The std feature from rand_core activates the alloc feature and the getrandom feature, which ends up including getrandom as a dependency.
For WebAssembly targets, it's only possible to obtain entropy if there's an external function that provides that. Because of this, getrandom only works if there are Javascript APIs enabled. If there aren't, it fails to build.
Solution
The source of entropy isn't needed inside the library, therefore, the getrandom feature does not need to be enabled. Therefore it's enough to replace enabling the std feature with enabling just the alloc feature.
There is a use case in a documentation test, which uses OsRng. However, it's still not necessary to manually enable the getrandom feature in dev-dependencies, because the curve25519-dalek dependency's default feature enables rand_core's std dependency.
Release Notes
I believe this is a backward compatible change. I think there could be a situation where some project has a dependency on rand_core without its default features and on merlin, and unknowingly uses getrandom, which with this PR would fail to compile. However, the solution would be to fix the rand_core dependency to enable the required feature.
Motivation
The
std
feature fromrand_core
activates thealloc
feature and thegetrandom
feature, which ends up includinggetrandom
as a dependency.For WebAssembly targets, it's only possible to obtain entropy if there's an external function that provides that. Because of this,
getrandom
only works if there are Javascript APIs enabled. If there aren't, it fails to build.Solution
The source of entropy isn't needed inside the library, therefore, the
getrandom
feature does not need to be enabled. Therefore it's enough to replace enabling thestd
feature with enabling just thealloc
feature.There is a use case in a documentation test, which uses
OsRng
. However, it's still not necessary to manually enable thegetrandom
feature indev-dependencies
, because thecurve25519-dalek
dependency'sdefault
feature enablesrand_core
'sstd
dependency.Release Notes
I believe this is a backward compatible change. I think there could be a situation where some project has a dependency on
rand_core
without its default features and onmerlin
, and unknowingly usesgetrandom
, which with this PR would fail to compile. However, the solution would be to fix therand_core
dependency to enable the required feature.