VULN UPGRADE: minor: github.com/envoyproxy/envoy, google.golang.org/protobuf [examples/golang-network]

[campaigner-prod]

Summary: Security update — 2 packages upgraded (MINOR changes included)

Manifests changed:

• examples/golang-network (go)

Updates

Package	From	To	Type	Vulnerabilities Fixed
github.com/envoyproxy/envoy	v1.24.0	v1.37.0	minor	6 MODERATE, 2 LOW
google.golang.org/protobuf	v1.34.1	v1.36.11	minor	-

Packages marked with "-" are updated due to dependency constraints.

---

Security Details

ℹ️ Other Vulnerabilities (8)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
github.com/envoyproxy/envoy	GHSA-mp85-7mrq-r866	MODERATE	Envoy crashes when JWT authentication is configured with the remote JWKS fetching	v1.24.0	1.36.3
github.com/envoyproxy/envoy	CVE-2025-64527	MODERATE	Envoy crashes when JWT authentication is configured with the remote JWKS fetching	v1.24.0	-
github.com/envoyproxy/envoy	GHSA-cf3q-gqg7-3fm9	MODERATE	Envoy crashes when HTTP ext_proc processes local replies	v1.24.0	1.30.10
github.com/envoyproxy/envoy	CVE-2025-30157	MODERATE	Envoy crashes when HTTP ext_proc processes local replies	v1.24.0	-
github.com/envoyproxy/envoy	GHSA-rwjg-c3h2-f57p	MODERATE	Envoy's TLS certificate matcher for match_typed_subject_alt_names may incorrectly treat certificates containing an embedded null byte	v1.24.0	1.36.3
github.com/envoyproxy/envoy	CVE-2025-66220	MODERATE	Envoy’s TLS certificate matcher for match_typed_subject_alt_names may incorrectly treat certificates containing an embedded null byte	v1.24.0	-
github.com/envoyproxy/envoy	GHSA-rj35-4m94-77jh	LOW	Envoy forwards early CONNECT data in TCP proxy mode	v1.24.0	1.36.3
github.com/envoyproxy/envoy	CVE-2025-64763	LOW	Envoy forwards early CONNECT data in TCP proxy mode	v1.24.0	-

⚠️ Dependencies that have Reached EOL (1)

Dependency	Unsafe Version	EOL Date	New Version	Path
github.com/envoyproxy/envoy	v1.24.0	Oct 19, 2025	v1.37.0	examples/golang-network/simple/go.mod

---

Review Checklist

Standard review:

• Review changes for compatibility with your code
• Check for breaking changes in release notes
• Run tests locally or wait for CI

---

Update Mode: Vulnerability Remediation

🤖 Generated by DataDog Automated Dependency Management System

[dd-prapprover]

This PR has been automatically approved by the DD PR Approver bot.

[gh-worker-devflow-routing-ef8351]

View all feedbacks in Devflow UI.

2026-02-13 07:01:31 UTC ℹ️ Start processing command /merge

---

2026-02-13 07:01:36 UTC ℹ️ MergeQueue: pull request added to the queue

The expected merge time in master is approximately 0s (p90).

---

2026-02-13 13:01:30 UTC ℹ️ MergeQueue: Readding this merge request to the queue because another merge request processed with yours failed. No action is needed from your side.

---

2026-02-13 15:01:46 UTC ℹ️ MergeQueue: Readding this merge request to the queue because another merge request processed with yours failed. No action is needed from your side.

---

2026-02-13 17:01:59 UTC ❌ MergeQueue: The build pipeline has timeout

The merge request has been interrupted because the build 0 took longer than expected. The current limit for the base branch 'master' is 120 minutes.