VULN UPGRADE: google.golang.org/grpc (minor → v1.78.0) [envoy/tests]

[campaigner-prod]

Summary: High-severity security update — 2 packages upgraded (MINOR changes included)

Manifests changed:

• envoy/tests (go)

Updates

Package	From	To	Type	Vulnerabilities Fixed
google.golang.org/grpc	v1.25.1	v1.78.0	minor	2 HIGH
google.golang.org/grpc	v1.36.0	v1.78.0	minor	2 HIGH

---

Security Details

🚨 Critical & High Severity (4 fixed)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
google.golang.org/grpc	GHSA-m425-mq94-257g	HIGH	gRPC-Go HTTP/2 Rapid Reset vulnerability	v1.25.1	1.56.3
google.golang.org/grpc	CVE-2023-44487	high	This package is related to CVE CVE-2023-44487 which was detected by cisa.gov as actively being exploited in the wild	v1.25.1	-
google.golang.org/grpc	GHSA-m425-mq94-257g	HIGH	gRPC-Go HTTP/2 Rapid Reset vulnerability	v1.36.0	1.56.3
google.golang.org/grpc	CVE-2023-44487	high	This package is related to CVE CVE-2023-44487 which was detected by cisa.gov as actively being exploited in the wild	v1.36.0	-

⚠️ Dependencies that have Reached EOL (2)

Dependency	Unsafe Version	EOL Date	New Version	Path
google.golang.org/grpc	v1.25.1	-	v1.78.0	envoy/tests/docker/api_v2/go.mod
google.golang.org/grpc	v1.36.0	-	v1.78.0	envoy/tests/docker/api_v3/go.mod

---

Review Checklist

Enhanced review recommended for this update:

• Review changes for compatibility with your code
• Check release notes for breaking changes
• Run integration tests to verify service behavior
• Test in staging environment before production
• Monitor key metrics after deployment

---

Update Mode: Vulnerability Remediation (High)

🤖 Generated by DataDog Automated Dependency Management System

[github-actions]

⚠️ Recommendation: Add qa/skip-qa label

This PR does not modify any files shipped with the agent.

To help streamline the release process, please consider adding the qa/skip-qa label if these changes do not require QA testing.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f9c5cdbab2

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Align Go toolchain with new go.mod version

The module now declares go 1.24.0, but the api_v2 image build in envoy/tests/docker/api_v2/Dockerfile-xds still pins gcr.io/istio-testing/go-control-plane-ci:08-20-2019. That image predates Go 1.24, so go build in that container will fail with a “maximum supported version” error as soon as it reads this go.mod. This breaks the docker-based envoy tests unless the Dockerfile is also updated to a toolchain that supports Go 1.24.

Useful? React with 👍 / 👎.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 89.06%. Comparing base (288fc11) to head (f9c5cdb).
⚠️ Report is 33 commits behind head on master.

Additional details and impacted files

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[datadog-official]

⚠️ Tests

✨ Fix all issues with Cursor

⚠️ Warnings

❄️ 2 New flaky tests detected

test_metadata_integration from test_integration.py (Datadog) (Fix with Cursor)

RetryError[<Future at 0x7f1b2c2c2780 state=finished raised SubprocessError>]

test_success from test_integration.py (Datadog) (Fix with Cursor)

RetryError[<Future at 0x7f1b2c2c2780 state=finished raised SubprocessError>]

ℹ️ Info

🧪 All tests passed

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: f9c5cdb | Docs | Datadog PR Page | Was this helpful? Give us feedback!}

[Kyle-Neale]

Closing since these are just test dependencies that are only used in CI