From 93f9743d3b116d0adfdcc59b45c2f3705d2ee097 Mon Sep 17 00:00:00 2001
From: lovasoa <contact@ophir.dev>
Date: Wed, 21 May 2025 12:31:58 +0200
Subject: [PATCH 1/2] update rand to the latest version

---
 Cargo.lock                                    | 37 +++++++++++++++----
 Cargo.toml                                    |  2 +-
 sqlx-core/Cargo.toml                          |  2 +-
 .../src/postgres/connection/establish.rs      |  2 +-
 sqlx-core/src/postgres/connection/sasl.rs     | 14 +++----
 5 files changed, 40 insertions(+), 17 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 8135699124..8de549d0c6 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1979,9 +1979,9 @@ checksum = "4a5f13b858c8d314ee3e8f639011f7ccefe71f97f96e50151fb991f267928e2c"
 
 [[package]]
 name = "jiff"
-version = "0.2.13"
+version = "0.2.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f02000660d30638906021176af16b17498bd0d12813dbfe7b276d8bc7f3c0806"
+checksum = "a194df1107f33c79f4f93d02c80798520551949d59dfad22b6157048a88cca93"
 dependencies = [
  "jiff-static",
  "log",
@@ -1992,9 +1992,9 @@ dependencies = [
 
 [[package]]
 name = "jiff-static"
-version = "0.2.13"
+version = "0.2.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f3c30758ddd7188629c6713fc45d1188af4f44c90582311d0c8d8c9907f60c48"
+checksum = "6c6e1db7ed32c6c71b759497fae34bf7933636f75a251b9e736555da426f6442"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -2877,10 +2877,20 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
 dependencies = [
  "libc",
- "rand_chacha",
+ "rand_chacha 0.3.1",
  "rand_core 0.6.4",
 ]
 
+[[package]]
+name = "rand"
+version = "0.9.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9fbfd9d094a40bf3ae768db9361049ace4c0e04a4fd6b359518bd7b73a73dd97"
+dependencies = [
+ "rand_chacha 0.9.0",
+ "rand_core 0.9.3",
+]
+
 [[package]]
 name = "rand_chacha"
 version = "0.3.1"
@@ -2891,6 +2901,16 @@ dependencies = [
  "rand_core 0.6.4",
 ]
 
+[[package]]
+name = "rand_chacha"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb"
+dependencies = [
+ "ppv-lite86",
+ "rand_core 0.9.3",
+]
+
 [[package]]
 name = "rand_core"
 version = "0.3.1"
@@ -2920,6 +2940,9 @@ name = "rand_core"
 version = "0.9.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "99d9a13982dcf210057a8a78572b2217b667c3beacbf3a0d8b454f6f82837d38"
+dependencies = [
+ "getrandom 0.3.3",
+]
 
 [[package]]
 name = "rand_xoshiro"
@@ -3580,7 +3603,7 @@ dependencies = [
  "once_cell",
  "paste",
  "percent-encoding",
- "rand 0.8.5",
+ "rand 0.9.1",
  "regex",
  "rsa",
  "rust_decimal",
@@ -3728,7 +3751,7 @@ dependencies = [
  "hex",
  "libsqlite3-sys",
  "paste",
- "rand 0.8.5",
+ "rand 0.9.1",
  "rand_xoshiro",
  "serde",
  "serde_json",
diff --git a/Cargo.toml b/Cargo.toml
index c1dbfcd0b8..2dc25e1a3e 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -144,7 +144,7 @@ paste = "1.0.6"
 serde = { version = "1.0.132", features = ["derive"] }
 serde_json = "1.0.73"
 url = "2.2.2"
-rand = "0.8"
+rand = "0.9"
 rand_xoshiro = "0.7.0"
 hex = "0.4.3"
 tempdir = "0.3.7"
diff --git a/sqlx-core/Cargo.toml b/sqlx-core/Cargo.toml
index 4cb41fbc7e..748121b92a 100644
--- a/sqlx-core/Cargo.toml
+++ b/sqlx-core/Cargo.toml
@@ -141,7 +141,7 @@ memchr = { version = "2.4.1", default-features = false }
 num-bigint = { version = "0.4.0", default-features = false, optional = true, features = ["std"] }
 once_cell = "1.9.0"
 percent-encoding = "2.1.0"
-rand = { version = "0.8", default-features = false, optional = true, features = ["std", "std_rng"] }
+rand = { version = "0.9", default-features = false, optional = true, features = ["std_rng", "small_rng", "thread_rng"] }
 regex = { version = "1.5.5", optional = true }
 rsa = { version = "0.9.2", optional = true }
 rustls = { version = "0.23", optional = true }
diff --git a/sqlx-core/src/postgres/connection/establish.rs b/sqlx-core/src/postgres/connection/establish.rs
index ff8a03d9df..0262212608 100644
--- a/sqlx-core/src/postgres/connection/establish.rs
+++ b/sqlx-core/src/postgres/connection/establish.rs
@@ -146,7 +146,7 @@ impl PgConnection {
             transaction_status,
             transaction_depth: 0,
             pending_ready_for_query_count: 0,
-            next_statement_id: Oid(rand::thread_rng().gen()),
+            next_statement_id: Oid(rand::rng().random()),
             cache_statement: StatementCache::new(options.statement_cache_capacity),
             cache_type_oid: HashMap::new(),
             cache_type_info: HashMap::new(),
diff --git a/sqlx-core/src/postgres/connection/sasl.rs b/sqlx-core/src/postgres/connection/sasl.rs
index 5e1939c3dc..b3201a6897 100644
--- a/sqlx-core/src/postgres/connection/sasl.rs
+++ b/sqlx-core/src/postgres/connection/sasl.rs
@@ -63,11 +63,11 @@ pub(crate) async fn authenticate(
     };
 
     // nonce = "r=" c-nonce [s-nonce] ;; Second part provided by server.
-    let nonce = gen_nonce();
+    let client_nonce = gen_nonce();
 
     // client-first-message-bare = [reserved-mext ","] username "," nonce ["," extensions]
     let client_first_message_bare =
-        format!("{username},{nonce}", username = username, nonce = nonce);
+        format!("{username},{client_nonce}", username = username, client_nonce = client_nonce);
 
     let client_first_message = format!(
         "{gs2_header}{client_first_message_bare}",
@@ -174,8 +174,8 @@ pub(crate) async fn authenticate(
 
 // nonce is a sequence of random printable bytes
 fn gen_nonce() -> String {
-    let mut rng = rand::thread_rng();
-    let count = rng.gen_range(64..128);
+    let mut rng = rand::rng();
+    let count = rng.random_range(64..128);
 
     // printable = %x21-2B / %x2D-7E
     // ;; Printable ASCII except ",".
@@ -183,10 +183,10 @@ fn gen_nonce() -> String {
     // ;; a valid "value".
     let nonce: String = std::iter::repeat(())
         .map(|()| {
-            let mut c = rng.gen_range(0x21..0x7F) as u8;
+            let mut c = rng.random_range(0x21..0x7F) as u8;
 
             while c == 0x2C {
-                c = rng.gen_range(0x21..0x7F) as u8;
+                c = rng.random_range(0x21..0x7F) as u8;
             }
 
             c
@@ -195,7 +195,7 @@ fn gen_nonce() -> String {
         .map(|c| c as char)
         .collect();
 
-    rng.gen_range(32..128);
+    rng.random_range(32..128);
     format!("{}={}", NONCE_ATTR, nonce)
 }
 

From 893e03fe1bb6d366f753fb724808b09636c0f88a Mon Sep 17 00:00:00 2001
From: lovasoa <contact@ophir.dev>
Date: Wed, 21 May 2025 12:33:19 +0200
Subject: [PATCH 2/2] fmt

---
 sqlx-core/src/postgres/connection/sasl.rs | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/sqlx-core/src/postgres/connection/sasl.rs b/sqlx-core/src/postgres/connection/sasl.rs
index b3201a6897..1285521fb7 100644
--- a/sqlx-core/src/postgres/connection/sasl.rs
+++ b/sqlx-core/src/postgres/connection/sasl.rs
@@ -66,8 +66,11 @@ pub(crate) async fn authenticate(
     let client_nonce = gen_nonce();
 
     // client-first-message-bare = [reserved-mext ","] username "," nonce ["," extensions]
-    let client_first_message_bare =
-        format!("{username},{client_nonce}", username = username, client_nonce = client_nonce);
+    let client_first_message_bare = format!(
+        "{username},{client_nonce}",
+        username = username,
+        client_nonce = client_nonce
+    );
 
     let client_first_message = format!(
         "{gs2_header}{client_first_message_bare}",