diff --git a/Cargo.lock b/Cargo.lock index 867aadd62..69796dfab 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -203,9 +203,9 @@ dependencies = [ [[package]] name = "aws-lc-rs" -version = "1.16.3" +version = "1.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0ec6fb3fe69024a75fa7e1bfb48aa6cf59706a101658ea01bfd33b2b248a038f" +checksum = "5ec2f1fc3ec205783a5da9a7e6c1509cc69dedf09a1949e412c1e18469326d00" dependencies = [ "aws-lc-sys", "zeroize", @@ -213,9 +213,9 @@ dependencies = [ [[package]] name = "aws-lc-sys" -version = "0.40.0" +version = "0.41.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f50037ee5e1e41e7b8f9d161680a725bd1626cb6f8c7e901f91f942850852fe7" +checksum = "1a2f9779ce85b93ab6170dd940ad0169b5766ff848247aff13bb788b832fe3f4" dependencies = [ "cc", "cmake", @@ -894,9 +894,9 @@ dependencies = [ [[package]] name = "crypto-common" -version = "0.2.1" +version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77727bb15fa921304124b128af125e7e3b968275d1b108b379190264f4423710" +checksum = "ce6e4c961d6cd6c9a86db418387425e8bdeaf05b3c8bc1411e6dca4c252f1453" dependencies = [ "hybrid-array", ] @@ -1045,7 +1045,7 @@ checksum = "f1dd6dbb5841937940781866fa1281a1ff7bd3bf827091440879f9994983d5c2" dependencies = [ "block-buffer 0.12.0", "const-oid 0.10.2", - "crypto-common 0.2.1", + "crypto-common 0.2.2", "ctutils", ] @@ -1089,9 +1089,9 @@ checksum = "d0881ea181b1df73ff77ffaaf9c7544ecc11e82fba9b5f27b262a3c73a332555" [[package]] name = "either" -version = "1.15.0" +version = "1.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719" +checksum = "91622ff5e7162018101f2fea40d6ebf4a78bbe5a49736a2020649edf9693679e" dependencies = [ "serde", ] @@ -2150,9 +2150,9 @@ checksum = "47e1ffaa40ddd1f3ed91f717a33c8c0ee23fff369e3aa8772b9605cc1d22f4c3" [[package]] name = "maybe-async" -version = "0.2.10" +version = "0.2.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5cf92c10c7e361d6b99666ec1c6f9805b0bea2c3bd8c78dc6fe98ac5bd78db11" +checksum = "746873a384ad60adc5db74471dfaba74bd278afbdcfd81db93fafcdfc8b5ca0c" dependencies = [ "proc-macro2", "quote", @@ -2216,9 +2216,9 @@ dependencies = [ [[package]] name = "metrics-util" -version = "0.20.3" +version = "0.20.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9e56997f084e57b045edf17c3ed8ba7f9f779c670df8206dfd1c736f4c02dc4a" +checksum = "96f8722f8562635f92f8ed992f26df0532266eb03d5202607c20c0d7e9745e13" dependencies = [ "crossbeam-epoch", "crossbeam-utils", @@ -2426,9 +2426,9 @@ dependencies = [ [[package]] name = "num-conv" -version = "0.2.1" +version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c6673768db2d862beb9b39a78fdcb1a69439615d5794a1be50caa9bc92c81967" +checksum = "521739c6d2bac4aa25192232afe6841231376b2b26d4d9fae5ecf8ca5772e441" [[package]] name = "num-integer" @@ -2602,9 +2602,9 @@ dependencies = [ [[package]] name = "pastey" -version = "0.2.2" +version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c5a797f0e07bdf071d15742978fc3128ec6c22891c31a3a931513263904c982a" +checksum = "2ee67f1008b1ba2321834326597b8e186293b049a023cdef258527550b9935b4" [[package]] name = "pbkdf2" @@ -3907,7 +3907,7 @@ dependencies = [ "async-trait", "axum", "base64", - "getrandom 0.2.17", + "getrandom 0.4.2", "hex", "nix", "reqwest 0.13.3", @@ -4837,7 +4837,7 @@ version = "1.1.2+spec-1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a2abe9b86193656635d2411dc43050282ca48aa31c2451210f4202550afb7526" dependencies = [ - "winnow 1.0.2", + "winnow 1.0.3", ] [[package]] @@ -5823,9 +5823,9 @@ dependencies = [ [[package]] name = "winnow" -version = "1.0.2" +version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2ee1708bef14716a11bae175f579062d4554d95be2c6829f518df847b7b3fdd0" +checksum = "0592e1c9d151f854e6fd382574c3a0855250e1d9b2f99d9281c6e6391af352f1" [[package]] name = "wit-bindgen" @@ -5972,9 +5972,9 @@ dependencies = [ [[package]] name = "zerofrom" -version = "0.1.7" +version = "0.1.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "69faa1f2a1ea75661980b013019ed6687ed0e83d069bc1114e2cc74c6c04c4df" +checksum = "0ec05a11813ea801ff6d75110ad09cd0824ddba17dfe17128ea0d5f68e6c5272" dependencies = [ "zerofrom-derive", ] diff --git a/crates/sprout-agent/Cargo.toml b/crates/sprout-agent/Cargo.toml index 1c2b66cf5..f47dd0d3f 100644 --- a/crates/sprout-agent/Cargo.toml +++ b/crates/sprout-agent/Cargo.toml @@ -31,7 +31,7 @@ serde_json = { workspace = true } reqwest = { workspace = true, features = ["json", "rustls", "form"] } rmcp = { version = "1", default-features = false, features = ["client", "transport-child-process"] } arc-swap = "1" -getrandom = "0.2" +getrandom = "0.4" tracing = { workspace = true } tracing-subscriber = { workspace = true } # OAuth 2.0 PKCE for Databricks (and future browser-auth providers). diff --git a/crates/sprout-agent/src/auth.rs b/crates/sprout-agent/src/auth.rs index 213d491d2..8f740348a 100644 --- a/crates/sprout-agent/src/auth.rs +++ b/crates/sprout-agent/src/auth.rs @@ -340,7 +340,7 @@ fn token_from_response( /// challenge (RFC 7636 ยง4.2). fn pkce_pair() -> Result<(String, String), AgentError> { let mut bytes = [0u8; 48]; - getrandom::getrandom(&mut bytes).map_err(|e| AgentError::Llm(format!("pkce rng: {e}")))?; + getrandom::fill(&mut bytes).map_err(|e| AgentError::Llm(format!("pkce rng: {e}")))?; let verifier = base64::engine::general_purpose::URL_SAFE_NO_PAD.encode(bytes); let challenge = base64::engine::general_purpose::URL_SAFE_NO_PAD .encode(sha2::Sha256::digest(verifier.as_bytes())); @@ -349,7 +349,7 @@ fn pkce_pair() -> Result<(String, String), AgentError> { fn random_state() -> Result { let mut bytes = [0u8; 16]; - getrandom::getrandom(&mut bytes).map_err(|e| AgentError::Llm(format!("state rng: {e}")))?; + getrandom::fill(&mut bytes).map_err(|e| AgentError::Llm(format!("state rng: {e}")))?; Ok(base64::engine::general_purpose::URL_SAFE_NO_PAD.encode(bytes)) } diff --git a/crates/sprout-agent/src/lib.rs b/crates/sprout-agent/src/lib.rs index 908367f68..5f90790ae 100644 --- a/crates/sprout-agent/src/lib.rs +++ b/crates/sprout-agent/src/lib.rs @@ -403,6 +403,6 @@ async fn acquire_session( fn session_token() -> Result { let mut b = [0u8; 8]; - getrandom::getrandom(&mut b).map_err(|e| format!("rng: getrandom failed: {e}"))?; + getrandom::fill(&mut b).map_err(|e| format!("rng: getrandom failed: {e}"))?; Ok(b.iter().map(|x| format!("{x:02x}")).collect()) } diff --git a/crates/sprout-agent/src/llm.rs b/crates/sprout-agent/src/llm.rs index 8245e24aa..22c111142 100644 --- a/crates/sprout-agent/src/llm.rs +++ b/crates/sprout-agent/src/llm.rs @@ -666,7 +666,7 @@ async fn backoff_with_jitter(attempt: u32) { .min(MAX_BACKOFF_MS); let mut buf = [0u8; 8]; let jitter_range = base / 2; - let delay = if jitter_range > 0 && getrandom::getrandom(&mut buf).is_ok() { + let delay = if jitter_range > 0 && getrandom::fill(&mut buf).is_ok() { let r = u64::from_le_bytes(buf) % jitter_range; base - jitter_range + r } else { diff --git a/crates/sprout-agent/src/mcp.rs b/crates/sprout-agent/src/mcp.rs index b332400b3..21e8da086 100644 --- a/crates/sprout-agent/src/mcp.rs +++ b/crates/sprout-agent/src/mcp.rs @@ -781,7 +781,7 @@ fn backoff(attempt: u32, base: Duration, max: Duration) -> Duration { fn jitter_percent() -> i64 { let mut buf = [0u8; 1]; - let _ = getrandom::getrandom(&mut buf); + let _ = getrandom::fill(&mut buf); ((buf[0] as i64) % 41) - 20 }