Bump base64-ng from 1.0.5 to 1.2.1

[dependabot]

Bumps base64-ng from 1.0.5 to 1.2.1.

Release notes

Sourced from base64-ng's releases.

base64-ng 1.2.1

Documentation/package patch for the 1.2 encode-acceleration release.

• Updates README and crates.io examples to 1.2.1.
• Adds clearer simd feature guidance for admitted encode acceleration.
• Refreshes SIMD admission, roadmap, migration, dependency, and companion-crate docs.
• No runtime behavior changes from 1.2.0.

base64-ng 1.2.0

base64-ng v1.2.0

v1.2.0 is the full encode-acceleration family release. It syncs the core crate and all companion crates to 1.2.0, admits reviewed runtime SIMD encode backends, and keeps decode/security-sensitive paths conservative.

Highlights

• Added active SIMD encode acceleration for admitted std targets:
  • SSSE3/SSE4.1 on x86/x86_64
  • AVX2 on x86/x86_64
  • AVX-512 VBMI on supported x86_64
  • NEON on supported AArch64
• Runtime dispatch now selects admitted encode backends only when CPU features and block-size requirements are satisfied.
• Scalar fallback remains the default for unsupported CPUs, no_std, custom alphabets where not admitted, tails, padding, line wrapping, in-place encode, and all decode paths.
• Decode acceleration is intentionally not part of this release.

Security And Assurance

• Kept the core base64-ng crate zero-runtime-dependency.
• Preserved scalar decode as the trust baseline.
• Added stronger backend evidence and performance reporting, including effective backend names in perf evidence.
• Hardened SIMD admission tooling, unsafe-boundary validation, generated assembly evidence, panic-policy checks, and backend-report expectations.
• Expanded documentation around admitted SIMD cleanup, register cleanup, scalar fallback behavior, and future SIMD admission requirements.
• Added scripts/check_aarch64_linux.sh for real ARM Linux verification.
• Added locked-memory sanitization helpers through the optional base64-ng-sanitization companion.

Companion Crates

All companion crates are synced to 1.2.0:

• base64-ng-sanitization
  • Updated to sanitization 1.2.1.
  • Added native sanitization::ct::Choice comparison helpers.
  • Added opt-in memory-lock, canary-check, random-canary, and high-assurance features.
  • Added direct decode helpers into sanitization::LockedSecretBytes and LockedSecretVec.
• base64-ng-subtle
  • Provides optional subtle::ConstantTimeEq helpers for token/MAC comparison boundaries.
• base64-ng-derive
  • Dependency-free Base64Secret derive remains available for fixed-size secret newtypes.
• base64-ng-serde
  • Optional serde wrappers remain explicit at the field boundary.

... (truncated)

Changelog

Sourced from base64-ng's changelog.

1.2.1 - Unreleased

• Bumped the workspace family to 1.2.1 so crates.io and docs.rs show the corrected 1.2.x README, companion-crate examples, and release matrix.
• Updated README guidance for the completed 1.2.0 encode-acceleration release, including an explicit simd feature install snippet and an example showing that public encode APIs remain unchanged while runtime dispatch selects an admitted backend only when the platform and input shape qualify.
• Refreshed SIMD admission, roadmap, dependency, migration, and companion-crate documentation so 1.2.0 is no longer described as staged.

1.2.0 - 2026-06-21

• Synced all workspace crates for the 1.2.0 family release after collecting the former 1.1.x checkpoint work without publishing many small intermediate crates.io versions.
• Updated base64-ng-sanitization to sanitization 1.2.1, added native sanitization::ct::Choice comparison helpers for decoded SecretBytes and SecretVec values, and added opt-in locked-secret decode helpers that write directly into LockedSecretBytes or LockedSecretVec under the companion's memory-lock/high-assurance feature set.
• Cached std SIMD backend detection after the first runtime probe, gated admitted encode dispatch by each backend's fixed block size, and avoided runtime SIMD wrapper calls for inputs that cannot fill a vector block.
• Removed extra per-block input/output stack copies from admitted runtime SIMD slice encode loops by passing bounds-proven fixed-size views directly into the reviewed block encoders.
• Clarified the 1.2.0 encode scope: slice, clear-tail, alloc, and wrapped encode helpers route through the encode backend boundary; wrapped encode may use SIMD for the unwrapped staging step, while line-ending insertion, in-place encode, tails, padding, custom alphabets, no_std, and decode stay scalar unless separately admitted.
• Admitted std x86/x86_64 SSSE3/SSE4.1 encode dispatch for Standard and URL-safe alphabet families. The admitted path processes fixed 12-byte blocks with vector code after runtime CPU probing and falls back to scalar for unsupported CPUs, no_std, custom alphabets, tails, padding, in-place encode, line-ending insertion, and every decode path.
• Updated runtime reporting, backend evidence, SIMD admission validation, unsafe inventory, and user documentation so SSSE3/SSE4.1 encode is reported as an admitted backend while AVX2, AVX-512 VBMI, NEON, wasm simd128, custom-alphabet, in-place, and decode acceleration remain prototype-only or scalar.
• Added a real non-dispatchable AVX-512 VBMI fixed-block encode prototype that uses the provided alphabet table for all alphabets. The prototype remains test-only and is not reachable from runtime backend selection.
• Added AVX-512 SIMD equivalence coverage for patterned blocks, all 64 emitted six-bit Base64 values, and a non-standard custom alphabet.
• Added scripts/generate_simd_asm_evidence.sh to capture release test-harness assembly for inactive SSSE3/SSE4.1, AVX2, and AVX-512 VBMI encode prototypes.

... (truncated)

Commits

• d8a419b Prepare 1.2.1 documentation patch
• fc0cf38 Add locked sanitization decode helpers
• ff24eee Clarify admitted SIMD cleanup labels
• d3d3dc1 Fix AArch64 NEON test helper visibility
• abe8a5c Record AArch64 verification in changelog
• bceb678 Add AArch64 Linux verification helper
• f7ed4d7 Record effective backend in perf evidence
• ed16364 Clarify staged SIMD encode scope
• 37051ac Avoid temporary copies in SIMD slice encode
• 9c7c49c Gate SIMD encode by fixed block size
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)