fix(deps): bump vulnerable dependencies (4 Dependabot alerts)

[rsnodgrass]

Summary

Fixes 4 of 7 open Dependabot security alerts by bumping dependencies with available patches:

• google.golang.org/grpc v1.79.2 → v1.80.0 — Critical: authorization bypass via missing leading slash in :path
• go.opentelemetry.io/otel/sdk v1.42.0 → v1.43.0 — High: BSD kenv PATH hijacking
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.41.0 → v1.43.0 — Medium: unbounded HTTP response body read
• filippo.io/edwards25519 v1.1.0 → v1.1.1 — Low: invalid MultiScalarMult results

Not fixable (3 alerts)

Alert	Package	Why
#4	go.etcd.io/bbolt ≤1.4.3	No patch available. Transitive via blevesearch/bleve
#2, #3	github.com/docker/docker <29.3.1	v29.x not published as Go module (latest: v28.5.2+incompatible). Test-only dep via testcontainers-go

Test plan

• make build — clean
• make lint — 0 issues
• make test — 12,910 tests pass, 871 skipped

Summary by CodeRabbit

• Chores
  • Upgraded core application dependencies to the latest stable versions, including observability and communication infrastructure libraries. These updates provide important security improvements, stability enhancements, and bug fixes while ensuring better compatibility and overall system reliability.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 15f5bf04-9e11-43fa-b222-aa41c7ed5c7c

📥 Commits

Reviewing files that changed from the base of the PR and between 48b864a and 38398bd.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (1)

• go.mod

---

📝 Walkthrough

Walkthrough

Updated Go module dependencies, primarily advancing OpenTelemetry packages from v1.42.0/v1.41.0 to v1.43.0, along with updates to indirect dependencies including Google gRPC (v1.79.2 to v1.80.0) and filippo.io/edwards25519 (v1.1.0 to v1.1.1).

Changes

Cohort / File(s)	Summary
Dependency Version Updates go.mod	OpenTelemetry modules (otel, otel/sdk, otel/trace, otlp/otlptrace/otlptracehttp, otlp/otlptrace, and otel/metric) bumped to v1.43.0; Google gRPC updated to v1.80.0; Google genproto dependencies updated to newer pseudo-versions; filippo.io/edwards25519 updated to v1.1.1.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 Dependencies dance in version rows,
From one-forty-two to three they go,
gRPC hops to eighty's height,
Our telemetry shines more bright! ✨

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch ryan/fix-dependabot-vulns

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}