From bf6149c75db55577a6f8a410bc0cefe3dae890b0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 May 2026 06:47:57 +0000 Subject: [PATCH 1/2] chore(deps): bump rand in the cargo group across 1 directory Bumps the cargo group with 1 update in the / directory: [rand](https://github.com/rust-random/rand). Updates `rand` from 0.8.6 to 0.10.1 - [Release notes](https://github.com/rust-random/rand/releases) - [Changelog](https://github.com/rust-random/rand/blob/master/CHANGELOG.md) - [Commits](https://github.com/rust-random/rand/compare/0.8.6...0.10.1) --- updated-dependencies: - dependency-name: rand dependency-version: 0.10.1 dependency-type: direct:production dependency-group: cargo ... Signed-off-by: dependabot[bot] --- Cargo.lock | 20 ++++++++++---------- Cargo.toml | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 934c8932..e8522581 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -5510,7 +5510,7 @@ dependencies = [ "pluto-testutil", "pluto-tracing", "quick-xml", - "rand 0.8.6", + "rand 0.10.1", "reqwest 0.13.3", "serde", "serde_json", @@ -5547,7 +5547,7 @@ dependencies = [ "prost 0.14.3", "prost-build", "prost-types 0.14.3", - "rand 0.8.6", + "rand 0.10.1", "reqwest 0.13.3", "serde", "serde_json", @@ -5589,7 +5589,7 @@ dependencies = [ "pluto-tracing", "prost 0.14.3", "prost-types 0.14.3", - "rand 0.8.6", + "rand 0.10.1", "regex", "serde", "serde_json", @@ -5610,7 +5610,7 @@ dependencies = [ "blst", "hex", "pluto-eth2api", - "rand 0.8.6", + "rand 0.10.1", "rand_core 0.6.4", "test-case", "thiserror 2.0.18", @@ -5647,7 +5647,7 @@ dependencies = [ "pluto-tracing", "prost 0.14.3", "prost-types 0.14.3", - "rand 0.8.6", + "rand 0.10.1", "serde", "serde_json", "sha2", @@ -5719,7 +5719,7 @@ dependencies = [ "pluto-k1util", "pluto-ssz", "pluto-testutil", - "rand 0.8.6", + "rand 0.10.1", "regex", "reqwest 0.13.3", "scrypt", @@ -5748,7 +5748,7 @@ version = "1.7.1" dependencies = [ "blst", "hex", - "rand 0.8.6", + "rand 0.10.1", "rand_core 0.6.4", "serde", "serde_json", @@ -5791,7 +5791,7 @@ dependencies = [ "pluto-testutil", "pluto-tracing", "prost 0.14.3", - "rand 0.8.6", + "rand 0.10.1", "reqwest 0.13.3", "serde_json", "tempfile", @@ -5873,7 +5873,7 @@ dependencies = [ "pluto-eth2util", "pluto-p2p", "pluto-tracing", - "rand 0.8.6", + "rand 0.10.1", "thiserror 2.0.18", "tokio", "tokio-util", @@ -5907,7 +5907,7 @@ dependencies = [ "k256", "pluto-crypto", "pluto-eth2api", - "rand 0.8.6", + "rand 0.10.1", "reqwest 0.13.3", "serde_json", "thiserror 2.0.18", diff --git a/Cargo.toml b/Cargo.toml index e27a617e..1988afa2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -53,7 +53,7 @@ humantime = "2.1" prost = "0.14" prost-build = "0.14" prost-types = "0.14" -rand = { version = "0.8", features = ["std_rng"] } +rand = { version = "0.10", features = ["std_rng"] } rand_core = "0.6" regex = "1.12" serde = { version = "1.0", features = ["derive"] } From 2704b3edee796fb8b280c7eb64e67929f80bf011 Mon Sep 17 00:00:00 2001 From: "claude[bot]" <41898282+claude[bot]@users.noreply.github.com> Date: Tue, 19 May 2026 07:15:13 +0000 Subject: [PATCH 2/2] Revert rand 0.8 -> 0.10 bump rand 0.10 brings rand_core 0.10, but the workspace and crypto deps (blst, k256/elliptic_curve) still pin rand_core 0.6. The dual versions mean StdRng (from rand 0.10) no longer satisfies the rand_core 0.6 RngCore/CryptoRng trait bounds in frost, crypto, dkg, breaking the build. rand 0.10 also has many other breaking renames (Rng->RngExt, OsRng->SysRng, SliceRandom->IndexedRandom, removed small_rng feature, removed Clone for StdRng, ...) that would require a coordinated migration across the whole workspace once upstream crypto crates have moved to rand_core 0.10. Co-authored-by: Maciej Skrzypkowski --- Cargo.lock | 20 ++++++++++---------- Cargo.toml | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index e8522581..934c8932 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -5510,7 +5510,7 @@ dependencies = [ "pluto-testutil", "pluto-tracing", "quick-xml", - "rand 0.10.1", + "rand 0.8.6", "reqwest 0.13.3", "serde", "serde_json", @@ -5547,7 +5547,7 @@ dependencies = [ "prost 0.14.3", "prost-build", "prost-types 0.14.3", - "rand 0.10.1", + "rand 0.8.6", "reqwest 0.13.3", "serde", "serde_json", @@ -5589,7 +5589,7 @@ dependencies = [ "pluto-tracing", "prost 0.14.3", "prost-types 0.14.3", - "rand 0.10.1", + "rand 0.8.6", "regex", "serde", "serde_json", @@ -5610,7 +5610,7 @@ dependencies = [ "blst", "hex", "pluto-eth2api", - "rand 0.10.1", + "rand 0.8.6", "rand_core 0.6.4", "test-case", "thiserror 2.0.18", @@ -5647,7 +5647,7 @@ dependencies = [ "pluto-tracing", "prost 0.14.3", "prost-types 0.14.3", - "rand 0.10.1", + "rand 0.8.6", "serde", "serde_json", "sha2", @@ -5719,7 +5719,7 @@ dependencies = [ "pluto-k1util", "pluto-ssz", "pluto-testutil", - "rand 0.10.1", + "rand 0.8.6", "regex", "reqwest 0.13.3", "scrypt", @@ -5748,7 +5748,7 @@ version = "1.7.1" dependencies = [ "blst", "hex", - "rand 0.10.1", + "rand 0.8.6", "rand_core 0.6.4", "serde", "serde_json", @@ -5791,7 +5791,7 @@ dependencies = [ "pluto-testutil", "pluto-tracing", "prost 0.14.3", - "rand 0.10.1", + "rand 0.8.6", "reqwest 0.13.3", "serde_json", "tempfile", @@ -5873,7 +5873,7 @@ dependencies = [ "pluto-eth2util", "pluto-p2p", "pluto-tracing", - "rand 0.10.1", + "rand 0.8.6", "thiserror 2.0.18", "tokio", "tokio-util", @@ -5907,7 +5907,7 @@ dependencies = [ "k256", "pluto-crypto", "pluto-eth2api", - "rand 0.10.1", + "rand 0.8.6", "reqwest 0.13.3", "serde_json", "thiserror 2.0.18", diff --git a/Cargo.toml b/Cargo.toml index 1988afa2..e27a617e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -53,7 +53,7 @@ humantime = "2.1" prost = "0.14" prost-build = "0.14" prost-types = "0.14" -rand = { version = "0.10", features = ["std_rng"] } +rand = { version = "0.8", features = ["std_rng"] } rand_core = "0.6" regex = "1.12" serde = { version = "1.0", features = ["derive"] }