build(deps): bump dryoc from 0.7.2 to 0.8.0

[dependabot]

Bumps dryoc from 0.7.2 to 0.8.0.

Release notes

Sourced from dryoc's releases.

v0.8.0

dryoc v0.8.0

dryoc 0.8.0 moves the crate to Rust 2024 with Rust 1.89 as the MSRV, adds optional direct wincode serialization for Rustaceous box types, and expands opt-in nightly portable SIMD coverage for secretbox, Poly1305, Argon2, and BLAKE2b internals.

This release also fixes protected-memory permission coverage, adds generate() aliases for Rust 2024 callers, and broadens fuzz coverage around parser and decryptor boundaries.

Full Changelog: brndnmtthws/dryoc@v0.7.2...v0.8.0

Breaking Changes

• The minimum supported Rust version is now Rust 1.89. Cargo.toml now declares edition = "2024" and rust-version = "1.89".
• Rust 2024 reserves gen as a keyword. Prefer the new generate() APIs. Existing generation APIs remain available through raw identifier syntax such as Key::r#gen() for compatibility and are documented as candidates for future deprecation.
• Several direct dependencies were updated to current major versions, including base64 0.22, chacha20 0.10, salsa20 0.11, sha2 0.11, rand 0.10, subtle 2.6, and zeroize 1.8.

Upgrade Notes

Update your Rust toolchain and manifest before building:

rustup update stable
cargo update -p dryoc --precise 0.8.0

If your Cargo.toml pins a 0.7 requirement, update it to 0.8 first:

dryoc = "0.8"

For random generation in Rust 2024 code, prefer:

let key = dryoc::dryocsecretbox::Key::generate();

Existing compatibility calls use raw identifier syntax:

let key = dryoc::dryocsecretbox::Key::r#gen();

Enable direct wincode serialization only where needed:

dryoc = { version = "0.8", features = ["wincode"] }

The internal portable SIMD backends remain opt-in and nightly-gated:

... (truncated)

Commits

• 742f239 perf: add argon2 simd block mixing (#115)
• b88dbad docs: link README unsafe note to rustdoc (#114)
• a9f4bb8 docs: document unsafe code usage (#113)
• 305a437 perf: add portable SIMD Poly1305 backend (#112)
• beea40f perf: optimize blake2b simd buffering (#111)
• 57b4aac feat: add generate aliases for random generation (#110)
• 01ea877 feat: add portable SIMD Salsa20 secretbox backend (#108)
• ab0ae1c test: add fuzz targets for parsing boundaries (#109)
• 24e47a3 feat: upgrade crate to Rust 2024 (#107)
• aba4f57 fix: protect full memory regions (#105)
• Additional commits viewable in compare view

---

Note

Medium Risk
Touches a crypto dependency used for root-key KDF with a major-version bump and a large lockfile churn, though the diff does not modify bedrock’s own crypto code.

Overview
Bumps dryoc in bedrock from 0.7.2 to 0.8.0, with Cargo.lock refreshed so transitive crypto crates resolve to the versions dryoc 0.8 pulls in (e.g. chacha20 0.10, sha2 0.11, rand 0.10, cipher 0.5). There are no application source changes; bedrock still depends on dryoc only for dryoc::kdf::Kdf in root key handling.

Callers should treat this as aligning with dryoc’s Rust 1.89 / edition 2024 MSRV and its updated major dependency stack; behavior should stay the same unless dryoc’s KDF or internals changed incompatibly between releases.

^{Reviewed by Cursor Bugbot for commit 05318b1. Bugbot is set up for automated code reviews on this repo. Configure here.}

[paolodamico]

dryoc was published 1+ month ago, with immutable releases, breaking changes don't affect us, we're already at rust 1.94