[9.4](backport #49975) Update transient dependency github.com/go-jose/go-jose/v4 to v4.1.4

[mergify]

Proposed commit message

Bumps transient dependency github.com/go-jose/go-jose/v4 from v4.1.3 to v4.1.4.

AgentBeat is not believed to invoke the vulnerable code path (cipher.KeyUnwrap via ParseEncrypted + Decrypt), as go-jose is only pulled in transitively through the Azure SDK for JWS signature verification. This update is being applied as standard maintenance.

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

  ---

  This is an automatic backport of pull request Update transient dependency github.com/go-jose/go-jose/v4 to v4.1.4 #49975 done by Mergify.

[github-actions]

🤖 GitHub comments

Just comment with:

• run docs-build : Re-trigger the docs validation. (use unformatted text in the comment!)

[elasticmachine]

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)

[github-actions]

TL;DR

Three jobs failed, but all signs point to CI environment/transient issues rather than a regression in this PR: both FIPS ECH jobs failed on Elastic Cloud API 502 Bad Gateway during Terraform deployment creation, and the Winlogbeat unit job failed with Access is denied. while creating/opening a Windows event log source.

Remediation

• Re-run the failed jobs first (x-pack/filebeat FIPS ECH, x-pack/metricbeat FIPS ECH, winlogbeat Win 2025 unit tests).
• If Winlogbeat keeps failing, make TestWindowsEventLogAPI skip on permission-denied in this environment (or ensure the agent has required event log/registry privileges).

Investigation details

Root Cause

1. x-pack/filebeat FIPS ECH Integration Tests and x-pack/metricbeat FIPS ECH Integration Tests are failing in Terraform provisioning, not beat code execution.

   • Log shows Error: failed creating deployment at ech.tf line 54 with API response 502: Bad Gateway (POST /api/v1/deployments).
   • This is consistent with transient upstream Elastic Cloud/API availability.

2. Winlogbeat Win 2025 Unit Tests failed in winlogbeat/eventlog due OS permission error.

   • Test failure: === FAIL: winlogbeat/eventlog TestWindowsEventLogAPI
   • Error: wineventlog_test.go:341: Access is denied.
   • In source, winlogbeat/eventlog/wineventlog_test.go:341 is t.Fatal(err) after eventlog.Open(source) in createLog(...), which depends on writing/reading Windows Event Log registry keys under SYSTEM\CurrentControlSet\Services\EventLog (winlogbeat/eventlog/wineventlog_test.go:403-445).

Evidence

• Build: https://buildkite.com/elastic/beats/builds/43842
• Jobs/steps:
  • :ubuntu: x-pack/filebeat: FIPS ECH Integration Tests
  • :ubuntu: x-pack/metricbeat: FIPS ECH Integration Tests
  • :windows: Winlogbeat: Win 2025 Unit Tests
• Key log excerpts:
  • api error: 1 error occurred:
  • * 502: Bad Gateway (POST /api/v1/deployments)
  • === FAIL: winlogbeat/eventlog TestWindowsEventLogAPI
  • wineventlog_test.go:341: Access is denied.

Verification

• Not run locally; analysis is based on the captured Buildkite failure logs.

Follow-up

• If reruns still fail:
  • For ECH jobs, capture provider/API request IDs from the same failing step and escalate as infra incident.
  • For Winlogbeat, gate TestWindowsEventLogAPI on required privileges (or skip when Access is denied is returned by eventlog.Open).

Note

🔒 Integrity filtering filtered 3 items

Integrity filtering activated and filtered the following items during workflow execution.
This happens when a tool call accesses a resource that does not meet the required integrity or secrecy level of the workflow.

• pr:[9.4](backport #49975) Update transient dependency github.com/go-jose/go-jose/v4 to v4.1.4 #50016 (pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)
• #50016 (search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)
• #49975 (search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)

---

What is this? | From workflow: PR Buildkite Detective

Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.