Bump github.com/elastic/go-ucfg from 0.8.6 to 0.8.7

[dependabot]

Bumps github.com/elastic/go-ucfg from 0.8.6 to 0.8.7.

Release notes

Sourced from github.com/elastic/go-ucfg's releases.

v0.8.7

What's Changed

• [workflow] go-ucfg by @​apmmachine in elastic/go-ucfg#195
• notice: update year by @​v1v in elastic/go-ucfg#200
• ci: update identation by @​v1v in elastic/go-ucfg#199
• Fix numeric configuration keys handling by @​aleksmaus in elastic/go-ucfg#198
• Add exported IgnoreCommas option to fix parser issues by @​fearful-symmetry in elastic/go-ucfg#197

New Contributors

• @​apmmachine made their first contribution in elastic/go-ucfg#195
• @​aleksmaus made their first contribution in elastic/go-ucfg#198
• @​fearful-symmetry made their first contribution in elastic/go-ucfg#197

Full Changelog: elastic/go-ucfg@v0.8.6...v0.8.7

Changelog

Sourced from github.com/elastic/go-ucfg's changelog.

Change Log

All notable changes to this project will be documented in this file. This project adheres to Semantic Versioning.

[Unreleased]

Added

Changed

Deprecated

Removed

Fixed

Commits

• 1f9133c Add exported IgnoreCommas option to fix parser issues (#197)
• db1ecc8 Fix numeric configuration keys handling (#198)
• c785f58 ci: update identation (#199)
• de82dd9 notice: update year (#200)
• 9e7ec4b [workflow] go-ucfg (#195)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[elasticmachine]

Pinging @elastic/elastic-agent (Team:Elastic-Agent)

[mergify]

This pull request does not have a backport label. Could you fix it @dependabot[bot]? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

• backport-v./d./d./d is the label to automatically backport to the 8./d branch. /d is the digit

NOTE: backport-skip has been added to this pull request.

[elastic-sonarqube]

Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

[cmacknz]

@fearful-symmetry are other changes in the agent required as part of the fix from elastic/go-ucfg#197? Is the fix opt-in?

@aleksmaus same question for elastic/go-ucfg#198, do we need a change in the agent to apply the fix?

[cmacknz]

The same automated version bump exists on Beats elastic/beats#38251, same question there on if we need code changes beyond the package bump to fix the bugs in the release.

[aleksmaus]

@fearful-symmetry are other changes in the agent required as part of the fix from elastic/go-ucfg#197? Is the fix opt-in?

@aleksmaus same question for elastic/go-ucfg#198, do we need a change in the agent to apply the fix?

For my change, it can be picked up without code changes, it will at least limit the max numeric "array" field allocation to 1024, and will be completely backwards compatible within that range. If the value is larger it will treat it as the "named field" instead.

The other part of that change requires the code change. The default config needs to be initialized with "EnableNumKeys" option, which is disabled by default. This will treat any field with numberic value as the "named field". This is kind of more breaking change and would suggest to allocate some additional regression testing time.

Initially this change was needed for osquery policy where the users could specify the numeric values for the query names in the pack, and in that case this change is actually helping osquery configuration from getting broken when the user specifies the numeric name for the config key. So, enabling the "EnableNumKeys" behavior is preferable for osquery, but I can't be sure about all other possible cases until it's tested thoroughly with other integrations and beats.

[aleksmaus]

@cmacknz for more context on the problem for osquery
#4200

Without enabling "EnableNumKeys" the osquery configuration will still be broken if the user specifies the query name that is a numeric string less than 1024, like "999". Current remediation in kibana was to disallow numeric names for the queries.
Ideally we want to disable that behavour alltogether probably, always have "EnableNumKeys" on, but this requires testing as I mentioned before.

[fearful-symmetry]

For the IgnoreCommas issue, that does require a separate change. I'm working on a PR for that, can put it in once this is merged.

[cmacknz]

I'll merge this then, and then turning on the new features can happen separately.