chore(deps): bump rand

[hanabi1224]

Summary of changes

Changes introduced in this pull request:

• bump rand to mitigate https://rustsec.org/advisories/RUSTSEC-2026-0097 and [automated] cargo deny check advisories failure @ 13/4/26 00:08 #6894

Reference issue to close (if applicable)

Closes

Other information and links

Change checklist

• I have performed a self-review of my own code,
• I have made corresponding changes to the documentation. All new code adheres to the team's documentation standards,
• I have added tests that prove my fix is effective or that my feature works (if possible),
• I have made sure the CHANGELOG is up-to-date. All user-facing changes should be reflected in this document.

Outside contributions

• I have read and agree to the CONTRIBUTING document.
• I have read and agree to the AI Policy document. I understand that failure to comply with the guidelines will lead to rejection of the pull request.

Summary by CodeRabbit

• Chores
  • Updated project configuration settings

[coderabbitai]

Walkthrough

An additional Rust advisory (RUSTSEC-2026-0097) is added to the deny.toml file's [advisories] ignore list with an inline comment documenting the unsoundness issue in rand when using a custom logger via rand::rng().

Changes

Cohort / File(s)	Summary
Configuration deny.toml	Added RUSTSEC-2026-0097 to the advisories ignore list with a comment noting unsoundness in rand for custom logger usage.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• chore: suppress RUSTSEC-2025-0046 #5852 — Modifies the same deny.toml advisories ignore list to suppress a different RUSTSEC advisory.

Suggested labels

dependencies, rust

Suggested reviewers

• LesnyRumcajs
• akaladarshi

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'chore(deps): bump rand' is directly related to the changeset, which adds an advisory ignore entry for a rand-related vulnerability (RUSTSEC-2026-0097) as part of bumping the rand dependency.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch hm/bump-rand

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch hm/bump-rand

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 64.10%. Comparing base (b0c5e23) to head (baf7526).
⚠️ Report is 1 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files

see 4 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b0c5e23...baf7526. Read the comment docs.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@deny.toml`:
- Line 9: The deny.toml entry for RUSTSEC-2026-0097 was added but Cargo.toml
still pins rand = "0.8", so either upgrade rand to a patched version or add a
justification comment; choose one: (A) Bump rand in Cargo.toml to "0.10.1" (or
later), run cargo update to refresh lockfiles and ensure no breakage in
functions/modules using rand (search for uses of rand::Rng, thread_rng, etc.),
or (B) Keep rand = "0.8" and update the deny.toml comment next to
"RUSTSEC-2026-0097" explaining the risky pattern is not present (state that this
codebase does not call rand::rng() nor implement a custom Logger trait and
instead uses tracing-subscriber), mirroring other ignored-advisory
justifications so reviewers can validate the exception.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: c200807b-6d89-442f-817f-5008a0f992bf

📥 Commits

Reviewing files that changed from the base of the PR and between b0c5e23 and baf7526.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (1)

• deny.toml