chore(deps): bump rand from 0.9.4 to 0.10.1#121
Merged
Conversation
dependabot
Bot
added
dependencies
hyperpolymath
approved these changes
May 29, 2026
Bumps [rand](https://github.com/rust-random/rand) from 0.9.4 to 0.10.1. - [Release notes](https://github.com/rust-random/rand/releases) - [Changelog](https://github.com/rust-random/rand/blob/master/CHANGELOG.md) - [Commits](rust-random/rand@0.9.4...0.10.1) --- updated-dependencies: - dependency-name: rand dependency-version: 0.10.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/cargo/rand-0.10.1
branch
from
38de562 to
abc80d2
Compare
This was referenced May 30, 2026
hyperpolymath
added a commit
that referenced
this pull request
May 30, 2026
…gnore FP fix + deno.lock populate (#128) ## Summary — auto-merge deadlock breaker This branch bundles **three** required-check fixes that had been split across PRs #126, #127, #128 — but each PR's required-checks failed because they depended on the others. Solo PRs deadlocked; this PR closes the chain. ### Bundled commits 1. **`chore(deps): revert 5 dependabot major-version bumps that broke CI`** (original #128 scope) Five dependabot major bumps merged 2026-05-29 without call-site updates: axum 0.7→0.8 (#120), rand 0.9→0.10 (#121), criterion 0.5→0.8 (#122), nom 7→8 (#123), rustyline 15→18 (#124). Each shipped real API breaks: - rand 0.10 renamed `Rng` → `RngExt` (because upstream `rand_core` renamed `RngCore` → `Rng`); `use rand::Rng` no longer brings `random_range` / `random` in scope. - nom 8 moved from closure-based to trait-based combinators (`alt(args)(input)` → `alt(args).parse(input)`). - axum 0.8 transitively pulls a different tower-http (compile mismatch in `follow_redirect/policy/mod.rs`). Reverts all 5 back to the May-28 working state. `cargo check --lib` cleans in ~2 min locally. 2. **`chore(governance): populate empty deno.lock with minimal valid v4 lockfile`** (was #127) Replaces the 0-byte `deno.lock` (tracked since 3b03087 for sweep visibility) with `{"version":"4","remote":{}}`. Unblocks `governance / Language / package anti-pattern policy` which fails on `deno run` lockfile parse before reaching the actual `.ts` walk. 3. **`chore(governance): clear 12 trusted-base false-positive escape hatches`** (was #126) Adds `.trusted-base-ignore` for 4 Rust pattern-detector tables (10 hits) — same FP class as the believe_me audit in `docs/PROOF-NEEDS.md` (zero real escapes). Adds `-- AXIOM:` / `-- TRUSTED:` magic-word lines in the script's 5-line window for two real Agda postulates (`funext`, `Conflicts`). ## Why bundled Each individual PR failed its OWN required checks because it depended on the others' fixes: - #128 (revert) needed `governance / Language / package anti-pattern policy` → fixed in #127 - #128 (revert) needed `governance / Trusted-base reduction policy` → fixed in #126 - #126 + #127 needed `T1 / *` live-provers GREEN → fixed in #128 Bundling resolves the chicken-and-egg. #126 and #127 are closed as superseded with backlinks. ## Verification - Local: `cargo check --lib` clean (1m 52s). - PR #126 had `Trusted-base reduction policy: SUCCESS` and `Validate K9 / A2ML / eclexiaiser: SUCCESS` before being closed — proves the fix works in isolation. - PR #127 had `Language / package anti-pattern policy: SUCCESS` before being closed. - All three classes of CI failure are now addressed in this single PR. ## Seam-gaps captured (out of scope) 1. **Dependabot major bumps + always-auto-merge interact badly**. Per the standing estate hook `feedback_always_automerge_prs`, auto-merge is universal. For major bumps without paired code updates, that's structurally unsafe — the only checks that DID gate the merges (validation gates) don't compile the workspace. Worth a follow-up: either Dependabot config to draft major bumps, or a per-repo guard requiring manual review for major-version-only PRs. 2. **`standards check-ts-allowlist.ts` could pass `--no-lock`** — the script is a read-only file walker that doesn't import anything, so the lockfile is irrelevant. Adding `--no-lock` makes it robust to this entire failure class estate-wide. 3. **`standards rust-ci-reusable` doesn't pass `--locked`** — `cargo check` / `cargo test` happily auto-update Cargo.lock during CI, masking version drift. Adding `--locked` to the reusable would surface drift the first time it happens, instead of when the next major hits. ## Test plan - [x] Local `cargo check --lib` clean. - [ ] CI: all required checks GREEN on this branch. - [ ] `T1 / z3`, `T1 / vampire`, `T1 / spass` GREEN (already verified GREEN on the first push of #128). Refs: #92 (broader baseline failures — this PR addresses the compile + trusted-base + language-policy slices). Supersedes #126, #127.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps rand from 0.9.4 to 0.10.1.
Changelog
Sourced from rand's changelog.
... (truncated)
Commits
27ff4cbPrepare v0.10.1: deprecate featurelog(#1763)98d0638make_rng: document panic and add #[track_caller] (#1761)54e5eaaFix doc error (#1758)1ce4c08Bump itoa from 1.0.17 to 1.0.18 in the all-deps group (#1756)ccb734bdocs: fix typo in doc comment (#1754)357eb7dBump libc from 0.2.182 to 0.2.183 in the all-deps group (#1753)5e77fe5Fix trait references in documentation (#1752)da89185Bump the all-deps group with 3 updates (#1751)50516ffBump the all-deps group with 2 updates (#1749)fd71de9Bump the all-deps group with 2 updates (#1747)