fix(deps): vuln minor upgrades — 4 packages (minor: 2 · patch: 2) [test/e2e]

[gh-worker-campaigns-3e9aa4]

Summary: High-severity security update — 4 packages upgraded (MINOR changes included)

Manifests changed:

• test/e2e (go)

---

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

---

Updates

Package	From	To	Type	Dep Type	Vulnerabilities Fixed
github.com/moby/spdystream	v0.5.0	v0.5.1	patch	Transitive	1 HIGH
github.com/go-git/go-git/v5	v5.16.5	v5.19.0	minor	Transitive	4 MODERATE, 3 LOW
github.com/aws/aws-sdk-go-v2/service/s3	v1.93.1	v1.101.0	minor	Transitive	1 MODERATE
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream	v1.7.4	v1.7.10	patch	Transitive	1 MODERATE

---

Security Details

🚨 Critical & High Severity (1 fixed)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
github.com/moby/spdystream	GHSA-pc3f-x583-g7j2	HIGH	SpdyStream: DOS on CRI	v0.5.0	0.5.1

ℹ️ Other Vulnerabilities (9)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream	GHSA-xmrv-pmrh-hhx2	MODERATE	Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder	v1.7.4	1.7.8
github.com/aws/aws-sdk-go-v2/service/s3	GHSA-xmrv-pmrh-hhx2	MODERATE	Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder	v1.93.1	1.97.3
github.com/go-git/go-git/v5	GHSA-jhf3-xxhw-2wpp	MODERATE	go-git: Maliciously crafted idx file can cause asymmetric memory consumption	v5.16.5	5.17.1
github.com/go-git/go-git/v5	GO-2026-4910	MODERATE	Maliciously crafted idx file can cause asymmetric memory consumption in github.com/go-git/go-git	v5.16.5	5.17.1
github.com/go-git/go-git/v5	CVE-2026-34165	MODERATE	go-git: Maliciously crafted idx file can cause asymmetric memory consumption	v5.16.5	-
github.com/go-git/go-git/v5	GHSA-3xc5-wrhm-f963	MODERATE	go-git: Credential leak via cross-host redirect in smart HTTP transport	v5.16.5	5.18.0
github.com/go-git/go-git/v5	GHSA-gm2x-2g9h-ccm8	LOW	go-git missing validation decoding Index v4 files leads to panic	v5.16.5	5.17.1
github.com/go-git/go-git/v5	CVE-2026-33762	LOW	go-git: Missing validation decoding Index v4 files leads to panic	v5.16.5	-
github.com/go-git/go-git/v5	GO-2026-4909	LOW	Missing validation decoding Index v4 files leads to panic in github.com/go-git/go-git	v5.16.5	5.17.1

---

Review Checklist

Standard review:

• Review changes for compatibility with your code
• Check for breaking changes in release notes
• Run tests locally or wait for CI
• Approve and merge this PR

---

Update Mode: Vulnerability Remediation (High)

🤖 Generated by DataDog Automated Dependency Management System

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 43.59%. Comparing base (d5cdf64) to head (fba0c0c).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2990   +/-   ##
=======================================
  Coverage   43.59%   43.59%           
=======================================
  Files         354      354           
  Lines       30224    30224           
=======================================
  Hits        13177    13177           
  Misses      16176    16176           
  Partials      871      871           

Flag	Coverage Δ
unittests	43.59% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

---

Continue to review full report in Codecov by Harness.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d5cdf64...fba0c0c. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[datadog-prod-us1-5]

 

✨ Fix all issues with BitsAI

⚠️ Warnings

🚦 2 Pipeline jobs failed

pull request linter | Check Milestone     

pull request linter | build     

ℹ️ Info

🎯 Code Coverage (details)
• Patch Coverage: 100.00%
• Overall Coverage: 43.87% (+0.00%)

Useful? React with 👍 / 👎

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: fba0c0c | Docs | Datadog PR Page | Give us feedback!}

[gh-worker-campaigns-3e9aa4]

Auto-rebase complete

Branch is up to date with main — rebased onto d5cdf64.

---

_{Auto-Rebase · Add no-auto-rebase to opt out}