fix(deps): vuln minor upgrades — 14 packages (minor: 6 · patch: 8) [test/e2e]

[gh-worker-campaigns-3e9aa4]

Summary: High-severity security update — 14 packages upgraded (MINOR changes included)

Manifests changed:

• test/e2e (go)

---

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

---

Updates

Package	From	To	Type	Dep Type	Vulnerabilities Fixed
github.com/moby/spdystream	v0.5.0	v0.5.1	patch	Transitive	1 HIGH
github.com/go-git/go-git/v5	v5.16.5	v5.18.0	minor	Transitive	2 MODERATE, 2 MEDIUM, 3 LOW
github.com/aws/aws-sdk-go-v2/service/s3	v1.93.1	v1.99.1	minor	Transitive	1 MODERATE
helm.sh/helm/v3	v3.18.5	v3.20.2	minor	Transitive	1 MODERATE
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream	v1.7.4	v1.7.9	patch	Transitive	1 MODERATE
github.com/DataDog/datadog-operator	v1.24.0	v1.25.0	minor	Direct	-
github.com/pulumi/pulumi-kubernetes/sdk/v4	v4.28.0	v4.29.0	minor	Direct	-
github.com/pulumi/pulumi/sdk/v3	v3.228.0	v3.231.0	minor	Direct	-
github.com/DataDog/datadog-agent/test/e2e-framework	v0.78.0-devel	v0.78.0	patch	Direct	-
github.com/DataDog/datadog-agent/test/fakeintake	v0.78.0-devel	v0.78.0	patch	Direct	-
github.com/aws/aws-sdk-go-v2	v1.41.5	v1.41.6	patch	Direct	-
github.com/aws/aws-sdk-go-v2/config	v1.32.13	v1.32.16	patch	Direct	-
github.com/aws/aws-sdk-go-v2/service/cloudformation	v1.71.9	v1.71.10	patch	Direct	-
k8s.io/cli-runtime	v0.35.3	v0.35.4	patch	Direct	-

Packages marked with "-" are updated due to dependency constraints.

---

Security Details

🚨 Critical & High Severity (1 fixed)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
github.com/moby/spdystream	GHSA-pc3f-x583-g7j2	HIGH	SpdyStream: DOS on CRI	v0.5.0	0.5.1

ℹ️ Other Vulnerabilities (10)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
github.com/go-git/go-git/v5	GO-2026-4910	medium	Maliciously crafted idx file can cause asymmetric memory consumption in github.com/go-git/go-git	v5.16.5	5.17.1
github.com/go-git/go-git/v5	CVE-2026-34165	medium	go-git: Maliciously crafted idx file can cause asymmetric memory consumption	v5.16.5	-
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream	GHSA-xmrv-pmrh-hhx2	MODERATE	Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder	v1.7.4	1.7.8
github.com/aws/aws-sdk-go-v2/service/s3	GHSA-xmrv-pmrh-hhx2	MODERATE	Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder	v1.93.1	1.97.3
github.com/go-git/go-git/v5	GHSA-jhf3-xxhw-2wpp	MODERATE	go-git: Maliciously crafted idx file can cause asymmetric memory consumption	v5.16.5	5.17.1
github.com/go-git/go-git/v5	GHSA-3xc5-wrhm-f963	MODERATE	go-git: Credential leak via cross-host redirect in smart HTTP transport	v5.16.5	5.18.0
helm.sh/helm/v3	GHSA-hr2v-4r36-88hr	MODERATE	Helm Chart extraction output directory collapse via Chart.yaml name dot-segment	v3.18.5	3.20.2
github.com/go-git/go-git/v5	GHSA-gm2x-2g9h-ccm8	LOW	go-git missing validation decoding Index v4 files leads to panic	v5.16.5	5.17.1
github.com/go-git/go-git/v5	CVE-2026-33762	LOW	go-git: Missing validation decoding Index v4 files leads to panic	v5.16.5	-
github.com/go-git/go-git/v5	GO-2026-4909	LOW	Missing validation decoding Index v4 files leads to panic in github.com/go-git/go-git	v5.16.5	5.17.1

---

Review Checklist

Standard review:

• Review changes for compatibility with your code
• Check for breaking changes in release notes
• Run tests locally or wait for CI
• Approve and merge this PR

---

Update Mode: Vulnerability Remediation (High)

🤖 Generated by DataDog Automated Dependency Management System

[datadog-datadog-prod-us1-2]

🎯 Code Coverage (details)
• Patch Coverage: 100.00%
• Overall Coverage: 41.26% (+0.00%)

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 400abc5 | Docs | Datadog PR Page | Give us feedback!}

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 41.14%. Comparing base (654839d) to head (400abc5).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2927   +/-   ##
=======================================
  Coverage   41.14%   41.14%           
=======================================
  Files         326      326           
  Lines       28899    28899           
=======================================
  Hits        11890    11890           
  Misses      16148    16148           
  Partials      861      861           

Flag	Coverage Δ
unittests	41.14% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 654839d...400abc5. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[gh-worker-campaigns-3e9aa4]

Auto-rebase complete

Branch is up to date with main — rebased onto 654839d.

---

_{Auto-Rebase · Add no-auto-rebase to opt out}