fix(security): from_reqwest leaks error details contradicting TM-LEAK-001

## Problem

`FetchError::from_reqwest()` in `error.rs:70` passes the raw reqwest error string through via `RequestError(err.to_string())`. Reqwest error messages can contain hostnames and URLs of internal services, contradicting TM-LEAK-001 which claims error messages do not reveal internal network topology.

The `ConnectError` variant Display is generic ("Failed to connect to server"), but the `RequestError` fallback path passes the full reqwest error string.

## Impact

Low/Medium — internal hostnames could be exposed in error messages returned to callers.

## Fix

Sanitize the reqwest error in the `RequestError` fallback to strip URL/hostname details.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(security): from_reqwest leaks error details contradicting TM-LEAK-001 #38

Problem

Impact

Fix

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

fix(security): from_reqwest leaks error details contradicting TM-LEAK-001 #38

Description

Problem

Impact

Fix

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions