From cc4f66c766c1ed5ae46744283aa29430a77b82ec Mon Sep 17 00:00:00 2001 From: "hash-worker[bot]" <180894564+hash-worker[bot]@users.noreply.github.com> Date: Wed, 15 Apr 2026 11:31:41 +0000 Subject: [PATCH 1/2] Update Rust crate `rand` to v0.9.4 [SECURITY] --- Cargo.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 05a3b408c89..7afb7616cb0 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2024,7 +2024,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7ab67060fc6b8ef687992d439ca0fa36e7ed17e9a0b16b25b601e8757df720de" dependencies = [ "data-encoding", - "syn 2.0.117", + "syn 1.0.109", ] [[package]] @@ -3357,7 +3357,7 @@ dependencies = [ "hash-repo-chores", "hash-telemetry", "itertools 0.14.0", - "rand 0.9.3", + "rand 0.9.4", "rayon", "regex", "serde", @@ -3535,7 +3535,7 @@ dependencies = [ "hash-graph-store", "indexmap 2.13.0", "pretty_assertions", - "rand 0.9.3", + "rand 0.9.4", "rand_distr", "rayon", "regex", @@ -3964,7 +3964,7 @@ dependencies = [ "idna", "ipnet", "once_cell", - "rand 0.9.3", + "rand 0.9.4", "ring", "socket2 0.5.10", "thiserror 2.0.18", @@ -3987,7 +3987,7 @@ dependencies = [ "moka", "once_cell", "parking_lot", - "rand 0.9.3", + "rand 0.9.4", "resolv-conf", "smallvec 1.15.1", "thiserror 2.0.18", @@ -4384,7 +4384,7 @@ dependencies = [ "hyper", "hyper-util", "log", - "rand 0.9.3", + "rand 0.9.4", "tokio", "url", "xmltree", @@ -6169,7 +6169,7 @@ dependencies = [ "futures-util", "opentelemetry", "percent-encoding", - "rand 0.9.3", + "rand 0.9.4", "serde_json", "thiserror 2.0.18", "tokio", @@ -6863,7 +6863,7 @@ dependencies = [ "hmac", "md-5", "memchr", - "rand 0.9.3", + "rand 0.9.4", "sha2", "stringprep", ] @@ -7053,7 +7053,7 @@ checksum = "37566cb3fdacef14c0737f9546df7cfeadbfbc9fef10991038bf5015d0c80532" dependencies = [ "bitflags 2.11.0", "num-traits", - "rand 0.9.3", + "rand 0.9.4", "rand_chacha 0.9.0", "rand_xorshift", "regex-syntax", @@ -7282,7 +7282,7 @@ dependencies = [ "bytes", "getrandom 0.3.4", "lru-slab", - "rand 0.9.3", + "rand 0.9.4", "ring", "rustc-hash", "rustls", @@ -7348,9 +7348,9 @@ dependencies = [ [[package]] name = "rand" -version = "0.9.3" +version = "0.9.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ec095654a25171c2124e9e3393a930bddbffdc939556c914957a4c3e0a87166" +checksum = "44c5af06bb1b7d3216d91932aed5265164bf384dc89cd6ba05cf59a35f5f76ea" dependencies = [ "rand_chacha 0.9.0", "rand_core 0.9.5", @@ -7401,7 +7401,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6a8615d50dcf34fa31f7ab52692afec947c4dd0ab803cc87cb3b0b4570ff7463" dependencies = [ "num-traits", - "rand 0.9.3", + "rand 0.9.4", ] [[package]] @@ -8120,7 +8120,7 @@ version = "0.46.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b0b1e7ca40f965db239da279bf278d87b7407469b98835f27f0c8e59ed189b06" dependencies = [ - "rand 0.9.3", + "rand 0.9.4", "sentry-types", "serde", "serde_json", @@ -8182,7 +8182,7 @@ checksum = "567711f01f86a842057e1fc17779eba33a336004227e1a1e7e6cc2599e22e259" dependencies = [ "debugid", "hex", - "rand 0.9.3", + "rand 0.9.4", "serde", "serde_json", "thiserror 2.0.18", @@ -8902,7 +8902,7 @@ dependencies = [ "hyper", "hyper-util", "parking_lot", - "rand 0.9.3", + "rand 0.9.4", "slotmap", "temporalio-common", "thiserror 2.0.18", @@ -9247,7 +9247,7 @@ dependencies = [ "pin-project-lite", "postgres-protocol", "postgres-types", - "rand 0.9.3", + "rand 0.9.4", "socket2 0.6.3", "tokio", "tokio-util", @@ -11031,7 +11031,7 @@ dependencies = [ "nohash-hasher", "parking_lot", "pin-project", - "rand 0.9.3", + "rand 0.9.4", "static_assertions", "web-time", ] From 4ed46abca625965af2c6b5bab88ffee4628d89e8 Mon Sep 17 00:00:00 2001 From: Tim Diekmann <21277928+TimDiekmann@users.noreply.github.com> Date: Wed, 15 Apr 2026 13:59:47 +0200 Subject: [PATCH 2/2] Apply suggestion from @TimDiekmann --- Cargo.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.lock b/Cargo.lock index 7afb7616cb0..36f64375f6d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2024,7 +2024,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7ab67060fc6b8ef687992d439ca0fa36e7ed17e9a0b16b25b601e8757df720de" dependencies = [ "data-encoding", - "syn 1.0.109", + "syn 2.0.117", ] [[package]]