Skip to content

Update Rust crate nanoid to 0.5.0#19176

Closed
renovate[bot] wants to merge 1 commit intomainfrom
renovate/nanoid-0.x
Closed

Update Rust crate nanoid to 0.5.0#19176
renovate[bot] wants to merge 1 commit intomainfrom
renovate/nanoid-0.x

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Apr 27, 2026

This PR contains the following updates:

Package Type Update Change
nanoid workspace.dependencies minor 0.4.00.5.0

Release Notes

mrdimidium/nanoid (nanoid)

v0.5.0

Compare Source

  • Bump rand to 0.9
  • Add rngs::thread_local random source (#​36)
  • format now accepts any FnMut(usize) -> Vec<u8> random generator, enabling
    seeded and stateful RNGs (#​32, #​41). Non-capturing fn(usize) -> Vec<u8>
    callers continue to work unchanged.
  • nanoid! macro size argument now accepts any expression, not only a single
    token (#​28)
  • Specialized fast path for alphabets whose size is a power of two (#​35).
    Note: for seeded RNGs paired with a power-of-two alphabet (e.g. SAFE, the
    new HEX_* presets), the number of random bytes consumed per ID has changed
    — the output for a given seed will differ from 0.4.0.
  • Add alphabet::HEX_LOWERCASE and alphabet::HEX_UPPERCASE presets (#​39)
  • Optional smartstring feature for small-string-optimized output (#​29)
  • Refreshed CI (GitHub Actions across OS matrix), drop Travis/AppVeyor
  • Switched benchmarks to criterion

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added build:skip-docker Disable building Docker images for a pull request build:skip-release Disable building release binaries for a pull request internal A refactor or improvement that is not user-facing labels Apr 27, 2026
@zanieb
Copy link
Copy Markdown
Member

zanieb commented Apr 27, 2026

Kind of high risk because they migrated CI and the diff is big

@woodruffw woodruffw mentioned this pull request Apr 28, 2026
Merged
woodruffw added a commit that referenced this pull request Apr 29, 2026
@woodruffw
Remove our dependency on nanoid (#19201)
0e69f0c 
## Summary

This introduces a new workspace member, `uv-fastid`. `uv-fastid`
provides IDs using the same alphabet as nanoid, but with a slightly
smaller token size (16 instead of 21) and fewer knobs for configuration.

In practice it should also be faster, since our IDs are now trivially
copyable + don't require any heap allocations to construct internally.
This is probably not a huge deal in our case anyways (ID generation
isn't exactly dominating our runtime), but it doesn't hurt to have a
fast primitive here.

The two main APIs I've added are `insecure()` and `secure()`, whose
names refer to the kind of PRNG they use internally. Right now we only
use `insecure()`, since we don't actually need a CSPRNG for the uses of
nanoid we're replacing (revision and archive IDs).

Some other notes:

- Arguably we could remove the secure/insecure distinction entirely, and
just keep the CSPRNG path -- with `rand` we have a purely userspace
CSPRNG (seeded from the OS's CSPRNG), so we don't really need `fastrand`
for performance here.
- I'm guilty of using `unsafe` in this, although I think the usage is
demonstrably safe (as long as crate-private invariants are maintained) 🙂
- I think there's no breakage risk with this -- FWICT our only usage of
`nanoid` doesn't make any format assumptions, so switching to a slightly
shorter ID form here shouldn't break anything. Our previous IDs also
aren't part of any public interface AFAICT.

Closes #19176.

## Test Plan

Added unit tests to the new `uv-fastid` crate. Our existing tests should
cover this transitively as well.

---------

Signed-off-by: William Woodruff <william@astral.sh>
@renovate renovate Bot deleted the renovate/nanoid-0.x branch April 29, 2026 15:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

build:skip-docker Disable building Docker images for a pull request build:skip-release Disable building release binaries for a pull request internal A refactor or improvement that is not user-facing

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@zanieb