diff --git a/Cargo.lock b/Cargo.lock index beae7249a..587e987af 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4670,7 +4670,7 @@ dependencies = [ "predicates", "prettytable-rs", "purl", - "rand 0.8.5", + "rand 0.9.4", "regex", "reqwest", "rsa", diff --git a/cli/Cargo.toml b/cli/Cargo.toml index 3e062cd9d..2fbcc64ef 100644 --- a/cli/Cargo.toml +++ b/cli/Cargo.toml @@ -53,7 +53,7 @@ phylum_project = { path = "../phylum_project" } phylum_types = { git = "https://github.com/phylum-dev/phylum-types", branch = "development" } prettytable-rs = "0.10.0" purl = { version = "0.1.5", features = ["serde"] } -rand = "0.8.4" +rand = "0.9.4" regex = "1.5.5" reqwest = { version = "0.12.7", features = [ "blocking", diff --git a/cli/src/auth/oidc.rs b/cli/src/auth/oidc.rs index 8205541b0..9d0327a94 100644 --- a/cli/src/auth/oidc.rs +++ b/cli/src/auth/oidc.rs @@ -11,8 +11,8 @@ use base64::Engine as _; use chrono::{DateTime, Utc}; use maplit::hashmap; use phylum_types::types::auth::{AccessToken, AuthorizationCode, RefreshToken, TokenResponse}; -use rand::distributions::Alphanumeric; -use rand::{thread_rng, Rng}; +use rand::distr::Alphanumeric; +use rand::{rng, Rng}; use reqwest::Url; use serde::{Deserialize, Serialize}; use sha2::{Digest, Sha256}; @@ -69,7 +69,7 @@ impl CodeVerifier { return Err(anyhow!("length must be between 43 and 128 inclusive.")); } let code_verifier: String = - thread_rng().sample_iter(&Alphanumeric).take(length as usize).map(char::from).collect(); + rng().sample_iter(&Alphanumeric).take(length as usize).map(char::from).collect(); let mut hasher = Sha256::new(); hasher.update(&code_verifier); let hash = hasher.finalize(); diff --git a/cli/src/auth/server.rs b/cli/src/auth/server.rs index 160ccc14b..b5fe4fe9d 100644 --- a/cli/src/auth/server.rs +++ b/cli/src/auth/server.rs @@ -11,8 +11,8 @@ use axum::Router; use chrono::{DateTime, Utc}; use log::{debug, error}; use phylum_types::types::auth::{AuthorizationCode, RefreshToken}; -use rand::distributions::Alphanumeric; -use rand::{thread_rng, Rng}; +use rand::distr::Alphanumeric; +use rand::{rng, Rng}; use reqwest::Url; use serde::Deserialize; use tokio::net::TcpListener; @@ -184,7 +184,7 @@ pub async fn handle_auth_flow( ) -> Result { let locksmith_settings = fetch_locksmith_server_settings(ignore_certs, api_uri).await?; let (code_verifier, challenge_code) = CodeVerifier::generate(64)?; - let state: String = thread_rng().sample_iter(&Alphanumeric).take(32).map(char::from).collect(); + let state: String = rng().sample_iter(&Alphanumeric).take(32).map(char::from).collect(); let (auth_code, callback_url) = spawn_server_and_get_auth_code(&locksmith_settings, auth_action, &challenge_code, state) .await?; @@ -215,8 +215,7 @@ mod test { let (_verifier, challenge) = CodeVerifier::generate(64).expect("Failed to build PKCE verifier and challenge"); - let state: String = - thread_rng().sample_iter(&Alphanumeric).take(32).map(char::from).collect(); + let state: String = rng().sample_iter(&Alphanumeric).take(32).map(char::from).collect(); spawn_server_and_get_auth_code(&locksmith_settings, AuthAction::Login, &challenge, state) .await?;