Skip to content

Update to rand 0.10#1389

Draft
divergentdave wants to merge 4 commits intomainfrom
david/rand-0.10
Draft

Update to rand 0.10#1389
divergentdave wants to merge 4 commits intomainfrom
david/rand-0.10

Conversation

@divergentdave
Copy link
Collaborator

@divergentdave divergentdave commented Feb 9, 2026

This is a draft PR updating rand and related dependencies. Currently rand_distr is pinned to the latest commit, and its dependency on a release candidate version of rand is patched to point to 0.10.0. We need to wait for that last release, and then handle cargo-vet audits. See the documentation for more about this update.

Closes #1386.

@jcjones jcjones mentioned this pull request Feb 10, 2026
Open
@divergentdave
Copy link
Collaborator Author

divergentdave commented Feb 10, 2026

Version 0.6.0 of rand_distr has been released, so that leaves cargo-vet audits. Here's what's left after skipping rust-lang-owner and WASI-related dependencies.

8 unvetted dependencies:
  chacha20:0.10.0 missing ["safe-to-deploy"]
  cpufeatures:0.3.0 missing ["safe-to-deploy"]
  getrandom:0.4.1 missing ["safe-to-deploy"]
  proc-macro2:1.0.106 missing ["safe-to-deploy"]
  rand:0.10.0 missing ["safe-to-deploy"]
  rand_core:0.10.0 missing ["safe-to-deploy"]
  rand_distr:0.6.0 missing ["safe-to-deploy"]
  syn:2.0.114 missing ["safe-to-deploy"]

recommended audits for safe-to-deploy:
    Command                                    Publisher                         Used By                                   Audit Size
    cargo vet diff syn 2.0.108 2.0.114         dtolnay                           prettyplease, serde_derive, and 3 others  52 files changed, 489 insertions(+), 294 deletions(-)
      NOTE: this project trusts David Tolnay (dtolnay) - consider cargo vet trust syn or cargo vet trust --all dtolnay
    cargo vet diff cpufeatures 0.2.6 0.3.0     github:RustCrypto/utils           chacha20                                  12 files changed, 587 insertions(+), 214 deletions(-)
    cargo vet diff rand_distr 0.5.1 0.6.0      dhardy                            prio                                      36 files changed, 679 insertions(+), 290 deletions(-)
    cargo vet diff getrandom 0.3.3 0.4.1       github:rust-random/getrandom      rand                                      43 files changed, 827 insertions(+), 586 deletions(-)
    cargo vet diff proc-macro2 1.0.95 1.0.106  dtolnay                           syn, quote, prettyplease, and 5 others    20 files changed, 1425 insertions(+), 187 deletions(-)
      NOTE: this project trusts David Tolnay (dtolnay) - consider cargo vet trust proc-macro2 or cargo vet trust --all dtolnay
    cargo vet diff rand 0.9.2 0.10.0           dhardy                            prio, rand_distr, and prio-binaries       36 files changed, 1643 insertions(+), 1328 deletions(-)
    cargo vet diff rand_core 0.9.5 0.10.0      github:rust-random/rand_core      prio, rand, chacha20, and getrandom       19 files changed, 1500 insertions(+), 1686 deletions(-)
    cargo vet inspect chacha20 0.10.0          github:RustCrypto/stream-ciphers  rand                                      4509 lines

estimated audit backlog: 16244 lines

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Update to rand_core 0.10.0

1 participant

@divergentdave