[8.19](backport #7129) build(deps): bump github.com/elastic/elastic-agent-system-metrics from 0.14.3 to 0.14.4

[mergify]

Bumps github.com/elastic/elastic-agent-system-metrics from 0.14.3 to 0.14.4.

Release notes

Sourced from github.com/elastic/elastic-agent-system-metrics's releases.

v0.14.4

What's Changed

• Bump Golang version to 1.25.9 by @​ycombinator in elastic/elastic-agent-system-metrics#292
• Migrate from deprecated docker/docker to moby/moby modules by @​ycombinator in elastic/elastic-agent-system-metrics#291
• [cgv2] Convert cpu.stat microseconds to nanoseconds at parse site by @​orestisfl in elastic/elastic-agent-system-metrics#294

Full Changelog: elastic/elastic-agent-system-metrics@v0.14.3...v0.14.4

Commits

• 31d43a6 [cgv2] Convert cpu.stat microseconds to nanoseconds at parse site (#294)
• 2845450 Migrate from deprecated docker/docker to moby/moby modules (#291)
• 441a69b Bump Golang version to 1.25.9 (#292)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

This is an automatic backport of pull request #7129 done by [Mergify](https://mergify.com).

[mergify]

Cherry-pick of 565ea0f has failed:

On branch mergify/bp/8.19/pr-7129
Your branch is up to date with 'origin/8.19'.

You are currently cherry-picking commit 565ea0f.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	modified:   NOTICE-fips.txt
	modified:   NOTICE.txt
	modified:   go.mod

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   go.sum

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

[github-actions]

TL;DR

All 3 failing Buildkite jobs are caused by the same issue: go.sum in this backport PR contains unresolved merge-conflict markers, which makes Go parsing fail immediately (wrong number of fields 2). Resolve the go.sum conflict and regenerate/normalize dependencies for the 8.19 branch state.

Remediation

• Resolve go.sum conflict markers from the backport cherry-pick (keep a single valid dependency set for 8.19; do not leave <<<<<<<, =======, >>>>>>>).
• Run dependency normalization for the branch (e.g., go mod tidy or the repo’s standard dependency refresh flow), then re-run CI.
• Confirm check_ci.sh, check_detect_fips_crypto.sh, and release_test.sh all pass after the go.sum fix.

Investigation details

Root Cause

The PR patch includes unresolved conflict markers in go.sum in the OpenTelemetry block (seen in PR file diff for go.sum), which breaks Go module checksum parsing.

Relevant evidence from PR file diff:

• go.sum contains conflict markers around these entries:
  • go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp (v0.53.0 vs v0.60.0)
  • go.opentelemetry.io/otel (v1.43.0 vs v1.44.0)
  • go.opentelemetry.io/otel/metric (v1.43.0 vs v1.44.0)

Evidence

• Build: https://buildkite.com/elastic/fleet-server/builds/14945
• Failed jobs:
  • Run check-ci → .buildkite/scripts/check_ci.sh
  • Detect FIPS crypto imports → .buildkite/scripts/check_detect_fips_crypto.sh
  • Package x86_64 → .buildkite/scripts/release_test.sh
• Key log excerpt (all 3 jobs):
  • malformed go.sum:
  • .../go.sum:211: wrong number of fields 2

Verification

• Runtime/code execution: not run (detective workflow is read-only); analysis based on Buildkite logs + PR diff.
• Flaky-test cross-check: no matching open flaky-test issue found for this failure signature.

Follow-up

This appears deterministic (not infra/transient): once go.sum conflict is resolved, the three failures should collapse together.

---

What is this? | From workflow: PR Buildkite Detective

Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.

[ebeahan]

@copilot fix the merge conflicts in this PR.

[Copilot]

@copilot fix the merge conflicts in this PR.

Resolved the go.sum merge conflict in commit fix: resolve go.sum merge conflict for backport to 8.19. The conflict was caused by a cherry-pick collision on go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp — the 8.19 branch had v0.53.0 while the backported commit introduced v0.60.0 (required by elastic-agent-system-metrics v0.14.4). Ran go mod tidy and go mod verify to confirm the go.sum is correct.

[ebeahan]

/test