metrics collection now uses in-place eviction instead of draining the HashMap on every collect cycle. Stale attribute sets that received no measurements since the last collection are evicted.

3. Stable Aggregation API: Aggregation and StreamBuilder::with_aggregation() are now stable and no longer require the spec_unstable_metrics_views feature flag.

Logs

1. Tracing-span attribute enrichment (experimental): The opentelemetry-appender-tracing crate can now copy attributes from active tracing spans onto each emitted log record. ("Span" here refers to tracing::span!, not an opentelemetry::trace::Span.) Enrichment is disabled by default with zero per-span overhead, and is gated behind the new experimental_span_attributes cargo feature.

2. spec_unstable_logs_enabled removed: The capability (and the backing specification) is now stable and is enabled by default. The feature flag has been removed.

Distributed Tracing (Beta)

The Distributed Tracing API and SDK remain in beta. This release contains intentional breaking changes to clean up the public surface ahead of

... (truncated)

Commits

• ec289cb chore: Prepare for release v0.32.0 (#3508)
• 3ddb386 fix(metrics): reject usize::MAX as cardinality limit (#3506)
• bad0a1b feat(appender-tracing): re-gate span attribute enrichment behind experimental...
• f744509 docs: update README status table and remove deprecated crates (#3502)
• 81d5a06 chore(prometheus): restore crate to workspace (#3500)
• 5a07ce1 ci: close stale pull requests (#3499)
• cc87dd9 feat(appender-tracing): stabilize span attribute propagation (#3482)
• f290595 docs(metrics): document experimental bound instruments (#3495)
• a79eb76 fix(sdk): suppress telemetry in SimpleSpanProcessor during export (#3494)
• aa3bda3 chore(zipkin): deprecate opentelemetry-zipkin crate (#3492)
• Additional commits viewable in compare view

Updates opentelemetry_sdk from 0.31.0 to 0.32.0

Changelog

Sourced from opentelemetry_sdk's changelog.

Release Notes 0.32

OpenTelemetry Rust 0.32 continues to drive the Logs, Metrics, and Distributed Tracing components forward. The Logs and Metrics API and SDK remain stable, with no breaking changes in this release. The OTLP Exporters and the Distributed Tracing API/SDK remain in pre-stable states (Release-Candidate and Beta respectively), and this release introduces a small number of intentional breaking changes in those areas to prepare them for stabilization.

For detailed changelogs of individual crates, please refer to their respective changelog files. This document serves as a summary of the main changes.

Key Changes

Metrics SDK

1. Bound instruments (experimental): Added Counter::bind() and Histogram::bind() returning pre-bound measurement handles (BoundCounter<T>, BoundHistogram<T>). Bound instruments resolve the attribute-to-aggregator mapping once at bind time and cache the result, eliminating per-call HashMap lookups on the hot path. Benchmarks show ~28x speedup for counter operations and ~9x for histograms. Gated behind the experimental_metrics_bound_instruments feature flag.

2. Delta collection efficiency: Delta metrics collection now uses in-place eviction instead of draining the HashMap on every collect cycle. Stale attribute sets that received no measurements since the last collection are evicted.

3. Stable Aggregation API: Aggregation and StreamBuilder::with_aggregation() are now stable and no longer require the spec_unstable_metrics_views feature flag.

Logs

1. Tracing-span attribute enrichment (experimental): The opentelemetry-appender-tracing crate can now copy attributes from active tracing spans onto each emitted log record. ("Span" here refers to tracing::span!, not an opentelemetry::trace::Span.) Enrichment is disabled by default with zero per-span overhead, and is gated behind the new experimental_span_attributes cargo feature.

2. spec_unstable_logs_enabled removed: The capability (and the backing specification) is now stable and is enabled by default. The feature flag has been removed.

Distributed Tracing (Beta)

The Distributed Tracing API and SDK remain in beta. This release contains intentional breaking changes to clean up the public surface ahead of

... (truncated)

Commits

• ec289cb chore: Prepare for release v0.32.0 (#3508)
• 3ddb386 fix(metrics): reject usize::MAX as cardinality limit (#3506)
• bad0a1b feat(appender-tracing): re-gate span attribute enrichment behind experimental...
• f744509 docs: update README status table and remove deprecated crates (#3502)
• 81d5a06 chore(prometheus): restore crate to workspace (#3500)
• 5a07ce1 ci: close stale pull requests (#3499)
• cc87dd9 feat(appender-tracing): stabilize span attribute propagation (#3482)
• f290595 docs(metrics): document experimental bound instruments (#3495)
• a79eb76 fix(sdk): suppress telemetry in SimpleSpanProcessor during export (#3494)
• aa3bda3 chore(zipkin): deprecate opentelemetry-zipkin crate (#3492)
• Additional commits viewable in compare view

Updates opentelemetry-otlp from 0.31.1 to 0.32.0

Changelog

Sourced from opentelemetry-otlp's changelog.

Release Notes 0.32

OpenTelemetry Rust 0.32 continues to drive the Logs, Metrics, and Distributed Tracing components forward. The Logs and Metrics API and SDK remain stable, with no breaking changes in this release. The OTLP Exporters and the Distributed Tracing API/SDK remain in pre-stable states (Release-Candidate and Beta respectively), and this release introduces a small number of intentional breaking changes in those areas to prepare them for stabilization.

For detailed changelogs of individual crates, please refer to their respective changelog files. This document serves as a summary of the main changes.

Key Changes

Metrics SDK

1. Bound instruments (experimental): Added Counter::bind() and Histogram::bind() returning pre-bound measurement handles (BoundCounter<T>, BoundHistogram<T>). Bound instruments resolve the attribute-to-aggregator mapping once at bind time and cache the result, eliminating per-call HashMap lookups on the hot path. Benchmarks show ~28x speedup for counter operations and ~9x for histograms. Gated behind the experimental_metrics_bound_instruments feature flag.

2. Delta collection efficiency: Delta metrics collection now uses in-place eviction instead of draining the HashMap on every collect cycle. Stale attribute sets that received no measurements since the last collection are evicted.

3. Stable Aggregation API: Aggregation and StreamBuilder::with_aggregation() are now stable and no longer require the spec_unstable_metrics_views feature flag.

Logs

1. Tracing-span attribute enrichment (experimental): The opentelemetry-appender-tracing crate can now copy attributes from active tracing spans onto each emitted log record. ("Span" here refers to tracing::span!, not an opentelemetry::trace::Span.) Enrichment is disabled by default with zero per-span overhead, and is gated behind the new experimental_span_attributes cargo feature.

2. spec_unstable_logs_enabled removed: The capability (and the backing specification) is now stable and is enabled by default. The feature flag has been removed.

Distributed Tracing (Beta)

The Distributed Tracing API and SDK remain in beta. This release contains intentional breaking changes to clean up the public surface ahead of

... (truncated)

Commits

• ec289cb chore: Prepare for release v0.32.0 (#3508)
• 3ddb386 fix(metrics): reject usize::MAX as cardinality limit (#3506)
• bad0a1b feat(appender-tracing): re-gate span attribute enrichment behind experimental...
• f744509 docs: update README status table and remove deprecated crates (#3502)
• 81d5a06 chore(prometheus): restore crate to workspace (#3500)
• 5a07ce1 ci: close stale pull requests (#3499)
• cc87dd9 feat(appender-tracing): stabilize span attribute propagation (#3482)
• f290595 docs(metrics): document experimental bound instruments (#3495)
• a79eb76 fix(sdk): suppress telemetry in SimpleSpanProcessor during export (#3494)
• aa3bda3 chore(zipkin): deprecate opentelemetry-zipkin crate (#3492)
• Additional commits viewable in compare view

Updates sha2 from 0.10.9 to 0.11.0

Commits

• ffe0939 Release sha2 0.11.0 (#806)
• 8991b65 Use the standard order of the [package] section fields (#807)
• 3d2bc57 sha2: refactor backends (#802)
• faa55fb sha3: bump keccak to v0.2 (#803)
• d3e6489 sha3 v0.11.0-rc.9 (#801)
• bbf6f51 sha2: tweak backend docs (#800)
• 155dbbf sha3: add default value for the DS generic parameter on TurboShake128/256...
• ed514f2 Use published version of keccak v0.2 (#799)
• 702bcd8 Migrate to closure-based keccak (#796)
• 827c043 sha3 v0.11.0-rc.8 (#794)
• Additional commits viewable in compare view

Updates signature from 2.2.0 to 3.0.0

Commits

• 9488e7e signature v3.0.0 (#2400)
• 2917d19 build(deps): bump the all-deps group across 1 directory with 4 updates (#2398)
• 7b029ba signature: add AsyncVerifier, AsyncMultipartVerifier, `AsyncDigestVerifie...
• c6d4dd7 elliptic-curve v0.14.0-rc.32 (#2399)
• f2069a2 elliptic-curve: bump pkcs8 to v0.11 (#2397)
• 8250383 elliptic-curve: bump pkcs8 to v0.11.0-rc.12 (#2396)
• 54e464f signature: remove long-winded intro section in rustdoc (#2392)
• 5cb62a4 signature: enable/fix workspace-level lints; reformat docs (#2391)
• 375378f elliptic-curve: consistent PKCS#8 / SEC1 naming in secret_key.rs (#2388)
• 30a48ab elliptic-curve: add mul_by_generator(_vartime) benchmarks (#2389)
• Additional commits viewable in compare view

Updates spki from 0.7.3 to 0.8.0

Commits

• 1ee89d6 spki v0.8.0 (#2277)
• 35e35bc der: deprecate ErrorKind::SetDuplicate (#2276)
• fe0fdfb spki: enable workspace-level lint config (#2231) (#2275)
• 223f522 der: allow SetOf* duplicates (#2272)
• 3778ae3 spki: impl core::error::Error for Error (#2274)
• a8bc037 Bump sha2 dependency to v0.11 (#2273)
• 1d6ed2e sec1 v0.8.1 (#2270)
• 11590f1 sec1: impl CtAssign(Slice)/CtEq(Slice) for EncodedPoint (#2269)
• 9bad356 chore(deps): bump the all-deps group with 11 updates (#2268)
• f682bc1 chore(deps): bump the all-deps group with 6 updates (#2266)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions