chore(deps): bump sanitization from 1.1.1 to 1.2.1 in the rust-minor group

[dependabot]

Bumps the rust-minor group with 1 update: sanitization.

Updates sanitization from 1.1.1 to 1.2.1

Release notes

Sourced from sanitization's releases.

Sanitization 1.2.1

sanitization v1.2.1

Small hardening release for locked in-place fill APIs.

Added

• In-place locked fill constructors and replacement APIs for LockedSecretBytes<N> and LockedSecretVec.
• Capacity-based LockedSecretVec fill APIs for decoders that know a maximum output size and return the final initialized length.
• LockedSecretVecFillError<E> for distinguishing memory-lock, fill, and length validation errors.

Hardened

• Explicit pre-return clearing on fallible locked fill/generation error paths.
• Pre-fill compiler fences around locked fill/generation writes.
• Canary integrity checks before fixed-size locked replacements.
• Release-build capacity assertions for dynamic locked and guarded storage initialization.
• WASM compatibility backend now exposes the same fixed-size fill/replace API surface.

Validation

• Workspace tests, clippy, docs, WASM target checks, evidence validation, leakage smoke, codegen checks, and Kani verification passed.

Sanitization 1.2.0

sanitization 1.2.0

This release is the largest hardening and usability update since 1.0.0. It adds a native dependency-free data-oblivious API, stronger verification/evidence tooling, stricter high-assurance feature profiles, safer enum/secret replacement patterns, and expanded release checks.

Added

• Added sanitization::ct, a native data-oblivious primitive layer:

  • Choice
  • Mask
  • CtOption
  • CtResult
  • CtOrdering
  • ConstantTimeEq
  • ConstantTimeOrd
  • ConditionallySelectable
  • fixed-length equality and ordering helpers
  • public-length equality helpers
  • explicit declassify(...) boundaries for public branching

• Added data-oblivious memory helpers:

  • oblivious_lookup
  • oblivious_lookup_secret
  • conditional_copy
  • conditional_swap
  • select_slice

• Added native ct integration for secret containers, including SecretBytes comparison and selection support.

• Added optional derive support for conservative field-wise ConstantTimeEq and ConditionallySelectable.

• Added strict high-assurance profiles:

... (truncated)

Changelog

Sourced from sanitization's changelog.

1.2.1

• Added in-place locked fill constructors and replacement APIs for LockedSecretBytes<N> and LockedSecretVec, allowing decoders, KDFs, RNGs, and protocol parsers to write directly into OS-locked memory without staging plaintext in an unlocked Vec.
• Added capacity-based LockedSecretVec fill APIs for decoders that know a maximum output size before decoding and return the actual initialized length afterwards. Over-reported lengths fail closed and clear the temporary locked mapping; spare payload bytes beyond the reported initialized length are volatile-cleared before exposure.
• Added LockedSecretVecFillError<E> for distinguishing memory-lock setup failures, fill closure failures, and invalid reported output lengths.
• Hardened locked fill error paths with explicit pre-return clearing, pre-fill compiler fences, canary integrity checks before fixed-size locked replacements, and release-build capacity assertions for dynamic locked and guarded storage initialization.

1.2.0

• Added the initial native sanitization::ct data-oblivious API skeleton with Choice, explicit Choice::declassify, native equality/select traits, CtOption, CtResult, public/secret marker wrappers, masks, and fixed or public-length byte equality helpers.
• Added secure_replace for sanitizing a value before replacement, documented enum derive inactive-variant byte limits, and added strict-enum-derive for opt-in compile-time acknowledgment of enum derive risk.
• Hardened split-secret construction by returning SplitSecretError::TrivialMask for trivially constant mask shares in all build profiles, added a consuming split constructor that clears the source SecretBytes, and aligned ExpiringSecretBytes::replace_from_slice with the build-clear-install replacement path.
• Aligned ExpiringSecretBytes::replace_from_array and the monotonic expiring slice/array replacement methods with the same build-clear-install path.
• Added high-assurance strict profiles: strict-ct for fail-closed assembly-backed comparisons on supported targets, strict-canary-check for OS-random canary-only integrity checks, and require-fork-exclusion for locked constructors that must reject platforms without fork-inheritance exclusion. The asm-compare backend now supports AArch64 in addition to x86_64.
• Added native ct memory-access helpers: oblivious_lookup, conditional_copy, conditional_swap, and select_slice, with public length-mismatch errors and full public-length scans where applicable.
• Added native ct::ConstantTimeEq integrations for secret containers and ct::ConditionallySelectable for fixed-size SecretBytes<N>, while keeping existing constant_time_eq methods source-compatible.
• Added EVIDENCE.md and expanded bounded Kani harness coverage for native ct choice normalization, fixed equality, public-length mismatch, conditional copy, and slice selection behavior.
• Addressed alpha pentest findings by adding stronger optimizer barriers to

... (truncated)

Commits

• 5ed3548 Clarify dynamic fill cleanup contract
• 9aa5d2f Harden locked fill error paths
• c678aa8 Add locked in-place fill APIs
• 99c9f03 Add CtOrdering invariant debug guard
• a6365c4 Address follow-up 1.2 pentest findings
• 97ccf69 Address final 1.2 pentest findings
• 4e2d179 Prepare 1.2.0 release
• a5165bf Reduce ct ordering barrier noise
• 3c771a2 Gate Linux AArch64 page helper by native features
• 8d175bc Create leakage report output directories
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, rust. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.