deps(deps): bump the crypto-stack group across 1 directory with 7 updates

[dependabot]

Bumps the crypto-stack group with 7 updates in the / directory:

Package	From	To
blake3	1.8.3	1.8.5
aes	0.8.4	0.9.0
cipher	0.4.4	0.5.2
xts-mode	0.5.1	0.6.0
poly1305	0.8.0	0.9.0
hmac	0.12.1	0.13.0
sha2	0.10.9	0.11.0

Updates blake3 from 1.8.3 to 1.8.5

Release notes

Sourced from blake3's releases.

1.8.5

version 1.8.5

Changes since 1.8.4:

• Forcibly disable LTO when compiling C intrinsics from the Rust build. This fixes a build break on Arch Linux ARM: BLAKE3-team/BLAKE3#550

1.8.4

version 1.8.4

Changes since 1.8.3:

• Updated the digest dependency from v0.10 to v0.11. THIS IS A POTENTIALLY BREAKING CHANGE for callers using the traits-preview Cargo feature. But this is not considered a breaking change for the blake3 crate itself; see the docs for traits-preview.
• Performance for WASM SIMD targets is improved by ~20% when the wasm32_simd feature is enabled. Contributed by @​lamb356.

Commits

• 93a431c version 1.8.5
• 299b1e2 fix LTO builds by disabling LTO
• 6a45fee add LTO builds to CI
• 15e83a5 c: Use correct SIMD flags when compiling with Clang-Cl (#549)
• 2e3727d cargo fmt everywhere
• b97a24f version 1.8.4
• 0ebe469 update to new rustcrypto trait releases
• d4b005a wasm32_simd: use i8x16_shuffle for rot8 and rot16
• 6eebbbd fix a struct size mismatch in tests
• fb1411e c: use SIZE_MAX instead of -1 for size_t sentinels, add <stdint.h>
• See full diff in compare view

Updates aes from 0.8.4 to 0.9.0

Commits

• 001e740 Adopt Trusted Publishing (#552)
• d908618 Release aes v0.9.0 (#539)
• b612904 aes: remove zeroize_works test (#551)
• 042fa86 Update Cargo.lock (#547)
• 7290b2b ci: use Dependabot to update Cargo.lock (#546)
• d1910c1 ci: bump actions/checkout to v6 (#545)
• 1120a51 Bump Clippy to 1.94 and fix clippy::manual_rotate (#544)
• d52b5b6 aes: remove weak key test entry from changelog (#543)
• 6531730 aes: replace aes_compact configuration flag with `aes_backend_soft="compact...
• f102c4f aes: consolidate backend configuration under aes_backend (#541)
• Additional commits viewable in compare view

Updates cipher from 0.4.4 to 0.5.2

Commits

• f836f71 Release cipher v0.5.2 (#2423)
• c9d00e2 cipher: re-export SetIvState trait (#2422)
• 93dee26 Release crypto-common v0.2.2 (#2421)
• f73c4bc crypto-common: add SetIvState trait (#2420)
• 94f108f ci: bump crate-ci/typos from 1.46.1 to 1.46.2 (#2419)
• e4d7d34 elliptic-curve: remove bits feature (#2417)
• d2cf1f9 Update Cargo.lock (#2415)
• 40f6b7b ci: bump crate-ci/typos from 1.46.0 to 1.46.1 (#2409)
• 5debc66 elliptic-curve: fix minimal-versions check (#2414)
• 4e999e3 digest: remove unused file (#2411)
• Additional commits viewable in compare view

Updates xts-mode from 0.5.1 to 0.6.0

Changelog

Sourced from xts-mode's changelog.

[0.6.0] - 2026-05-05

Changed

• Breaking: Update cipher to 0.5.1 and aes examples / tests to 0.9.0.
• Breaking: The cipher block size is now enforced at the type level.
  • This also removes the possibility of methods panicking due to an incorrect block size.
• Breaking: Tweak inputs and examples now use hybrid_array::Array instead of the array primitive, following upstream.
• Increase MSRV to 1.85 and update to edition 2024.
• Improve and simplify core logic

Removed

• Breaking: Remove unused std feature.
• Remove byteorder dependency.
• Remove trait bounds from the Xts128 struct, applying them only to implementations.

Commits

• ce5a8ef Bump version and update CHANGELOG.md
• 338c6f6 Update top-level docs and README.md
• f628265 Simplify panic message
• 15c3673 Simplify galois_field_128_mul_le
• 6b2259d Simplify stealing logic
• 405a564 Remove trait bounds from Xts128 struct
• 7a68d8e Use hybrid-array instead of primitive array
• 1e4b5c4 Update to cipher 0.5 and aes to 0.9
• 880f316 Remove byteorder dependency
• 3d7838c Remove unused std feature
• Additional commits viewable in compare view

Updates poly1305 from 0.8.0 to 0.9.0

Commits

• ec9e338 poly1305 v0.9.0 (#333)
• e25c443 build(deps): bump cpubits from 0.1.0 to 0.1.1 in the all-deps group (#332)
• 2e34488 Update Cargo.lock (#331)
• 8b7e6c6 build(deps): bump the all-deps group with 8 updates (#329)
• 98694a7 build(deps): bump the all-deps group across 1 directory with 8 updates (#327)
• f2c9517 poly1305: add lint configs to Cargo.toml (#324)
• 4d64c9a poly1305: rename poly1305_force_soft => poly1305_backend="soft" (#323)
• 2ec2140 ghash v0.6.0 (#322)
• 9fe701b polyval: add v0.7.0 yank note to CHANGELOG.md (#321)
• d187ef8 polyval v0.7.1 (#319)
• Additional commits viewable in compare view

Updates hmac from 0.12.1 to 0.13.0

Commits

• 0236c8e hmac v0.13.0 (#263)
• b895e50 Migrate tests to the new blobby format (#264)
• 3d1440b Workspace-level lint configuration (#261)
• 11d4f36 hmac: use release versions of dev-dependencies (#260)
• c40b82b hmac: bump sha2 dev-dependency to v0.11 (#259)
• 1fa0781 Cut rc.5 prereleases (#258)
• a008265 hmac v0.13.0-rc.6 (#256)
• da485cd Use (Reset)MacTraits (#254)
• 2c51e3b hmac: derive Clone instead of relying on (Reset)MacTraits (#253)
• 669d805 Relax Clone bounds (#250)
• Additional commits viewable in compare view

Updates sha2 from 0.10.9 to 0.11.0

Commits

• ffe0939 Release sha2 0.11.0 (#806)
• 8991b65 Use the standard order of the [package] section fields (#807)
• 3d2bc57 sha2: refactor backends (#802)
• faa55fb sha3: bump keccak to v0.2 (#803)
• d3e6489 sha3 v0.11.0-rc.9 (#801)
• bbf6f51 sha2: tweak backend docs (#800)
• 155dbbf sha3: add default value for the DS generic parameter on TurboShake128/256...
• ed514f2 Use published version of keccak v0.2 (#799)
• 702bcd8 Migrate to closure-based keccak (#796)
• 827c043 sha3 v0.11.0-rc.8 (#794)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.