From a3b505cce94e267fa1a2aaff256635576870da43 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 14 Apr 2026 16:56:33 +0000 Subject: [PATCH 1/2] Bump rand from 0.8.5 to 0.9.4 Bumps [rand](https://github.com/rust-random/rand) from 0.8.5 to 0.9.4. - [Release notes](https://github.com/rust-random/rand/releases) - [Changelog](https://github.com/rust-random/rand/blob/0.9.4/CHANGELOG.md) - [Commits](https://github.com/rust-random/rand/compare/0.8.5...0.9.4) --- updated-dependencies: - dependency-name: rand dependency-version: 0.9.4 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Cargo.lock | 2 +- cli/Cargo.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 09028a325..fdb023fa2 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4670,7 +4670,7 @@ dependencies = [ "predicates", "prettytable-rs", "purl", - "rand 0.8.5", + "rand 0.9.4", "regex", "reqwest", "rsa", diff --git a/cli/Cargo.toml b/cli/Cargo.toml index 3e062cd9d..2fbcc64ef 100644 --- a/cli/Cargo.toml +++ b/cli/Cargo.toml @@ -53,7 +53,7 @@ phylum_project = { path = "../phylum_project" } phylum_types = { git = "https://github.com/phylum-dev/phylum-types", branch = "development" } prettytable-rs = "0.10.0" purl = { version = "0.1.5", features = ["serde"] } -rand = "0.8.4" +rand = "0.9.4" regex = "1.5.5" reqwest = { version = "0.12.7", features = [ "blocking", From f2c7267e9b83d88a39347a8e67ee16a70f2568d1 Mon Sep 17 00:00:00 2001 From: Matthew Donoughe Date: Thu, 23 Apr 2026 09:19:26 -0400 Subject: [PATCH 2/2] update rand API --- cli/src/auth/oidc.rs | 6 +++--- cli/src/auth/server.rs | 9 ++++----- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/cli/src/auth/oidc.rs b/cli/src/auth/oidc.rs index 8205541b0..9d0327a94 100644 --- a/cli/src/auth/oidc.rs +++ b/cli/src/auth/oidc.rs @@ -11,8 +11,8 @@ use base64::Engine as _; use chrono::{DateTime, Utc}; use maplit::hashmap; use phylum_types::types::auth::{AccessToken, AuthorizationCode, RefreshToken, TokenResponse}; -use rand::distributions::Alphanumeric; -use rand::{thread_rng, Rng}; +use rand::distr::Alphanumeric; +use rand::{rng, Rng}; use reqwest::Url; use serde::{Deserialize, Serialize}; use sha2::{Digest, Sha256}; @@ -69,7 +69,7 @@ impl CodeVerifier { return Err(anyhow!("length must be between 43 and 128 inclusive.")); } let code_verifier: String = - thread_rng().sample_iter(&Alphanumeric).take(length as usize).map(char::from).collect(); + rng().sample_iter(&Alphanumeric).take(length as usize).map(char::from).collect(); let mut hasher = Sha256::new(); hasher.update(&code_verifier); let hash = hasher.finalize(); diff --git a/cli/src/auth/server.rs b/cli/src/auth/server.rs index 160ccc14b..b5fe4fe9d 100644 --- a/cli/src/auth/server.rs +++ b/cli/src/auth/server.rs @@ -11,8 +11,8 @@ use axum::Router; use chrono::{DateTime, Utc}; use log::{debug, error}; use phylum_types::types::auth::{AuthorizationCode, RefreshToken}; -use rand::distributions::Alphanumeric; -use rand::{thread_rng, Rng}; +use rand::distr::Alphanumeric; +use rand::{rng, Rng}; use reqwest::Url; use serde::Deserialize; use tokio::net::TcpListener; @@ -184,7 +184,7 @@ pub async fn handle_auth_flow( ) -> Result { let locksmith_settings = fetch_locksmith_server_settings(ignore_certs, api_uri).await?; let (code_verifier, challenge_code) = CodeVerifier::generate(64)?; - let state: String = thread_rng().sample_iter(&Alphanumeric).take(32).map(char::from).collect(); + let state: String = rng().sample_iter(&Alphanumeric).take(32).map(char::from).collect(); let (auth_code, callback_url) = spawn_server_and_get_auth_code(&locksmith_settings, auth_action, &challenge_code, state) .await?; @@ -215,8 +215,7 @@ mod test { let (_verifier, challenge) = CodeVerifier::generate(64).expect("Failed to build PKCE verifier and challenge"); - let state: String = - thread_rng().sample_iter(&Alphanumeric).take(32).map(char::from).collect(); + let state: String = rng().sample_iter(&Alphanumeric).take(32).map(char::from).collect(); spawn_server_and_get_auth_code(&locksmith_settings, AuthAction::Login, &challenge, state) .await?;