fix: deny advisories

[LesnyRumcajs]

Summary of changes

Changes introduced in this pull request:

• cargo update wasmtime to address https://rustsec.org/advisories/RUSTSEC-2026-0114
• regular cargo update
• we need rust-libp2p to handle hickory-* advisories deps: bump the hickory-dns group across 1 directory with 2 updates libp2p/rust-libp2p#6395 and make release; suppressing for now.

Reference issue to close (if applicable)

Closes #6995

Other information and links

Change checklist

• I have performed a self-review of my own code,
• I have made corresponding changes to the documentation. All new code adheres to the team's documentation standards,
• I have added tests that prove my fix is effective or that my feature works (if possible),
• I have made sure the CHANGELOG is up-to-date. All user-facing changes should be reflected in this document.

Outside contributions

• I have read and agree to the CONTRIBUTING document.
• I have read and agree to the AI Policy document. I understand that failure to comply with the guidelines will lead to rejection of the pull request.

Summary by CodeRabbit

• Chores
  • Updated resolver dependency to the latest version for improved stability and continued support.
  • Added security advisory references to configuration pending upstream fixes.

[coderabbitai]

Walkthrough

The PR updates the hickory-resolver dependency from version 0.25 to 0.26 in Cargo.toml and adds two new RUSTSEC advisory IDs to the deny.toml ignore list to suppress warnings for hickory-related security issues.

Changes

Dependency and Advisory Configuration

Layer / File(s)	Summary
Dependency Update Cargo.toml	hickory-resolver version bumped from 0.25 to 0.26 with unchanged features (system-config, tokio) and default-features = false.
Advisory Configuration deny.toml	Two RUSTSEC advisory entries (RUSTSEC-2026-0118 and RUSTSEC-2026-0119) added to [advisories].ignore list for hickory-related vulnerabilities pending libp2p updates.

Estimated Code Review Effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly Related PRs

• forest#6180: Modifies deny.toml [advisories].ignore list by adding RUSTSEC entries, directly related to advisory management pattern.
• forest#6391: Updates deny.toml [advisories].ignore to add advisories and suppress cargo-deny warnings, same configuration area.
• forest#6963: Modifies deny.toml [advisories].ignore list with RUSTSEC advisory changes, related to the same configuration section.

Suggested Reviewers

• sudo-shashank
• akaladarshi
• hanabi1224

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'fix: deny advisories' directly addresses the main change—resolving cargo deny advisory failures—matching the PR's primary objective of fixing advisory check issues.
Linked Issues check	✅ Passed	The PR updates hickory-resolver dependency and adds RUSTSEC advisory suppressions, directly addressing the cargo deny advisory failures reported in issues #6993, #6994, and #6995.
Out of Scope Changes check	✅ Passed	All changes (dependency version bump and advisory suppressions) are directly related to resolving the cargo deny advisory failures referenced in the linked issues.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix-deny

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch fix-deny

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 64.10%. Comparing base (a86c6ba) to head (c905419).
⚠️ Report is 3 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files

see 10 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 18d24da...c905419. Read the comment docs.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.