Commit 2bd1a2b
committed
fix: upgrade hickory-resolver to 0.26 for RUSTSEC advisories
# Summary
`cargo audit` flagged two denial-of-service advisories in
`hickory-proto 0.25.2`, pulled in transitively through `hickory-resolver`,
failing the security audit. Upgrading `hickory-resolver` to 0.26 resolves
`hickory-proto` to 0.26.1 and clears both advisories. The upgrade also
requires adapting to 0.26 API changes and restoring the DNS lookup order
that 0.26 silently changed.
# Details
- Bump `hickory-resolver` from 0.25 to 0.26. This brings `hickory-proto`
0.26.1, fixing RUSTSEC-2026-0119 (patched >= 0.26.1) and avoiding
RUSTSEC-2026-0118 (unaffected >= 0.26.0-beta.1, since the affected
`DnssecDnsHandle` moved to the new `hickory-net` crate in 0.26).
- Adapt the Tokio DNS resolver to the 0.26 API: `ResolverBuilder::build`
is now fallible, so its error is mapped into `io::Error`; and `LookupIp`
no longer implements `IntoIterator`, so iteration uses `iter()`, which
yields `IpAddr`.
- Pin the lookup strategy to `Ipv4thenIpv6`. hickory 0.26 changed the
default to `Ipv6AndIpv4` (AAAA before A), so `localhost` resolved to
`::1` first; because the servers bind to IPv4 `127.0.0.1`, cluster-join
connections were refused and integration tests failed. Pinning restores
the pre-0.26 IPv4-first order.1 parent d80d3cf commit 2bd1a2b
2 files changed
Lines changed: 11 additions & 3 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
73 | 73 | | |
74 | 74 | | |
75 | 75 | | |
76 | | - | |
| 76 | + | |
77 | 77 | | |
78 | 78 | | |
79 | 79 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
21 | 21 | | |
22 | 22 | | |
23 | 23 | | |
| 24 | + | |
24 | 25 | | |
25 | 26 | | |
26 | 27 | | |
| |||
40 | 41 | | |
41 | 42 | | |
42 | 43 | | |
43 | | - | |
| 44 | + | |
| 45 | + | |
| 46 | + | |
| 47 | + | |
| 48 | + | |
| 49 | + | |
| 50 | + | |
| 51 | + | |
44 | 52 | | |
45 | 53 | | |
46 | 54 | | |
| |||
252 | 260 | | |
253 | 261 | | |
254 | 262 | | |
255 | | - | |
| 263 | + | |
256 | 264 | | |
257 | 265 | | |
258 | 266 | | |
| |||
0 commit comments