deps(deps): bump the crypto-stack group across 1 directory with 3 updates

[dependabot]

Bumps the crypto-stack group with 3 updates in the / directory: blake3, cipher and sha2.

Updates blake3 from 1.8.3 to 1.8.4

Release notes

Sourced from blake3's releases.

1.8.4

version 1.8.4

Changes since 1.8.3:

• Updated the digest dependency from v0.10 to v0.11. THIS IS A POTENTIALLY BREAKING CHANGE for callers using the traits-preview Cargo feature. But this is not considered a breaking change for the blake3 crate itself; see the docs for traits-preview.
• Performance for WASM SIMD targets is improved by ~20% when the wasm32_simd feature is enabled. Contributed by @​lamb356.

Commits

• b97a24f version 1.8.4
• 0ebe469 update to new rustcrypto trait releases
• d4b005a wasm32_simd: use i8x16_shuffle for rot8 and rot16
• 6eebbbd fix a struct size mismatch in tests
• fb1411e c: use SIZE_MAX instead of -1 for size_t sentinels, add <stdint.h>
• See full diff in compare view

Updates cipher from 0.4.4 to 0.5.1

Commits

• 3044082 crypto-common: remove BlockSizes trait (#2309)
• e42238d elliptic-curve: enable and fix workspace-level lints (#2308)
• f239f73 aead: remove lints from lib.rs (#2307)
• 7c11746 build(deps): bump the all-deps group across 1 directory with 8 updates (#2305)
• d92139e aead: enable and fix workspace-level lints (#2306)
• 593a0ea digest v0.11.0 (#2300)
• cb66cff elliptic-curve: bump crypto-bigint to v0.7.0-rc.27 (#2303)
• 0d0fdbe digest: use dep: for block-buffer and const-oid (#2302)
• c1a51d4 digest: replace subtle with ctutils (#2301)
• 5802c8f digest v0.11.0-rc.12 (#2299)
• Additional commits viewable in compare view

Updates sha2 from 0.10.9 to 0.11.0

Commits

• ffe0939 Release sha2 0.11.0 (#806)
• 8991b65 Use the standard order of the [package] section fields (#807)
• 3d2bc57 sha2: refactor backends (#802)
• faa55fb sha3: bump keccak to v0.2 (#803)
• d3e6489 sha3 v0.11.0-rc.9 (#801)
• bbf6f51 sha2: tweak backend docs (#800)
• 155dbbf sha3: add default value for the DS generic parameter on TurboShake128/256...
• ed514f2 Use published version of keccak v0.2 (#799)
• 702bcd8 Migrate to closure-based keccak (#796)
• 827c043 sha3 v0.11.0-rc.8 (#794)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, security. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[augmentcode]

🤖 Augment PR Summary

Summary: Updates the workspace crypto dependency set via a Dependabot group bump.

Changes:

• Bumps blake3 from 1.8.3 to 1.8.4
• Bumps cipher from 0.4.4 to 0.5.1 (RustCrypto trait crate)
• Bumps sha2 from 0.10.9 to 0.11.0
• Updates the workspace manifest to keep these pins consistent across member crates

Technical Notes: Both cipher and sha2 are 0.x breaking bumps, so downstream crates using their traits may need compatible companion upgrades.

_{🤖 Was this summary useful? React with 👍 or 👎}

[augmentcode]

Review completed. 2 suggestions posted.

Comment augment review to trigger a new review at any time.

[augmentcode]

cipher was bumped to 0.5.1 while aes is still pinned at 0.8.4, which is likely built against an older cipher major; this can cause trait/type mismatches where the code uses cipher::KeyInit with Aes256 (e.g., crates/encryption/src/xts.rs). Consider ensuring the AES/XTS stack is using a single compatible cipher major across direct + transitive deps to avoid split-trait issues.

Severity: high

Other Locations

• crates/encryption/src/xts.rs:24
• crates/encryption/src/error.rs:89

_{🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.}

[augmentcode]

sha2 0.11.0 is a breaking bump and typically comes with a newer digest major; with hmac = 0.12.1 and code that defines Hmac<Sha256>, this is very likely to introduce a Digest trait version mismatch. Consider verifying hmac/sha2 are on compatible RustCrypto generations wherever HMAC signing/verification is used.

Severity: high

Other Locations

• crates/gossip-layer/src/message.rs:3
• crates/encryption/src/keymanager.rs:22

_{🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.}