NethermindEth
diff --git a/‎Cargo.lock‎
Lines changed: 1 addition & 1 deletion b/‎Cargo.lock‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎deny.toml‎
Lines changed: 7 additions & 0 deletions b/‎deny.toml‎
Lines changed: 7 additions & 0 deletions
@@ -30,6 +30,13 @@ ignore = [
     # (stuck on 0.7.3) and `alloy-signer-local` (stuck on 0.8.5). Neither is
     # reachable from Pluto's loggers. Remove once upstream bumps to >=0.9.3.
     { id = "RUSTSEC-2026-0097", reason = "transitive rand <0.9.3 via cuckoofilter and alloy-signer-local; not triggerable from our code" },
+    # `hickory-proto` 0.26.1 exists, but current latest `libp2p` (0.56.0)
+    # still pins `libp2p-dns` / `libp2p-mdns` to Hickory 0.25.2. Pluto does not
+    # enable Hickory DNSSEC validation. Remove once libp2p moves to fixed Hickory.
+    { id = "RUSTSEC-2026-0118", reason = "transitive hickory-proto 0.25.2 via latest libp2p DNS/mDNS; DNSSEC validation path not enabled by Pluto" },
+    # Same pinned `libp2p` DNS/mDNS stack as above. Cargo cannot select
+    # `hickory-proto` 0.26.1 until the libp2p crates relax their 0.25.2 pins.
+    { id = "RUSTSEC-2026-0119", reason = "transitive hickory-proto 0.25.2 via latest libp2p DNS/mDNS; fixed hickory exists but libp2p still pins 0.25.2" },
 ]
 unmaintained = "workspace"