Why Random.jl is fixed to version 0.0.0?

I’m trying to explicitly specify the compatibilities of some standard packages as recently required by the General registry. I added Random = "1.9" (or "1", I tried both, resulting in the same error) to Project.toml of NNlib.jl but the CI ended up with the following error in an integration test:

ERROR: LoadError: Unsatisfiable requirements detected for package Random [9a3f8284]:
 Random [9a3f8284] log:
 ├─possible versions are: 0.0.0 or uninstalled (package in sysimage!)
 ├─restricted to versions 1.6.0-1 by Lux [b2108857] — no versions left
 │ └─Lux [b2108857] log:
 │   ├─possible versions are: 0.5.9 or uninstalled
 │   └─Lux [b2108857] is fixed to version 0.5.9
 └─Random [9a3f8284] is fixed to version 0.0.0

(see Set compatibilities for standard packages · FluxML/NNlib.jl@25d4eca · GitHub for the complete messages)

Random.jl 1.6.0 or newer is required by Lux.jl and it was run on Julia 1.9.3, so there must be a natural compatibility. However, Random.jl is fixed to version 0.0.0 for some reason and we cannot satisfy the compatibility. What is the problem of this? Or do I misunderstand the error message?

Basically, this happens if either:

  1. You are using Julia 1.3 or earlier.
  2. You are using Julia 1.4+, and you do Pkg operations inside your test suite.

For almost all stdlibs (including Random), the fix is:

StdlibName = "<0.0.1, 1"

For the SHA stdlib specifically, the fix is:

SHA = "<0.0.1, 0.7, 1"