fix(deps): vuln minor upgrades — 11 packages (minor: 2 · patch: 9)

[gh-worker-campaigns-3e9aa4]

Summary: Critical-severity security update — 11 packages upgraded (MINOR changes included)

Manifests changed:

• . (go)

---

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

---

Updates

Package	From	To	Type	Dep Type	Vulnerabilities Fixed
google.golang.org/grpc	v1.79.1	v1.79.3	patch	Direct	3 CRITICAL
go.opentelemetry.io/otel/sdk	v1.41.0	v1.43.0	minor	Transitive	1 HIGH
go.etcd.io/etcd/tests/v3	v3.0.0-00010101000000-000000000000	v3.6.10	minor	Direct	-
go.etcd.io/etcd/api/v3	v3.6.0-alpha.0	v3.6.10	patch	Direct	-
go.etcd.io/etcd/client/pkg/v3	v3.6.0-alpha.0	v3.6.10	patch	Direct	-
go.etcd.io/etcd/client/v3	v3.6.0-alpha.0	v3.6.10	patch	Direct	-
go.etcd.io/etcd/etcdctl/v3	v3.6.0-alpha.0	v3.6.10	patch	Direct	-
go.etcd.io/etcd/etcdutl/v3	v3.6.0-alpha.0	v3.6.10	patch	Direct	-
go.etcd.io/etcd/pkg/v3	v3.6.0-alpha.0	v3.6.10	patch	Direct	-
go.etcd.io/etcd/server/v3	v3.6.0-alpha.0	v3.6.10	patch	Direct	-
go.etcd.io/raft/v3	v3.6.0-beta.0.0.20260116184858-6d944ca211ee	v3.6.0	patch	Direct	-

Packages marked with "-" are updated due to dependency constraints.

---

Security Details

🚨 Critical & High Severity (4 fixed)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
google.golang.org/grpc	GO-2026-4762	critical	Authorization bypass in gRPC-Go via missing leading slash in :path in google.golang.org/grpc	v1.79.1	1.79.3
google.golang.org/grpc	CVE-2026-33186	critical	gRPC-Go has an authorization bypass via missing leading slash in :path	v1.79.1	-
google.golang.org/grpc	GHSA-p77j-4mvh-x3m3	CRITICAL	gRPC-Go has an authorization bypass via missing leading slash in :path	v1.79.1	1.79.3
go.opentelemetry.io/otel/sdk	GHSA-hfvc-g4fc-pqhx	HIGH	opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking	v1.41.0	1.43.0

⚠️ Dependencies that have Reached EOL (7)

Dependency	Unsafe Version	EOL Date	New Version	Path
go.etcd.io/etcd/api/v3	v3.6.0-alpha.0	-	v3.6.10	go.mod
go.etcd.io/etcd/client/pkg/v3	v3.6.0-alpha.0	-	v3.6.10	go.mod
go.etcd.io/etcd/client/v3	v3.6.0-alpha.0	-	v3.6.10	go.mod
go.etcd.io/etcd/etcdctl/v3	v3.6.0-alpha.0	-	v3.6.10	go.mod
go.etcd.io/etcd/etcdutl/v3	v3.6.0-alpha.0	-	v3.6.10	go.mod
go.etcd.io/etcd/pkg/v3	v3.6.0-alpha.0	-	v3.6.10	go.mod
go.etcd.io/etcd/server/v3	v3.6.0-alpha.0	-	v3.6.10	go.mod

---

Review Checklist

Standard review:

• Review changes for compatibility with your code
• Check for breaking changes in release notes
• Run tests locally or wait for CI
• Approve and merge this PR

---

Update Mode: Vulnerability Remediation (Critical/High)

🤖 Generated by DataDog Automated Dependency Management System

[gh-worker-campaigns-3e9aa4]

Auto-rebase complete

Branch is up to date with main — rebased onto c867abd.

---

_{Auto-Rebase · Add no-auto-rebase to opt out}