feat: replace archived yaml dependency

[kruskall]

Proposed commit message

go-yaml/yaml has been archived and the maintained fork is at go.yaml.in/yaml

Since some of our dependencies already migrated we're linking two yaml libraries in the binary.

Replace usage of the archived library to start removing it

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works. Where relevant, I have used the stresstest.sh script to run them under stress conditions and race detector to verify their stability.
• I have added an entry in ./changelog/fragments using the changelog tool.

Disruptive User Impact

Author's Checklist

• [ ]

How to test this PR locally

Related issues

Use cases

Screenshots

Logs

[github-actions]

🤖 GitHub comments

Just comment with:

• run docs-build : Re-trigger the docs validation. (use unformatted text in the comment!)

[mergify]

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @kruskall? 🙏.
For such, you'll need to label your PR with:

• The upcoming major version of the Elastic Stack
• The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

• backport-8./d is the label to automatically backport to the 8./d branch. /d is the digit
• backport-active-all is the label that automatically backports to all active branches.
• backport-active-8 is the label that automatically backports to all active minor branches for the 8 major.
• backport-active-9 is the label that automatically backports to all active minor branches for the 9 major.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Imports for YAML were migrated across the repository from gopkg.in/yaml to go.yaml.in/yaml (v2 and v3) in many source and test files; go.mod was updated to reference go.yaml.in/yaml/v2 v2.4.3 and go.yaml.in/yaml/v3 v3.0.4 and to adjust yaml v2/v3 entries. NOTICE.txt was edited extensively: license blocks for multiple YAML-related dependencies were added, removed, and reintroduced with updated license texts and APPENDIX/TERMS sections. No functional code, public APIs, or exported declarations were changed.

Suggested labels

dependencies

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

• 🛠️ Update Documentation: Commit on current branch
• 🛠️ Update Documentation: Create PR

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@x-pack/osquerybeat/ext/osquery-extension/cmd/gentables/go.mod`:
- Line 8: Update the golang.org/x/text dependency in go.mod from the pinned
older pseudo-version (golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2) to
a patched release (v0.3.8 or later) to address CVE-2020-14040 and
CVE-2022-32149; after changing the version, regenerate module metadata (e.g.,
run go get golang.org/x/text@v0.3.8 and go mod tidy) so the new version is
recorded and vendor/sums are updated.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: cc0aa794-bace-4ecc-94e5-e77c656b8f08

📥 Commits

Reviewing files that changed from the base of the PR and between 1c8cc51 and 0e99aec.

⛔ Files ignored due to path filters (1)

• x-pack/osquerybeat/ext/osquery-extension/cmd/gentables/go.sum is excluded by !**/*.sum

📒 Files selected for processing (1)

• x-pack/osquerybeat/ext/osquery-extension/cmd/gentables/go.mod

[elasticmachine]

Pinging @elastic/obs-ds-hosted-services (Team:obs-ds-hosted-services)

[elasticmachine]

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)

[elasticmachine]

Pinging @elastic/integrations (Team:Integrations)

[elasticmachine]

Pinging @elastic/sec-linux-platform (Team:Security-Linux Platform)

[AndersonQ]

/test

[belimawr]

LGTM, but it would be good to update golang.org/x/text as well.

[mergify]

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b feat/drop-archived-yaml upstream/feat/drop-archived-yaml
git merge upstream/main
git push upstream feat/drop-archived-yaml

[kruskall]

LGTM, but it would be good to update golang.org/x/text as well.

Done!

[mergify]

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b feat/drop-archived-yaml upstream/feat/drop-archived-yaml
git merge upstream/main
git push upstream feat/drop-archived-yaml