fix(deps): vuln minor upgrades — 8 packages (minor: 2 · patch: 6) [server]

[gh-worker-campaigns-3e9aa4]

Summary: Critical-severity security update — 8 packages upgraded (MINOR changes included)

Manifests changed:

• server (go)

---

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

---

Updates

Package	From	To	Type	Dep Type	Vulnerabilities Fixed
google.golang.org/grpc	v1.79.1	v1.79.3	patch	Direct	3 CRITICAL
github.com/grpc-ecosystem/grpc-gateway/v2	v2.28.0	v2.29.0	minor	Direct	-
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc	v1.41.0	v1.43.0	minor	Direct	-
go.etcd.io/etcd/api/v3	v3.6.0-alpha.0	v3.6.10	patch	Direct	-
go.etcd.io/etcd/client/pkg/v3	v3.6.0-alpha.0	v3.6.10	patch	Direct	-
go.etcd.io/etcd/client/v3	v3.6.0-alpha.0	v3.6.10	patch	Direct	-
go.etcd.io/etcd/pkg/v3	v3.6.0-alpha.0	v3.6.10	patch	Direct	-
go.etcd.io/raft/v3	v3.6.0-beta.0.0.20260116184858-6d944ca211ee	v3.6.0	patch	Direct	-

Packages marked with "-" are updated due to dependency constraints.

---

Security Details

🚨 Critical & High Severity (3 fixed)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
google.golang.org/grpc	GO-2026-4762	critical	Authorization bypass in gRPC-Go via missing leading slash in :path in google.golang.org/grpc	v1.79.1	1.79.3
google.golang.org/grpc	CVE-2026-33186	critical	gRPC-Go has an authorization bypass via missing leading slash in :path	v1.79.1	-
google.golang.org/grpc	GHSA-p77j-4mvh-x3m3	CRITICAL	gRPC-Go has an authorization bypass via missing leading slash in :path	v1.79.1	1.79.3

⚠️ Dependencies that have Reached EOL (4)

Dependency	Unsafe Version	EOL Date	New Version	Path
go.etcd.io/etcd/api/v3	v3.6.0-alpha.0	-	v3.6.10	server/go.mod
go.etcd.io/etcd/client/pkg/v3	v3.6.0-alpha.0	-	v3.6.10	server/go.mod
go.etcd.io/etcd/client/v3	v3.6.0-alpha.0	-	v3.6.10	server/go.mod
go.etcd.io/etcd/pkg/v3	v3.6.0-alpha.0	-	v3.6.10	server/go.mod

---

Review Checklist

Standard review:

• Review changes for compatibility with your code
• Check for breaking changes in release notes
• Run tests locally or wait for CI
• Approve and merge this PR

---

Update Mode: Vulnerability Remediation (Critical)

🤖 Generated by DataDog Automated Dependency Management System

[gh-worker-campaigns-3e9aa4]

Auto-rebase complete

Branch is up to date with main — rebased onto c867abd.

---

_{Auto-Rebase · Add no-auto-rebase to opt out}