deps(deps): bump ctr from 0.9.2 to 0.10.1

[dependabot]

Bumps ctr from 0.9.2 to 0.10.1.

Commits

• 2fce505 Implement SetIvState trait (#114)
• e9a0336 Release new versions dependent on cipher v0.5 (#113)
• 504f0a6 belt-ctr: use type alias to define BeltCtr (#112)
• 0ff441c Add allow(missing_docs) for benchmarks (#111)
• 63a37c8 Use release versions of block cipher crates (#110)
• a19e7bd Workspace-level lint configuration (#108)
• fe63a2b cbc+ctr: cut new prereleases (#107)
• 3dbbcf1 Bump cipher to v0.5.1 (#106)
• 9745ef6 cfb8: remove tail processing (#105)
• 1403f56 Adopt Trusted Publishing (#104)
• Additional commits viewable in compare view

[proggeramlug]

Blocked on a coordinated RustCrypto cipher-stack migration — deferring.

This bump fails to compile (E0277: StreamCipher/KeyIvInit/BlockCipherEncrypt not satisfied) because it pulls one crate into the cipher 0.5 ecosystem while perry-stdlib still pins the rest of the AES stack at cipher 0.4:

• aes = 0.8, cbc = 0.1, ctr = 0.9, scrypt = 0.11 (all cipher-0.4 / crypto-common-0.1).

Making ctr 0.10 (or scrypt 0.12) build requires upgrading the whole group together — aes 0.8→0.9, cbc 0.1→0.2, ctr 0.9→0.10, scrypt 0.11→0.12 — plus migrating ~163 lines of correctness-critical crypto code across 6 files (crypto/{cipher,kdf,util}.rs, webcrypto/{aes,util}.rs, webcrypto.rs) to the cipher-0.5 API (new KeyIvInit/inout 0.2 buffers, BlockCipher{Encrypt,Decrypt} trait split).

Since these are routine minor bumps with no security advisory (security-audit passes on the current pins), I'm not landing a blind AES/scrypt API migration here. This needs a dedicated, test-vector-validated feat(deps): migrate AES stack to cipher 0.5 PR that bumps all four crates at once; this dependabot PR should ride on top of (or be superseded by) that. Leaving open as a tracked blocker rather than closing.

[proggeramlug]

Update — confirmed upstream-blocked (not just deferred). I tried the full cipher-0.4→0.5 stack bump (aes 0.9, cbc/ecb 0.2, ctr 0.10, scrypt 0.12, aes-gcm 0.11, chacha20poly1305 0.11, ghash 0.6, aes-kw 0.4) and cargo can't resolve it:

error: failed to select a version for the requirement `aes-gcm = "^0.11"`
    aes-gcm = { version = "0.11.0-rc.4" }

aes-gcm (needed by the node:crypto + WebCrypto AES-GCM surface) has no stable cipher-0.5 release yet — only 0.11.0-rc.4. Since ctr 0.10/scrypt 0.12 require aes 0.9/cipher 0.5, and aes 0.9 forces aes-gcm 0.11, this bump can't land without pinning correctness-critical AEAD to a release candidate. Holding until aes-gcm 0.11 ships stable, at which point the whole stack moves in one PR. Leaving open as a tracked, upstream-blocked item.