chore(postgres): update rand to 0.9.0#3946
chore(postgres): update rand to 0.9.0#3946ryanseipp wants to merge 1 commit intolaunchbadge:mainfrom
Conversation
abonander
left a comment
abonander
left a comment
There was a problem hiding this comment.
There are other places in the project (namely the examples) that also use rand. Can you please update those as well?
|
However, there's also this issue: #3931 (comment) |
If we want to wait until we can update across the board, we'll have to wait for those RustCrypto crates to be updated, as |
|
RSA has updated rand to 0.9 Edit: Just saw it's still only a RC :( |
|
This now seems to be a fix for RUSTSEC-2026-0097 as there are no patched versions of rand 0.8. Is it that the examples are the reason this isn't accepted yet? I see that the rsa update is still only an RC but at least this PR would fix that advisory for users of sqlx-postgres |
sqlx uses outdated rand dependency, causing problems across the stack: launchbadge/sqlx#3946 Realistically, there is no need for any of those libraries, as they are only used to perform raw sql requests, but as those libraries are mostly used across all the stacks with immigrant, it would just be easier to not use anything simplier than them.
|
I've just gone ahead and updated |
4 participants
Does your PR solve an issue?
No linked issues, but resolves duplicate versions of
randand its dependent crates for me.Is this a breaking change?
No. sqlx-postgres does not export the types of
rand, and sasl connection behavior should be equivalent after this upgrade.