Bump rand_core from 0.6.1 to 0.6.3

[dependabot]

Bumps rand_core from 0.6.1 to 0.6.3.

Changelog

Sourced from rand_core's changelog.

[0.6.3] - 2019-01-04

Fixes

• Make the std feature require the optional rand_os dependency (#675)
• Re-export the optional WASM dependencies of rand_os from rand to avoid breakage (#674)

[0.6.2] - 2019-01-04

Additions

• Add Default for ThreadRng (#657)
• Move rngs::OsRng to rand_os sub-crate; clean up code; use as dependency (#643) ##BLOCKER##
• Add rand_xoshiro sub-crate, plus benchmarks (#642, #668)

Fixes

• Fix bias in UniformInt::sample_single (#662)
• Use autocfg instead of rustc_version for rustc version detection (#664)
• Disable i128 and u128 if the target_os is emscripten (#671: work-around Emscripten limitation)
• CI fixes (#660, #671)

Optimisations

• Optimise memory usage of UnitCircle and UnitSphereSurface distributions (no PR)

Commits

• 8792268 Merge pull request #1137 from rust-random/work2
• 1bfc53d Update changelogs and bump version numbers
• 4534311 Merge pull request #1133 from rust-random/work2
• 81f1af8 Correct usage of reserve
• fa17d1c Add comment to append_string for Standard
• b4c1d66 Add DistString
• 1947c89 Move Distribution trait and associates to sub-module
• 98a0339 Merge pull request #1135 from dhardy/work
• a7f8fb7 Prepare rand_chacha v0.3.1 release
• 09d3df3 Merge pull request #1130 from dhardy/work
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.