Security issue in google.golang.org/grpc < v1.79.3

[mnhauke]

Summary: VUL-0: CVE-2026-33186: pvetui: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-header

pvetui currently has an indirect dependy on : google.golang.org/grpc v1.79.1

Security Issue tracked by SUSE (where I maintain the pvetui package)
https://bugzilla.suse.com/show_bug.cgi?id=1260202

Upstream fix of the issue
grpc/grpc-go#8981

[devnullvoid]

Opened PR #104 to address this by upgrading the indirect google.golang.org/grpc dependency from v1.79.1 to v1.79.3.

Local verification on the fix branch passed:

• make build
• make test
• make code-quality

PR: #104