[ENG-3461] fix: bump buger/jsonparser to v1.1.2 (CVE-2026-32285) (#4478)

## Summary
- Bumps `github.com/buger/jsonparser` from v1.1.1 to v1.1.2 to fix
CVE-2026-32285 (GO-2026-4514) — uncaught exception in `Delete()` on
malformed JSON input
- The `google.golang.org/grpc` vulnerability (CVE-2026-33186) was
already resolved; go.mod has v1.79.3 which is the fix version
## Linear Ticket
- **Ticket**:
[ENG-3461](https://linear.app/overmind/issue/ENG-3461/snyk-vulnerabilities-for-march-30th)
— Snyk vulnerabilities for March 30th
- **Purpose**: Resolve High/Critical Snyk findings for the weekly
vulnerability check
- **Priority**: Urgent
## Changes
- `go.mod`: `github.com/buger/jsonparser` v1.1.1 → v1.1.2 (indirect
dependency)
- `go.sum`: Updated checksums for jsonparser v1.1.2
## Vulnerability Details
| CVE | Package | Severity | Fix |
| --- | --- | --- | --- |
| CVE-2026-33186 | `google.golang.org/grpc` | Critical (9.3) | Already
at v1.79.3 |
| CVE-2026-32285 | `github.com/buger/jsonparser` | High (8.7) | Bumped
to v1.1.2 |
## Deviations from Approved Plan
> No approved plan is associated with this PR.

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk dependency bump with no application code changes; main risk
is minor behavioral differences in JSON parsing under malformed inputs.
>
> **Overview**
> Updates the indirect dependency `github.com/buger/jsonparser` from
`v1.1.1` to `v1.1.2` in `go.mod`, with corresponding `go.sum` checksum
updates.
>
> This is a dependency-only change intended to pick up the upstream
security fix for malformed JSON handling (CVE-2026-32285).
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
f5bf71f97b5e748b4bc2d271755e788d18413e20. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

GitOrigin-RevId: 03de4a0e9f9426a31d892195dfe2799690a79e5f

Author: DavidS-ovm

go.mod

@@ -263,7 +263,7 @@ require (
 	github.com/bodgit/plumbing v1.3.0 // indirect
 	github.com/bodgit/sevenzip v1.6.0 // indirect
 	github.com/bodgit/windows v1.0.1 // indirect
-	github.com/buger/jsonparser v1.1.1 // indirect
+	github.com/buger/jsonparser v1.1.2 // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/charmbracelet/colorprofile v0.4.2 // indirect

go.sum

@@ -361,8 +361,8 @@ github.com/brianvoe/gofakeit/v7 v7.14.1 h1:a7fe3fonbj0cW3wgl5VwIKfZtiH9C3cLnwcIX
 github.com/brianvoe/gofakeit/v7 v7.14.1/go.mod h1:QXuPeBw164PJCzCUZVmgpgHJ3Llj49jSLVkKPMtxtxA=
 github.com/bufbuild/protocompile v0.14.1 h1:iA73zAf/fyljNjQKwYzUHD6AD4R8KMasmwa/FBatYVw=
 github.com/bufbuild/protocompile v0.14.1/go.mod h1:ppVdAIhbr2H8asPk6k4pY7t9zB1OU5DoEw9xY/FUi1c=
-github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs=
-github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
+github.com/buger/jsonparser v1.1.2 h1:frqHqw7otoVbk5M8LlE/L7HTnIq2v9RX6EJ48i9AxJk=
+github.com/buger/jsonparser v1.1.2/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
 github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
 github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM=