From 0bf7b810322370c5a15f043e24a36ebcf95059e5 Mon Sep 17 00:00:00 2001
From: Ruy Rocha <108208+ruyrocha@users.noreply.github.com>
Date: Thu, 4 Jun 2026 15:42:04 -0300
Subject: [PATCH 1/2] Update rand to 0.9.4/0.10.1 to fix GHSA-cq8v-f236-94qc

---
 Cargo.lock                              | 50 ++++++++++++-------------
 crates/stdarch-gen-loongarch/Cargo.toml |  2 +-
 examples/Cargo.toml                     |  2 +-
 3 files changed, 27 insertions(+), 27 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index a1c31fa9f0..804879c8fd 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -282,13 +282,14 @@ checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2"
 
 [[package]]
 name = "getrandom"
-version = "0.2.17"
+version = "0.3.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ff2abc00be7fca6ebc474524697ae276ad847ad0a6b3faa4bcb027e9a4614ad0"
+checksum = "899def5c37c4fd7b2664648c28120ecec138e4d395b459e5ca34f9cce2dd77fd"
 dependencies = [
  "cfg-if",
  "libc",
- "wasi",
+ "r-efi 5.3.0",
+ "wasip2",
 ]
 
 [[package]]
@@ -299,7 +300,7 @@ checksum = "0de51e6874e94e7bf76d726fc5d13ba782deca734ff60d5bb2fb2607c7406555"
 dependencies = [
  "cfg-if",
  "libc",
- "r-efi",
+ "r-efi 6.0.0",
  "rand_core 0.10.0",
  "wasip2",
  "wasip3",
@@ -529,7 +530,7 @@ checksum = "95c589f335db0f6aaa168a7cd27b1fc6920f5e1470c804f814d9cd6e62a0f70b"
 dependencies = [
  "env_logger 0.11.10",
  "log",
- "rand 0.10.0",
+ "rand 0.10.1",
 ]
 
 [[package]]
@@ -541,6 +542,12 @@ dependencies = [
  "proc-macro2",
 ]
 
+[[package]]
+name = "r-efi"
+version = "5.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f"
+
 [[package]]
 name = "r-efi"
 version = "6.0.0"
@@ -549,20 +556,19 @@ checksum = "f8dcc9c7d52a811697d2151c701e0d08956f92b0e24136cf4cf27b57a6a0d9bf"
 
 [[package]]
 name = "rand"
-version = "0.8.5"
+version = "0.9.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
+checksum = "44c5af06bb1b7d3216d91932aed5265164bf384dc89cd6ba05cf59a35f5f76ea"
 dependencies = [
- "libc",
  "rand_chacha",
- "rand_core 0.6.4",
+ "rand_core 0.9.5",
 ]
 
 [[package]]
 name = "rand"
-version = "0.10.0"
+version = "0.10.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bc266eb313df6c5c09c1c7b1fbe2510961e5bcd3add930c1e31f7ed9da0feff8"
+checksum = "d2e8e8bcc7961af1fdac401278c6a831614941f6164ee3bf4ce61b7edb162207"
 dependencies = [
  "getrandom 0.4.2",
  "rand_core 0.10.0",
@@ -570,21 +576,21 @@ dependencies = [
 
 [[package]]
 name = "rand_chacha"
-version = "0.3.1"
+version = "0.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
+checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb"
 dependencies = [
  "ppv-lite86",
- "rand_core 0.6.4",
+ "rand_core 0.9.5",
 ]
 
 [[package]]
 name = "rand_core"
-version = "0.6.4"
+version = "0.9.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"
+checksum = "76afc826de14238e6e8c374ddcc1fa19e374fd8dd986b0d2af0d02377261d83c"
 dependencies = [
- "getrandom 0.2.17",
+ "getrandom 0.3.4",
 ]
 
 [[package]]
@@ -805,7 +811,7 @@ dependencies = [
 name = "stdarch-gen-loongarch"
 version = "0.1.0"
 dependencies = [
- "rand 0.8.5",
+ "rand 0.9.4",
 ]
 
 [[package]]
@@ -838,7 +844,7 @@ version = "0.0.0"
 dependencies = [
  "core_arch",
  "quickcheck",
- "rand 0.8.5",
+ "rand 0.9.4",
 ]
 
 [[package]]
@@ -921,12 +927,6 @@ dependencies = [
  "winapi-util",
 ]
 
-[[package]]
-name = "wasi"
-version = "0.11.1+wasi-snapshot-preview1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b"
-
 [[package]]
 name = "wasip2"
 version = "1.0.2+wasi-0.2.9"
diff --git a/crates/stdarch-gen-loongarch/Cargo.toml b/crates/stdarch-gen-loongarch/Cargo.toml
index d3ac607c55..1a8c052ebe 100644
--- a/crates/stdarch-gen-loongarch/Cargo.toml
+++ b/crates/stdarch-gen-loongarch/Cargo.toml
@@ -7,4 +7,4 @@ edition = "2024"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-rand = "0.8.5"
+rand = "0.9.3"
diff --git a/examples/Cargo.toml b/examples/Cargo.toml
index c4fc4c7e37..8752f20652 100644
--- a/examples/Cargo.toml
+++ b/examples/Cargo.toml
@@ -13,7 +13,7 @@ default-run = "hex"
 [dependencies]
 core_arch = { path = "../crates/core_arch" }
 quickcheck = "1.0"
-rand = "0.8"
+rand = "0.9.3"
 
 [[bin]]
 name = "hex"

From 97763d14e0baf9c7e6c149fce7fdd1665ecbd88a Mon Sep 17 00:00:00 2001
From: Ruy Rocha <108208+ruyrocha@users.noreply.github.com>
Date: Thu, 4 Jun 2026 21:36:20 -0300
Subject: [PATCH 2/2] Rename function.

---
 examples/connect5.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/examples/connect5.rs b/examples/connect5.rs
index f24657b148..2df294b16b 100644
--- a/examples/connect5.rs
+++ b/examples/connect5.rs
@@ -33,8 +33,8 @@
 #![cfg_attr(target_arch = "x86_64", feature(stdarch_internal))]
 #![feature(stmt_expr_attributes)]
 
+use rand::rng;
 use rand::seq::SliceRandom;
-use rand::thread_rng;
 
 use std::cmp;
 use std::time::Instant;
@@ -374,7 +374,7 @@ impl List {
     }
 
     pub fn shuffle(&mut self) {
-        let mut rng = thread_rng();
+        let mut rng = rng();
         let num = self.p_size as usize;
 
         self.p_move[..num].shuffle(&mut rng);