fix(deps): update rust crate rand to v0.10.1 [security]

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	OpenSSF
rand (source)	dependencies	minor	0.8.4 → 0.10.0
rand (source)	workspace.dependencies	patch	0.10.0 → 0.10.1
rand (source)	dev-dependencies	minor	^0.8.4 → ^0.10.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

GHSA-cq8v-f236-94qc

It has been reported (by @​lopopolo) that the rand library is unsound (i.e. that safe code using the public API can cause Undefined Behaviour) when all the following conditions are met:

• The log and thread_rng features are enabled
• A custom logger is defined
• The custom logger accesses rand::rng() (previously rand::thread_rng()) and calls any TryRng (previously RngCore) methods on ThreadRng
• The ThreadRng (attempts to) reseed while called from the custom logger (this happens every 64 kB of generated data)
• Trace-level logging is enabled or warn-level logging is enabled and the random source (the getrandom crate) is unable to provide a new seed

TryRng (previously RngCore) methods for ThreadRng use unsafe code to cast *mut BlockRng<ReseedingCore> to &mut BlockRng<ReseedingCore>. When all the above conditions are met this results in an aliased mutable reference, violating the Stacked Borrows rules. Miri is able to detect this violation in sample code. Since construction of aliased mutable references is Undefined Behaviour, the behaviour of optimized builds is hard to predict.

Affected versions of rand are >= 0.7, < 0.9.3 and 0.10.0.

Severity

Low

---

Rand is unsound with a custom logger using rand::rng()

GHSA-cq8v-f236-94qc / RUSTSEC-2026-0097

More information

Details

It has been reported (by @​lopopolo) that the rand library is unsound (i.e. that safe code using the public API can cause Undefined Behaviour) when all the following conditions are met:

• The log and thread_rng features are enabled
• A custom logger is defined
• The custom logger accesses rand::rng() (previously rand::thread_rng()) and calls any TryRng (previously RngCore) methods on ThreadRng
• The ThreadRng (attempts to) reseed while called from the custom logger (this happens every 64 kB of generated data)
• Trace-level logging is enabled or warn-level logging is enabled and the random source (the getrandom crate) is unable to provide a new seed

TryRng (previously RngCore) methods for ThreadRng use unsafe code to cast *mut BlockRng<ReseedingCore> to &mut BlockRng<ReseedingCore>. When all the above conditions are met this results in an aliased mutable reference, violating the Stacked Borrows rules. Miri is able to detect this violation in sample code. Since construction of aliased mutable references is Undefined Behaviour, the behaviour of optimized builds is hard to predict.

Affected versions of rand are >= 0.7, < 0.9.3 and 0.10.0.

Severity

Low

References

• https://github.com/rust-random/rand/pull/1763
• https://github.com/rust-random/rand
• https://rustsec.org/advisories/RUSTSEC-2026-0097.html

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Rand is unsound with a custom logger using rand::rng()

GHSA-cq8v-f236-94qc / RUSTSEC-2026-0097

More information

Details

It has been reported (by @​lopopolo) that the rand library is unsound (i.e. that safe code using the public API can cause Undefined Behaviour) when all the following conditions are met:

• The log and thread_rng features are enabled
• A custom logger is defined
• The custom logger accesses rand::rng() (previously rand::thread_rng()) and calls any TryRng (previously RngCore) methods on ThreadRng
• The ThreadRng (attempts to) reseed while called from the custom logger (this happens every 64 kB of generated data)
• Trace-level logging is enabled or warn-level logging is enabled and the random source (the getrandom crate) is unable to provide a new seed

TryRng (previously RngCore) methods for ThreadRng use unsafe code to cast *mut BlockRng<ReseedingCore> to &mut BlockRng<ReseedingCore>. When all the above conditions are met this results in an aliased mutable reference, violating the Stacked Borrows rules. Miri is able to detect this violation in sample code. Since construction of aliased mutable references is Undefined Behaviour, the behaviour of optimized builds is hard to predict.

Affected versions of rand are >= 0.7, < 0.9.3 and 0.10.0.

Severity

Unknown

References

• https://crates.io/crates/rand
• https://rustsec.org/advisories/RUSTSEC-2026-0097.html
• https://github.com/rust-random/rand/pull/1763

This data is provided by OSV and the Rust Advisory Database (CC0 1.0).

---

Release Notes

rust-random/rand (rand)

v0.10.1

Compare Source

This release includes a fix for a soundness bug; see #​1763.

Changes

• Document panic behavior of make_rng and add #[track_caller] (#​1761)
• Deprecate feature log (#​1763)

v0.10.0

Compare Source

Changes

• The dependency on rand_chacha has been replaced with a dependency on chacha20. This changes the implementation behind StdRng, but the output remains the same. There may be some API breakage when using the ChaCha-types directly as these are now the ones in chacha20 instead of rand_chacha (#​1642).
• Rename fns IndexedRandom::choose_multiple -> sample, choose_multiple_array -> sample_array, choose_multiple_weighted -> sample_weighted, struct SliceChooseIter -> IndexedSamples and fns IteratorRandom::choose_multiple -> sample, choose_multiple_fill -> sample_fill (#​1632)
• Use Edition 2024 and MSRV 1.85 (#​1653)
• Let Fill be implemented for element types, not sliceable types (#​1652)
• Fix OsError::raw_os_error on UEFI targets by returning Option<usize> (#​1665)
• Replace fn TryRngCore::read_adapter(..) -> RngReadAdapter with simpler struct RngReader (#​1669)
• Remove fns SeedableRng::from_os_rng, try_from_os_rng (#​1674)
• Remove Clone support for StdRng, ReseedingRng (#​1677)
• Use postcard instead of bincode to test the serde feature (#​1693)
• Avoid excessive allocation in IteratorRandom::sample when amount is much larger than iterator size (#​1695)
• Rename os_rng -> sys_rng, OsRng -> SysRng, OsError -> SysError (#​1697)
• Rename Rng -> RngExt as upstream rand_core has renamed RngCore -> Rng (#​1717)

Additions

• Add fns IndexedRandom::choose_iter, choose_weighted_iter (#​1632)
• Pub export Xoshiro128PlusPlus, Xoshiro256PlusPlus prngs (#​1649)
• Pub export ChaCha8Rng, ChaCha12Rng, ChaCha20Rng behind chacha feature (#​1659)
• Fn rand::make_rng() -> R where R: SeedableRng (#​1734)

Removals

• Removed ReseedingRng (#​1722)
• Removed unused feature "nightly" (#​1732)
• Removed feature small_rng (#​1732)

v0.9.4

Compare Source

Fixes

• Fix doc build (#​1766)

Full Changelog: rust-random/rand@0.9.3...0.9.4

v0.9.3

Compare Source

v0.9.2

Compare Source

Deprecated

• Deprecate rand::rngs::mock module and StepRng generator (#​1634)

Additions

• Enable WeightedIndex<usize> (de)serialization (#​1646)

v0.9.1

Compare Source

Security and unsafe

• Revise "not a crypto library" policy again (#​1565)
• Remove zerocopy dependency from rand (#​1579)

Fixes

• Fix feature simd_support for recent nightly rust (#​1586)

Changes

• Allow fn rand::seq::index::sample_weighted and fn IndexedRandom::choose_multiple_weighted to return fewer than amount results (#​1623), reverting an undocumented change (#​1382) to the previous release.

Additions

• Add rand::distr::Alphabetic distribution. (#​1587)
• Re-export rand_core (#​1604)

v0.9.0

Compare Source

Security and unsafe

• Policy: "rand is not a crypto library" (#​1514)
• Remove fork-protection from ReseedingRng and ThreadRng. Instead, it is recommended to call ThreadRng::reseed on fork. (#​1379)
• Use zerocopy to replace some unsafe code (#​1349, #​1393, #​1446, #​1502)

Dependencies

• Bump the MSRV to 1.63.0 (#​1207, #​1246, #​1269, #​1341, #​1416, #​1536); note that 1.60.0 may work for dependents when using --ignore-rust-version
• Update to rand_core v0.9.0 (#​1558)

Features

• Support std feature without getrandom or rand_chacha (#​1354)
• Enable feature small_rng by default (#​1455)
• Remove implicit feature rand_chacha; use std_rng instead. (#​1473)
• Rename feature serde1 to serde (#​1477)
• Rename feature getrandom to os_rng (#​1537)
• Add feature thread_rng (#​1547)

API changes: rand_core traits

• Add fn RngCore::read_adapter implementing std::io::Read (#​1267)
• Add trait CryptoBlockRng: BlockRngCore; make trait CryptoRng: RngCore (#​1273)
• Add traits TryRngCore, TryCryptoRng (#​1424, #​1499)
• Rename fn SeedableRng::from_rng -> try_from_rng and add infallible variant fn from_rng (#​1424)
• Rename fn SeedableRng::from_entropy -> from_os_rng and add fallible variant fn try_from_os_rng (#​1424)
• Add bounds Clone and AsRef to associated type SeedableRng::Seed (#​1491)

API changes: Rng trait and top-level fns

• Rename fn rand::thread_rng() to rand::rng() and remove from the prelude (#​1506)
• Remove fn rand::random() from the prelude (#​1506)
• Add top-level fns random_iter, random_range, random_bool, random_ratio, fill (#​1488)
• Re-introduce fn Rng::gen_iter as random_iter (#​1305, #​1500)
• Rename fn Rng::gen to random to avoid conflict with the new gen keyword in Rust 2024 (#​1438)
• Rename fns Rng::gen_range to random_range, gen_bool to random_bool, gen_ratio to random_ratio (#​1505)
• Annotate panicking methods with #[track_caller] (#​1442, #​1447)

API changes: RNGs

• Fix <SmallRng as SeedableRng>::Seed size to 256 bits (#​1455)
• Remove first parameter (rng) of ReseedingRng::new (#​1533)

API changes: Sequences

• Split trait SliceRandom into IndexedRandom, IndexedMutRandom, SliceRandom (#​1382)
• Add IndexedRandom::choose_multiple_array, index::sample_array (#​1453, #​1469)

API changes: Distributions: renames

• Rename module rand::distributions to rand::distr (#​1470)
• Rename distribution Standard to StandardUniform (#​1526)
• Move distr::Slice -> distr::slice::Choose, distr::EmptySlice -> distr::slice::Empty (#​1548)
• Rename trait distr::DistString -> distr::SampleString (#​1548)
• Rename distr::DistIter -> distr::Iter, distr::DistMap -> distr::Map (#​1548)

API changes: Distributions

• Relax Sized bound on Distribution<T> for &D (#​1278)
• Remove impl of Distribution<Option<T>> for StandardUniform (#​1526)
• Let distribution StandardUniform support all NonZero* types (#​1332)
• Fns {Uniform, UniformSampler}::{new, new_inclusive} return a Result (instead of potentially panicking) (#​1229)
• Distribution Uniform implements TryFrom instead of From for ranges (#​1229)
• Add UniformUsize (#​1487)
• Remove support for generating isize and usize values with StandardUniform, Uniform (except via UniformUsize) and Fill and usage as a WeightedAliasIndex weight (#​1487)
• Add impl DistString for distributions Slice<char> and Uniform<char> (#​1315)
• Add fn Slice::num_choices (#​1402)
• Add fn p() for distribution Bernoulli to access probability (#​1481)

API changes: Weighted distributions

• Add pub module rand::distr::weighted, moving WeightedIndex there (#​1548)
• Add trait weighted::Weight, allowing WeightedIndex to trap overflow (#​1353)
• Add fns weight, weights, total_weight to distribution WeightedIndex (#​1420)
• Rename enum WeightedError to weighted::Error, revising variants (#​1382) and mark as #[non_exhaustive] (#​1480)

API changes: SIMD

• Switch to std::simd, expand SIMD & docs (#​1239)

Reproducibility-breaking changes

• Make ReseedingRng::reseed discard remaining data from the last block generated (#​1379)
• Change fn SmallRng::seed_from_u64 implementation (#​1203)
• Allow UniformFloat::new samples and UniformFloat::sample_single to yield high (#​1462)
• Fix portability of distribution Slice (#​1469)
• Make Uniform for usize portable via UniformUsize (#​1487)
• Fix IndexdRandom::choose_multiple_weighted for very small seeds and optimize for large input length / low memory (#​1530)

Reproducibility-breaking optimisations

• Optimize fn sample_floyd, affecting output of rand::seq::index::sample and rand::seq::SliceRandom::choose_multiple (#​1277)
• New, faster algorithms for IteratorRandom::choose and choose_stable (#​1268)
• New, faster algorithms for SliceRandom::shuffle and partial_shuffle (#​1272)
• Optimize distribution Uniform: use Canon's method (single sampling) / Lemire's method (distribution sampling) for faster sampling (breaks value stability; #​1287)
• Optimize fn sample_single_inclusive for floats (+~20% perf) (#​1289)

Other optimisations

• Improve SmallRng initialization performance (#​1482)
• Optimise SIMD widening multiply (#​1247)

Other

• Add Cargo.lock.msrv file (#​1275)
• Reformat with rustfmt and enforce (#​1448)
• Apply Clippy suggestions and enforce (#​1448, #​1474)
• Move all benchmarks to new benches crate (#​1329, #​1439) and migrate to Criterion (#​1490)

Documentation

• Improve ThreadRng related docs (#​1257)
• Docs: enable experimental --generate-link-to-definition feature (#​1327)
• Better doc of crate features, use doc_auto_cfg (#​1411, #​1450)

---

Configuration

📅 Schedule: (in timezone Europe/London)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path ledger/helpers/Cargo.toml --workspace
    Updating crates.io index
error: failed to select a version for `rand`.
    ... required by package `midnight-node-ledger-helpers v0.1.0 (/tmp/renovate/repos/github/midnightntwrk/midnight-node/ledger/helpers)`
    ... which satisfies path dependency `midnight-node-ledger-helpers` (locked to 0.1.0) of package `midnight-node-ledger v0.1.0 (/tmp/renovate/repos/github/midnightntwrk/midnight-node/ledger)`
versions that meet the requirements `^0.10.0` (locked to 0.10.0) are: 0.10.0

package `midnight-node-ledger-helpers` depends on `rand` with feature `getrandom` but `rand` does not have that feature.
 An optional dependency with that name exists, but that dependency uses the "dep:" syntax in the features table, so it does not have an implicit feature with that name.


failed to select a version for `rand` which could resolve this conflict

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path pallets/cnight-observation/Cargo.toml --workspace
    Updating crates.io index
error: failed to select a version for `rand`.
    ... required by package `midnight-node-ledger-helpers v0.1.0 (/tmp/renovate/repos/github/midnightntwrk/midnight-node/ledger/helpers)`
    ... which satisfies path dependency `midnight-node-ledger-helpers` (locked to 0.1.0) of package `midnight-node-ledger v0.1.0 (/tmp/renovate/repos/github/midnightntwrk/midnight-node/ledger)`
versions that meet the requirements `^0.10.0` (locked to 0.10.0) are: 0.10.0

package `midnight-node-ledger-helpers` depends on `rand` with feature `getrandom` but `rand` does not have that feature.
 An optional dependency with that name exists, but that dependency uses the "dep:" syntax in the features table, so it does not have an implicit feature with that name.


failed to select a version for `rand` which could resolve this conflict

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path util/toolkit/Cargo.toml --workspace
    Updating crates.io index
error: failed to select a version for `rand`.
    ... required by package `midnight-node-ledger-helpers v0.1.0 (/tmp/renovate/repos/github/midnightntwrk/midnight-node/ledger/helpers)`
    ... which satisfies path dependency `midnight-node-ledger-helpers` (locked to 0.1.0) of package `midnight-node-ledger v0.1.0 (/tmp/renovate/repos/github/midnightntwrk/midnight-node/ledger)`
versions that meet the requirements `^0.10.0` (locked to 0.10.0) are: 0.10.0

package `midnight-node-ledger-helpers` depends on `rand` with feature `getrandom` but `rand` does not have that feature.
 An optional dependency with that name exists, but that dependency uses the "dep:" syntax in the features table, so it does not have an implicit feature with that name.


failed to select a version for `rand` which could resolve this conflict

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path Cargo.toml --package rand@0.10.0 --precise 0.10.1
    Updating crates.io index
error: failed to select a version for `rand`.
    ... required by package `midnight-node-ledger-helpers v0.1.0 (/tmp/renovate/repos/github/midnightntwrk/midnight-node/ledger/helpers)`
    ... which satisfies path dependency `midnight-node-ledger-helpers` (locked to 0.1.0) of package `midnight-node-ledger v0.1.0 (/tmp/renovate/repos/github/midnightntwrk/midnight-node/ledger)`
versions that meet the requirements `^0.10.0` are: 0.10.1

package `midnight-node-ledger-helpers` depends on `rand` with feature `getrandom` but `rand` does not have that feature.
 An optional dependency with that name exists, but that dependency uses the "dep:" syntax in the features table, so it does not have an implicit feature with that name.


failed to select a version for `rand` which could resolve this conflict