Bump networking dependencies to fix vulnerabilities

[angryR]

Goal

Upgrade direct Go modules and Alpine runtime base image to address multiple Critical and High vulnerabilities reported in GCR/Artifact Registry scans.

Addressed CVEs & Upgrades

1. Go direct dependencies (go.mod)

CVE	Severity	Package	Fix Version	Notes
CVE-2026-33186	Critical	google.golang.org/grpc	v1.79.3	Upgraded from v1.56.3
CVE-2025-22868	High	golang.org/x/oauth2	v0.34.0	Upgraded from v0.7.0

2. Python & System package updates (docker/Dockerfile-envoy)

Package	Description	Fix
jaraco-context, wheel	System packages & transitives installed via Python/Alpine base	Re-anchored base from Alpine 3.22 to Alpine 3.23 (latest stable release) to draw upgraded patches.

---

Verification Plan

Binary rebuilds drawn from these updated mod layouts and Alpine 3.23 templates will flush the reported scan items on next build trigger. No Google3 modifications are required.

[google-oss-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: angryR

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [angryR]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[paulhong01]

From the presubmit tests, it looks like it failed to build. Could we take a look?

[angryR]

/retest-required

[angryR]

/retest-required

[angryR]

open census blocks the go-control-plane upgrade

[angryR]

/retest

[google-oss-prow]

@angryR: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ESPv2-e2e-gcloud-build-image	d80c500	link	true	/test ESPv2-e2e-gcloud-build-image
ESPv2-build	d80c500	link	true	/test ESPv2-build
ESPv2-API-regression-test	d80c500	link	true	/test ESPv2-API-regression-test
ESPv2-presubmit	d80c500	link	true	/test ESPv2-presubmit
ESPv2-presubmit-tsan	d80c500	link	true	/test ESPv2-presubmit-tsan
ESPv2-presubmit-asan	d80c500	link	true	/test ESPv2-presubmit-asan
ESPv2-cloud-run-e2e-app-engine-http-bookstore	d80c500	link	true	/test ESPv2-cloud-run-e2e-app-engine-http-bookstore
ESPv2-cloud-run-e2e-cloud-function-http-bookstore	d80c500	link	true	/test ESPv2-cloud-run-e2e-cloud-function-http-bookstore
ESPv2-cloud-run-e2e-cloud-run-grpc-echo	d80c500	link	true	/test ESPv2-cloud-run-e2e-cloud-run-grpc-echo
ESPv2-cloud-run-e2e-cloud-run-http-bookstore	d80c500	link	true	/test ESPv2-cloud-run-e2e-cloud-run-http-bookstore
ESPv2-anthos-cloud-run-e2e-anthos-cloud-run-http-bookstore	d80c500	link	true	/test ESPv2-anthos-cloud-run-e2e-anthos-cloud-run-http-bookstore
ESPv2-gke-e2e-grpc-echo-managed	d80c500	link	true	/test ESPv2-gke-e2e-grpc-echo-managed
ESPv2-gke-e2e-http-bookstore-managed-using-sa-cred	d80c500	link	true	/test ESPv2-gke-e2e-http-bookstore-managed-using-sa-cred
ESPv2-gke-e2e-grpc-interop-managed	d80c500	link	true	/test ESPv2-gke-e2e-grpc-interop-managed
ESPv2-gke-e2e-http-bookstore-managed	d80c500	link	true	/test ESPv2-gke-e2e-http-bookstore-managed

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.