Help needed: newer picky/sspi versions unblock downstream integration, but IronRDP workspace still hits a dependency conflict

[sfwwslm]

I’m investigating IronRDP 0.14.0 integration in a larger Rust workspace, and the main problem I ran into was
a dependency conflict in the current published dependency chain around security-related crates.

More specifically, the dependency chain around ironrdp-connector -> picky -> ... conflicts with
other crates in my workspace. That conflict is the reason I tried moving IronRDP to newer picky /
sspi versions.

I am not familiar enough with the IronRDP codebase to judge the correct upstream solution or the full
impact of these changes, so I’m opening this issue mainly to share what I found and ask for guidance.

I tested the following two changes in a fork:

• build: update picky to 7.0.0-rc.22 and sspi to 0.19
• fix: adapt ironrdp-connector and ironrdp-tokio to sspi 0.19

Commits:

• sfwwslm@7696d0e
• sfwwslm@38548a2

These changes were enough to unblock my downstream integration scenario: after applying them in my
fork, my project was able to build and run successfully again.

The two code-level fixes were:

1. ironrdp-connector

   • sspi::KerberosConfig.client_computer_name is no longer Option<String>
   • the KerberosConfig -> sspi::KerberosConfig conversion needs adjustment

2. ironrdp-tokio

   • the reqwest network client needs to use the sspi types re-exported by ironrdp-connector
   • otherwise trait signatures no longer match after the sspi 0.19 upgrade

However, when checking the IronRDP workspace itself, I still hit another dependency conflict:

error: failed to select a version for `rand_core`.
...
required by package `getrandom v0.4.0`
... which satisfies dependency `getrandom = "^0.4"` of package `uuid v1.22.0`
... which satisfies dependency `uuid = "^1.21"` of package `ironrdp-client`
...
previously selected package `rand_core v0.10.0-rc-3`
... which satisfies dependency `rand_core = "=0.10.0-rc-3"` of package `picky v7.0.0-rc.22`

So from my point of view:

- upgrading picky / sspi seems useful and already helps in a real downstream integration scenario
- the two compatibility fixes above also seem necessary for that path
- but the IronRDP workspace still appears to need additional dependency alignment, likely involving:
    - picky
    - rand_core
    - getrandom
    - uuid
    - possibly ironrdp-client

I’m not claiming this is a complete fix. I’m mainly sharing a reproducible investigation path and
asking:

1. does this upgrade direction make sense upstream?
2. do the two compatibility fixes above look conceptually correct?
3. what would be the right next step for the remaining workspace conflict?

My main motivation here is resolving the current security dependency conflict in downstream projects,
and this upgrade path already appears to help with that.