deps(deps): bump scrypt from 0.11.0 to 0.12.0

[dependabot]

Bumps scrypt from 0.11.0 to 0.12.0.

Commits

• a795bf6 scrypt v0.12.0 (#897)
• c194deb bcrypt-pbkdf v0.11.0 (#889)
• 40650d4 bcrypt-pbkdf: enable and fix workspace-level lints (#898)
• b71d563 yescrypt: enable and fix workspace-level lints (#896)
• 49ec224 sha-crypt v0.6.0 (#895)
• d22e8d9 sha-crypt: no_alloc support (#894)
• 90b92e4 scrypt: enable and fix workspace-level lints (#892)
• 49dcb80 sha-crypt: enable and fix workspace-level lints (#893)
• a5df39e argon2: enable and fix workspace-level lints (#891)
• a57c01a balloon-hash: bump crypto-bigint to v0.7 (#890)
• Additional commits viewable in compare view

[proggeramlug]

Blocked on a coordinated RustCrypto cipher-stack migration — deferring.

This bump fails to compile (E0277: StreamCipher/KeyIvInit/BlockCipherEncrypt not satisfied) because it pulls one crate into the cipher 0.5 ecosystem while perry-stdlib still pins the rest of the AES stack at cipher 0.4:

• aes = 0.8, cbc = 0.1, ctr = 0.9, scrypt = 0.11 (all cipher-0.4 / crypto-common-0.1).

Making ctr 0.10 (or scrypt 0.12) build requires upgrading the whole group together — aes 0.8→0.9, cbc 0.1→0.2, ctr 0.9→0.10, scrypt 0.11→0.12 — plus migrating ~163 lines of correctness-critical crypto code across 6 files (crypto/{cipher,kdf,util}.rs, webcrypto/{aes,util}.rs, webcrypto.rs) to the cipher-0.5 API (new KeyIvInit/inout 0.2 buffers, BlockCipher{Encrypt,Decrypt} trait split).

Since these are routine minor bumps with no security advisory (security-audit passes on the current pins), I'm not landing a blind AES/scrypt API migration here. This needs a dedicated, test-vector-validated feat(deps): migrate AES stack to cipher 0.5 PR that bumps all four crates at once; this dependabot PR should ride on top of (or be superseded by) that. Leaving open as a tracked blocker rather than closing.

[proggeramlug]

Update — confirmed upstream-blocked (not just deferred). I tried the full cipher-0.4→0.5 stack bump (aes 0.9, cbc/ecb 0.2, ctr 0.10, scrypt 0.12, aes-gcm 0.11, chacha20poly1305 0.11, ghash 0.6, aes-kw 0.4) and cargo can't resolve it:

error: failed to select a version for the requirement `aes-gcm = "^0.11"`
    aes-gcm = { version = "0.11.0-rc.4" }

aes-gcm (needed by the node:crypto + WebCrypto AES-GCM surface) has no stable cipher-0.5 release yet — only 0.11.0-rc.4. Since ctr 0.10/scrypt 0.12 require aes 0.9/cipher 0.5, and aes 0.9 forces aes-gcm 0.11, this bump can't land without pinning correctness-critical AEAD to a release candidate. Holding until aes-gcm 0.11 ships stable, at which point the whole stack moves in one PR. Leaving open as a tracked, upstream-blocked item.