chore(deps): bump the rust-dependencies group across 1 directory with 6 updates

[dependabot]

Bumps the rust-dependencies group with 6 updates in the /src/user-management-service directory:

Package	From	To
thiserror	2.0.16	2.0.17
opentelemetry	0.23.0	0.31.0
opentelemetry-datadog	0.11.0	0.19.0
async-trait	0.1.88	0.1.89
jsonwebtoken	9.3.1	10.2.0
reqwest	0.12.15	0.12.24

Updates thiserror from 2.0.16 to 2.0.17

Release notes

Sourced from thiserror's releases.

2.0.17

• Use differently named __private module per patch release (#434)

Commits

• 72ae716 Release 2.0.17
• 599fdce Merge pull request #434 from dtolnay/private
• 9ec05f6 Use differently named __private module per patch release
• d2c492b Raise minimum tested compiler to rust 1.76
• fc3ab95 Opt in to generate-macro-expansion when building on docs.rs
• 819fe29 Update ui test suite to nightly-2025-09-12
• 259f48c Enforce trybuild >= 1.0.108
• 470e6a6 Update ui test suite to nightly-2025-08-24
• 544e191 Update actions/checkout@v4 -> v5
• cbc1eba Delete duplicate cap-lints flag from build script
• See full diff in compare view

Updates opentelemetry from 0.23.0 to 0.31.0

Release notes

Sourced from opentelemetry's releases.

0.30.0 Release

See changelog for individual crates to know the exact set of changes. All crates in this repo follows same version (0.30.0 for this release).

This release also upgrades Metrics-SDK to stable!

See summary of release notes: https://github.com/open-telemetry/opentelemetry-rust/blob/main/docs/release_0.30.md

0.29.0 Release

See changelog for individual crates to know the exact set of changes. All crates in this repo follows same version (0.29.0 for this release).

This release also upgrades

• Logs-SDK to stable
• Logs-Appender-Tracing to stable
• Baggage to RC

And deprecates

• Prometheus exporter is - now deprecated in favor of OTLP exporter.

0.28.0 Release

See changelog for individual crates to know the exact set of changes. All crates in this repo follows same version (0.28.0 for this release).

This release also upgrades

• Logs API to stable
• Logs-SDK, Logs OTLP exporter, Logs-Appender-Tracing to RC
• Metrics-API to stable
• Metrics-SDK, Metrics OTLP exporter to RC.

This release introduces several breaking changes as we progress toward a stable version for logs and metrics. We recommend reviewing the Migration Guide along with the changelogs to ensure a smooth upgrade.

opentelemetry-0.27.1 patch release

This release has improved internal logging to help with troubleshooting.

opentelemetry_sdk-0.27.1 patch release

Refer to opentelemetry-sdk CHANGELOG for the changes.

0.27.0 Release

See changelog for individual crates to know the exact set of changes. All crates in this repo follows same version (0.27.0 for this release).

This release also upgrades

• Logs API to RC
• Metrics API to RC
• Metrics SDK to Beta
• Metrics OTLP Exporter to Beta.

0.26.0 Release

See changelog for individual crates to know the exact set of changes. As informed during previous release, all crates from this repo follows same version (0.26.0 for this release).

... (truncated)

Changelog

Sourced from opentelemetry's changelog.

Release Notes 0.30

OpenTelemetry Rust 0.30 introduces a few breaking changes to the opentelemetry_sdk crate in the metrics feature. These changes were essential to drive the Metrics SDK towards stability. With this release, the Metrics SDK is officially declared stable. The Metrics API was declared stable last year, and previously, the Logs API, SDK, and OTel-Appender-Tracing were also marked stable. Importantly, no breaking changes have been introduced to components already marked as stable.

It is worth noting that the opentelemetry-otlp crate remains in a Release-Candidate state and is not yet considered stable. With the API and SDK for Logs and Metrics now stable, the focus will shift towards further refining and stabilizing the OTLP Exporters in upcoming releases. Additionally, Distributed Tracing is expected to progress towards stability, addressing key interoperability challenges.

For detailed changelogs of individual crates, please refer to their respective changelog files. This document serves as a summary of the main changes.

Key Changes

Metrics SDK Improvements

1. Stabilized "view" features: Previously under an experimental feature flag, views can now be used to modify the name, unit, description, and cardinality limit of a metric. Advanced view capabilities, such as changing aggregation or dropping attributes, remain under the experimental feature flag.

2. Cardinality capping: Introduced the ability to cap cardinality and configure limits using views.

3. Polished public API: Refined the public API to hide implementation details from exporters, enabling future internal optimizations and ensuring consistency. Some APIs related to authoring custom metric readers have been moved behind experimental feature flags. These advanced use cases require more time to finalize the API surface before being included in the stable release.

Context-Based Suppression

Added the ability to suppress telemetry based on Context. This feature prevents telemetry-induced-telemetry scenarios and addresses a long-standing issue. Note that suppression relies on proper context propagation. Certain libraries used in OTLP Exporters utilize tracing but do not adopt OpenTelemetry's context propagation. As a result, not all telemetry is automatically suppressed with this feature. Improvements in this area are expected in future releases.

Next Release

... (truncated)

Commits

• 285dc92 chore: Prepare for release v0.31.0 (#3179)
• 9cde968 chore: Prepare for release otel-http v0.30.1, Revert part of multi-value key ...
• 5250df2 fix: Suppress telemetry emitted inside of BatchLogProcessor::emit (#3172)
• 9bd2c1b fix: use instrumentation schema URL on scope spans (#3171)
• 159135c feat: Add is_remote flag in exporter for spans and span links (#3153)
• b7ff11b fix: Use path+version dependencies for publishing to crates.io otel-http (#3...
• 24da5c9 fix: Use path+version dependencies for publishing to crates.io (#3167)
• 6f75c58 fix: Add std feature to serde to fix CI linting issues (#3165)
• 80b5dcb chore: Bump opentelemetry-proto to v0.30.1 and opentelemetry-otlp to v0.30.1 ...
• b70771a chore: bump otel-proto to v1.8.0 (#3156)
• Additional commits viewable in compare view

Updates opentelemetry-datadog from 0.11.0 to 0.19.0

Commits

• 1cb39ed Prepare crates for otel v0.27.0 (#130)
• 559fe64 Update user_events metrics exporter to otel 0.27, add internal logs (#129)
• d407cbf Update Metric-Etw exporter to use 0.27 of api and sdk (#128)
• b46dd69 [User_events metrics exporter] Single Metric point per user_event write. (#126)
• ea4c808 prepare Datadog 0.14 release (#123)
• fe3b916 Added k8s ResourceDetector (#122)
• be31dcb chore: add cargo machete and remove unused dependencies (#119)
• 3278de6 chore: update Datadog to otel 0.26 (#120)
• dc6492d publish crates for otel v0.26 (#117)
• 7c131c4 opentelemetry 0.26 (#116)
• Additional commits viewable in compare view

Updates async-trait from 0.1.88 to 0.1.89

Release notes

Sourced from async-trait's releases.

0.1.89

• Improve IDE functionality (#293, thanks @​Veykril)

Commits

• a7e91e9 Release 0.1.89
• fbcfcac Merge pull request 293 from Veykril/lw/quote_spanned
• fd93990 Improve use of spans in quote_spanned
• a5093fe Add type-mismatch ui test
• 6d12b44 Revert "Pin nightly toolchain used for miri job"
• dd9e4ba Hide unused_variables warning in consider-restricting.rs ui test
• b454fc8 Update ui test suite to nightly-2025-08-03
• 9c880e8 Update ui test suite to nightly-2025-07-30
• 7ca751d Ignore unused_parens warning in test
• 2bccfeb Update ui test suite to nightly-2025-05-28
• Additional commits viewable in compare view

Updates jsonwebtoken from 9.3.1 to 10.2.0

Changelog

Sourced from jsonwebtoken's changelog.

10.2.0 (2025-11-06)

• Remove Clone bound from decode functions

10.1.0 (2025-10-18)

• add dangerous::insecure_decode
• Implement TryFrom &Jwk for DecodingKey

10.0.0 (2025-09-29)

• BREAKING: now using traits for crypto backends, you have to choose between aws_lc_rs and rust_crypto
• Add Clone bound to decode
• Support decoding byte slices
• Support JWS

Commits

• 53a3fc2 Do not fail for clippy
• 3226cfc Prepare for release
• dfe58f9 Remove unnecessary Clone bounds from decode functions (#458)
• 9b3e19c Fix function names in README (#457)
• 655abeb Ready for release
• d96982d Fix a few markdown issues in docs (#446)
• fbcfd39 feat: add dangerous::insecure_decode (#441)
• 4ba3fce fix(docs): add rust_crypto feature to docs.rs build (#443)
• 29fa3b1 Implement TryFrom &Jwk for DecodingKey (#437)
• 1456755 Use DecodingKey::from_jwk to get DecodingKey from JWK in auth0 example (#430)
• Additional commits viewable in compare view

Updates reqwest from 0.12.15 to 0.12.24

Release notes

Sourced from reqwest's releases.

v0.12.24

Highlights

• Refactor cookie handling to an internal middleware.
• Refactor internal random generator.
• Refactor base64 encoding to reduce a copy.
• Documentation updates.

What's Changed

• build(deps): silence unused deps in WASM build by @​0x676e67 in seanmonstar/reqwest#2799
• perf(util): avoid extra copy when base64 encoding by @​0x676e67 in seanmonstar/reqwest#2805
• docs: fix method name in changelog entry by @​johannespfrang in seanmonstar/reqwest#2807
• chore: Align the name usage of TotalTimeout by @​Xuanwo in seanmonstar/reqwest#2657
• refactor(cookie): add CookieService by @​linyihai in seanmonstar/reqwest#2787
• Fixes typo in retry max_retries_per_request doc comment re 2813 by @​dmackinn in seanmonstar/reqwest#2824
• test(multipart): fix build failure with no-default-features by @​0x676e67 in seanmonstar/reqwest#2801
• refactor(cookie): avoid duplicate cookie insertion by @​0x676e67 in seanmonstar/reqwest#2834

New Contributors

• @​johannespfrang made their first contribution in seanmonstar/reqwest#2807
• @​dmackinn made their first contribution in seanmonstar/reqwest#2824

Full Changelog: seanmonstar/reqwest@v0.12.23...v0.12.24

v0.12.23

tl;dr

• 🇺🇩🇸 Add ClientBuilder::unix_socket(path) option that will force all requests over that Unix Domain Socket.
• 🔁 Add ClientBuilder::retries(policy) and reqwest::retry::Builder to configure automatic retries.
• Add ClientBuilder::dns_resolver2() with more ergonomic argument bounds, allowing more resolver implementations.
• Add http3_* options to blocking::ClientBuilder.
• Fix default TCP timeout values to enabled and faster.
• Fix SOCKS proxies to default to port 1080
• (wasm) Add cache methods to RequestBuilder.

What's Changed

• Minimize package size by @​weiznich in seanmonstar/reqwest#2759
• chore(dev-dependencies): bump brotli by @​seanmonstar in seanmonstar/reqwest#2760
• upgrade hickory-dns to 0.25 by @​seanmonstar in seanmonstar/reqwest#2761
• Re-expose http3 options in blocking::clientBuilder by @​ducaale in seanmonstar/reqwest#2770
• fix(proxy): restore default port 1080 for SOCKS proxies without explicit port by @​0x676e67 in seanmonstar/reqwest#2771
• ci: use msrv-aware cargo in msrv job by @​seanmonstar in seanmonstar/reqwest#2779
• feat: add request cache option for wasm by @​Spxg in seanmonstar/reqwest#2775
• style(client): use std::task::ready! macro to simplify Poll branch match by @​0x676e67 in seanmonstar/reqwest#2781
• fix: add default tcp keepalive and user_timeout values by @​seanmonstar in seanmonstar/reqwest#2780
• feat: add unix_socket() option to client builder by @​seanmonstar in seanmonstar/reqwest#2624
• Add retry policies by @​seanmonstar in seanmonstar/reqwest#2763
• refactor: loosen retry for_host parameter bounds by @​Enduriel in seanmonstar/reqwest#2792
• feat: add dns_resolver2 that is more ergonomic and flexible by @​seanmonstar in seanmonstar/reqwest#2793
• Prepare v0.12.23 by @​seanmonstar in seanmonstar/reqwest#2795

... (truncated)

Changelog

Sourced from reqwest's changelog.

v0.12.24

• Refactor cookie handling to an internal middleware.
• Refactor internal random generator.
• Refactor base64 encoding to reduce a copy.
• Documentation updates.

v0.12.23

• Add ClientBuilder::unix_socket(path) option that will force all requests over that Unix Domain Socket.
• Add ClientBuilder::retry(policy) and reqwest::retry::Builder to configure automatic retries.
• Add ClientBuilder::dns_resolver2() with more ergonomic argument bounds, allowing more resolver implementations.
• Add http3_* options to blocking::ClientBuilder.
• Fix default TCP timeout values to enabled and faster.
• Fix SOCKS proxies to default to port 1080
• (wasm) Add cache methods to RequestBuilder.

v0.12.22

• Fix socks proxies when resolving IPv6 destinations.

v0.12.21

• Fix socks proxy to use socks4a:// instead of socks4h://.
• Fix Error::is_timeout() to check for hyper and IO timeouts too.
• Fix request Error to again include URLs when possible.
• Fix socks connect error to include more context.
• (wasm) implement Default for Body.

v0.12.20

• Add ClientBuilder::tcp_user_timeout(Duration) option to set TCP_USER_TIMEOUT.
• Fix proxy headers only using the first matched proxy.
• (wasm) Fix re-adding Error::is_status().

v0.12.19

• Fix redirect that changes the method to GET should remove payload headers.
• Fix redirect to only check the next scheme if the policy action is to follow.
• (wasm) Fix compilation error if cookies feature is enabled (by the way, it's a noop feature in wasm).

v0.12.18

• Fix compilation when socks enabled without TLS.

v0.12.17

• Fix compilation on macOS.

v0.12.16

... (truncated)

Commits

• b126ca4 v0.12.24
• 4023493 refactor: change fast_random from xorshift to siphash a counter
• fd61bc9 refactor(cookie): avoid duplicate cookie insertion (#2834)
• 0bfa526 test(multipart): fix build failure with no-default-features (#2801)
• 994b8a0 docs: typo in retry max_retries_per_request (#2824)
• da0702b refactor(cookie): de-duplicate cookie support as CookieService middleware (...
• 7ebddea chore: align internal name usage of TotalTimeout (#2657)
• b540a4e chore(readme): use correct CI status badge
• e4550c4 docs: fix method name in changelog entry (#2807)
• f4694a2 perf(util): avoid extra copy when base64 encoding (#2805)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.