chore(deps): update module github.com/jackc/pgx/v5 to v5.9.2 [security]

analyzer: strip resolver address from DNS lookup error messages
Wrap user-facing lookup errors through a new formatDNSError helper that clears net.DNSError.Server so the " on <addr>" suffix no longer leaks the upstream resolver (e.g. "on 127.0.0.11:53") to end users. Closes: https://framagit.org/happyDomain/happydeliver/-/work_items/2
2026-06-03 23:38:12 +09:00 · 2026-06-03 23:06:19 +09:00
10 changed files with 1730 additions and 524 deletions
--- a/go.mod
+++ b/go.mod
@ -36,7 +36,7 @@ require (
 	github.com/goccy/go-yaml v1.19.2 // indirect
 	github.com/jackc/pgpassfile v1.0.0 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
-	github.com/jackc/pgx/v5 v5.8.0 // indirect
+	github.com/jackc/pgx/v5 v5.9.2 // indirect
 	github.com/jackc/puddle/v2 v2.2.2 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.5 // indirect
--- a/go.sum
+++ b/go.sum
@ -93,8 +93,8 @@ github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsI
 github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
 github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo=
 github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM=
-github.com/jackc/pgx/v5 v5.8.0 h1:TYPDoleBBme0xGSAX3/+NujXXtpZn9HBONkQC7IEZSo=
+github.com/jackc/pgx/v5 v5.9.2 h1:3ZhOzMWnR4yJ+RW1XImIPsD1aNSz4T4fyP7zlQb56hw=
-github.com/jackc/pgx/v5 v5.8.0/go.mod h1:QVeDInX2m9VyzvNeiCJVjCkNFqzsNb43204HshNSZKw=
+github.com/jackc/pgx/v5 v5.9.2/go.mod h1:mal1tBGAFfLHvZzaYh77YS/eC6IX9OWbRV1QIIM0Jn4=
 github.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo=
 github.com/jackc/puddle/v2 v2.2.2/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4=
 github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
--- a/pkg/analyzer/dns_bimi.go
+++ b/pkg/analyzer/dns_bimi.go
@ -45,7 +45,7 @@ func (d *DNSAnalyzer) checkBIMIRecord(domain, selector string) *model.BIMIRecord
 			Selector: selector,
 			Domain:   domain,
 			Valid:    false,
-			Error:    utils.PtrTo(fmt.Sprintf("Failed to lookup BIMI record: %v", err)),
+			Error:    utils.PtrTo(fmt.Sprintf("Failed to lookup BIMI record: %s", formatDNSError(err))),
 		}
 	}
--- a/pkg/analyzer/dns_dkim.go
+++ b/pkg/analyzer/dns_dkim.go
@ -122,7 +122,7 @@ func (d *DNSAnalyzer) checkDKIMRecord(h DKIMHeader) *model.DKIMRecord {
 			Domain:           h.Domain,
 			SigningAlgorithm: signingAlgorithmPtr(h.Algorithm),
 			Valid:            false,
-			Error:            utils.PtrTo(fmt.Sprintf("Failed to lookup DKIM record: %v", err)),
+			Error:            utils.PtrTo(fmt.Sprintf("Failed to lookup DKIM record: %s", formatDNSError(err))),
 		}
 	}
--- a/pkg/analyzer/dns_dmarc.go
+++ b/pkg/analyzer/dns_dmarc.go
@ -193,7 +193,7 @@ func (d *DNSAnalyzer) checkDMARCRecord(domain string) *model.DMARCRecord {
 	if err != nil {
 		return &model.DMARCRecord{
 			Valid: false,
-			Error: utils.PtrTo(fmt.Sprintf("Failed to lookup DMARC record: %v", err)),
+			Error: utils.PtrTo(fmt.Sprintf("Failed to lookup DMARC record: %s", formatDNSError(err))),
 		}
 	}
 	if foundDomain == "" {
--- a/pkg/analyzer/dns_mx.go
+++ b/pkg/analyzer/dns_mx.go
@ -39,7 +39,7 @@ func (d *DNSAnalyzer) checkMXRecords(domain string) *[]model.MXRecord {
 		return &[]model.MXRecord{
 			{
 				Valid: false,
-				Error: utils.PtrTo(fmt.Sprintf("Failed to lookup MX records: %v", err)),
+				Error: utils.PtrTo(fmt.Sprintf("Failed to lookup MX records: %s", formatDNSError(err))),
 			},
 		}
 	}
--- a/pkg/analyzer/dns_resolver.go
+++ b/pkg/analyzer/dns_resolver.go
@ -23,9 +23,22 @@ package analyzer
 import (
 	"context"
 	"errors"
 	"net"
 )
 // formatDNSError renders a resolution error without exposing the upstream
 // resolver address that net.DNSError.Error() normally appends as " on <addr>".
 func formatDNSError(err error) string {
 	var dnsErr *net.DNSError
 	if errors.As(err, &dnsErr) {
 		sanitized := *dnsErr
 		sanitized.Server = ""
 		return sanitized.Error()
 	}
 	return err.Error()
 }
 // DNSResolver defines the interface for DNS resolution operations.
 // This interface abstracts DNS lookups to allow for custom implementations,
 // such as mock resolvers for testing or caching resolvers for performance.
--- a/pkg/analyzer/dns_spf.go
+++ b/pkg/analyzer/dns_spf.go
@ -67,7 +67,7 @@ func (d *DNSAnalyzer) resolveSPFRecords(domain string, visited map[string]bool,
 			{
 				Domain: &domain,
 				Valid:  false,
-				Error:  utils.PtrTo(fmt.Sprintf("Failed to lookup TXT records: %v", err)),
+				Error:  utils.PtrTo(fmt.Sprintf("Failed to lookup TXT records: %s", formatDNSError(err))),
 			},
 		}
 	}
--- a/web/package-lock.json
+++ b/web/package-lock.json
--- a/web/package.json
+++ b/web/package.json
@ -34,7 +34,7 @@
        "typescript": "^6.0.0",
        "typescript-eslint": "^8.44.1",
        "vite": "^8.0.0",
-        "vitest": "^4.0.0"
+        "vitest": "^3.2.4"
    },
    "dependencies": {
        "bootstrap": "^5.3.8",
Author	SHA1	Message	Date
Renovate Bot	96c3a6ea0d	chore(deps): update module github.com/jackc/pgx/v5 to v5.9.2 [security] Some checks failed continuous-integration/drone/push Build is failing Details	2026-06-03 23:38:12 +09:00
Pierre-Olivier Mercier	7953dfc3ed	analyzer: strip resolver address from DNS lookup error messages Some checks are pending continuous-integration/drone/push Build is running Details Wrap user-facing lookup errors through a new formatDNSError helper that clears net.DNSError.Server so the " on <addr>" suffix no longer leaks the upstream resolver (e.g. "on 127.0.0.11:53") to end users. Closes: https://framagit.org/happyDomain/happydeliver/-/work_items/2	2026-06-03 23:06:19 +09:00