[Contextual Security][CNVM] change vulnerability.published_date field type from keyword to date

[alexreal1314]

This is a BREAKING CHANGE that updates the field mapping that aligns cnvm with other integrations - tenable_io, m365 etc.

Summary

This PR updates the vulnerability.published_date field mapping from keyword to date type in the Cloud Native Vulnerability Management (CNVM) integration. The change includes:

1. modifying the field definition in fields/vulnerability.yml to use the date type
2. adding a date processor to the ingest pipeline (default.yml) that parses the published_date field using ISO8601 format with proper error handling.
3. bumping the package version from 3.1.1 to 4.0.0 following semantic versioning for breaking changes
4. documenting the breaking change in changelog.yml. The ingest pipeline processor includes conditional logic to only parse the field when it exists and is not empty, with on_failure handling to append error messages without breaking the entire pipeline.

change was made to address this issue.

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.
• I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

• [ ]

How to test this PR locally

Related issues

Screenshots

[elastic-vault-github-plugin-prod]

🚀 Benchmarks report

Package cloud_security_posture 👍(1) 💚(0) 💔(1)

Expand to view

Data stream	Previous EPS	New EPS	Diff (%)	Result
findings	58823.53	50000	-8823.53 (-15%)	👍
vulnerabilities	125000	83333.33	-41666.67 (-33.33%)	💔

[alexreal1314]

/test benchmark fullreport

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: e8fd142

History

• 💚 Build #33455 succeeded e8fd142

cc @alexreal1314