[release-0.95] CVE-2026-33186: Bump grpc

[sbiradar10]

What this PR does / why we need it:

Bump grpc to 1.79.3 leads to go lang bump so i used grpc folk to avoid this:
Used below command for replace:

`go mod edit -replace google.golang.org/grpc=github.com/openshift-sustaining/grpc-go@v1.75.1-sec.1

Release note:

Bump google.golang.org/grpc to v1.75.1-sec.1 

[sonarqubecloud]

Quality Gate failed

Failed conditions
5 Security Hotspots
C Security Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

[gemini-code-assist]

Code Review

This pull request updates the project to Go 1.22.0 and performs a comprehensive upgrade of core dependencies, including OpenTelemetry, logr, and testify, while adding an auto-instrumentable SDK. Notable changes include UUID v6/v7 support, improved slog interoperability for logr, and the promotion of the OpenTelemetry Logs API to beta. Feedback highlights a version discrepancy for the grpc-go replacement directive and a regression in the MemMapFs.RemoveAll implementation that prevents the correct removal of the root directory.

[gemini-code-assist]

There is a discrepancy between the version of grpc-go specified in the replace directive (v1.71.3-sec.1) and the versions mentioned in the pull request description (1.79.3 and v1.75.1-sec.1). Please verify and use the correct version intended to address the CVE.

[gemini-code-assist]

The updated logic for RemoveAll using path + FilePathSeparator will fail to match subdirectories when path is the root directory (e.g., /), as it would check for a prefix of //. This is a regression that prevents RemoveAll("/") from working correctly in the memory filesystem.

Suggested change

	if p == path || strings.HasPrefix(p, path+FilePathSeparator) {
	if p == path || strings.HasPrefix(p, strings.TrimSuffix(path, FilePathSeparator)+FilePathSeparator) {

[RamLavi]

/lgtm
/approve

[kubevirt-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: RamLavi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [RamLavi]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[sbiradar10]

/retest

[sonarqubecloud]

Quality Gate failed

Failed conditions
5 Security Hotspots
C Security Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

[kubevirt-bot]

@sbiradar10: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-e2e-cnao-lifecycle-k8s-release-0.95	9e0101d	link	true	/test pull-e2e-cnao-lifecycle-k8s-release-0.95

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.