chore(deps): update rust crate hickory-resolver to 0.26

[dreadnode-renovate-bot]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
hickory-resolver (source)	workspace.dependencies	minor	0.24 → 0.26

---

Release Notes

hickory-dns/hickory-dns (hickory-resolver)

v0.26.1

Compare Source

This point release for the 0.26 release series brings in several bug fixes, and no user-facing changes. Two security reports are addressed:
RUSTSEC-2026-0120 and RUSTSEC-2026-0119.

What's Changed

• net: avoid infinite loop in NSEC3 processing by @​djc in #​3597
• Limit work expended on name compression (backport) by @​divergentdave in #​3615

Full Changelog: hickory-dns/hickory-dns@v0.26.0...v0.26.1

v0.26.0: 0.26.0

Compare Source

13 months after the release of 0.25.0, we finally have a bigger feature release of Hickory DNS, the suite of DNS libraries and authoritative/recursive name servers written in pure Rust. A lot of work has gone into this release, so we wanted to take a moment to release this before we continue work on deploying the Hickory DNS recursive resolver at Let's Encrypt (and did you see that Hickory is being used in some of Google's Pixel devices?). Because of the ongoing work, we expect that 0.27.0 might happen quite a bit sooner than in 13 months from now.

These release notes describe a number of high-level improvements as well as API changes that are likely to break a larger fraction of our downstream users. Feedback (both on these notes and the release itself) is always welcome in our issue tracker or via our Discord server.

Most of the following notes are broken up by specific components: the server binary and our library crates. However, for this release we've made several changes to the structure of our crates itself:

• Network protocol support has moved out of the hickory-proto crate, into a new hickory-net crate (#​3394); this allows the hickory-proto crate to cleanly focus on message encoding and decoding.
• The hickory-client crate has been subsumed into hickory-net, in the client module (#​3366). No future releases of the hickory-client crate are expected.
• The hickory-recursor crate has been merged into hickory-resolver (#​3370), guarded by a recursor feature which must be enabled explicitly. The recursor implementation was already tightly coupled to the resolver internals, so keeping it separate didn't really make sense.

Additionally, substantial cross-crate changes have been made to improve our error handling:

• More error handling simplification
• proto: split NetError out of ProtoError
• proto: clean up ProtoError
• Be more strict about decode errors
• resolver: remove unnecessary ResolveError wrapper
• Avoid large errors

hickory-dns (the server binary)

• We've added a number of ways to optimize performance via low-level networking configuration:
  • Use SO_REUSEADDR for tcp sockets
  • Allow configuring UDP socket buffer sizes
  • Add SO_REUSEPORT support with configurable UDP socket count
  • More TCP tuning options
• We further extended and reworked our metrics:
  • Additional recursive resolver metrics
  • Minor metrics tidying
  • Initial histogram metrics support
• Miscellaneous changes:
  • Implement RFC 5001 NSID for authoritative server
  • Add server SSLKEYLOGFILE support
  • Add systemd readiness + watchdog support
  • prometheus: enable gzip compression on metrics endpoint
  • Add support for jemalloc + profiling

hickory-server (the library API)

• The Authority trait was renamed to ZoneHandler and simplified to better reflect its usage:
  • Rename Authority to ZoneHandler
  • Simplify ZoneHandler interface
  • Use concrete type for authority lookups
  • Untangle authorities
• Miscellaneous changes:
  • Support host format in blocklist stores
  • Authenticated AXFR policy, TSIG response signing
  • Add metrics for zone lookups, DNS classes and record types

hickory-resolver

We made many improvements to improve correctness and efficiency of both the recursive resolver and the "stub" resolver. In addition, we want to highlight the following changes:

• We substantially changed the high-level resolver and configuration API:
  • Refactor name server configuration
  • Enable validation when trust anchors are configured
  • Introduce ServerGroup type to replace NameServerGroupConfig
  • Configure by name server
  • Tweak high-level API
  • Hide validate option if DNSSEC support is not available
  • Default trust_negative_responses to true
  • Use a single list of servers
  • Make ResolverConfig fields public
  • Simplify ConnectionProvider interface
  • Abstract NS conn/conn config policy
  • Make connection pool track servers
• We improved handling of the system default resolution settings:
  • Trust negative responses from system resolvers by default
  • Retrieve system configuration through system API on Apple platforms
  • Get Android's DNS servers
• We improved the efficiency of the resolver internals:
  • Increase default cache size to 8k
• Miscellaneous changes:
  • Implement RFC 9539 opportunistic encryption
  • Add Ipv6AndIpv4 strategy
  • Add recursor metrics
  • Allow disabling H3 grease, as needed for Cloudflare

hickory-net

We made substantial improvements to DNSSEC validation and our handling of potentially spoofing messages.

• Miscellaneous changes:
  • Stop ignoring response decoding failures for UDP requests
  • Do not resolve private/reserved addresses on public zones
  • Simplify runtime

hickory-proto

• We have made the fields for several core types directly public:
  • Simplify low-level message API
  • Make Record fields public
  • Simplify RData API
  • Change field and method names for Authority section of messages
  • Simplify signing
• We now enable EDNS by default in outgoing messages, increasing the max payload length:
  • Default to enabling EDNS, increase max payload length
  • Make EDNS payload length configurable
• We removed SIG(0) authentication in favor of the more popular TSIG alternative:
  • Remove SIG(0) message authentication
• Miscellaneous changes:
  • Reject QR=0 responses as invalid
  • Reject zero-length data for non-update messages
  • Add support for SMIMEA records
  • Add support for dynamic headers in DoH requests

Details

For more details, review the detailed release notes for our pre-releases:

• Beta 4
• Beta 3
• Beta 2
• Beta 1
• Alpha 1

and these final PRs merged after beta 4:

• proto: reject zero-length data for non-update messages by @​djc in #​3577
• server: deduplicate response encoding by @​djc in #​3555
• Disable dig retries when testing cache behavior by @​divergentdave in #​3590
• Conformance: print communication errors from dig by @​divergentdave in #​3591

Thanks

Finally, we want to thank everyone who contributed to this release: @​bryanlarsen, @​billf, @​hargut, @​ibigbug, @​xi0, @​steffengy, @​james7132, @​Thomasdezeeuw, @​Kriskras99, @​mispp, @​conradludgate, @​nabijaczleweli, @​musicinmybrain, @​msrd0, @​jmwample, @​LAGonauta, @​tisonkun, @​provokateurin, @​lemon-sh, @​thomas-zahner, @​jpds, @​lpraneis, @​zachsmith1, @​jackboykin, @​ZnqbuZ, @​Jeidnx, @​kn0sys, @​matheus23, @​benesch, @​roblabla and of course our maintainers @​cpu, @​divergentdave, @​marcus0x62 and @​djc.

v0.25.2: 0.25.2

Compare Source

What's Changed

• Rewrite Dockerfile with cargo-chef by @​divergentdave in #​2874
• Use ECDSA keys in most conformance tests by @​divergentdave in #​2879
• proto: no need to enable critical-section/std by @​djc in #​2878
• Use GitHub Actions cache backend for Docker by @​divergentdave in #​2876
• Fuzzer for preservation of RDATA by @​divergentdave in #​2872
• Drop unused pin-utils crate by @​paolobarbolini in #​2880
• proto: set FQDN to true in zone file parser by @​djc in #​2887
• Refactor in-memory authority DNSSEC handling by @​djc in #​2885
• Add failing test for DNSSEC validation w/ 4 labels by @​divergentdave in #​2890
• Add conformance test for glue reuse issue by @​divergentdave in #​2891
• Recursor: refactor handling of glue records in ns_pool_for_zone() by @​divergentdave in #​2888
• server: simplify module structure by @​djc in #​2893
• proto: drop pointers from rolled back records by @​djc in #​2896
• Add test for handling of two OPT records by @​divergentdave in #​2897
• Add metrics infrastructure and prometheus endpoint for hickory-dns by @​hargut in #​2886
• feat(resolver): add a ResolverBuilder::with_options() method by @​cratelyn in #​2877
• Update specification excerpts by @​divergentdave in #​2901
• style: remove needless return to make clippy happy by @​Aden-Q in #​2907
• Run Clippy on fuzz workspace by @​divergentdave in #​2908
• Update dependencies by @​djc in #​2912
• Store CAA value as raw bytes by @​divergentdave in #​2898
• Add test for RFC 5155 section 7.2.8 by @​divergentdave in #​2906
• docs: fix errors in line and document comments by @​Aden-Q in #​2909
• resolver: fix deserialized ResolverOpts defaults by @​djc in #​2913
• server: integration tests enable ecdsa dnssec tests by @​hargut in #​2916
• Streaming parsing of tshark output by @​divergentdave in #​2868
• conformance: tweak Tshark constructor API by @​djc in #​2915
• bin: clarify async setup by @​djc in #​2918
• Use wait_until() in a second conformance test by @​divergentdave in #​2920
• Delete print statements dumping logs in tests by @​divergentdave in #​2922
• Fix QNAME minimization behavior by @​divergentdave in #​2919
• Check offset size when compressing names by @​divergentdave in #​2923
• Improve preserve_rdata fuzzer, store reserved CSYNC flags by @​divergentdave in #​2924
• Allow transfer for bind9 compatibility test by @​msrd0 in #​2927
• CAA: Store tag field as-is by @​divergentdave in #​2935
• Use Place in TBS::new() by @​divergentdave in #​2942
• Remove extra query depth increments in verifier by @​divergentdave in #​2939
• Filter invalid DNS server addresses on windows OS by @​watertreestar in #​2928
• Only fetch signer's DS RRset when validating keys by @​divergentdave in #​2936
• hickory-resolver: Allow compiling with quic support but without ring by @​msrd0 in #​2946
• Remove special handling for DS nonexistence by @​divergentdave in #​2937
• Add test for no data response without SOA by @​divergentdave in #​2950
• Handle byte-order mark when reading hosts file by @​mat-1 in #​2948
• Add more server metrics and enhance existing metrics by @​hargut in #​2900
• Use separate database files in SQLite tests by @​divergentdave in #​2955
• Send error responses in two more cases by @​divergentdave in #​2953
• resolver: use errors to improve connection stats by @​djc in #​2958
• tests: tidy legacy config field comments by @​cpu in #​2960
• Add separate Prometheus HTTP server by @​divergentdave in #​2954

v0.25.1: 0.25.1

Compare Source

This is a small patch release to address errors that prevented publication of version 0.25.0 of some crates.

What's Changed

• Make sure test-support is a dev-dependency by @​djc in #​2871

Full Changelog: hickory-dns/hickory-dns@v0.25.0...v0.25.1

v0.25.0: 0.25.0

Compare Source

0.25.0 represents a large release for the Hickory DNS project. Over 14 months since 0.24.0, we've added two new maintainers, divergentdave and marcus0x62, and have addressed many limitations. A team from Ferrous Systems shored up our support for DNSSEC, and we addressed a number of findings from our first security audit.

Breaking changes

This is not an exhaustive list of changes, but here are some of the most impactful breaking changes in this release:

• Configuration for the Hickory DNS server crate has been reworked substantially to be more robust and secure. Most of the code related to the server binary has been moved out of the hickory-server library and into the hickory-dns binary crate.
• Support for TLS using native-tls or OpenSSL has been removed. We now only provide first-party support for rustls (0.23, for DNS over TLS, HTTP/2, QUIC and HTTP/3). We support ring or aws-lc-rs for cryptographic operations both for DNSSEC and TLS. The dns-over-rustls,dns-over-native-tls, dns-over-openssl, dns-over-https-rustls, dns-over-https, dns-over-quic and dns-over-h3 features have been removed in favor of a set of {tls,https,quic,h3}-{aws-lc-rs,ring} features across our library crates.
• The synchronous API in the resolver and client crates, which previously provided a thin partial wrapper over the asynchronous API, has been removed. Downstream users will have to migrate to the asynchronous API.
• Support for the async-std runtime has been removed following the deprecation of the async-std crate by upstream (see their README). The async-std-resolver crate will no longer be updated.
• The DNSSEC API was reworked to extend coverage to the recursor, add support for NSEC3, and make the API more ergonomic and harder to misuse.
• Moved the RuntimeProvider API into the proto crate and use it consistently across the project.
• Name values are now rooted by default in many places, and more consistently maintain their fqdn status.
• Error types are now exposed directly in the crate roots.
• Top-level TLS configuration in the resolver crate has moved to the ResolverOpts type. Specific NameServerConfigs should implicitly set up the ALPN protocol appropriate for the DNS protocol.
• The ResolverOptions fields authentic_data and shuffle_dns_servers were removed. The former field didn't do anything; and should be covered by new DNSSEC API. shuffle_dns_servers functionality has been subsumed into the server_ordering_strategy field.
• The use of rustls-native-certs via the native-certs feature was replaced with rustls-platform-verifier.
• The tokio-runtime feature was renamed to tokio.
• The serde-config feature was renamed to serde.
• Serializations (and what the new release can deserialize) has changed; data serialized by 0.24 may not deserialize correctly on 0.25, and vice versa.

Please don't hesitate to file an issue or ask on our Discord server if you have issues upgrading.

Detailed changes since alpha.5

• update logo to better for Github by @​bluejekyll in #​2063
• add blog post to release notes for Hickory by @​bluejekyll in #​2064
• update h3 and h3-quinn by @​zh-jq in #​2077
• update to use ring 0.17 by @​zh-jq in #​2076
• Bump rustix from 0.37.23 to 0.37.26 by @​dependabot in #​2078
• Marcbrevoort cyberhive patch 1 by @​bluejekyll in #​2088
• Fix initial vec capacity in NameServerConfigGroup::from_ips_clear by @​silverlyra in #​2092
• Add getters for resolver config and options by @​hoxxep in #​2093
• Remove generic Error from DnsHandle by @​bluejekyll in #​2094
• update test certs for 2023 by @​bluejekyll in #​2100
• Support getting and setting the EDNS Z flags by @​mattias-p in #​2111
• get(0) to first() and zerocopy package updates to fix clippy and cargo audit errors. by @​marcus0x62 in #​2121
• Increase source port entropy in UDP client by @​marcus0x62 in #​2116
• Validate response query section by @​marcus0x62 in #​2118
• Gate tests on required features by @​alexanderkjall in #​2114
• Recursor: make nameserver and record cache sizes configurable by @​marcus0x62 in #​2117
• when comparing IP addresses for UDP, only check IP and Port by @​bluejekyll in #​2124
• Bailiwick checking for the recursor by @​marcus0x62 in #​2119
• Fixup lookup docs by @​bluejekyll in #​2123
• Bump actions/cache from 3 to 4 by @​dependabot in #​2129
• Update dependencies by @​djc in #​2112
• Fix a typo in crate description by @​wiktor-k in #​2132
• Only DNSKEY zone keys are allowed to match DS RR by @​justahero in #​2131
• Use cargo environment variables for path to executable. by @​sjbronner in #​2130
• Add option to specify a restricted set of networks capable of accessing the Hickory DNS server by @​bluejekyll in #​2126
• Bump baptiste0928/cargo-install from 2 to 3 by @​dependabot in #​2135
• Bump codecov/codecov-action from 3 to 4 by @​dependabot in #​2136
• Cleanliness for 1.76 by @​bluejekyll in #​2143
• update version for http/h2/h3 by @​zh-jq in #​2138
• add getter/setter methods to ClientSubnet by @​leshow in #​2146
• fix(proto): fix internal representation of OPT by @​esensar in #​2151
• Better DNSSEC proofs by @​bluejekyll in #​2084
• feat: add setter methods for Message struct to improve configurability by @​situ2001 in #​2147
• Forward hickory-dns's root cert features to hickory-resolver by @​hch12907 in #​2153
• Fix formatting issue in crates/proto/src/op/message.rs by @​marcus0x62 in #​2165
• Update mio to 0.8.11 to fix RUSTSEC-2024-0019 by @​marcus0x62 in #​2166
• Handle shutdown sockets by @​dlon in #​2171
• Bump extractions/setup-just from 1 to 2 by @​dependabot in #​2164
• Bump http from 1.0.0 to 1.1.0 by @​dependabot in #​2170
• Clippy 1.77 + dependency updates by @​djc in #​2174
• Update semver-compatible dependencies by @​djc in #​2177
• Make hickory_proto::quic::QuicClientStream Clonable by @​0xffffharry in #​2176
• error: wrap io::Error in Arc for clone by @​cpu in #​2181
• resolver: err for dns-over-rustls w/o roots by @​cpu in #​2179
• ignore portions of the README in Oranda site generation by @​bluejekyll in #​2180
• SVCB/HTTPS RFC updates, ECH config tweaks by @​cpu in #​2183
• Merge 0.24.1 by @​bluejekyll in #​2185
• fix(test): update ip of example.com by @​situ2001 in #​2187
• update rustls 0.21.11 to fix audit by @​bluejekyll in #​2189
• Bump parking_lot from 0.12.1 to 0.12.2 by @​dependabot in #​2202
• doc: fix misc typos in md files by @​divagant-martian in #​2198
• address new clippy lint assigning-clones by @​divagant-martian in #​2205
• Make hickory_proto::h3::H3ClientStream Clonable by @​0xffffharry in #​2182
• recursor: respect DO bit in incoming queries by @​japaric in #​2196
• recursor: tweaks for security awareness by @​djc in #​2208
• Retry tcp on udp io errors by @​bluejekyll in #​2215
• recursor: send DS queries to the parent zone by @​japaric in #​2203
• Adds deref call in assertion for hickory-client README example by @​akappel in #​2173
• cargo: Enable LTO on release build by @​jpds in #​2141
• add RFC2931 SIG(0) as supported by @​bluejekyll in #​2216
• Remove broken mtls code to fix CI by @​djc in #​2218
• ci: pin nightly version by @​japaric in #​2224
• import DNSSEC conformance test suite repository by @​japaric in #​2222
• Add just recipes to clean leftover containers and networks by @​pvdrz in #​2232
• refactor the Resource data structure by @​japaric in #​2231
• dns-test: make NameServer's FQDN more stable by @​japaric in #​2235
• Apply clippy suggestions for Rust 1.79 by @​djc in #​2240
• prepare 0.25-alpha by @​bluejekyll in #​2242
• Expose query path for DoH by @​Skyxim in #​2226
• DnsLru: cache RRSIG records together with the record they cover by @​japaric in #​2239
• Add conformance tests for NSEC3 by @​pvdrz in #​2238
• docs: add content from 2183 to changelog by @​cpu in #​2243
• fix: make just to compile bind by @​sabify in #​2248
• add conformance to CODEOWNERS by @​japaric in #​2259
• just: document conformance-* tasks by @​japaric in #​2266
• recursor: strip dnssec records on cache hit by @​japaric in #​2245
• dns-test: do not run docker network create in parallel by @​japaric in #​2265
• DnssecDnsHandle: check RRSIG validity as per RFC4035 by @​japaric in #​2213
• NextRandomUdpSocket: fall back to port 0 if no port was found by @​Luap99 in #​2260
• CI: also run hickory unit tests when only /conformance changes by @​japaric in #​2269
• just: warn when the index is dirty and DNS_TEST_SUBJECT=hickory by @​japaric in #​2267
• Recursor::resolve: reject queries with relative domain names by @​japaric in #​2246
• add a trust anchor file parser by @​japaric in #​2257
• dns-test: use non-deprecated algorithm (RSASHA256) by @​japaric in #​2258
• dns-test: make unit tests use the checked out version of this repo by @​japaric in #​2268
• Assert status for every NSEC3 test by @​pvdrz in #​2254
• improved server binary, added config validation and control over protocols by @​sabify in #​2247
• Fix typo by @​casonadams in #​2272
• add DNSSEC validation to the recursive resolver by @​japaric in #​2253
• test caching of DNSSEC validation and of DNSSEC records by @​japaric in #​2244
• Add test to check cache hit with DO bit by @​justahero in #​2280
• Refactor start method in Resolver by @​justahero in #​2281
• answer with SERVFAIL when DNSSEC validation fails by @​japaric in #​2286
• DnssecDnsHandle: do not recurse infinitely when query DS . fails by @​japaric in #​2271
• recursor: put tokio::test behind cfg attribute by @​japaric in #​2291
• test that DO=1 does not change the outcome of DNSSEC validation by @​japaric in #​2287
• test caching of chain of trust link by @​japaric in #​2289
• Test invalid signature timestamps in DNSSEC validation by @​justahero in #​2298
• DnssecDnsHandle: also update the RRSIG's proof by @​japaric in #​2293
• validating recursor: return answer from cache by @​japaric in #​2297
• test that answer section is empty on failed DNSSEC validation by @​japaric in #​2302
• Adjust timestamps to pass unbound validation result by @​justahero in #​2303
• Add method to capture expected number of packets by @​justahero in #​2278
• server: empty the answer section when DNSSEC validation fails by @​japaric in #​2304
• recursor: fix DNSSEC validation of NS somedomain.com. by @​japaric in #​2300
• dns-test: cache target directory across docker build invocations by @​japaric in #​2305
• Update bytes to 1.6.1 by @​marcus0x62 in #​2310
• Add support for PTR query by @​mokeyish in #​2308
• add regression test for #​2306 by @​japaric in #​2309
• avoid moving self in read_hosts_conf（reading from multiple files） by @​mokeyish in #​2314
• Adjust TTL of RRSIG + RR during validation by @​justahero in #​2311
• Update OpenSSL to fix security issue by @​justahero in #​2316
• Bump MSRV to 1.70 by @​djc in #​2322
• Allow to modify a RRSIG record before signing by @​justahero in #​2315
• justfile: use --locked to stick with Cargo.lock dependencies by @​djc in #​2323
• Add information on cargo ws plugin by @​justahero in #​2319
• Upgrade to rustls 0.23, quinn 0.11, etc by @​djc in #​2217
• leave query/opt in truncated msg by @​leshow in #​2307
• Fix warnings from Clippy 1.80 by @​djc in #​2324
• Make sure Lookup futures are Sync by @​djc in #​2326
• resolver: Make QuicSocketBinder as public as RuntimeProvider by @​mokeyish in #​2328
• Return error when no nameservers in resolv.conf by @​dav1do in #​2327
• Improve recursor logic by eliminating redundant NS requests and adding recursor support for NS referrals. by @​marcus0x62 in #​2325
• Use SerialNumber type for signature timestamps by @​justahero in #​2318
• Fix SOA referrals by @​marcus0x62 in #​2331
• recursor: take is_subzone() arguments as &Name by @​djc in #​2334
• Simplify TBS construction API by @​djc in #​2335
• only retry I/O errors over TCP by @​lrouquette in #​2336
• Suppress implicit features from optional dependencies by @​djc in #​2337
• update changelog and bump version for 0.25.0-alpha.2 by @​bluejekyll in #​2343
• util: add a newline between records in resolve report by @​bluejekyll in #​2347
• proto: make time dependency optional by @​djc in #​2349
• Manifest cleanup by @​djc in #​2351
• Add marcus0x62 as a code owner by @​djc in #​2350
• fix the bad label compression from original query by @​bluejekyll in #​2352
• Remove mentions of Makefile.toml in CONTRIBUTING.md by @​divergentdave in #​2356
• Fix extra length prefix in unknown SVCB parameter by @​divergentdave in #​2354
• Fix copied comment by @​divergentdave in #​2355
• Explicitly limit H2 support to rustls by @​djc in #​2366
• Fix panic in NSEC3 hash function by @​marcus0x62 in #​2368
• Make AsyncResolver take hosts file into account by @​hch12907 in #​2149
• Update dependencies by @​djc in #​2374
• Fix warning in Dockerfile by @​divergentdave in #​2370
• Fix stdout handling during hickory startup by @​justahero in #​2361
• Increase validation log level by @​justahero in #​2360
• Revert "Fix stdout handling during hickory startup" by @​japaric in #​2376
• ci: trigger workflows for merge queue branches by @​djc in #​2378
• Fix CAA parameter value validation by @​divergentdave in #​2373
• Trivariant LookupControlFlow type to allow authorities to decline to respond to a query by @​marcus0x62 in #​2160
• Conformance test cleanup by @​divergentdave in #​2371
• use a "test" TLD in conformance tests by @​japaric in #​2359
• Strict parsing of configuration files by @​divergentdave in #​2375
• Use container names, not IDs, in "explore" example by @​divergentdave in #​2372
• trust_anchor::Parser: accept records without TTL field by @​japaric in #​2384
• dns-test: add helper to pause and inspect a unit test's c

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.

[dreadnode-renovate-bot]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path Cargo.toml --workspace
    Updating crates.io index
error: failed to select a version for `hickory-resolver`.
    ... required by package `ares-cli v0.2.0 (/tmp/renovate/repos/github/dreadnode/ares/ares-cli)`
versions that meet the requirements `^0.26` are: 0.26.1, 0.26.0

package `ares-cli` depends on `hickory-resolver` with feature `tokio-runtime` but `hickory-resolver` does not have that feature.
 available features: __dnssec, __h3, __https, __quic, __tls, default, dnssec-aws-lc-rs, dnssec-ring, h3-aws-lc-rs, h3-ring, https-aws-lc-rs, https-ring, metrics, quic-aws-lc-rs, quic-ring, recursor, rustls-platform-verifier, serde, system-config, tls-aws-lc-rs, tls-ring, tokio, toml, webpki-roots


failed to select a version for `hickory-resolver` which could resolve this conflict

[l50]

@dreadnode-renovate-bot rebase!

[codecov]

Codecov Report

❌ Patch coverage is 0% with 9 lines in your changes missing coverage. Please review.
✅ Project coverage is 78.85%. Comparing base (9b262a7) to head (a817b32).
⚠️ Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
...cli/src/orchestrator/state/domain_probe/dns_srv.rs	0.00%	9 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #328      +/-   ##
==========================================
- Coverage   78.85%   78.85%   -0.01%     
==========================================
  Files         438      438              
  Lines      125609   125614       +5     
==========================================
  Hits        99050    99050              
- Misses      26559    26564       +5     

Files with missing lines	Coverage Δ
...cli/src/orchestrator/state/domain_probe/dns_srv.rs	0.00% <0.00%> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[dreadnode-renovate-bot]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.