Skip to content

fix(deps): vuln patch upgrades — 6 packages (patch: 6) [etcdctl]#24

Merged
dd-prapprover[bot] merged 1 commit intomainfrom
engraver-auto-version-upgrade/minorpatch/go/etcdctl/4-1776943591
Apr 23, 2026
Merged

fix(deps): vuln patch upgrades — 6 packages (patch: 6) [etcdctl]#24
dd-prapprover[bot] merged 1 commit intomainfrom
engraver-auto-version-upgrade/minorpatch/go/etcdctl/4-1776943591

Conversation

@gh-worker-campaigns-3e9aa4
Copy link
Copy Markdown

@gh-worker-campaigns-3e9aa4 gh-worker-campaigns-3e9aa4 Bot commented Apr 23, 2026

Summary: Critical-severity security update — 6 packages upgraded (patch changes only)

Manifests changed:

  • etcdctl (go)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

Updates

Package From To Type Dep Type Vulnerabilities Fixed
google.golang.org/grpc v1.79.1 v1.79.3 patch Direct 3 CRITICAL
github.com/olekukonko/tablewriter v1.1.3 v1.1.4 patch Direct -
go.etcd.io/etcd/api/v3 v3.6.0-alpha.0 v3.6.10 patch Direct -
go.etcd.io/etcd/client/pkg/v3 v3.6.0-alpha.0 v3.6.10 patch Direct -
go.etcd.io/etcd/client/v3 v3.6.0-alpha.0 v3.6.10 patch Direct -
go.etcd.io/etcd/pkg/v3 v3.6.0-alpha.0 v3.6.10 patch Direct -

Packages marked with "-" are updated due to dependency constraints.

Security Details

🚨 Critical & High Severity (3 fixed)
Package CVE Severity Summary Unsafe Version Fixed In
google.golang.org/grpc GO-2026-4762 critical Authorization bypass in gRPC-Go via missing leading slash in :path in google.golang.org/grpc v1.79.1 1.79.3
google.golang.org/grpc CVE-2026-33186 critical gRPC-Go has an authorization bypass via missing leading slash in :path v1.79.1 -
google.golang.org/grpc GHSA-p77j-4mvh-x3m3 CRITICAL gRPC-Go has an authorization bypass via missing leading slash in :path v1.79.1 1.79.3
⚠️ Dependencies that have Reached EOL (4)
Dependency Unsafe Version EOL Date New Version Path
go.etcd.io/etcd/api/v3 v3.6.0-alpha.0 - v3.6.10 etcdctl/go.mod
go.etcd.io/etcd/client/pkg/v3 v3.6.0-alpha.0 - v3.6.10 etcdctl/go.mod
go.etcd.io/etcd/client/v3 v3.6.0-alpha.0 - v3.6.10 etcdctl/go.mod
go.etcd.io/etcd/pkg/v3 v3.6.0-alpha.0 - v3.6.10 etcdctl/go.mod

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI
  • Approve and merge this PR

Update Mode: Vulnerability Remediation (Critical)

🤖 Generated by DataDog Automated Dependency Management System

@campaigner-prod campaigner-prod Bot marked this pull request as ready for review April 23, 2026 14:30
@dd-prapprover
Copy link
Copy Markdown

dd-prapprover Bot commented Apr 23, 2026
edited
Loading

PRApprover will approve and merge this PR, FAQ, #dx-source-code-management

🛠️ PRApproval Status

  • ✅ PR is eligible for auto-approval by rule dependency-management-version-updater - 2026-04-23T14:31:01Z
  • ✅ CI tests passed - 2026-04-23T14:31:04Z
  • ✅ Approved (commit: a5cfab9) - 2026-04-23T14:31:06Z
  • ✅ Merge Started
  • ✅ Merged - 2026-04-23T14:31:15Z

➡️ Current phase: PR merged successfully! ✅

dd-prapprover[bot]
dd-prapprover Bot approved these changes Apr 23, 2026
View reviewed changes
Copy link
Copy Markdown

@dd-prapprover dd-prapprover Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR has been automatically approved by the DD PR Approver bot.

@dd-prapprover dd-prapprover Bot merged commit 9e0af54 into main Apr 23, 2026
10 checks passed
@dd-prapprover dd-prapprover Bot deleted the engraver-auto-version-upgrade/minorpatch/go/etcdctl/4-1776943591 branch April 23, 2026 14:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dd-prapprover dd-prapprover[bot] dd-prapprover[bot] approved these changes

Assignees

No one assigned

Labels

adms-critical-severity adms-dependency-update adms-fixes-eol adms-go adms-mode-all-updates adms-patch-update campaigner-automated-change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants