Skip to content

deps(v4)(deps): bump rand_core from 0.6.4 to 0.9.5 in /v4#269

Closed
dependabot[bot] wants to merge 1 commit into
v4from
dependabot/cargo/v4/v4/rand_core-0.9.5
Closed

deps(v4)(deps): bump rand_core from 0.6.4 to 0.9.5 in /v4#269
dependabot[bot] wants to merge 1 commit into
v4from
dependabot/cargo/v4/v4/rand_core-0.9.5

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 30, 2026
edited
Loading

Bumps rand_core from 0.6.4 to 0.9.5.

Changelog

Sourced from rand_core's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

0.10.1 - 2026-04-13

Fixed

  • Reference to the rand crate in TryRng docs (#75)

#75: rust-random/rand_core#75

[0.10.0] - 2026-02-01

This release makes a number of significant changes which we hope will be the last significant breakage before 1.0. Code has moved from the [rust-random/rand] repository to its own [rust-random/rand_core].

User-facing API changes

Changed

  • Edition changed to 2024 and MSRV bumped to 1.85 ([rand#1668])
  • RngCore and TryRngCore are renamed to Rng and TryRng respectively (#54)
  • Rng is now an extension trait of TryRng<Error = Infallible> (#45)
  • TryRng::Error is bound on core::error::Error instead of Debug + Display (#58)
  • Relax Sized bound on impls of SeedableRng ([rand#1641])

Added

  • SeedableRng::{fork, try_fork} methods (#17)
  • Re-export of core::convert::Infallible (#56)

Removed

  • TryRng::read_adapter method (replaced with rand::RngReader) ([rand#1669])
  • os_rng crate feature ([rand#1674])
  • OsRng and OsError structs ([rand#1674])
  • SeedableRng::from_os_rng and SeedableRng::try_from_os_rng methods ([rand#1674])
  • getrandom dependency ([rand#1674])
  • std crate feature ([rand#1674])
  • Optional serde dependency (#28)
  • UnwrapMut struct and Rng::unwrap_mut method (#45)
  • Rng::unwrap_err method in favor of explicit wrapping in UnwrapErr (#53)

API changes to PRNG implementation helpers

Added

  • BlockRng::reconstruct and BlockRng::remaining_results methods (#36)
  • block::Generator::drop method (#35)

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Apr 30, 2026
pacphi added a commit that referenced this pull request Apr 30, 2026
@pacphi @ruvnet
deps(v4): bump fs4 1.1, hkdf 0.13, rand 0.9, jsonschema 0.46, oci-spe…
c0427e6 
…c 0.9

Applies dependabot PRs #267, #268, #270, #271, #273:

- oci-spec 0.7 → 0.9
- fs4 0.12 → 1.1 (sindri-core, sindri-registry); switched apply_state and
  git_cache to std::fs::File lock APIs (stable in Rust 1.89), dropping the
  fs4 import in those modules
- hkdf 0.12 → 0.13; replaced sha2_v10 (sha2 0.10) with workspace sha2 0.11
- rand 0.8 → 0.9 in sindri-secrets; thread_rng() → rng()
- jsonschema 0.29 → 0.46 (schema-gen dev-dep)

Skipped (require coordinated upgrades, not yet actionable):

- pkcs8 0.10 → 0.11 (PR #266): blocked by x509-cert 0.2 / sigstore 0.13
  pin — der 0.7 vs 0.8 trait mismatch
- rand_core 0.6 → 0.9 (PR #269): blocked by p256 0.13 SigningKey::random
  CryptoRngCore bound on rand_core 0.6
- rcgen 0.13 → 0.14 (PR #272): test cert synthesis API changed
  (signed_by signature, KeyUsagePurpose); needs test rewrite

Co-Authored-By: claude-flow <ruv@ruv.net>
@dependabot
deps(v4)(deps): bump rand_core from 0.6.4 to 0.9.5 in /v4
ca24b44 
Bumps [rand_core](https://github.com/rust-random/rand_core) from 0.6.4 to 0.9.5.
- [Release notes](https://github.com/rust-random/rand_core/releases)
- [Changelog](https://github.com/rust-random/rand_core/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-random/rand_core/commits)

---
updated-dependencies:
- dependency-name: rand_core
  dependency-version: 0.9.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/cargo/v4/v4/rand_core-0.9.5 branch from 253bcab to ca24b44 Compare April 30, 2026 13:50
@pacphi
Copy link
Copy Markdown
Owner

pacphi commented Apr 30, 2026

Blocked on upstream coordinated upgrade — not actionable today.

rand_core 0.9 removes the CryptoRngCore impl for OsRng that p256 0.13's SigningKey::random(&mut OsRng) requires (the bound is rooted in ecdsa::elliptic_curve::rand_core::CryptoRngCore, vendored from rand_core 0.6 inside p256 0.13).

Bumping rand_core alone yields:

the trait bound `rand_core::OsRng: ecdsa::elliptic_curve::rand_core::CryptoRngCore` is not satisfied

Fix requires p256 0.14 (only 0.14.0-rc.9 exists today) which transitively bumps ecdsa/pkcs8/x509-cert — same story as #266.

Leaving open until p256 0.14 stable is available.

@pacphi pacphi mentioned this pull request May 13, 2026
Merged
5 tasks
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 14, 2026

Looks like rand_core is no longer updatable, so this is no longer needed.

@dependabot dependabot Bot closed this May 14, 2026
@dependabot dependabot Bot deleted the dependabot/cargo/v4/v4/rand_core-0.9.5 branch May 14, 2026 17:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pacphi