Commit 4b6cd70
authored
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?v=4&size=40){kind=avatar}
Update all dependencies
This PR contains the following updates:
| Package | Update | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|---|
| [moby/buildkit](https://redirect.github.com/moby/buildkit) | minor | `v0.27.1-rootless` → `v0.28.1-rootless` |  |  |
| [requests](https://requests.readthedocs.io) ([source](https://redirect.github.com/psf/requests), [changelog](https://redirect.github.com/psf/requests/blob/master/HISTORY.md)) | minor | `==2.32.5` → `==2.33.0` |  |  |
---
### Release Notes
<details>
<summary>moby/buildkit (moby/buildkit)</summary>
### [`v0.28.1`](https://redirect.github.com/moby/buildkit/releases/tag/v0.28.1)
[Compare Source](https://redirect.github.com/moby/buildkit/compare/v0.28.0...v0.28.1)
Welcome to the v0.28.1 release of buildkit!
Please try out the release binaries and report any issues at
<https://github.com/moby/buildkit/issues>.
##### Contributors
- Tõnis Tiigi
- CrazyMax
- Sebastiaan van Stijn
##### Notable Changes
- Fix insufficient validation of Git URL `#ref:subdir` fragments that could allow access to restricted files outside the checked-out repository root. [GHSA-4vrq-3vrq-g6gg](https://redirect.github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg)
- Fix a vulnerability where an untrusted custom frontend could cause files to be written outside the BuildKit state directory. [GHSA-4c29-8rgm-jvjj](https://redirect.github.com/moby/buildkit/security/advisories/GHSA-4c29-8rgm-jvjj)
- Fix a panic when processing invalid `.dockerignore` patterns during `COPY`. [#​6610](https://redirect.github.com/moby/buildkit/issues/6610) [moby/patternmatcher#9](https://redirect.github.com/moby/patternmatcher/issues/9)
##### Dependency Changes
- **github.com/moby/patternmatcher** v0.6.0 -> v0.6.1
Previous release can be found at [v0.28.0](https://redirect.github.com/moby/buildkit/releases/tag/v0.28.0)
### [`v0.28.0`](https://redirect.github.com/moby/buildkit/releases/tag/v0.28.0)
[Compare Source](https://redirect.github.com/moby/buildkit/compare/v0.27.1...v0.28.0)
buildkit 0.28.0
Welcome to the v0.28.0 release of buildkit!
Please try out the release binaries and report any issues at
<https://github.com/moby/buildkit/issues>.
##### Contributors
- Tõnis Tiigi
- CrazyMax
- Sebastiaan van Stijn
- Jonathan A. Sternberg
- Akihiro Suda
- Amr Mahdi
- Dan Duvall
- David Karlsson
- Jonas Geiler
- Kevin L.
- rsteube
##### Notable Changes
- Builtin Dockerfile frontend has been updated to v1.22.0 [changelog](https://redirect.github.com/moby/buildkit/releases/tag/dockerfile%2F1.22.0)
- The default provenance format has been switched to SLSA v1.0 from the previous v0.2. The old format can still be generated by setting the `version` attribute. [#​6526](https://redirect.github.com/moby/buildkit/issues/6526)
- Provenance attestation for an image can now be directly pulled via Source metadata request. [#​6516](https://redirect.github.com/moby/buildkit/issues/6516) [#​6514](https://redirect.github.com/moby/buildkit/issues/6514) [#​6537](https://redirect.github.com/moby/buildkit/issues/6537)
- Pushing result images and exporting build cache now happens in parallel, for better performance. [#​6451](https://redirect.github.com/moby/buildkit/issues/6451)
- LLB definition now supports two new Source types for accessing raw blobs from image registries and from OCI layouts. New sources use identifier protocols `docker-image+blob://` and `oci-layout+blob://`. [#​4286](https://redirect.github.com/moby/buildkit/issues/4286)
- LLB API now supports custom checksum requests for HTTP sources, allowing fetching checksums for different algorithms than the default SHA256 and with optional suffixes. [#​6527](https://redirect.github.com/moby/buildkit/issues/6527) [#​6537](https://redirect.github.com/moby/buildkit/issues/6537)
- LLB API now supports validating HTTP sources with PGP signatures, similarly to previous support for Git sources. [#​6527](https://redirect.github.com/moby/buildkit/issues/6527)
- With the update to a newer version of the in-toto library, the provenance attestation key `InvocationID` has changed to `InvocationId` to strictly follow the SLSA spec. This change doesn't affect BuildKit/Buildx Golang tooling, but could affect 3rd party tools if they are using case-sensitive JSON parsing. [#​6533](https://redirect.github.com/moby/buildkit/issues/6533)
- Embedded Qemu emulator support has been updated to v10.1.3 [#​6524](https://redirect.github.com/moby/buildkit/issues/6524)
- Update BuildKit Cgroups implementation to work in (Kubernetes) environments that don't have their own Cgroup namespace. [#​6368](https://redirect.github.com/moby/buildkit/issues/6368)
- Buildctl binary now supports bash completion. [#​6474](https://redirect.github.com/moby/buildkit/issues/6474)
- PGP signature verification now supports combined public keys as input for defining the required signer. [#​6519](https://redirect.github.com/moby/buildkit/issues/6519)
- Fix possible "failed to read expected number of bytes" error when reading attestation chains [#​6520](https://redirect.github.com/moby/buildkit/issues/6520)
- Fix possible error from race condition when creating images in parallel [#​6477](https://redirect.github.com/moby/buildkit/issues/6477)
##### Dependency Changes
- **github.com/aws/aws-sdk-go-v2** v1.39.6 -> v1.41.1
- **github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream** v1.7.2 -> v1.7.4
- **github.com/aws/aws-sdk-go-v2/config** v1.31.20 -> v1.32.7
- **github.com/aws/aws-sdk-go-v2/credentials** v1.18.24 -> v1.19.7
- **github.com/aws/aws-sdk-go-v2/feature/ec2/imds** v1.18.13 -> v1.18.17
- **github.com/aws/aws-sdk-go-v2/internal/configsources** v1.4.13 -> v1.4.17
- **github.com/aws/aws-sdk-go-v2/internal/endpoints/v2** v2.7.13 -> v2.7.17
- **github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding** v1.13.3 -> v1.13.4
- **github.com/aws/aws-sdk-go-v2/service/internal/presigned-url** v1.13.13 -> v1.13.17
- **github.com/aws/aws-sdk-go-v2/service/signin** v1.0.5 ***new***
- **github.com/aws/aws-sdk-go-v2/service/sso** v1.30.3 -> v1.30.9
- **github.com/aws/aws-sdk-go-v2/service/ssooidc** v1.35.7 -> v1.35.13
- **github.com/aws/aws-sdk-go-v2/service/sts** v1.40.2 -> v1.41.6
- **github.com/aws/smithy-go** v1.23.2 -> v1.24.0
- **github.com/cloudflare/circl** v1.6.1 -> v1.6.3
- **github.com/containerd/nydus-snapshotter** v0.15.10 -> v0.15.11
- **github.com/containerd/stargz-snapshotter** v0.17.0 -> v0.18.2
- **github.com/containerd/stargz-snapshotter/estargz** v0.17.0 -> v0.18.2
- **github.com/coreos/go-systemd/v22** v22.6.0 -> v22.7.0
- **github.com/docker/cli** v29.1.4 -> v29.2.1
- **github.com/go-openapi/errors** v0.22.4 -> v0.22.6
- **github.com/go-openapi/jsonpointer** v0.22.1 -> v0.22.4
- **github.com/go-openapi/jsonreference** v0.21.3 -> v0.21.4
- **github.com/go-openapi/spec** v0.22.1 -> v0.22.3
- **github.com/go-openapi/swag** v0.25.3 -> v0.25.4
- **github.com/go-openapi/swag/cmdutils** v0.25.3 -> v0.25.4
- **github.com/go-openapi/swag/conv** v0.25.3 -> v0.25.4
- **github.com/go-openapi/swag/fileutils** v0.25.3 -> v0.25.4
- **github.com/go-openapi/swag/jsonname** v0.25.3 -> v0.25.4
- **github.com/go-openapi/swag/jsonutils** v0.25.3 -> v0.25.4
- **github.com/go-openapi/swag/loading** v0.25.3 -> v0.25.4
- **github.com/go-openapi/swag/mangling** v0.25.3 -> v0.25.4
- **github.com/go-openapi/swag/netutils** v0.25.3 -> v0.25.4
- **github.com/go-openapi/swag/stringutils** v0.25.3 -> v0.25.4
- **github.com/go-openapi/swag/typeutils** v0.25.3 -> v0.25.4
- **github.com/go-openapi/swag/yamlutils** v0.25.3 -> v0.25.4
- **github.com/google/go-containerregistry** v0.20.6 -> v0.20.7
- **github.com/hanwen/go-fuse/v2** v2.8.0 -> v2.9.0
- **github.com/in-toto/in-toto-golang** v0.9.0 -> v0.10.0
- **github.com/klauspost/compress** v1.18.3 -> v1.18.4
- **github.com/moby/policy-helpers** [`eeebf1a`](https://redirect.github.com/moby/buildkit/commit/eeebf1a0ab2b) -> [`824747b`](https://redirect.github.com/moby/buildkit/commit/824747bfdd3c)
- **github.com/morikuni/aec** v1.0.0 -> v1.1.0
- **github.com/pelletier/go-toml/v2** v2.2.4 ***new***
- **github.com/secure-systems-lab/go-securesystemslib** v0.9.1 -> v0.10.0
- **github.com/sigstore/rekor** v1.4.3 -> v1.5.0
- **github.com/sigstore/sigstore** v1.10.0 -> v1.10.4
- **github.com/sigstore/sigstore-go** [`b5fe07a`](https://redirect.github.com/moby/buildkit/commit/b5fe07a5a7d7) -> v1.1.4
- **github.com/sigstore/timestamp-authority/v2** v2.0.2 -> v2.0.3
- **github.com/theupdateframework/go-tuf/v2** v2.3.0 -> v2.4.1
- **google.golang.org/genproto/googleapis/api** [`f26f940`](https://redirect.github.com/moby/buildkit/commit/f26f9409b101) -> [`ff82c1b`](https://redirect.github.com/moby/buildkit/commit/ff82c1b0f217)
- **google.golang.org/genproto/googleapis/rpc** [`f26f940`](https://redirect.github.com/moby/buildkit/commit/f26f9409b101) -> [`0a764e5`](https://redirect.github.com/moby/buildkit/commit/0a764e51fe1b)
- **google.golang.org/grpc** v1.76.0 -> v1.78.0
Previous release can be found at [v0.27.1](https://redirect.github.com/moby/buildkit/releases/tag/v0.27.1)
</details>
<details>
<summary>psf/requests (requests)</summary>
### [`v2.33.0`](https://redirect.github.com/psf/requests/blob/HEAD/HISTORY.md#2330-2026-03-25)
[Compare Source](https://redirect.github.com/psf/requests/compare/v2.32.5...v2.33.0)
**Announcements**
- 📣 Requests is adding inline types. If you have a typed code base that
uses Requests, please take a look at [#​7271](https://redirect.github.com/psf/requests/issues/7271). Give it a try, and report
any gaps or feedback you may have in the issue. 📣
**Security**
- CVE-2026-25645 `requests.utils.extract_zipped_paths` now extracts
contents to a non-deterministic location to prevent malicious file
replacement. This does not affect default usage of Requests, only
applications calling the utility function directly.
**Improvements**
- Migrated to a PEP 517 build system using setuptools. ([#​7012](https://redirect.github.com/psf/requests/issues/7012))
**Bugfixes**
- Fixed an issue where an empty netrc entry could cause
malformed authentication to be applied to Requests on
Python 3.11+. ([#​7205](https://redirect.github.com/psf/requests/issues/7205))
**Deprecations**
- Dropped support for Python 3.9 following its end of support. ([#​7196](https://redirect.github.com/psf/requests/issues/7196))
**Documentation**
- Various typo fixes and doc improvements.
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/SimonStiil/ghcr-cleanup).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My40OC4xIiwidXBkYXRlZEluVmVyIjoiNDMuNjYuNCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19-->1 parent 5943159 commit 4b6cd70
2 files changed
Lines changed: 2 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
9 | 9 | | |
10 | 10 | | |
11 | 11 | | |
12 | | - | |
| 12 | + | |
13 | 13 | | |
14 | 14 | | |
15 | 15 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | | - | |
| 1 | + | |
2 | 2 | | |
3 | 3 | | |
0 commit comments