torrust · josecelano · Apr 14, 2026 · Apr 14, 2026
diff --git a/docs/issues/444-rand-0.9.2-rustsec.md b/docs/issues/444-rand-0.9.2-rustsec.md
@@ -45,20 +45,16 @@ Expected `cargo audit` output: no finding for `rand 0.9.x`.
 
 ## Steps
 
-- [ ] Run `cargo tree -p rand@0.9.3` — confirm it resolves without error
-- [ ] Run `cargo audit` — confirm no finding for RUSTSEC-2026-0097 on rand 0.9.x
+- [x] Run `cargo tree -p rand@0.9.3` — confirm it resolves without error
+- [x] Run `cargo audit` — confirm no finding for RUSTSEC-2026-0097 on rand 0.9.x
 - [ ] Post a comment on #444 with both outputs
 - [ ] Close #444
 
-## If the audit still reports rand 0.9.2
-
-Run `cargo tree -i rand@0.9.2` to find which crate pins it, then apply
-`cargo update rand` or bump that crate.
-
 ## Outcome
 
-<!-- Fill in after doing the work -->
-
-- Date:
-- Result:
-- Comment/PR:
+- Date: 2026-04-14
+- Result: **Resolved.** `cargo tree -p rand@0.9.3` resolves cleanly to `rand 0.9.3`
+  (patched). `cargo audit` reports only `rand 0.8.5` (tracked separately in #443)
+  — zero finding for `rand 0.9.x`. Issue #444 was opened before `Cargo.lock` was
+  updated to `rand 0.9.3`.
+- Comment/PR: <!-- fill in after posting the comment and closing #444 -->