Bump the "backend" group with 1 update across multiple ecosystems

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps the backend group with 8 updates:

Package	From	To
askama	0.15.4	0.15.6
aws-sdk-s3	1.125.0	1.126.0
clap	4.5.60	4.6.0
duckdb	1.4.4	1.10501.0
md-5	0.10.6	0.11.0
tempfile	3.26.0	3.27.0
tracing-subscriber	0.3.22	0.3.23
which	8.0.1	8.0.2

Updates askama from 0.15.4 to 0.15.6

Release notes

Sourced from askama's releases.

v0.15.6

What's Changed

• Correctly handle non-ident item in block error by @​GuillaumeGomez in askama-rs/askama#717
• Remove unnecessary .clone() by @​jplatte in askama-rs/askama#716
• Remove unused lifetime parameter on SyntaxAndCache by @​jplatte in askama-rs/askama#714
• Upgrade winnow to 1.0 by @​jplatte in askama-rs/askama#715

Full Changelog: askama-rs/askama@v0.15.5...v0.15.6

v0.15.5

What's Changed

• parser: reject non-ASCII characters in byte literals by @​Kijewski in askama-rs/askama#694
• parser: reject syntaxes that could cause catastrophic backtracking by @​Kijewski in askama-rs/askama#695
• Fix jinja macro arguments handling by @​GuillaumeGomez in askama-rs/askama#709
• Fix build determinism and macro path management by @​GuillaumeGomez and @​cgundy in askama-rs/askama#710

Full Changelog: askama-rs/askama@v0.15.4...v0.15.5

Commits

• 4260d0d Merge pull request #719 from GuillaumeGomez/update-crate-version
• 1471702 Update crate version to 0.15.6
• fb6f3fb Merge pull request #718 from GuillaumeGomez/improve-ui-tests
• 4f36391 Merge pull request #717 from GuillaumeGomez/fix-non-ident-block
• 1b4350b Update trybuild version to 1.0.116 to enforce diagnostics width
• 2ad677c Correctly handle non-ident item in block error
• 5e12585 Merge pull request #714 from jplatte/jplatte/lt-refactor
• 0ebfd0f Merge pull request #716 from jplatte/jplatte/clippy
• 3c0f1b0 Merge pull request #715 from jplatte/jplatte/winnow1
• acc29f3 Remove unnecessary .clone()
• Additional commits viewable in compare view

Updates aws-sdk-s3 from 1.125.0 to 1.126.0

Commits

• See full diff in compare view

Updates clap from 4.5.60 to 4.6.0

Changelog

Sourced from clap's changelog.

[4.6.0] - 2026-03-12

Compatibility

• Update MSRV to 1.85

[4.5.61] - 2026-03-12

Internal

• Update dependencies

Commits

• 9ab6dee chore: Release
• 374a30d docs: Update changelog
• d0c8aab Merge pull request #6306 from epage/update
• 686ce2f chore: Upgrade compatible
• 8203238 Merge pull request #6305 from epage/msrv
• c774a89 docs: Reduce main's in doctests
• 73534f6 chore: Upgrade to 2025 edition
• dfe05a9 chore: Bump MSRV to 1.85
• 8b41d0b chore: Release
• 518220f docs: Update changelog
• Additional commits viewable in compare view

Updates duckdb from 1.4.4 to 1.10501.0

Release notes

Sourced from duckdb's releases.

v1.10501.0

Highlights

• New profiling metrics API: collect query profiling data (timing, row counts, operator tree) via Connection.
• Removed deprecated arrow2 exposure: step2() is gone. Use query_polars() for Polars DataFrames or step() for raw arrow-rs access. Breaking change.
• duckdb_entrypoint_c_api macro now suppresses the clippy::missing_safety_doc lint automatically.
• Upgraded to Arrow 58 and bundled DuckDB v1.5.1.

What's Changed

• duckdb_entrypoint_c_api: suppress missing_safety_doc lint by @​mlafeldt in duckdb/duckdb-rs#704
• Clarify MSRV policy under new versioning by @​mlafeldt in duckdb/duckdb-rs#705
• Update deps for development by @​mlafeldt in duckdb/duckdb-rs#706
• Add support for collecting profiling metrics by @​Maxxen in duckdb/duckdb-rs#707
• Profiling metrics follow-up by @​Maxxen in duckdb/duckdb-rs#712
• chore: update to arrow v58 by @​gadomski in duckdb/duckdb-rs#702
• Remove direct arrow2 exposure by @​mlafeldt in duckdb/duckdb-rs#698
• Adapt upgrade.sh scripts to new versioning by @​mlafeldt in duckdb/duckdb-rs#717
• Update DuckDB to v1.5.1 by @​mlafeldt in duckdb/duckdb-rs#718

New Contributors

• @​gadomski made their first contribution in duckdb/duckdb-rs#702

Full Changelog: duckdb/duckdb-rs@v1.10500.0...v1.10501.0

v1.10500.0

[!WARNING] New crate versioning scheme. Crate versions now encode the DuckDB version in their second semver component (1.MAJOR_MINOR_PATCH.x), allowing patch releases independent of DuckDB. For example, DuckDB v1.5.0 maps to crate version 1.10500.x.

Highlights

• Full rust_decimal::Decimal support: FromSql, ToSql, and Appender binding for decimal values.
• Params implemented for tuples (up to arity 16), enabling conn.execute("...", (a, b, c)) syntax.
• ENUM columns now support FromSql<String> directly.
• Date32 and Time64 can now be bound in prepared statements.
• Loadable extensions need only a single duckdb crate dependency; eliminated .unwrap() panic paths in duckdb_entrypoint_c_api macro.
• Fix: cloned database handles now keep the original db handle alive (fixes #312).
• Fix: chrono datetime writes normalized to UTC.
• Upgraded to Rust edition 2024, Arrow 57, and bundled DuckDB v1.5.0.

What's Changed

• Allow to write extension using a single crate dependency by @​mlafeldt in duckdb/duckdb-rs#674
• Update authors to include DuckDB Labs and contributors by @​mlafeldt in duckdb/duckdb-rs#675
• Upgrade to arrow 57 by @​mjgarton in duckdb/duckdb-rs#631
• Bump bytes from 1.11.0 to 1.11.1 by @​dependabot[bot] in duckdb/duckdb-rs#677
• Fix: keep db handle alive for clones by @​mlafeldt in duckdb/duckdb-rs#678
• Simplify ASan CI job by @​mlafeldt in duckdb/duckdb-rs#685
• Allow binding Date32 and Time64 by @​ultrabear in duckdb/duckdb-rs#682
• Rust 2024 by @​mlafeldt in duckdb/duckdb-rs#686
• Remove stale copyright years from README by @​mlafeldt in duckdb/duckdb-rs#688
• Verify MSRV in CI by @​mlafeldt in duckdb/duckdb-rs#687
• Implement Params for tuples by @​mlafeldt in duckdb/duckdb-rs#689
• Fix MSRV CI: disable cargo bin caching by @​mlafeldt in duckdb/duckdb-rs#690

... (truncated)

Commits

• a0ada45 Update DuckDB to v1.5.1 (#718)
• 906a18c Update DuckDB to v1.5.1
• 0891c29 Adapt upgrade.sh scripts to new versioning (#717)
• 54a22f4 Adapt upgrade.sh scripts to new versioning
• bcadfeb Remove direct arrow2 exposure (#698)
• 25c9461 cargo fmt
• 7e90b33 Clean up polars step_polars internals
• fd67021 Narrow ComputeError catch to only match empty-array case
• 71b3887 Remove direct arrow2 exposure
• bb3086a chore: update to arrow v58 (#702)
• Additional commits viewable in compare view

Updates md-5 from 0.10.6 to 0.11.0

Commits

• b5051e5 Cut new releases (#812)
• 451c446 md5: replace force-soft crate feature with md5_backend configuration flag...
• 2f00175 Release sha1 v0.11.0 (#810)
• 07d370c sha1: refactor backends selection (#808)
• 7c7cb76 Fix md5 project link in README (#809)
• ffe0939 Release sha2 0.11.0 (#806)
• 8991b65 Use the standard order of the [package] section fields (#807)
• 3d2bc57 sha2: refactor backends (#802)
• faa55fb sha3: bump keccak to v0.2 (#803)
• d3e6489 sha3 v0.11.0-rc.9 (#801)
• Additional commits viewable in compare view

Updates tempfile from 3.26.0 to 3.27.0

Changelog

Sourced from tempfile's changelog.

3.27.0

This release adds TempPath::try_from_path and deprecates TempPath::from_path.

Prior to this release, TempPath::from_path made no attempts to convert relative paths into absolute paths. The following code would have deleted the wrong file:

let tmp_path = TempPath::from_path("foo")
std::env::set_current_dir("/some/other/path").unwrap();
drop(tmp_path);

Now:

1. TempPath::from_path will attempt to convert relative paths into absolute paths. However, this isn't always possible as we need to call std::env::current_dir, which can fail. If we fail to convert the relative path to an absolute path, we simply keep the relative path.
2. The TempPath::try_from_path behaves exactly like TempPath::from_path, except that it returns an error if we fail to convert a relative path into an absolute path (or if the passed path is empty).

Neither function attempt to verify the existence of the file in question.

Thanks to @​meng-xu-cs for reporting this issue.

Commits

• 5c8fa12 chore: release 3.27.0
• e34e574 test: disable uds conflict test on redox
• 772c795 test: add CWD guards
• 2632fb9 fix: resolve relative paths when constructing TempPath
• See full diff in compare view

Updates tracing-subscriber from 0.3.22 to 0.3.23

Release notes

Sourced from tracing-subscriber's releases.

tracing-subscriber 0.3.23

Fixed

• Allow ansi sanitization to be disabled (#3484)

#3484: tokio-rs/tracing#3484

Commits

• 54ede4d chore: prepare tracing-subscriber 0.3.23 (#3490)
• 37558d5 subscriber: allow ansi sanitization to be disabled (#3484)
• efc690f core: add missing const (#3449)
• 0c32367 core: Use const initializers instead of once_cell
• 9feb241 docs: add arcswap reload crate to related (#3442)
• 2d55f6f chore: prepare tracing 0.1.44 (#3439)
• 10a9e83 chore: prepare tracing-core 0.1.36 (#3440)
• ee82cf9 tracing: fix record_all panic (#3432)
• 9978c36 chore: prepare tracing-mock 0.1.0-beta.3 (#3429)
• See full diff in compare view

Updates which from 8.0.1 to 8.0.2

Release notes

Sourced from which's releases.

8.0.2

What's Changed

• Remove env_home dependency by @​madsmtm in harryfei/which-rs#118
• New windows impl by @​Xaeroxe in harryfei/which-rs#121
• Swap dependency on rustix for dependency on libc by @​Xaeroxe in harryfei/which-rs#122

New Contributors

• @​madsmtm made their first contribution in harryfei/which-rs#118

Full Changelog: harryfei/which-rs@8.0.1...8.0.2

Changelog

Sourced from which's changelog.

8.0.2

• Dependency on home_env removed, the implementation found in rust 1.85.0 for a home directory has been fixed. Thanks, [@​madsmtm],(https://github.com/madsmtm) for this contribution to which!
• Dependency on winsafe removed, code for Windows API is now handwritten.
• Dependency on rustix removed, we now depend on libc directly to reduce compile times.

Commits

• 5bb3e82 update README MSRV
• aacc10e add changelog entry
• 7b0c544 Swap dependency on rustix for dependency on libc (#122)
• 189e99a New windows impl (#121)
• c48f04e clippy fixes
• 1fa32b7 bump msrv, bump version, add to changelog
• b0d6e74 Remove env_home dependency
• 2697220 chore: add release steps documentation
• 873554e add entry to CHANGELOG.md for 8.0.1
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions