fix(deps): vuln patch: google.golang.org/grpc, gopkg.in/yaml.v3

[gh-worker-campaigns-3e9aa4]

Summary: Critical-severity security update — 2 packages upgraded (patch changes only)

Manifests changed:

• . (go)

---

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

---

Updates

Package	From	To	Type	Dep Type	Vulnerabilities Fixed
google.golang.org/grpc	v1.79.0	v1.79.3	patch	Direct	3 CRITICAL
gopkg.in/yaml.v3	v3.0.0-20200313102051-9f266ea9e77c	v3.0.1	patch	Transitive	3 HIGH

---

Security Details

🚨 Critical & High Severity (6 fixed)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
google.golang.org/grpc	GO-2026-4762	critical	Authorization bypass in gRPC-Go via missing leading slash in :path in google.golang.org/grpc	v1.79.0	1.79.3
google.golang.org/grpc	CVE-2026-33186	critical	gRPC-Go has an authorization bypass via missing leading slash in :path	v1.79.0	-
google.golang.org/grpc	GHSA-p77j-4mvh-x3m3	CRITICAL	gRPC-Go has an authorization bypass via missing leading slash in :path	v1.79.0	1.79.3
gopkg.in/yaml.v3	GO-2022-0603	high	Panic in gopkg.in/yaml.v3	v3.0.0-20200313102051-9f266ea9e77c	3.0.0-20220521103104-8f96da9f5d5e
gopkg.in/yaml.v3	CVE-2022-28948	high	-	v3.0.0-20200313102051-9f266ea9e77c	-
gopkg.in/yaml.v3	GHSA-hp87-p4gw-j4gq	HIGH	gopkg.in/yaml.v3 Denial of Service	v3.0.0-20200313102051-9f266ea9e77c	3.0.1

⚠️ Dependencies that have Reached EOL (1)

Dependency	Unsafe Version	EOL Date	New Version	Path
gopkg.in/yaml.v3	v3.0.0-20200313102051-9f266ea9e77c	-	v3.0.1	go.mod

---

Review Checklist

Standard review:

• Review changes for compatibility with your code
• Check for breaking changes in release notes
• Run tests locally or wait for CI
• Approve and merge this PR

---

Update Mode: Vulnerability Remediation (Critical/High)

🤖 Generated by DataDog Automated Dependency Management System