build(deps): bump cipher from 0.5.0-pre.2 to 0.5.0-pre.3

[dependabot[bot]]

Bumps cipher from 0.5.0-pre.2 to 0.5.0-pre.3.

Commits

• 59d1227 cipher v0.5.0-pre.3 (#1497)
• 4646f45 crypto-common v0.2.0-pre.5 (#1496)
• 39a7820 Bump hybrid-array to v0.2.0-rc.4 (#1493)
• 8ff7c6f Bump hybrid-array to v0.2.0-rc.3 (#1491)
• 02c85e1 Bump hybrid-array to v0.2.0-rc.2 (#1490)
• d622f97 crypto-common: rename serializable_state module to hazmat (#1487)
• 1568df8 CI: move doc job to workspace level (#1489)
• 3e13141 Fix typo in password-hash/src/errors.rs (#1486)
• 260e3e5 build(deps): bump actions/cache from 3 to 4 (#1485)
• 4459f60 cipher: followups to #1482 (#1483)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[tarcieri]

Hmm, that does look like a hybrid-array related regression on rc4 (and for some reason, only rc4), where it previously built with hybrid-array v0.2.0-rc.1.

Previously inference worked worked here, but with some upstream changes it doesn't:

https://github.com/RustCrypto/stream-ciphers/actions/runs/7754856866/job/21149042150?pr=342

error[E0283]: type annotations needed for `StreamCipherCoreWrapper<Rc4Core<KeySize>>`
   --> rc4/src/lib.rs:87:5
    |
9   | let mut rc4 = Rc4::new(b"Key".into());
    |     ^^^^^^^   --- type must be known at this point
    |
    = note: cannot satisfy `_: ArraySize`
    = help: the following types implement trait `ArraySize`:
              UInt<UInt<UInt<UInt<UInt<UInt<UInt<UInt<UInt<UInt<UInt<UInt<UInt<UInt<UTerm, B1>, B0>, B0>, B0>, B0>, B0>, B0>, B0>, B0>, B0>, B0>, B0>, B0>, B0>
              UInt<UInt<UInt<UInt<UInt<UInt<UInt<UInt<UInt<UInt<UInt<UInt<UInt<UTerm, B1>, B0>, B0>, B0>, B0>, B0>, B0>, B0>, B0>, B0>, B0>, B0>, B0>
              UInt<UInt<UInt<UInt<UInt<UInt<UInt<UInt<UInt<UInt<UInt<UInt<UTerm, B1>, B0>, B0>, B0>, B0>, B0>, B0>, B0>, B0>, B0>, B0>, B0>
              UInt<UInt<UInt<UInt<UInt<UInt<UInt<UInt<UInt<UInt<UInt<UTerm, B1>, B0>, B0>, B0>, B0>, B0>, B0>, B0>, B0>, B0>, B0>
              UInt<UInt<UInt<UInt<UInt<UInt<UInt<UInt<UInt<UInt<UTerm, B1>, B0>, B0>, B0>, B0>, B0>, B0>, B0>, B0>, B0>
              UInt<UInt<UInt<UInt<UInt<UInt<UInt<UInt<UInt<UInt<UTerm, B1>, B1>, B0>, B0>, B0>, B0>, B0>, B0>, B0>, B0>
              UInt<UInt<UInt<UInt<UInt<UInt<UInt<UInt<UInt<UInt<UTerm, B1>, B1>, B1>, B0>, B0>, B0>, B0>, B0>, B0>, B0>
              UInt<UInt<UInt<UInt<UInt<UInt<UInt<UInt<UInt<UTerm, B1>, B0>, B0>, B0>, B0>, B0>, B0>, B0>, B0>
            and 264 others
    = note: required for `Rc4Core<_>` to implement `KeySizeUser`
    = note: 1 redundant requirement hidden
    = note: required for `StreamCipherCoreWrapper<Rc4Core<_>>` to implement `KeySizeUser`
note: required by a bound in `rc4::KeyInit::new`
   --> /home/runner/.cargo/registry/src/index.crates.io-6f17d22bba15001f/crypto-common-0.2.0-pre.5/src/lib.rs:1[62](https://github.com/RustCrypto/stream-ciphers/actions/runs/7754856866/job/21149042150?pr=342#step:5:63):20
    |
162 | pub trait KeyInit: KeySizeUser + Sized {
    |                    ^^^^^^^^^^^ required by this bound in `KeyInit::new`
1[63](https://github.com/RustCrypto/stream-ciphers/actions/runs/7754856866/job/21149042150?pr=342#step:5:64) |     /// Create new value from fixed size key.
164 |     fn new(key: &Key<Self>) -> Self;
    |        --- required by a bound in this associated function
help: consider giving `rc4` an explicit type, where the type for type parameter `KeySize` is specified
    |
9   | let mut rc4: StreamCipherCoreWrapper<Rc4Core<KeySize>> = Rc4::new(b"Key".into());
    |            +++++++++++++++++++++++++++++++++++++++++++

It's likely due to this change which made the From impls safe, but at the cost of more complex bounds: https://github.com/RustCrypto/hybrid-array/pull/24

As noted in that PR, I spot checked the change on other repos, but not this one.

[dependabot[bot]]

Looks like cipher is up-to-date now, so this is no longer needed.