The std feature from rand_core activates the alloc feature and the getrandom feature, which ends up including getrandom as a dependency.
For WebAssembly targets, it's only possible to obtain entropy if there's an external function that provides that. Because of this, getrandom only works if there are Javascript APIs enabled. If there aren't, it fails to build.
Solution
The source of entropy isn't needed inside the library, therefore, the getrandom feature does not need to be enabled. Therefore it's enough to replace enabling the std feature with enabling just the alloc feature.
There is a use case in a documentation test, which uses OsRng. However, it's still not necessary to manually enable the getrandom feature in dev-dependencies, because the curve25519-dalek dependency's default feature enables rand_core's std dependency.
Release Notes
I believe this is a backward compatible change. I think there could be a situation where some project has a dependency on rand_core without its default features and on merlin, and unknowingly uses getrandom, which with this PR would fail to compile. However, the solution would be to fix the rand_core dependency to enable the required feature.
Motivation
The
stdfeature fromrand_coreactivates theallocfeature and thegetrandomfeature, which ends up includinggetrandomas a dependency.For WebAssembly targets, it's only possible to obtain entropy if there's an external function that provides that. Because of this,
getrandomonly works if there are Javascript APIs enabled. If there aren't, it fails to build.Solution
The source of entropy isn't needed inside the library, therefore, the
getrandomfeature does not need to be enabled. Therefore it's enough to replace enabling thestdfeature with enabling just theallocfeature.There is a use case in a documentation test, which uses
OsRng. However, it's still not necessary to manually enable thegetrandomfeature indev-dependencies, because thecurve25519-dalekdependency'sdefaultfeature enablesrand_core'sstddependency.Release Notes
I believe this is a backward compatible change. I think there could be a situation where some project has a dependency on
rand_corewithout its default features and onmerlin, and unknowingly usesgetrandom, which with this PR would fail to compile. However, the solution would be to fix therand_coredependency to enable the required feature.