fix(deps): vuln minor upgrades — 4 packages (minor: 4) [pkg/dyninst]

[gh-worker-campaigns-3e9aa4]

Summary: Critical-severity security update — 4 packages upgraded (MINOR changes included)

Manifests changed:

• pkg/dyninst (go)

---

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

---

Updates

Package	From	To	Type	Dep Type	Vulnerabilities Fixed
google.golang.org/grpc	v1.73.0	v1.81.0	minor	Transitive	3 CRITICAL
go.opentelemetry.io/otel/sdk	v1.36.0	v1.43.0	minor	Transitive	4 HIGH
go.opentelemetry.io/otel	v1.36.0	v1.43.0	minor	Transitive	1 HIGH
github.com/go-viper/mapstructure/v2	v2.3.0	v2.5.0	minor	Transitive	3 MODERATE

---

Security Details

🚨 Critical & High Severity (8 fixed)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
google.golang.org/grpc	GHSA-p77j-4mvh-x3m3	CRITICAL	gRPC-Go has an authorization bypass via missing leading slash in :path	v1.73.0	1.79.3
google.golang.org/grpc	CVE-2026-33186	CRITICAL	gRPC-Go has an authorization bypass via missing leading slash in :path	v1.73.0	-
google.golang.org/grpc	GO-2026-4762	CRITICAL	Authorization bypass in gRPC-Go via missing leading slash in :path in google.golang.org/grpc	v1.73.0	1.79.3
go.opentelemetry.io/otel	GHSA-mh2q-q3fh-2475	HIGH	OpenTelemetry-Go: multi-value baggage header extraction causes excessive allocations (remote dos amplification)	v1.36.0	1.41.0
go.opentelemetry.io/otel/sdk	GHSA-hfvc-g4fc-pqhx	HIGH	opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking	v1.36.0	1.43.0
go.opentelemetry.io/otel/sdk	GHSA-9h8m-3fm2-qjrq	HIGH	OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking	v1.36.0	1.40.0
go.opentelemetry.io/otel/sdk	CVE-2026-24051	HIGH	OpenTelemetry-Go Affected by Arbitrary Code Execution via PATH Hijacking	v1.36.0	-
go.opentelemetry.io/otel/sdk	GO-2026-4394	HIGH	OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking in go.opentelemetry.io/otel/sdk	v1.36.0	1.40.0

ℹ️ Other Vulnerabilities (3)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
github.com/go-viper/mapstructure/v2	GHSA-2464-8j7c-4cjm	MODERATE	go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data	v2.3.0	2.4.0
github.com/go-viper/mapstructure/v2	CVE-2025-11065	MODERATE	-	v2.3.0	-
github.com/go-viper/mapstructure/v2	GO-2025-3900	MODERATE	Go-viper's mapstructure May Leak Sensitive Information in Logs in github.com/go-viper/mapstructure	v2.3.0	2.4.0

---

Review Checklist

Standard review:

• Review changes for compatibility with your code
• Check for breaking changes in release notes
• Run tests locally or wait for CI
• Approve and merge this PR

---

Update Mode: Vulnerability Remediation (Critical/High)

🤖 Generated by DataDog Automated Dependency Management System

[dd-octo-sts]

Files inventory check summary

File checks results against ancestor 58d5a5f7:

Results for datadog-agent_7.81.0~devel.git.738.bd485f5.pipeline.118332466-1_amd64.deb:

No change detected

[cit-pr-commenter-54b7da]

Regression Detector

Regression Detector Results

Metrics dashboard
Target profiles
Run ID: c78267c9-ed06-40f1-be26-b207eed367ec

Baseline: ba765de
Comparison: 2a422ce
Diff

Optimization Goals: ✅ No significant changes detected

Fine details of change detection per experiment

perf	experiment	goal	Δ mean %	Δ mean % CI	trials	links
➖	quality_gate_logs	% cpu utilization	+0.21	[-0.85, +1.26]	1	Logs bounds checks dashboard
➖	quality_gate_idle_all_features	memory utilization	+0.04	[+0.00, +0.08]	1	Logs bounds checks dashboard
➖	quality_gate_metrics_logs	memory utilization	-0.06	[-0.31, +0.19]	1	Logs bounds checks dashboard
➖	quality_gate_idle	memory utilization	-0.24	[-0.29, -0.18]	1	Logs bounds checks dashboard

Bounds Checks: ✅ Passed

perf	experiment	bounds_check_name	replicates_passed	observed_value	links
✅	quality_gate_idle	intake_connections	10/10	3 ≤ 4	bounds checks dashboard
✅	quality_gate_idle	memory_usage	10/10	146.33MiB ≤ 147MiB	bounds checks dashboard
✅	quality_gate_idle	total_bytes_received	10/10	581.84KiB ≤ 819.20KiB	bounds checks dashboard
✅	quality_gate_idle_all_features	intake_connections	10/10	3 ≤ 4	bounds checks dashboard
✅	quality_gate_idle_all_features	memory_usage	10/10	487.68MiB ≤ 495MiB	bounds checks dashboard
✅	quality_gate_idle_all_features	total_bytes_received	10/10	0.89MiB ≤ 1.25MiB	bounds checks dashboard
✅	quality_gate_logs	intake_connections	10/10	4 ≤ 6	bounds checks dashboard
✅	quality_gate_logs	memory_usage	10/10	180.60MiB ≤ 195MiB	bounds checks dashboard
✅	quality_gate_logs	missed_bytes	10/10	0B = 0B	bounds checks dashboard
✅	quality_gate_logs	total_bytes_received	10/10	263.89MiB ≤ 292MiB	bounds checks dashboard
✅	quality_gate_metrics_logs	cpu_usage	10/10	355.03 ≤ 2000	bounds checks dashboard
✅	quality_gate_metrics_logs	intake_connections	10/10	4 ≤ 6	bounds checks dashboard
✅	quality_gate_metrics_logs	memory_usage	10/10	393.31MiB ≤ 430MiB	bounds checks dashboard
✅	quality_gate_metrics_logs	missed_bytes	10/10	0B = 0B	bounds checks dashboard
✅	quality_gate_metrics_logs	total_bytes_received	10/10	0.86GiB ≤ 1.04GiB	bounds checks dashboard

Explanation

Confidence level: 90.00%
Effect size tolerance: |Δ mean %| ≥ 5.00%

Performance changes are noted in the perf column of each table:

• ✅ = significantly better comparison variant performance
• ❌ = significantly worse comparison variant performance
• ➖ = no significant change in performance

A regression test is an A/B test of target performance in a repeatable rig, where "performance" is measured as "comparison variant minus baseline variant" for an optimization goal (e.g., ingress throughput). Due to intrinsic variability in measuring that goal, we can only estimate its mean value for each experiment; we report uncertainty in that value as a 90.00% confidence interval denoted "Δ mean % CI".

For each experiment, we decide whether a change in performance is a "regression" -- a change worth investigating further -- if all of the following criteria are true:

1. Its estimated |Δ mean %| ≥ 5.00%, indicating the change is big enough to merit a closer look.

2. Its 90.00% confidence interval "Δ mean % CI" does not contain zero, indicating that if our statistical model is accurate, there is at least a 90.00% chance there is a difference in performance between baseline and comparison variants.

3. Its configuration does not mark it "erratic".

Replicate Execution Details

We run multiple replicates for each experiment/variant. However, we allow replicates to be automatically retried if there are any failures, up to 8 times, at which point the replicate is marked dead and we are unable to run analysis for the entire experiment. We call each of these attempts at running replicates a replicate execution. This section lists all replicate executions that failed due to the target crashing or being oom killed.

Note: In the below tables we bucket failures by experiment, variant, and failure type. For each of these buckets we list out the replicate indexes that failed with an annotation signifying how many times said replicate failed with the given failure mode. In the below example the baseline variant of the experiment named experiment_with_failures had two replicates that failed by oom kills. Replicate 0, which failed 8 executions, and replicate 1 which failed 6 executions, all with the same failure mode.

Experiment	Variant	Replicates	Failure	Logs	Debug Dashboard
experiment_with_failures	baseline	0 (x8) 1 (x6)	Oom killed		Debug Dashboard

The debug dashboard links will take you to a debugging dashboard specifically designed to investigate replicate execution failures.

❌ Retried Profiling Replicate Execution Failures (ddprof)

Note: Profiling replicas may still be executing. See the debug dashboard for up to date status.

Experiment	Variant	Replicates	Failure	Debug Dashboard
quality_gate_idle	baseline	10	Oom killed	Debug Dashboard
quality_gate_idle	comparison	10	Oom killed	Debug Dashboard
quality_gate_idle_all_features	baseline	10	Oom killed	Debug Dashboard
quality_gate_idle_all_features	comparison	10	Oom killed	Debug Dashboard
quality_gate_logs	baseline	10	Oom killed	Debug Dashboard
quality_gate_logs	comparison	10	Oom killed	Debug Dashboard
quality_gate_metrics_logs	baseline	10	Oom killed	Debug Dashboard
quality_gate_metrics_logs	comparison	10	Oom killed	Debug Dashboard

CI Pass/Fail Decision

✅ Passed. All Quality Gates passed.

• quality_gate_idle, bounds check memory_usage: 10/10 replicas passed. Gate passed.
• quality_gate_idle, bounds check intake_connections: 10/10 replicas passed. Gate passed.
• quality_gate_idle, bounds check total_bytes_received: 10/10 replicas passed. Gate passed.
• quality_gate_metrics_logs, bounds check intake_connections: 10/10 replicas passed. Gate passed.
• quality_gate_metrics_logs, bounds check memory_usage: 10/10 replicas passed. Gate passed.
• quality_gate_metrics_logs, bounds check total_bytes_received: 10/10 replicas passed. Gate passed.
• quality_gate_metrics_logs, bounds check missed_bytes: 10/10 replicas passed. Gate passed.
• quality_gate_metrics_logs, bounds check cpu_usage: 10/10 replicas passed. Gate passed.
• quality_gate_idle_all_features, bounds check intake_connections: 10/10 replicas passed. Gate passed.
• quality_gate_idle_all_features, bounds check total_bytes_received: 10/10 replicas passed. Gate passed.
• quality_gate_idle_all_features, bounds check memory_usage: 10/10 replicas passed. Gate passed.
• quality_gate_logs, bounds check missed_bytes: 10/10 replicas passed. Gate passed.
• quality_gate_logs, bounds check total_bytes_received: 10/10 replicas passed. Gate passed.
• quality_gate_logs, bounds check memory_usage: 10/10 replicas passed. Gate passed.
• quality_gate_logs, bounds check intake_connections: 10/10 replicas passed. Gate passed.

[dd-octo-sts]

Static quality checks

✅ Please find below the results from static quality gates
Comparison made with ancestor 8fb2856
📊 Static Quality Gates Dashboard
🔗 SQG Job

32 successful checks with minimal change (< 2 KiB)

	Quality gate	Current Size
✅	agent_deb_amd64	752.081 MiB
✅	agent_deb_amd64_fips	707.803 MiB
✅	agent_heroku_amd64	310.934 MiB
✅	agent_rpm_amd64	752.065 MiB
✅	agent_rpm_amd64_fips	707.787 MiB
✅	agent_rpm_arm64	727.547 MiB
✅	agent_rpm_arm64_fips	686.864 MiB
✅	agent_suse_amd64	752.065 MiB
✅	agent_suse_amd64_fips	707.787 MiB
✅	agent_suse_arm64	727.547 MiB
✅	agent_suse_arm64_fips	686.864 MiB
✅	docker_agent_amd64	811.509 MiB
✅	docker_agent_arm64	811.910 MiB
✅	docker_agent_jmx_amd64	1002.450 MiB
✅	docker_agent_jmx_arm64	991.503 MiB
✅	docker_cluster_agent_amd64	209.846 MiB
✅	docker_cluster_agent_arm64	222.960 MiB
✅	docker_cws_instrumentation_amd64	7.447 MiB
✅	docker_cws_instrumentation_arm64	6.877 MiB
✅	docker_dogstatsd_amd64	39.873 MiB
✅	docker_dogstatsd_arm64	37.946 MiB
✅	docker_host_profiler_amd64	305.339 MiB
✅	docker_host_profiler_arm64	316.461 MiB
✅	dogstatsd_deb_amd64	30.531 MiB
✅	dogstatsd_deb_arm64	28.531 MiB
✅	dogstatsd_rpm_amd64	30.531 MiB
✅	dogstatsd_suse_amd64	30.531 MiB
✅	iot_agent_deb_amd64	46.377 MiB
✅	iot_agent_deb_arm64	43.053 MiB
✅	iot_agent_deb_armhf	43.852 MiB
✅	iot_agent_rpm_amd64	46.378 MiB
✅	iot_agent_suse_amd64	46.377 MiB

[gh-worker-campaigns-3e9aa4]

Auto-rebase complete

Branch is up to date with main — rebased onto 13870dc.

---

_{Auto-Rebase · Add no-auto-rebase to opt out}

[dd-octo-sts]

This pull request has been automatically marked as stale because it has not had activity in the past 15 days.

It will be closed in 30 days if no further activity occurs. If this pull request is still relevant, adding a comment or pushing new commits will keep it open. Also, you can always reopen the pull request if you missed the window.

Thank you for your contributions!

[datadog-prod-us1-4]

✨ Fix all issues with BitsAI

⚠️ Warnings

🚦 8 Pipeline jobs failed

DataDog/datadog-agent | prepare_sysprobe_ebpf_functional_tests_arm64     

DataDog/datadog-agent | tests_ebpf_arm64     

DataDog/datadog-agent | tests_ebpf_x64     

View all 8 failed jobs.

ℹ️ Info

🎯 Code Coverage (details)
• Patch Coverage: 100.00%
• Overall Coverage: 50.88% (+0.11%)

Useful? React with 👍 / 👎

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: bd485f5 | Docs | Datadog PR Page | Give us feedback!}

[gh-worker-campaigns-3e9aa4]

Auto-rebase complete

Branch is up to date with main — rebased onto 8b484f5.

---

_{Auto-Rebase · Add no-auto-rebase to opt out}

[github-actions]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3e1ed7d257

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Keep the test module buildable by older toolchains

When dda inv system-probe.build-dyninst-test-programs runs, tasks/system_probe.py still enumerates fixed GOTOOLCHAIN=go1.23.11 and go1.24.3 builds for these test programs (checked lines 1889 and 1942). Raising this module's go directive to 1.25.0 makes those exact older toolchains reject the module before compilation, so the dyninst test binary generation used by the ebpf source-test pipeline can no longer complete for the configured older Go versions. Please keep the go directive compatible with the oldest configured test toolchain (and use a toolchain directive if needed), or update the toolchain matrix in the same change.

Useful? React with 👍 / 👎.

[gh-worker-campaigns-3e9aa4]

Auto-rebase complete

Branch is up to date with main — rebased onto bea05e8.

---

_{Auto-Rebase · Add no-auto-rebase to opt out}

[github-actions]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: c0484b9df7

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Keep test programs buildable with older toolchains

This module is still built by dda inv system-probe.build-dyninst-test-programs for go1.23.11 and go1.24.3 (tasks/system_probe.py:1889) while forcing each build with exact GOTOOLCHAIN=<version> (tasks/system_probe.py:1942). Go treats the go directive as the minimum required version and exact GOTOOLCHAIN=go1.x.y does not auto-upgrade (see go.dev/doc/toolchain), so those matrix entries will refuse to load this module once it says go 1.25.0. Either keep this test module compatible with the older toolchains or update the dyninst build matrix/snapshots to drop them.

Useful? React with 👍 / 👎.

[gh-worker-campaigns-3e9aa4]

Auto-rebase complete

Branch is up to date with main — rebased onto 62b9209.

---

_{Auto-Rebase · Add no-auto-rebase to opt out}

[gh-worker-campaigns-3e9aa4]

Auto-rebase failed

Lockfile regeneration failed during rebase onto main. Your branch was not updated. You may need to rebase and regenerate lockfiles manually.

Error details

• Go Mod Tidy: ❌ exit status 1

Error Details (up to 4000 chars)

... (truncated)
re/@v/v1.5.1-0.20231216201459-8508981c8b6c.mod: 503 Service Unavailable
go: github.com/DataDog/datadog-agent/pkg/dyninst/testprogs/progs/rc_tester imports
	github.com/DataDog/dd-trace-go/v2/ddtrace/tracer imports
	github.com/DataDog/datadog-agent/pkg/remoteconfig/state imports
	github.com/DataDog/go-tuf/client tested by
	github.com/DataDog/go-tuf/client.test imports
	github.com/DataDog/go-tuf imports
	github.com/DataDog/go-tuf/encrypted imports
	golang.org/x/crypto/nacl/secretbox: github.com/mitchellh/mapstructure@v1.5.1-0.20231216201459-8508981c8b6c: reading https://depot-read-api-go.us1.ddbuild.io/magicmirror/magicmirror/@current/github.com/mitchellh/mapstructure/@v/v1.5.1-0.20231216201459-8508981c8b6c.mod: 503 Service Unavailable
go: github.com/DataDog/datadog-agent/pkg/dyninst/testprogs/progs/rc_tester imports
	github.com/DataDog/dd-trace-go/v2/ddtrace/tracer imports
	github.com/DataDog/datadog-agent/pkg/remoteconfig/state imports
	github.com/DataDog/go-tuf/client tested by
	github.com/DataDog/go-tuf/client.test imports
	github.com/DataDog/go-tuf imports
	github.com/DataDog/go-tuf/encrypted imports
	golang.org/x/crypto/scrypt: github.com/mitchellh/mapstructure@v1.5.1-0.20231216201459-8508981c8b6c: reading https://depot-read-api-go.us1.ddbuild.io/magicmirror/magicmirror/@current/github.com/mitchellh/mapstructure/@v/v1.5.1-0.20231216201459-8508981c8b6c.mod: 503 Service Unavailable
go: github.com/DataDog/datadog-agent/pkg/dyninst/testprogs/progs/rc_tester imports
	github.com/DataDog/dd-trace-go/v2/ddtrace/tracer imports
	github.com/DataDog/datadog-agent/pkg/trace/stats imports
	go.opentelemetry.io/collector/pdata/ptrace imports
	go.opentelemetry.io/collector/pdata/internal/data/protogen/collector/trace/v1 imports
	google.golang.org/grpc imports
	google.golang.org/grpc/balancer/pickfirst tested by
	google.golang.org/grpc/balancer/pickfirst.test imports
	go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest: github.com/mitchellh/mapstructure@v1.5.1-0.20231216201459-8508981c8b6c: reading https://depot-read-api-go.us1.ddbuild.io/magicmirror/magicmirror/@current/github.com/mitchellh/mapstructure/@v/v1.5.1-0.20231216201459-8508981c8b6c.mod: 503 Service Unavailable
go: github.com/DataDog/datadog-agent/pkg/dyninst/testprogs/progs/rc_tester imports
	github.com/DataDog/dd-trace-go/v2/ddtrace/tracer imports
	github.com/DataDog/datadog-agent/pkg/trace/stats imports
	github.com/DataDog/datadog-agent/pkg/trace/config imports
	github.com/DataDog/opentelemetry-mapping-go/pkg/otlp/attributes imports
	go.opentelemetry.io/collector/component imports
	go.opentelemetry.io/collector/internal/telemetry imports
	go.opentelemetry.io/collector/internal/telemetry/componentattribute tested by
	go.opentelemetry.io/collector/internal/telemetry/componentattribute.test imports
	go.opentelemetry.io/collector/pipeline: github.com/mitchellh/mapstructure@v1.5.1-0.20231216201459-8508981c8b6c: reading https://depot-read-api-go.us1.ddbuild.io/magicmirror/magicmirror/@current/github.com/mitchellh/mapstructure/@v/v1.5.1-0.20231216201459-8508981c8b6c.mod: 503 Service Unavailable
go: github.com/DataDog/datadog-agent/pkg/dyninst/testprogs/progs/rc_tester imports
	github.com/DataDog/dd-trace-go/v2/ddtrace/tracer imports
	github.com/DataDog/datadog-agent/pkg/trace/stats imports
	go.opentelemetry.io/collector/pdata/ptrace imports
	go.opentelemetry.io/collector/pdata/internal/data/protogen/collector/trace/v1 imports
	google.golang.org/grpc imports
	google.golang.org/grpc/balancer/roundrobin imports
	google.golang.org/grpc/balancer/endpointshardi

---
<sub>⚠️ Comment truncated (was 4652 chars). See workflow logs for full details.</sub>

[gh-worker-campaigns-3e9aa4]

Auto-rebase complete

Branch is up to date with main — rebased onto a50e2f0.

---

_{Auto-Rebase · Add no-auto-rebase to opt out}

[github-actions]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: e1f91a79ca

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Keep dyninst test programs buildable with Go 1.23/1.24

When the dyninst test-program build runs, tasks/system_probe.py intentionally builds this module with GOTOOLCHAIN=go1.23.11 and go1.24.3 as well as newer toolchains (checked ninja_add_dyninst_test_programs, lines 1883 and 1936). The Go module docs define the go directive as the minimum Go version required to use the module, so raising it to 1.25.0 makes those older-toolchain builds refuse this module before compiling. This breaks the existing cross-version dyninst fixtures unless the 1.23/1.24 builds are also removed or the dependency set is kept compatible with the old minimum.

Useful? React with 👍 / 👎.

[gh-worker-campaigns-3e9aa4]

Auto-rebase complete

Branch is up to date with main — rebased onto 11186fd.

---

_{Auto-Rebase · Add no-auto-rebase to opt out}

[github-actions]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 840121b4ce

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Keep dyninst testprogs compatible with older toolchains

Because tasks/system_probe.py still generates dyninst test binaries with exact GOTOOLCHAIN=go1.23.11 and GOTOOLCHAIN=go1.24.3 for every package (go_versions at line 1883, applied at line 1936), raising this module's minimum to go 1.25.0 makes those builds fail before producing the Go 1.23/1.24 fixtures. The Go toolchain docs define the go line as the minimum required version and say older toolchains refuse to load such modules (https://go.dev/doc/toolchain), so either keep this line at/below the oldest configured test toolchain or remove/update the older toolchain configurations together with the snapshots/tests that depend on them.

Useful? React with 👍 / 👎.

[gh-worker-campaigns-3e9aa4]

Auto-rebase complete

Branch is up to date with main — rebased onto 76cc803.

---

_{Auto-Rebase · Add no-auto-rebase to opt out}

[github-actions]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 9e69a49c37

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Keep dyninst test programs buildable with old toolchains

This raises the module floor to Go 1.25, but dda inv system-probe.build-dyninst-test-programs still builds these programs with GOTOOLCHAIN=go1.23.11 and go1.24.3 as configured in tasks/system_probe.py lines 1883 and 1936, with GOWORK=off. When the Go command is forced to one of those older toolchains, it rejects a module whose go directive requires 1.25, so regenerating the dyninst binaries for the older-toolchain configs now fails and those integration/snapshot configurations cannot be exercised. Please keep the go directive no higher than the lowest configured toolchain, or update the builder/configs together.

Useful? React with 👍 / 👎.

[gh-worker-campaigns-3e9aa4]

Auto-rebase complete

Branch is up to date with main — rebased onto 87c3002.

---

_{Auto-Rebase · Add no-auto-rebase to opt out}

[github-actions]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 871407ffda

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Keep dyninst test programs buildable with older toolchains

When dda inv system-probe.build-dyninst-test-programs regenerates these binaries, tasks/system_probe.py still builds every program with GOTOOLCHAIN=go1.23.11 and go1.24.3 as well as newer versions. Because this go line is the module's minimum required Go version, those older toolchain builds will refuse to load the main module before compiling, which breaks the dyninst test-program matrix and any tests depending on regenerated 1.23/1.24 binaries. Keep this directive at or below the oldest supported toolchain, or isolate the dependencies that require Go 1.25 from the programs that are intentionally built with older Go versions.

Useful? React with 👍 / 👎.

[gh-worker-campaigns-3e9aa4]

Auto-rebase complete

Branch is up to date with main — rebased onto 5239865.

---

_{Auto-Rebase · Add no-auto-rebase to opt out}

[github-actions]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ac8fa049ca

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Keep test programs buildable by older toolchains

This raises the testprogs module's minimum Go version to 1.25, but dda inv system-probe.build-dyninst-test-programs intentionally builds every program with exact GOTOOLCHAIN values including go1.23.11 and go1.24.3 (see tasks/system_probe.py:1883 and :1936). With an exact older toolchain, the Go command refuses modules whose go line requires a newer version, so the 1.23/1.24 dyninst binaries can no longer be produced and tests relying on those configurations lose coverage/fail at binary generation time.

Useful? React with 👍 / 👎.

[gh-worker-campaigns-3e9aa4]

Auto-rebase complete

Branch is up to date with main — rebased onto 9847ec0.

---

_{Auto-Rebase · Add no-auto-rebase to opt out}

[github-actions]

@codex review

[gh-worker-campaigns-3e9aa4]

Auto-rebase complete

Branch is up to date with main — rebased onto f8e962f.

---

_{Auto-Rebase · Add no-auto-rebase to opt out}

[github-actions]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 5d2926d2e7

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Restore older Go compatibility for dyninst testprogs

This go directive is a minimum version (the Go module docs state older toolchains refuse modules declaring newer Go versions), but ninja_add_dyninst_test_programs still builds these test programs with go1.23.11 and go1.24.3 and passes each as the exact GOTOOLCHAIN (tasks/system_probe.py:1883, tasks/system_probe.py:1936). When that task builds the Go 1.23/1.24 dyninst variants from this module, the toolchain will reject the module before compiling, so the multi-toolchain test binaries can no longer be generated.

Useful? React with 👍 / 👎.

[gh-worker-campaigns-3e9aa4]

Auto-rebase complete

Branch is up to date with main — rebased onto 8fb2856.

---

_{Auto-Rebase · Add no-auto-rebase to opt out}

[github-actions]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 5dbc779892

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Keep dyninst test programs buildable with older toolchains

This module is still used by tasks/system_probe.py to build the dyninst fixtures with GOTOOLCHAIN=go1.23.11 and go1.24.3 (see the go_versions list and per-build env around lines 1883 and 1936), but raising the module go line to 1.25.0 makes those toolchains refuse to load the main module. The Go toolchain docs define the go line as the module's minimum required Go version and state that older toolchains refuse modules requiring a newer version, so dda inv system-probe.build-dyninst-test-programs will fail for the 1.23/1.24 fixture matrix unless the matrix is changed or this module stays compatible with those toolchains.

Useful? React with 👍 / 👎.

[gh-worker-campaigns-3e9aa4]

Auto-rebase complete

Branch is up to date with main — rebased onto 58d5a5f.

---

_{Auto-Rebase · Add no-auto-rebase to opt out}

[github-actions]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: bd485f5ffc

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Lower the module go version for test binaries

This module is used by ninja_add_dyninst_test_programs to build the dyninst fixtures with an explicit matrix that still includes GOTOOLCHAIN=go1.23.11 and go1.24.3 (tasks/system_probe.py:1883 and :1936). With the go line raised to 1.25.0, those forced older toolchains will refuse to load the module instead of building the Go 1.23/1.24 fixture binaries (Go's toolchain docs describe the go line as the minimum required version, and exact GOTOOLCHAIN=<name> forces that toolchain). That breaks dda inv system-probe.build-dyninst-test-programs for half of the intended test matrix unless the matrix is also dropped or this module keeps a lower go line plus a separate toolchain preference.

Useful? React with 👍 / 👎.