Skip to content

chore(deps): bump rand 0.10.0 to 0.10.1 and 0.9.2 to 0.9.4#25204

Merged
thomasqueirozb merged 2 commits intomasterfrom
deps/rand-0.10.1-RUSTSEC-2026-0097
Apr 15, 2026
Merged

chore(deps): bump rand 0.10.0 to 0.10.1 and 0.9.2 to 0.9.4#25204
thomasqueirozb merged 2 commits intomasterfrom
deps/rand-0.10.1-RUSTSEC-2026-0097

Conversation

@thomasqueirozb
Copy link
Copy Markdown
Contributor

@thomasqueirozb thomasqueirozb commented Apr 15, 2026
edited
Loading

Summary

Bumps rand 0.10.0 to 0.10.1, rand 0.9.2 to 0.9.4, and adds RUSTSEC-2026-0097 ignore for rand 0.8.5 (transitive dependency from upstream crates not yet updated to rand 0.9+).

Technically possible to upgrade to remove rand 0.8 dependency:

  • apache-avro 0.16.0 -> 0.21.0
  • hickory-proto/resolver 0.24.4 -> 0.25.2
  • mongodb 3.3.0 -> 3.5.2
  • num-bigint-dig 0.8.6 -> 0.9.1
  • tokio-retry 0.3.0 -> 0.3.1
  • tokio-websockets 0.10.1 -> 0.13.2
  • tower 0.4.13 -> 0.5.3
  • tungstenite 0.20.1 -> 0.29.0

Blockers (no upstream fix available):

  • async-nats 0.46.0 (0.47.0 still uses rand 0.8)
  • nkeys 0.4.5
  • oauth2 5.0.0
  • openidconnect 4.0.1
  • pulsar 6.7.1
  • sqlx-mysql/sqlx-postgres 0.8.6
  • domain 0.11.0 (used by vrl)

Vector configuration

NA

How did you test this PR?

cargo deny --log-level error --all-features check all passes.

Change Type

  • Bug fix
  • New feature
  • Dependencies
  • Non-functional (chore, refactoring, docs)
  • Performance

Is this a breaking change?

  • Yes
  • No

Does this PR include user facing changes?

  • Yes. Please add a changelog fragment based on our guidelines.
  • No. A maintainer will apply the no-changelog label to this PR.

References

@thomasqueirozb thomasqueirozb added the no-changelog Changes in this PR do not need user-facing explanations in the release changelog label Apr 15, 2026
@thomasqueirozb thomasqueirozb changed the title chore(deps): bump rand 0.10.0 to 0.10.1 (RUSTSEC-2026-0097) chore(deps): bump rand 0.10.0 to 0.10.1 and 0.9.2 to 0.9.4 Apr 15, 2026
@thomasqueirozb thomasqueirozb marked this pull request as ready for review April 15, 2026 18:56
@thomasqueirozb thomasqueirozb requested a review from a team as a code owner April 15, 2026 18:56
@thomasqueirozb thomasqueirozb added this pull request to the merge queue Apr 15, 2026
@pront pront removed this pull request from the merge queue due to a manual request Apr 15, 2026
@thomasqueirozb thomasqueirozb added this pull request to the merge queue Apr 15, 2026
Merged via the queue into master with commit a146959 Apr 15, 2026
88 checks passed
@thomasqueirozb thomasqueirozb deleted the deps/rand-0.10.1-RUSTSEC-2026-0097 branch April 15, 2026 20:58
@github-actions github-actions bot locked and limited conversation to collaborators Apr 15, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@pront pront pront approved these changes

Assignees

No one assigned

Labels

no-changelog Changes in this PR do not need user-facing explanations in the release changelog

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@thomasqueirozb @pront