Bump github.com/elastic/go-libaudit/v2 from 2.2.0 to 2.3.1

[dependabot]

Bumps github.com/elastic/go-libaudit/v2 from 2.2.0 to 2.3.1.

Release notes

Sourced from github.com/elastic/go-libaudit/v2's releases.

2.3.1

Changed

• Reduce heap allocations when parsing and enriching auditd events. #111

Fixed

• Fix change in behaviour that causes error when unmarshaling AuditStatus with a short buffer. #110
• Fix minimum AuditStatus length so that library can support kernels from 2.6.32. #113 #119
• Fix parsing of audit rules where arguments are quoted (like file paths containing spaces). #115

2.3.0

Added

• Add ECS mappings for more audit anomaly events. #70
• Add BacklogWaitTimeActual status field, which is available since Linux 5.9 #93
• Add ECS normalizations for TIME_ADJNTPVAL and TIME_INJOFFSET. #98
• Add support for exe filters in exclude rules (e.g. -a exclude,always -F exe=/bin/ls). #97

Changed

• Update syscall, arches, and audit msg type tables for Linux 5.16. #96
• Go 1.16 or newer is required because the project uses the embed package. #104
• Fixed error messages from AddRule() in the audit client. #103

Removed

• Removed support for resolving syscall numbers to names for the ia64 architecture. #96

Changelog

Sourced from github.com/elastic/go-libaudit/v2's changelog.

[2.3.1]

Changed

• Reduce heap allocations when parsing and enriching auditd events. #111

Fixed

• Fix change in behaviour that causes error when unmarshaling AuditStatus with a short buffer. #110
• Fix minimum AuditStatus length so that library can support kernels from 2.6.32. #113 #119
• Fix parsing of audit rules where arguments are quoted (like file paths containing spaces). #115

[2.3.0]

Added

• Add ECS mappings for more audit anomaly events. #70
• Add BacklogWaitTimeActual status field, which is available since Linux 5.9 #93
• Add ECS normalizations for TIME_ADJNTPVAL and TIME_INJOFFSET. #98
• Add support for exe filters in exclude rules (e.g. -a exclude,always -F exe=/bin/ls). #97

Changed

• Update syscall, arches, and audit msg type tables for Linux 5.16. #96
• Go 1.16 or newer is required because the project uses the embed package. #104
• Fixed error messages from AddRule() in the audit client. #103

Removed

• Removed support for resolving syscall numbers to names for the ia64 architecture. #96

Commits

• 7f33cdd Prepare v2.3.1 release
• 6a33928 Use go-shellquote to split rules into arguments (#115)
• 192499f Fix support of kernel < 3.0 (#119)
• b10731a allow shorter buffers to be unmarshaled (#113)
• f554980 Reduce heap allocations in auparse.go (#111)
• 48e317e Fix release links in changelog
• 818587d Update 'go install' command in readme
• 87f0a81 allow short buffers to be unmarshaled (#110)
• 391bb9b Prepare v2.3.0 changelog
• 227948a Add auparse and aucoalesce benchmark (#109)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov-commenter]

Codecov Report

Merging #268 (63c1b4d) into main (9d3f70b) will decrease coverage by 3.11%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main     #268      +/-   ##
==========================================
- Coverage   69.13%   66.02%   -3.12%     
==========================================
  Files          14       14              
  Lines        1510     1510              
==========================================
- Hits         1044      997      -47     
- Misses        359      406      +47     
  Partials      107      107              

Impacted Files	Coverage Δ
procmon.go	84.61% <0.00%> (-15.39%)	⬇️
procmon_linux.go	63.70% <0.00%> (-8.89%)	⬇️
eventhandler.go	53.81% <0.00%> (-8.78%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 9d3f70b...63c1b4d. Read the comment docs.

[dependabot]

Superseded by #288.