Skip to content

chore(deps): bump rand from 0.9.2 to 0.10.0#257

Merged
arnavk23 merged 2 commits intomainfrom
dependabot/cargo/rand-0.10.0
Feb 9, 2026
Merged

chore(deps): bump rand from 0.9.2 to 0.10.0#257
arnavk23 merged 2 commits intomainfrom
dependabot/cargo/rand-0.10.0

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 9, 2026

Bumps rand from 0.9.2 to 0.10.0.

Changelog

Sourced from rand's changelog.

[0.10.0] - 2026-02-08

Changes

  • The dependency on rand_chacha has been replaced with a dependency on chacha20. This changes the implementation behind StdRng, but the output remains the same. There may be some API breakage when using the ChaCha-types directly as these are now the ones in chacha20 instead of rand_chacha (#1642).
  • Rename fns IndexedRandom::choose_multiple -> sample, choose_multiple_array -> sample_array, choose_multiple_weighted -> sample_weighted, struct SliceChooseIter -> IndexedSamples and fns IteratorRandom::choose_multiple -> sample, choose_multiple_fill -> sample_fill (#1632)
  • Use Edition 2024 and MSRV 1.85 (#1653)
  • Let Fill be implemented for element types, not sliceable types (#1652)
  • Fix OsError::raw_os_error on UEFI targets by returning Option<usize> (#1665)
  • Replace fn TryRngCore::read_adapter(..) -> RngReadAdapter with simpler struct RngReader (#1669)
  • Remove fns SeedableRng::from_os_rng, try_from_os_rng (#1674)
  • Remove Clone support for StdRng, ReseedingRng (#1677)
  • Use postcard instead of bincode to test the serde feature (#1693)
  • Avoid excessive allocation in IteratorRandom::sample when amount is much larger than iterator size (#1695)
  • Rename os_rng -> sys_rng, OsRng -> SysRng, OsError -> SysError (#1697)
  • Rename Rng -> RngExt as upstream rand_core has renamed RngCore -> Rng (#1717)

Additions

  • Add fns IndexedRandom::choose_iter, choose_weighted_iter (#1632)
  • Pub export Xoshiro128PlusPlus, Xoshiro256PlusPlus prngs (#1649)
  • Pub export ChaCha8Rng, ChaCha12Rng, ChaCha20Rng behind chacha feature (#1659)
  • Fn rand::make_rng() -> R where R: SeedableRng (#1734)

Removals

  • Removed ReseedingRng (#1722)
  • Removed unused feature "nightly" (#1732)
  • Removed feature small_rng (#1732)

#1632: rust-random/rand#1632 #1642: rust-random/rand#1642 #1649: rust-random/rand#1649 #1652: rust-random/rand#1652 #1653: rust-random/rand#1653 #1659: rust-random/rand#1659 #1665: rust-random/rand#1665 #1669: rust-random/rand#1669 #1674: rust-random/rand#1674 #1677: rust-random/rand#1677 #1693: rust-random/rand#1693 #1695: rust-random/rand#1695 #1697: rust-random/rand#1697 #1717: rust-random/rand#1717 #1722: rust-random/rand#1722 #1732: rust-random/rand#1732 #1734: rust-random/rand#1734

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

EntelligenceAI PR Summary

This PR upgrades the rand crate from 0.9.0 to 0.10.0, bringing enhanced cryptographic implementations and expanded WASM capabilities.

  • Updated rand dependency to 0.10.0 in Cargo.toml for both production and development environments
  • Added new cryptographic dependencies: chacha20 0.10.0, cpufeatures 0.3.0, getrandom 0.4.1
  • Introduced wit-bindgen 0.51.0 alongside existing 0.46.0 with full ecosystem packages
  • Added WASM tooling: wasm-encoder, wasm-metadata, wasmparser (all 0.244.0)
  • Integrated wasip3 0.4.0 for WASI 0.3.0 support
  • Enhanced indexmap with serde support

@dependabot dependabot bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Feb 9, 2026
@entelligence-ai-pr-reviews
Copy link
Contributor

Walkthrough

This PR upgrades the rand crate from version 0.9.0 to 0.10.0 across the project. The update brings in newer cryptographic dependencies including chacha20 0.10.0, cpufeatures 0.3.0, and getrandom 0.4.1. Additionally, the dependency tree now includes WASM-related tooling with the addition of wit-bindgen 0.51.0 (alongside the existing 0.46.0), WASM encoding/parsing libraries (wasm-encoder, wasm-metadata, wasmparser at version 0.244.0), and WASI 0.3.0 support via wasip3 0.4.0. The indexmap dependency also gained serde support. These changes enhance the project's cryptographic capabilities and WASM integration features.

Changes

File(s) Summary
Cargo.toml Upgraded rand crate dependency from version 0.9.0 to 0.10.0 in both main dependencies and dev-dependencies sections.
Cargo.lock Updated dependency tree to reflect rand 0.10.0 upgrade with new transitive dependencies: chacha20 0.10.0, cpufeatures 0.3.0, getrandom 0.4.1; added wit-bindgen 0.51.0 ecosystem packages (wit-bindgen-core, wit-bindgen-rust, wit-bindgen-rust-macro, wit-component, wit-parser); introduced WASM tooling dependencies (wasm-encoder, wasm-metadata, wasmparser version 0.244.0); added wasip3 0.4.0 for WASI 0.3.0 support; updated indexmap to include serde dependencies.

Sequence Diagram

This diagram shows the interactions between components:

sequenceDiagram
    participant App as rust_annie Application
    participant Rand as rand (v0.10.0)
    participant ChaCha as chacha20 RNG
    participant RandCore as rand_core (v0.10.0)
    participant GetRandom as getrandom (v0.4.1)
    participant OS as Operating System

    Note over App,OS: Random Number Generation Flow (Upgraded Dependencies)

    App->>Rand: Request random value
    activate Rand
    
    Rand->>ChaCha: Initialize ChaCha20 RNG
    activate ChaCha
    
    ChaCha->>RandCore: Request entropy seed
    activate RandCore
    
    RandCore->>GetRandom: get_random_bytes()
    activate GetRandom
    
    GetRandom->>OS: System call for entropy
    activate OS
    OS-->>GetRandom: Raw entropy bytes
    deactivate OS
    
    GetRandom-->>RandCore: Entropy seed
    deactivate GetRandom
    
    RandCore-->>ChaCha: Seed data
    deactivate RandCore
    
    ChaCha->>ChaCha: Initialize ChaCha20 state
    ChaCha-->>Rand: RNG ready
    deactivate ChaCha
    
    Rand->>ChaCha: Generate random bytes
    activate ChaCha
    ChaCha->>ChaCha: ChaCha20 stream cipher
    ChaCha-->>Rand: Random bytes
    deactivate ChaCha
    
    Rand-->>App: Random value
    deactivate Rand

    Note over App,OS: WASM Support (New in v0.10)
    
    opt WASM Environment
        App->>Rand: Request random in WASM
        Rand->>GetRandom: get_random_bytes()
        GetRandom->>OS: WASI p3 interface
        OS-->>GetRandom: WASM entropy
        GetRandom-->>Rand: Random bytes
        Rand-->>App: Random value
    end
Loading

🔗 Cross-Repository Impact Analysis

Enable automatic detection of breaking changes across your dependent repositories. → Set up now

Learn more about Cross-Repository Analysis

What It Does

  • Automatically identifies repositories that depend on this code
  • Analyzes potential breaking changes across your entire codebase
  • Provides risk assessment before merging to prevent cross-repo issues

How to Enable

  1. Visit Settings → Code Management
  2. Configure repository dependencies
  3. Future PRs will automatically include cross-repo impact analysis!

Benefits

  • 🛡️ Prevent breaking changes across repositories
  • 🔍 Catch integration issues before they reach production
  • 📊 Better visibility into your multi-repo architecture

▶️AI Code Reviews for VS Code, Cursor, Windsurf
Install the extension

Note for Windsurf Please change the default marketplace provider to the following in the windsurf settings:

Marketplace Extension Gallery Service URL: https://marketplace.visualstudio.com/_apis/public/gallery

Marketplace Gallery Item URL: https://marketplace.visualstudio.com/items

Entelligence.ai can learn from your feedback. Simply add 👍 / 👎 emojis to teach it your preferences. More shortcuts below

Emoji Descriptions:

  • ⚠️ Potential Issue - May require further investigation.
  • 🔒 Security Vulnerability - Fix to ensure system safety.
  • 💻 Code Improvement - Suggestions to enhance code quality.
  • 🔨 Refactor Suggestion - Recommendations for restructuring code.
  • ℹ️ Others - General comments and information.

Interact with the Bot:

  • Send a message or request using the format:
    @entelligenceai + *your message*
Example: @entelligenceai Can you suggest improvements for this code?
  • Help the Bot learn by providing feedback on its responses.
    @entelligenceai + *feedback*
Example: @entelligenceai Do not comment on `save_auth` function !

Also you can trigger various commands with the bot by doing
@entelligenceai command

The current supported commands are

  1. config - shows the current config
  2. retrigger_review - retriggers the review

More commands to be added soon.

@entelligence-ai-pr-reviews
Copy link
Contributor

📚 Documentation Updates

I've created a pull request with documentation updates based on your changes:
#258

The documentation updates are in branch: doc-updates-1770608328

Please review the documentation changes to ensure they accurately reflect your code changes.

Bumps [rand](https://github.com/rust-random/rand) from 0.9.2 to 0.10.0.
- [Release notes](https://github.com/rust-random/rand/releases)
- [Changelog](https://github.com/rust-random/rand/blob/master/CHANGELOG.md)
- [Commits](rust-random/rand@rand_core-0.9.2...0.10.0)

---
updated-dependencies:
- dependency-name: rand
  dependency-version: 0.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/cargo/rand-0.10.0 branch from 74c8639 to ade01ba Compare February 9, 2026 17:57
@arnavk23 arnavk23 merged commit 6c4133e into main Feb 9, 2026
1 check passed
@arnavk23 arnavk23 deleted the dependabot/cargo/rand-0.10.0 branch February 9, 2026 19:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant

Comments