build(deps): bump rand from 0.10.0 to 0.10.1 in /bindings/ffi#682
Closed
dependabot[bot] wants to merge 1 commit into
Closed
build(deps): bump rand from 0.10.0 to 0.10.1 in /bindings/ffi#682dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
dependabot
Bot
added
dependencies
Collaborator
|
@dependabot rebase |
Bumps [rand](https://github.com/rust-random/rand) from 0.10.0 to 0.10.1. - [Release notes](https://github.com/rust-random/rand/releases) - [Changelog](https://github.com/rust-random/rand/blob/master/CHANGELOG.md) - [Commits](rust-random/rand@0.10.0...0.10.1) --- updated-dependencies: - dependency-name: rand dependency-version: 0.10.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/cargo/bindings/ffi/rand-0.10.1
branch
from
d40d704 to
9ca6877
Compare
anakrish
added a commit
that referenced
this pull request
May 4, 2026
…rkflow (#704) * build(deps): update all Rust dependencies to latest versions Bulk-update all Cargo.lock files across the workspace and bindings to their latest compatible versions. This supersedes the individual per-directory dependabot PRs (#678-#682) that fail CI due to version skew when only one lockfile is updated. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * ci: refresh ALL Cargo lockfiles on dependabot PRs Dependabot security updates bypass the grouped-updates config and create per-directory PRs (one per Cargo.lock). This causes version skew — e.g. rand gets bumped in bindings/ruby but stays old elsewhere, breaking the build. Fix by unconditionally refreshing all lockfiles whenever any Cargo manifest or lockfile changes, rather than only the affected directory. Also harden the workflow against expression injection: - Move head.ref and base_ref to env vars (not inline ${{ }}) - Validate refs via git check-ref-format --branch - Validate SHA format (hex, 40 chars) before use - Fetch base branch by ref (not bare SHA) for reliable diffing - Add security boundary comment on untrusted code checkout - Add version comment on pinned checkout action SHA Ref: dependabot/dependabot-core#7547 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
Author
|
Looks like rand is up-to-date now, so this is no longer needed. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps rand from 0.10.0 to 0.10.1.
Changelog
Sourced from rand's changelog.
Commits
27ff4cbPrepare v0.10.1: deprecate featurelog(#1763)98d0638make_rng: document panic and add #[track_caller] (#1761)54e5eaaFix doc error (#1758)1ce4c08Bump itoa from 1.0.17 to 1.0.18 in the all-deps group (#1756)ccb734bdocs: fix typo in doc comment (#1754)357eb7dBump libc from 0.2.182 to 0.2.183 in the all-deps group (#1753)5e77fe5Fix trait references in documentation (#1752)da89185Bump the all-deps group with 3 updates (#1751)50516ffBump the all-deps group with 2 updates (#1749)fd71de9Bump the all-deps group with 2 updates (#1747)