From be0a5ad7fcbc700692868b5326e56e94da6aa933 Mon Sep 17 00:00:00 2001
From: Denis Cornehl <denis@cornehl.org>
Date: Fri, 31 Jan 2025 07:12:45 +0100
Subject: [PATCH] upgrade comrak, getrandom, rand

---
 Cargo.lock     | 65 ++++++++++++++++++++++++++++++++++++++++++++------
 Cargo.toml     |  6 ++---
 src/web/csp.rs |  2 +-
 3 files changed, 62 insertions(+), 11 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 887ec92ab..1daf70dd6 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -27,7 +27,7 @@ dependencies = [
  "getrandom 0.2.15",
  "once_cell",
  "version_check",
- "zerocopy",
+ "zerocopy 0.7.35",
 ]
 
 [[package]]
@@ -1158,9 +1158,9 @@ dependencies = [
 
 [[package]]
 name = "comrak"
-version = "0.34.0"
+version = "0.35.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1664eb8abab93a9c09d1e85df10b4de6af0b4c738f267750b211a77a771447fe"
+checksum = "52602e10393cfaaf8accaf707f2da743dc22cbe700a343ff8dbc9e5e04bc6b74"
 dependencies = [
  "caseless",
  "entities",
@@ -1712,7 +1712,7 @@ dependencies = [
  "fn-error-context",
  "font-awesome-as-a-crate",
  "futures-util",
- "getrandom 0.2.15",
+ "getrandom 0.3.1",
  "gix 0.70.0",
  "grass",
  "hex",
@@ -1736,7 +1736,7 @@ dependencies = [
  "pretty_assertions",
  "procfs",
  "prometheus",
- "rand 0.8.5",
+ "rand 0.9.0",
  "rayon",
  "regex",
  "reqwest",
@@ -5513,7 +5513,7 @@ version = "0.2.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "77957b295656769bb8ad2b6a6b09d897d94f05c41b069aede1fcdaa675eaea04"
 dependencies = [
- "zerocopy",
+ "zerocopy 0.7.35",
 ]
 
 [[package]]
@@ -5644,6 +5644,17 @@ dependencies = [
  "rand_core 0.6.4",
 ]
 
+[[package]]
+name = "rand"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3779b94aeb87e8bd4e834cee3650289ee9e0d5677f976ecdb6d219e5f4f6cd94"
+dependencies = [
+ "rand_chacha 0.9.0",
+ "rand_core 0.9.0",
+ "zerocopy 0.8.14",
+]
+
 [[package]]
 name = "rand_chacha"
 version = "0.2.2"
@@ -5664,6 +5675,16 @@ dependencies = [
  "rand_core 0.6.4",
 ]
 
+[[package]]
+name = "rand_chacha"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb"
+dependencies = [
+ "ppv-lite86",
+ "rand_core 0.9.0",
+]
+
 [[package]]
 name = "rand_core"
 version = "0.5.1"
@@ -5682,6 +5703,16 @@ dependencies = [
  "getrandom 0.2.15",
 ]
 
+[[package]]
+name = "rand_core"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b08f3c9802962f7e1b25113931d94f43ed9725bebc59db9d0c3e9a23b67e15ff"
+dependencies = [
+ "getrandom 0.3.1",
+ "zerocopy 0.8.14",
+]
+
 [[package]]
 name = "rand_hc"
 version = "0.2.0"
@@ -8202,7 +8233,16 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0"
 dependencies = [
  "byteorder",
- "zerocopy-derive",
+ "zerocopy-derive 0.7.35",
+]
+
+[[package]]
+name = "zerocopy"
+version = "0.8.14"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a367f292d93d4eab890745e75a778da40909cab4d6ff8173693812f79c4a2468"
+dependencies = [
+ "zerocopy-derive 0.8.14",
 ]
 
 [[package]]
@@ -8216,6 +8256,17 @@ dependencies = [
  "syn 2.0.96",
 ]
 
+[[package]]
+name = "zerocopy-derive"
+version = "0.8.14"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d3931cb58c62c13adec22e38686b559c86a30565e16ad6e8510a337cedc611e1"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.96",
+]
+
 [[package]]
 name = "zerofrom"
 version = "0.1.5"
diff --git a/Cargo.toml b/Cargo.toml
index 0ba643dc4..5c55d0aff 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -37,7 +37,7 @@ docsrs-metadata = { path = "crates/metadata" }
 anyhow = { version = "1.0.42", features = ["backtrace"]}
 backtrace = "0.3.61"
 thiserror = "2.0.3"
-comrak = { version = "0.34.0", default-features = false }
+comrak = { version = "0.35.0", default-features = false }
 syntect = { version = "5.0.0", default-features = false, features = ["parsing", "html", "dump-load", "regex-onig"] }
 toml = "0.8.0"
 prometheus = { version = "0.13.0", default-features = false }
@@ -55,7 +55,7 @@ dashmap = "6.0.0"
 string_cache = "0.8.0"
 zip = {version = "2.2.0", default-features = false, features = ["bzip2"]}
 bzip2 = "0.5.0"
-getrandom = "0.2.1"
+getrandom = "0.3.1"
 itertools = { version = "0.14.0" }
 rusqlite = { version = "0.32.1", features = ["bundled"] }
 hex = "0.4.3"
@@ -110,7 +110,7 @@ criterion = "0.5.1"
 kuchikiki = "0.8"
 http02 = { version = "0.2.11", package = "http"}
 http-body-util = "0.1.0"
-rand = "0.8"
+rand = "0.9"
 mockito = "1.0.2"
 test-case = "3.0.0"
 tower = { version = "0.5.1", features = ["util"] }
diff --git a/src/web/csp.rs b/src/web/csp.rs
index 44608df4a..2b138d64f 100644
--- a/src/web/csp.rs
+++ b/src/web/csp.rs
@@ -21,7 +21,7 @@ impl Csp {
         // Nonces need to be different for each single request in order to maintain security, so we
         // generate a new one with a cryptographically-secure generator for each request.
         let mut random = [0u8; 36];
-        getrandom::getrandom(&mut random).expect("failed to generate a nonce");
+        getrandom::fill(&mut random).expect("failed to generate a nonce");
 
         Self {
             nonce: b64.encode(random),