Skip to content

fix(deps): vuln minor: golang.org/x/text, google.golang.org/grpc, google.golang.org/protobuf [grpc_check/tests]#3035

Draft
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
masterfrom
engraver-auto-version-upgrade/minorpatch/go/tests/0-1781533340
Draft

fix(deps): vuln minor: golang.org/x/text, google.golang.org/grpc, google.golang.org/protobuf [grpc_check/tests]#3035
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
masterfrom
engraver-auto-version-upgrade/minorpatch/go/tests/0-1781533340

Conversation

@gh-worker-campaigns-3e9aa4

Copy link
Copy Markdown

Summary: Critical-severity security update — 3 packages upgraded (MINOR changes included)

Manifests changed:

  • grpc_check/tests (go)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.


Updates

Package From To Type Dep Type Vulnerabilities Fixed
google.golang.org/grpc v1.48.0 v1.81.1 minor Direct 3 CRITICAL, 2 HIGH
golang.org/x/text v0.3.3 v0.38.0 minor Transitive 6 HIGH
google.golang.org/protobuf v1.27.1 v1.36.11 minor Transitive 2 MEDIUM

Security Details

🚨 Critical & High Severity (11 fixed)
Package CVE Severity Summary Unsafe Version Fixed In
google.golang.org/grpc GO-2026-4762 critical Authorization bypass in gRPC-Go via missing leading slash in :path in google.golang.org/grpc v1.48.0 1.79.3
google.golang.org/grpc GHSA-p77j-4mvh-x3m3 CRITICAL gRPC-Go has an authorization bypass via missing leading slash in :path v1.48.0 1.79.3
google.golang.org/grpc CVE-2026-33186 critical gRPC-Go has an authorization bypass via missing leading slash in :path v1.48.0 -
golang.org/x/text GHSA-ppp9-7jff-5vj2 HIGH golang.org/x/text/language Out-of-bounds Read vulnerability v0.3.3 0.3.7
golang.org/x/text GO-2021-0113 HIGH Out-of-bounds read in golang.org/x/text/language v0.3.3 0.3.7
golang.org/x/text CVE-2021-38561 HIGH - v0.3.3 -
golang.org/x/text GO-2022-1059 high Denial of service via crafted Accept-Language header in golang.org/x/text/language v0.3.3 0.3.8
golang.org/x/text GHSA-69ch-w2m2-3vjp HIGH golang.org/x/text/language Denial of service via crafted Accept-Language header v0.3.3 0.3.8
golang.org/x/text CVE-2022-32149 high - v0.3.3 -
google.golang.org/grpc GHSA-m425-mq94-257g HIGH gRPC-Go HTTP/2 Rapid Reset vulnerability v1.48.0 1.56.3
google.golang.org/grpc GO-2023-2153 HIGH Denial of service from HTTP/2 Rapid Reset in google.golang.org/grpc v1.48.0 1.56.3
ℹ️ Other Vulnerabilities (2)
Package CVE Severity Summary Unsafe Version Fixed In
google.golang.org/protobuf GHSA-8r3f-844c-mc37 MODERATE Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON v1.27.1 1.33.0
google.golang.org/protobuf GO-2024-2611 MODERATE Infinite loop in JSON unmarshaling in google.golang.org/protobuf v1.27.1 1.33.0
⚠️ Dependencies that have Reached EOL (3)
Dependency Unsafe Version EOL Date New Version Path
golang.org/x/text v0.3.3 - v0.38.0 grpc_check/tests/docker/go.mod
google.golang.org/grpc v1.48.0 Jul 12, 2025 v1.81.1 grpc_check/tests/docker/go.mod
google.golang.org/protobuf v1.27.1 - v1.36.11 grpc_check/tests/docker/go.mod

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI
  • Approve and merge this PR

Update Mode: all_vulns

🤖 Generated by DataDog Automated Dependency Management System

@datadog-prod-us1-6

datadog-prod-us1-6 Bot commented Jun 15, 2026

Copy link
Copy Markdown

Pipelines

Fix all issues with BitsAI

⚠️ Warnings

🚦 3 Pipeline jobs failed

PR | test / test-minimum-base-package (linux, ubuntu-22.04, grpc_check, gRPC Check (py3.13), py3.13) / minimum-base-package-gRPC Check (py3.13)-py3.13   View in Datadog   GitHub Actions

PR | test / check   View in Datadog   GitHub Actions

PR | test / test (linux, ubuntu-22.04, grpc_check, gRPC Check (py3.13), py3.13) / gRPC Check (py3.13)-py3.13   View in Datadog   GitHub Actions

Useful? React with 👍 / 👎

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 500e230 | Docs | Datadog PR Page | Give us feedback!

@gh-worker-campaigns-3e9aa4

gh-worker-campaigns-3e9aa4 Bot commented Jun 24, 2026

Copy link
Copy Markdown
Author

Auto-rebase complete

Branch is up to date with master — rebased onto 9e7e3dc.


Auto-Rebase · Add no-auto-rebase to opt out

@dd-octo-sts-26fcfa dd-octo-sts-26fcfa Bot force-pushed the engraver-auto-version-upgrade/minorpatch/go/tests/0-1781533340 branch from 9ce65ad to 1f9113a Compare June 24, 2026 13:06
…olang.org/protobuf [grpc_check/tests]

Co-authored-by: dd-octo-sts-26fcfa[bot] <266798054+dd-octo-sts-26fcfa[bot]@users.noreply.github.com>
@dd-octo-sts-aad58d dd-octo-sts-aad58d Bot force-pushed the engraver-auto-version-upgrade/minorpatch/go/tests/0-1781533340 branch from 1f9113a to 500e230 Compare June 29, 2026 14:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants