chore(deps): update module golang.org/x/net to v0.55.0 [security]

chore(deps): update module github.com/jackc/pgx/v5 to v5.9.2 [security]
analyzer: strip resolver address from DNS lookup error messages
2026-06-03 15:06:48 +00:00 · 2026-06-03 23:38:12 +09:00 · 2026-06-03 23:06:19 +09:00
8 changed files with 22 additions and 9 deletions
--- a/go.mod
+++ b/go.mod
@ -9,7 +9,7 @@ require (
 	github.com/gin-gonic/gin v1.12.0
 	github.com/google/uuid v1.6.0
 	github.com/oapi-codegen/runtime v1.4.0
-	golang.org/x/net v0.54.0
+	golang.org/x/net v0.55.0
 	gorm.io/driver/postgres v1.6.0
 	gorm.io/driver/sqlite v1.6.0
 	gorm.io/gorm v1.31.1
@ -36,7 +36,7 @@ require (
 	github.com/goccy/go-yaml v1.19.2 // indirect
 	github.com/jackc/pgpassfile v1.0.0 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
-	github.com/jackc/pgx/v5 v5.8.0 // indirect
+	github.com/jackc/pgx/v5 v5.9.2 // indirect
 	github.com/jackc/puddle/v2 v2.2.2 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.5 // indirect
--- a/go.sum
+++ b/go.sum
@ -93,8 +93,8 @@ github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsI
 github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
 github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo=
 github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM=
-github.com/jackc/pgx/v5 v5.8.0 h1:TYPDoleBBme0xGSAX3/+NujXXtpZn9HBONkQC7IEZSo=
-github.com/jackc/pgx/v5 v5.8.0/go.mod h1:QVeDInX2m9VyzvNeiCJVjCkNFqzsNb43204HshNSZKw=
+github.com/jackc/pgx/v5 v5.9.2 h1:3ZhOzMWnR4yJ+RW1XImIPsD1aNSz4T4fyP7zlQb56hw=
+github.com/jackc/pgx/v5 v5.9.2/go.mod h1:mal1tBGAFfLHvZzaYh77YS/eC6IX9OWbRV1QIIM0Jn4=
 github.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo=
 github.com/jackc/puddle/v2 v2.2.2/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4=
 github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
--- a/pkg/analyzer/dns_bimi.go
+++ b/pkg/analyzer/dns_bimi.go
@ -45,7 +45,7 @@ func (d *DNSAnalyzer) checkBIMIRecord(domain, selector string) *model.BIMIRecord
 			Selector: selector,
 			Domain:   domain,
 			Valid:    false,
-			Error:    utils.PtrTo(fmt.Sprintf("Failed to lookup BIMI record: %v", err)),
+			Error:    utils.PtrTo(fmt.Sprintf("Failed to lookup BIMI record: %s", formatDNSError(err))),
 		}
 	}

--- a/pkg/analyzer/dns_dkim.go
+++ b/pkg/analyzer/dns_dkim.go
@ -122,7 +122,7 @@ func (d *DNSAnalyzer) checkDKIMRecord(h DKIMHeader) *model.DKIMRecord {
 			Domain:           h.Domain,
 			SigningAlgorithm: signingAlgorithmPtr(h.Algorithm),
 			Valid:            false,
-			Error:            utils.PtrTo(fmt.Sprintf("Failed to lookup DKIM record: %v", err)),
+			Error:            utils.PtrTo(fmt.Sprintf("Failed to lookup DKIM record: %s", formatDNSError(err))),
 		}
 	}

--- a/pkg/analyzer/dns_dmarc.go
+++ b/pkg/analyzer/dns_dmarc.go
@ -193,7 +193,7 @@ func (d *DNSAnalyzer) checkDMARCRecord(domain string) *model.DMARCRecord {
 	if err != nil {
 		return &model.DMARCRecord{
 			Valid: false,
-			Error: utils.PtrTo(fmt.Sprintf("Failed to lookup DMARC record: %v", err)),
+			Error: utils.PtrTo(fmt.Sprintf("Failed to lookup DMARC record: %s", formatDNSError(err))),
 		}
 	}
 	if foundDomain == "" {
--- a/pkg/analyzer/dns_mx.go
+++ b/pkg/analyzer/dns_mx.go
@ -39,7 +39,7 @@ func (d *DNSAnalyzer) checkMXRecords(domain string) *[]model.MXRecord {
 		return &[]model.MXRecord{
 			{
 				Valid: false,
-				Error: utils.PtrTo(fmt.Sprintf("Failed to lookup MX records: %v", err)),
+				Error: utils.PtrTo(fmt.Sprintf("Failed to lookup MX records: %s", formatDNSError(err))),
 			},
 		}
 	}
--- a/pkg/analyzer/dns_resolver.go
+++ b/pkg/analyzer/dns_resolver.go
@ -23,9 +23,22 @@ package analyzer

 import (
 	"context"
+	"errors"
 	"net"
 )

+// formatDNSError renders a resolution error without exposing the upstream
+// resolver address that net.DNSError.Error() normally appends as " on <addr>".
+func formatDNSError(err error) string {
+	var dnsErr *net.DNSError
+	if errors.As(err, &dnsErr) {
+		sanitized := *dnsErr
+		sanitized.Server = ""
+		return sanitized.Error()
+	}
+	return err.Error()
+}
+
 // DNSResolver defines the interface for DNS resolution operations.
 // This interface abstracts DNS lookups to allow for custom implementations,
 // such as mock resolvers for testing or caching resolvers for performance.
--- a/pkg/analyzer/dns_spf.go
+++ b/pkg/analyzer/dns_spf.go
@ -67,7 +67,7 @@ func (d *DNSAnalyzer) resolveSPFRecords(domain string, visited map[string]bool,
 			{
 				Domain: &domain,
 				Valid:  false,
-				Error:  utils.PtrTo(fmt.Sprintf("Failed to lookup TXT records: %v", err)),
+				Error:  utils.PtrTo(fmt.Sprintf("Failed to lookup TXT records: %s", formatDNSError(err))),
 			},
 		}
 	}
Author	SHA1	Message	Date
Renovate Bot	9aa3718abd	chore(deps): update module golang.org/x/net to v0.55.0 [security] Some checks failed renovate/artifacts Artifact file update failure continuous-integration/drone/push Build is running Details	2026-06-03 15:06:48 +00:00
Renovate Bot	96c3a6ea0d	chore(deps): update module github.com/jackc/pgx/v5 to v5.9.2 [security] Some checks failed continuous-integration/drone/push Build is failing Details	2026-06-03 23:38:12 +09:00
Pierre-Olivier Mercier	7953dfc3ed	analyzer: strip resolver address from DNS lookup error messages Some checks are pending continuous-integration/drone/push Build is running Details Wrap user-facing lookup errors through a new formatDNSError helper that clears net.DNSError.Server so the " on <addr>" suffix no longer leaks the upstream resolver (e.g. "on 127.0.0.11:53") to end users. Closes: https://framagit.org/happyDomain/happydeliver/-/work_items/2	2026-06-03 23:06:19 +09:00