build(deps): update dagger-io requirement from ~=0.20 to ~=0.21 in /.dagger-ci/daggerci

[dependabot]

Updates the requirements on dagger-io to permit the latest version.

Release notes

Sourced from dagger-io's releases.

helm/chart/v0.21.0 - 2026-05-22

Dependencies

• Bump Engine to v0.21.0 by @​tiborvass in dagger/dagger#13211

What to do next?

• Read the documentation
• Join our Discord server
• Follow us on Twitter

Changelog

Sourced from dagger-io's changelog.

v0.21.0 - 2026-05-22

Added

• Automatically expose a check for each generate function by @​eunomie in dagger/dagger#12923
  Each generated check has the same name as its generate function, so dagger check can report whether generated files are out of date. Use dagger check --no-generate to list or run only functions explicitly marked as checks, without the generated ones. Toolchains can set ignoreChecks to skip creating checks for specific generate functions.
• Add workspace lockfiles for selected lookups such as container.from and Git refs by @​shykes + @​alexcb + @​grouville + @​tiborvass + @​eunomie in dagger/dagger#12046 dagger/dagger#13094
  Locking is opt-in with --lock live, --lock pinned, or --lock frozen: live mode resolves and records live values, pinned mode prefers recorded pins while resolving the rest live, and frozen mode only resolves from .dagger/lock. Use dagger lock update to refresh entries already recorded in .dagger/lock; it now creates the file when missing. This also fixes remote Git tree cache keys so cache reuse follows the actual checkout inputs.
• Add an interactive tests view to the TUI, plus compact test summaries for pretty, plain, logs, dots, and report progress modes by @​vito in dagger/dagger#13073
• Add experimental --x-release=<ref> and DAGGER_X_RELEASE=<ref> support for running a command against an unreleased Dagger build from a GitHub ref, fixing dagger/dagger#12996 by @​tiborvass in dagger/dagger#13156
• Add a configurable Kubernetes Service to the Helm chart by @​pierreyves-lebrun + @​grouville in dagger/dagger#11993
• Add EngineCacheEntry.dagqlCall and EngineCacheEntry.recordTypes so cache entries expose the producing DagQL call and all represented storage record types for inspection and GC filtering by @​sipsma in dagger/dagger#13207
• Show the Dagger Cloud trace URL when using the logs frontend by @​marcosnils in dagger/dagger#13105
• Dang SDK: add support for local types that shadow Dagger core types, early return, self-calls, order-independent declarations, and stricter nullability/type checking by @​vito in dagger/dagger#13184

Changed

• Migrate caching to DagQL and remove the BuildKit solver backend, making DagQL responsible for cache lookups, persistence, and pruning by @​sipsma in dagger/dagger#11856
• Improve engine performance and memory use by reducing bbolt/containerd metadata overhead, lazily creating containerd operation leases, reusing pooled CNI namespaces for default execs, and batching long withDirectory chains instead of materializing them quadratically by @​sipsma in dagger/dagger#13117 dagger/dagger#13123 dagger/dagger#13144 dagger/dagger#13124
• Deduplicate equivalent in-flight DagQL calls across clients in the same session and fall back to same-session secret/socket attachables when the original client binding is gone by @​sipsma in dagger/dagger#13118

Fixed

• Fix enum argument defaults so they appear correctly in schema output and CLI help by @​kpenfound in dagger/dagger#13068
• Fix module loading and type generation failures caused by stale handle-form module IDs and nested client session races, replacing session ... not found failures with the intended behavior or original error by @​sipsma in dagger/dagger#13108 dagger/dagger#13119
• Fix bound service failures so dependent execs and container-backed services see the service exit as the cause while interactive terminals stay open by @​vito in dagger/dagger#13099
• Fix remote Git checkout behavior so cached trees can be reused after cache pruning by @​sipsma in dagger/dagger#13141
• Fix Changeset merge cleanup flakiness by disabling Git auto-maintenance in Dagger's temporary merge repositories by @​sipsma in dagger/dagger#13121
• Fix WithSecretVariable so later calls override earlier values, fixing dagger/dagger#13147 by @​matipan in dagger/dagger#13159
• Fix user-default secret and env handling so empty plaintext secrets resolve correctly, .env values are not double-expanded through namespaces, and plaintext Secret defaults are scrubbed in console output; fixes dagger/dagger#12855 and closes dagger/dagger#12014 by @​sipsma + @​marcosnils + @​tiborvass in dagger/dagger#13163 dagger/dagger#13160 dagger/dagger#13177
• Fix telemetry and replay output so dagger check log telemetry is not dropped, Python module logs are not duplicated, and dagger trace honors frontend flags by @​vito + @​sipsma in dagger/dagger#13114 dagger/dagger#13153
• Fix dagger generate --scale-out returning unusable remote Changeset objects by always running generation locally; dagger check --scale-out remains supported by @​eunomie in dagger/dagger#13190
• Fix toolchain customizations so they propagate when toolchain functions are called through another module function by @​suprjinx in dagger/dagger#13176
• Dang SDK: fix panics, initialization-race typechecking failures, and ID argument handling by @​tiborvass + @​vito in dagger/dagger#13098 dagger/dagger#13103 dagger/dagger#13150
• Java SDK: fix version updates so mvn versions:set no longer performs unnecessary dependency/plugin resolution, preventing Maven Central 429 failures; fixes dagger/dagger#13174 by @​dagger-codex[bot] + @​tiborvass in dagger/dagger#13198
• Python SDK: fix static module analysis regressions from the AST analyzer cutover, including inherited functions, aliased decorators and fields, @staticmethod, type aliases, constants/defaults, Annotated, Optional, Union, and relative imports; fixes dagger/dagger#13097 and dagger/dagger#13089 by @​eunomie in dagger/dagger#13095
• Python SDK: fix more AST analyzer cases for TypeAlias inside X | None, quoted and aliased annotations, and absolute self-package imports by @​marcosnils + @​grouville + @​eunomie in dagger/dagger#13149 dagger/dagger#13162 dagger/dagger#13171
• Python SDK: exclude the broken yarl 1.24.1 release from the dependency range by @​tiborvass in dagger/dagger#13189
• Rust SDK: fix list-of-object fields so generated clients load each object by ID instead of returning an incorrect single wrapped selection by @​wingyplus in dagger/dagger#13000

What to do next?

• Read the documentation
• Join our Discord server
• Follow us on Twitter

v0.20.6 - 2026-04-15

Fixed

• Fix toolchains being loaded or resolved from the wrong source, which could unexpectedly affect command behavior, break custom path overrides, or cause confusing missing-file errors when using dagger -m <remote>@<ref> by @​shykes + @​grouville + @​tiborvass + @​marcosnils + @​eunomie in dagger/dagger#12983 dagger/dagger#12949 dagger/dagger#12980 dagger/dagger#12985 dagger/dagger#12986

... (truncated)

Commits

• 1be1867 chore: prep for v0.21.0 (#13211)
• 9286478 core: improve cache pruning and engine test splits (#13207)
• 760c7c8 Update generated Go module files (#13204)
• 1041e47 fix(java): avoid resolving deps during versions:set (#13198)
• 9bd911b test(sdk/python): avoid shadowing type names in property fixtures (#13196)
• df68104 cli: allow testing unreleased builds with --x-release (#13156)
• 08e15e8 fix(sdk/python): resolve absolute self-imports in AST analyzer (#13171)
• 9980483 fix(sdk/python): make static annotation analysis alias-aware (#13162)
• 0768007 sdk/python: exclude broken yarl release (#13189)
• 2c07d3e fix(sdk/rust): resolve list-of-object fields by loading each by id (#13000)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

❌MegaLinter analysis: Error

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	15		0	0	0.2s
❌ ACTION	zizmor	15		1	0	0.21s
✅ BASH	bash-exec	10		0	0	0.16s
✅ BASH	shellcheck	9		0	0	0.06s
✅ BASH	shfmt	9		0	0	0.0s
✅ DOCKERFILE	hadolint	5		0	0	0.13s
✅ EDITORCONFIG	editorconfig-checker	227		0	0	0.06s
✅ GO	revive	31		0	0	31.21s
✅ JSON	jsonlint	14		0	0	0.35s
✅ JSON	prettier	14		0	0	1.42s
✅ JSON	v8r	14		0	0	4.21s
✅ MARKDOWN	markdownlint	32		0	0	4.73s
⚠️ PYTHON	black	20		1	0	4.74s
✅ PYTHON	flake8	20		0	0	7.61s
✅ PYTHON	isort	20		0	0	0.18s
✅ PYTHON	mypy	20		0	0	8.23s
✅ PYTHON	pylint	20		0	0	7.73s
✅ PYTHON	pyright	20		0	0	0.69s
✅ PYTHON	ruff	20		0	0	0.02s
✅ REPOSITORY	checkov	yes		no	no	61.82s
✅ REPOSITORY	gitleaks	yes		no	no	6.19s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
✅ REPOSITORY	grype	yes		no	no	79.3s
❌ REPOSITORY	osv-scanner	yes		6	no	15.07s
✅ REPOSITORY	secretlint	yes		no	no	1.11s
✅ REPOSITORY	syft	yes		no	no	7.68s
✅ REPOSITORY	trivy	yes		no	no	13.18s
✅ REPOSITORY	trivy-sbom	yes		no	no	1.67s
✅ REPOSITORY	trufflehog	yes		no	no	4.8s
✅ SPELL	cspell	227		0	0	3.7s
⚠️ YAML	prettier	35		1	2	0.9s
✅ YAML	v8r	35		0	0	8.3s
✅ YAML	yamllint	35		0	0	1.05s

Detailed Issues

❌ REPOSITORY / osv-scanner - 6 errors

Scanning dir .
Starting filesystem walk for root: /
Scanned .dagger-ci/daggerci/requirements.txt file and found 10 packages
Scanned cmd/firmware-action/go.mod file and found 58 packages
End status: 81 dirs visited, 341 inodes visited, 2 Extract calls, 6.257306ms elapsed, 6.257366ms wall time

Total 3 packages affected by 30 known vulnerabilities (0 Critical, 1 High, 5 Medium, 0 Low, 24 Unknown) from 2 ecosystems.
30 vulnerabilities can be fixed.

+-------------------------------------+------+-----------+----------+---------+---------------+--------------------------------------+
| OSV URL                             | CVSS | ECOSYSTEM | PACKAGE  | VERSION | FIXED VERSION | SOURCE                               |
+-------------------------------------+------+-----------+----------+---------+---------------+--------------------------------------+
| https://osv.dev/GO-2025-4006        |      | Go        | stdlib   | 1.25.0  | 1.25.2        | cmd/firmware-action/go.mod           |
| https://osv.dev/GO-2025-4007        |      | Go        | stdlib   | 1.25.0  | 1.25.3        | cmd/firmware-action/go.mod           |
| https://osv.dev/GO-2025-4008        |      | Go        | stdlib   | 1.25.0  | 1.25.2        | cmd/firmware-action/go.mod           |
| https://osv.dev/GO-2025-4009        |      | Go        | stdlib   | 1.25.0  | 1.25.2        | cmd/firmware-action/go.mod           |
| https://osv.dev/GO-2025-4010        |      | Go        | stdlib   | 1.25.0  | 1.25.2        | cmd/firmware-action/go.mod           |
| https://osv.dev/GO-2025-4011        |      | Go        | stdlib   | 1.25.0  | 1.25.2        | cmd/firmware-action/go.mod           |
| https://osv.dev/GO-2025-4012        |      | Go        | stdlib   | 1.25.0  | 1.25.2        | cmd/firmware-action/go.mod           |
| https://osv.dev/GO-2025-4013        |      | Go        | stdlib   | 1.25.0  | 1.25.2        | cmd/firmware-action/go.mod           |
| https://osv.dev/GO-2025-4014        |      | Go        | stdlib   | 1.25.0  | 1.25.2        | cmd/firmware-action/go.mod           |
| https://osv.dev/GO-2025-4155        |      | Go        | stdlib   | 1.25.0  | 1.25.5        | cmd/firmware-action/go.mod           |
| https://osv.dev/GO-2025-4175        |      | Go        | stdlib   | 1.25.0  | 1.25.5        | cmd/firmware-action/go.mod           |
| https://osv.dev/GO-2026-4337        |      | Go        | stdlib   | 1.25.0  | 1.25.7        | cmd/firmware-action/go.mod           |
| https://osv.dev/GO-2026-4340        |      | Go        | stdlib   | 1.25.0  | 1.25.6        | cmd/firmware-action/go.mod           |
| https://osv.dev/GO-2026-4341        |      | Go        | stdlib   | 1.25.0  | 1.25.6        | cmd/firmware-action/go.mod           |
| https://osv.dev/GO-2026-4601        |      | Go        | stdlib   | 1.25.0  | 1.25.8        | cmd/firmware-action/go.mod           |
| https://osv.dev/GO-2026-4602        |      | Go        | stdlib   | 1.25.0  | 1.25.8        | cmd/firmware-action/go.mod           |
| https://osv.dev/GO-2026-4869        |      | Go        | stdlib   | 1.25.0  | 1.25.9        | cmd/firmware-action/go.mod           |
| https://osv.dev/GO-2026-4870        |      | Go        | stdlib   | 1.25.0  | 1.25.9        | cmd/firmware-action/go.mod           |
| https://osv.dev/GO-2026-4918        |      | Go        | stdlib   | 1.25.0  | 1.25.10       | cmd/firmware-action/go.mod           |
| https://osv.dev/GO-2026-4946        |      | Go        | stdlib   | 1.25.0  | 1.25.9        | cmd/firmware-action/go.mod           |
| https://osv.dev/GO-2026-4947        |      | Go        | stdlib   | 1.25.0  | 1.25.9        | cmd/firmware-action/go.mod           |
| https://osv.dev/GO-2026-4971        |      | Go        | stdlib   | 1.25.0  | 1.25.10       | cmd/firmware-action/go.mod           |
| https://osv.dev/GO-2026-4977        |      | Go        | stdlib   | 1.25.0  | 1.25.10       | cmd/firmware-action/go.mod           |
| https://osv.dev/GO-2026-4986        |      | Go        | stdlib   | 1.25.0  | 1.25.10       | cmd/firmware-action/go.mod           |
| https://osv.dev/GHSA-65pc-fj4g-8rjx | 6.9  | PyPI      | idna     | 3.9.0   | 3.15          | .dagger-ci/daggerci/requirements.txt |
| https://osv.dev/PYSEC-2018-28       | 7.5  | PyPI      | requests | 2.9.2   | 2.20.0        | .dagger-ci/daggerci/requirements.txt |
| https://osv.dev/GHSA-x84v-xcm2-53pg |      |           |          |         |               |                                      |
| https://osv.dev/PYSEC-2023-74       | 6.1  | PyPI      | requests | 2.9.2   | 2.31.0        | .dagger-ci/daggerci/requirements.txt |
| https://osv.dev/GHSA-j8r2-6x86-q33q |      |           |          |         |               |                                      |
| https://osv.dev/GHSA-9hjg-9r4m-mvj7 | 5.3  | PyPI      | requests | 2.9.2   | 2.32.4        | .dagger-ci/daggerci/requirements.txt |
| https://osv.dev/GHSA-9wx4-h78v-vm56 | 5.6  | PyPI      | requests | 2.9.2   | 2.32.0        | .dagger-ci/daggerci/requirements.txt |
| https://osv.dev/GHSA-gc5v-m9x4-r6x2 | 4.4  | PyPI      | requests | 2.9.2   | 2.33.0        | .dagger-ci/daggerci/requirements.txt |
+-------------------------------------+------+-----------+----------+---------+---------------+--------------------------------------+

❌ ACTION / zizmor - 1 error

INFO zizmor: 🌈 zizmor v1.25.0
fatal: no audit was performed
'ref-confusion' audit failed on file://.github/workflows/bot--automerge.yml

Caused by:
    0: error in 'ref-confusion' audit
    1: couldn't list branches for actions/checkout
    2: request error while accessing GitHub API
    3: HTTP status client error (401 Unauthorized) for url (https://github.com/actions/checkout.git/git-upload-pack)


[ZizmorLinter] Zizmor failed to reach the GitHub API.
To allow zizmor to use GITHUB_TOKEN, add the following to your .mega-linter.yml:
ACTION_ZIZMOR_UNSECURED_ENV_VARIABLES:
  - GITHUB_TOKEN

⚠️ PYTHON / black - 1 error

--- .dagger-ci/daggerci/lib/cli.py	2026-05-27 03:05:31.843464+00:00
+++ .dagger-ci/daggerci/lib/cli.py	2026-05-27 03:06:19.100986+00:00
@@ -32,17 +32,15 @@
         action="store_true",
     )
     parser.add_argument(
         "-d",
         "--dockerfile",
-        help=textwrap.dedent(
-            """\
+        help=textwrap.dedent("""\
                 select which dockerfile to build
                 - enter name from docker-compose
                 - multiple entries are possible
-                - by default tries to build all"""
-        ),
+                - by default tries to build all"""),
         nargs="+",
     )
     parser.add_argument(
         "-p",
         "--publish",
would reformat .dagger-ci/daggerci/lib/cli.py
--- .dagger-ci/daggerci/main.py	2026-05-27 03:05:31.843464+00:00
+++ .dagger-ci/daggerci/main.py	2026-05-27 03:06:19.201272+00:00
@@ -1,9 +1,10 @@
 #!/usr/bin/python
 """
 Python script to build and test Docker containers for coreboot and EDK2 compilation
 """
+
 # mypy: disable-error-code="import"
 
 # Logging
 # https://docs.python.org/3/howto/logging.html
 # DEBUG, INFO, WARNING, ERROR, CRITICAL
would reformat .dagger-ci/daggerci/main.py
--- .dagger-ci/daggerci/tests/conftest.py	2026-05-27 03:05:31.843464+00:00
+++ .dagger-ci/daggerci/tests/conftest.py	2026-05-27 03:06:19.337982+00:00
@@ -88,63 +88,55 @@
 @pytest.fixture(name="dockerfile")
 def fixture_dockerfile():
     """
     Generic Dockerfile content
     """
-    return textwrap.dedent(
-        """\
+    return textwrap.dedent("""\
         FROM ubuntu:22.04 AS base
         ARG TARGETARCH=amd64\
-        """
-    )
+        """)
 
 
 @pytest.fixture
 def dockerfile_dummy_tests_success():
     """
     Dockerfile content specifically for executing tests inside docker
     """
-    return textwrap.dedent(
-        """\
+    return textwrap.dedent("""\
         FROM ubuntu:22.04 AS base
         ARG TARGETARCH=amd64
         ARG CONTEXT=dummy
         ARG VARIANT=success
         ENV VERIFICATION_TEST=./tests/test_${CONTEXT}_${VARIANT}.sh
         RUN echo 'hello world'\
-        """
-    )
+        """)
 
 
 @pytest.fixture
 def dockerfile_dummy_tests_fail():
     """
     Dockerfile content specifically for executing tests inside docker
     """
-    return textwrap.dedent(
-        """\
+    return textwrap.dedent("""\
         FROM ubuntu:22.04 AS base
         ARG TARGETARCH=amd64
         ARG CONTEXT=dummy
         ARG VARIANT=fail
         ENV VERIFICATION_TEST=./tests/test_${CONTEXT}_${VARIANT}.sh
         RUN echo 'hello world'\
-        """
-    )
+        """)
 
 
 @pytest.fixture
 def dockerfile_broken():
     """
     Dockerfile content which should fail to build
     """
-    return textwrap.dedent(
-        """\
+    return textwrap.dedent("""\
         FROM ubuntu:22.04 AS base
         RUN false\
-        """
-    )
+        """)
 
 
 # ===========================
 #
 #  Docker Compose fixtures
would reformat .dagger-ci/daggerci/tests/conftest.py

Oh no! 💥 💔 💥
3 files would be reformatted, 17 files would be left unchanged.

⚠️ YAML / prettier - 1 error

Checking formatting...
[warn] .github/workflows/go-test.yml
[warn] Code style issues found in the above file. Run Prettier with --write to fix.

Notices

📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.5.0 --custom-flavor-setup --custom-flavor-linters PYTHON_PYLINT,PYTHON_BLACK,PYTHON_FLAKE8,PYTHON_ISORT,PYTHON_MYPY,PYTHON_PYRIGHT,PYTHON_RUFF,ACTION_ACTIONLINT,ACTION_ZIZMOR,BASH_EXEC,BASH_SHELLCHECK,BASH_SHFMT,DOCKERFILE_HADOLINT,EDITORCONFIG_EDITORCONFIG_CHECKER,GO_REVIVE,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,MARKDOWN_MARKDOWNLINT,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_OSV_SCANNER,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_CSPELL,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

Show us your support by starring ⭐ the repository