chore(deps): update crates and nix flakes

- Updated multiple Rust dependencies, including `opentelemetry`, `const-oid`, and `webpki-roots` for enhanced features and bug fixes.
- Upgraded `nixpkgs` and `crane` in the nix flake configuration.
- Removed unused dependencies and introduced missing dependencies for improved build integrity.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>

crates/intel-dcap-api/src/client/helpers.rs

@@ -11,8 +11,7 @@ use crate::{
 };
 use percent_encoding::percent_decode_str;
 use reqwest::{RequestBuilder, Response, StatusCode};
-use std::io;
-use std::time::Duration;
+use std::{io, time::Duration};
 use tokio::time::sleep;
 
 impl ApiClient {
@@ -154,8 +153,7 @@ impl ApiClient {
         resource_description: &str,
     ) -> Result<(), IntelApiError> {
         let builder_clone = request_builder.try_clone().ok_or_else(|| {
-            IntelApiError::Io(io::Error::new(
-                io::ErrorKind::Other,
+            IntelApiError::Io(io::Error::other(
                 "Failed to clone request builder for status check",
             ))
         })?;
@@ -241,8 +239,7 @@ impl ApiClient {
         loop {
             // Clone the request builder for retry attempts
             let builder = request_builder.try_clone().ok_or_else(|| {
-                IntelApiError::Io(io::Error::new(
-                    io::ErrorKind::Other,
+                IntelApiError::Io(io::Error::other(
                     "Failed to clone request builder for retry",
                 ))
             })?;

crates/teepot-vault/Cargo.toml

@@ -26,7 +26,7 @@ sha2.workspace = true
 teepot.workspace = true
 thiserror.workspace = true
 tracing.workspace = true
-webpki-roots = "0.26.1"
+webpki-roots = "1.0.0"
 x509-cert.workspace = true
 
 [dev-dependencies]

crates/teepot-vault/bin/vault-admin/src/main.rs

@@ -3,7 +3,10 @@
 
 use anyhow::{anyhow, bail, Context, Result};
 use clap::{Args, Parser, Subcommand};
-use pgp::{types::PublicKeyTrait, Deserializable, SignedPublicKey};
+use pgp::{
+    composed::{Deserializable, SignedPublicKey},
+    types::KeyDetails,
+};
 use serde_json::Value;
 use std::{
     default::Default,

crates/teepot-vault/src/server/signatures.rs

@@ -1,14 +1,18 @@
 // SPDX-License-Identifier: Apache-2.0
-// Copyright (c) 2023-2024 Matter Labs
+// Copyright (c) 2023-2025 Matter Labs
 
 //! Signature checking utilities
 
-use crate::json::secrets::AdminConfig;
-use crate::server::{HttpResponseError, Status as _};
+use crate::{
+    json::secrets::AdminConfig,
+    server::{HttpResponseError, Status as _},
+};
 use actix_web::http::StatusCode;
 use anyhow::{anyhow, bail, Context, Result};
-use pgp::types::PublicKeyTrait;
-use pgp::{Deserializable, SignedPublicKey, StandaloneSignature};
+use pgp::{
+    composed::{Deserializable, SignedPublicKey, StandaloneSignature},
+    types::PublicKeyTrait,
+};
 use tracing::debug;
 
 /// Verify a pgp signature for some message given some public keys
@@ -91,7 +95,7 @@ impl VerifySig for AdminConfig {
 mod tests {
     use super::verify_sig;
     use base64::{engine::general_purpose, Engine as _};
-    use pgp::{Deserializable, SignedPublicKey};
+    use pgp::composed::{Deserializable, SignedPublicKey};
 
     const TEST_DATA: &str = include_str!("../../tests/data/test.json");
 

crates/teepot/src/ethereum/mod.rs

@@ -17,7 +17,7 @@ pub fn recover_signer(sig: &[u8; 65], root_hash: &Message) -> Result<[u8; 20]> {
         &sig[0..64],
         RecoveryId::try_from(i32::from(sig[64]) - 27)?,
     )?;
-    let public = SECP256K1.recover_ecdsa(root_hash, &sig)?;
+    let public = SECP256K1.recover_ecdsa(*root_hash, &sig)?;
     Ok(public_key_to_ethereum_address(&public))
 }
 
@@ -42,7 +42,7 @@ mod tests {
 
     /// Signs the message in Ethereum-compatible format for on-chain verification.
     fn sign_message(sec: &SecretKey, message: Message) -> Result<[u8; 65]> {
-        let s = SECP256K1.sign_ecdsa_recoverable(&message, sec);
+        let s = SECP256K1.sign_ecdsa_recoverable(message, sec);
         let (rec_id, data) = s.serialize_compact();
 
         let mut signature = [0u8; 65];