Commit e8b26ad
![mergify[bot]](https://avatars.githubusercontent.com/in/10562?v=4&size=40){kind=avatar}
![elastic-renovate-prod[bot]](https://avatars.githubusercontent.com/in/937301?v=4&size=40){kind=avatar}
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/moby/buildkit](https://redirect.github.com/moby/buildkit)
| indirect | minor | `v0.27.1` -> `v0.29.0` |
| [github.com/moby/moby/api](https://redirect.github.com/moby/moby) |
indirect | minor | `v1.53.0` -> `v1.54.1` |
| [github.com/moby/moby/client](https://redirect.github.com/moby/moby) |
indirect | minor | `v0.2.2` -> `v0.4.0` |
---
> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.
---
### Release Notes
<details>
<summary>moby/buildkit (github.com/moby/buildkit)</summary>
###
[`v0.29.0`](https://redirect.github.com/moby/buildkit/releases/tag/v0.29.0)
[Compare
Source](https://redirect.github.com/moby/buildkit/compare/v0.28.1...v0.29.0)
Welcome to the v0.29.0 release of buildkit!
Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.
##### Contributors
- Tõnis Tiigi
- CrazyMax
- David Karlsson
- Akihiro Suda
- Sebastiaan van Stijn
- Brian Ristuccia
- Jonathan A. Sternberg
- Mateusz Gozdek
- Natnael Gebremariam
##### Notable Changes
- Builtin Dockerfile frontend has been updated to v1.23.0
[changelog](https://redirect.github.com/moby/buildkit/releases/tag/dockerfile%2F1.23.0)
- Git sources can now initialize all files from a Git checkout with
commit time in the LLB API for better reproducibility. See [Dockerfile
changelog](https://redirect.github.com/moby/buildkit/releases/tag/dockerfile%2F1.23.0)
for how to enable this in the Dockerfile frontend
[#​6600](https://redirect.github.com/moby/buildkit/issues/6600)
- Various file access operations in Git and HTTP sources have been
hardened for improved security
[#​6613](https://redirect.github.com/moby/buildkit/issues/6613)
- Frontends can now report updated `SOURCE_DATE_EPOCH` with result
metadata that can be used by exporters
[#​6601](https://redirect.github.com/moby/buildkit/issues/6601)
- Fix possible panic when listing build history after recent deletions
[#​6614](https://redirect.github.com/moby/buildkit/issues/6614)
- Fix possible issue where builds from Git repositories could start to
fail after submodule rename
[#​6563](https://redirect.github.com/moby/buildkit/issues/6563)
- Fix possible process lifecycle event ordering issue in interactive
container API that could cause deadlocks in the client
[#​6531](https://redirect.github.com/moby/buildkit/issues/6531)
- Fix regression where build progress skipped the message about layers
being pushed to the registry
[#​6587](https://redirect.github.com/moby/buildkit/issues/6587)
- Fix possible cgroup initialization failure in BuildKit container image
entrypoint on some environments
[#​6585](https://redirect.github.com/moby/buildkit/issues/6585)
- Fix issue with resolving symlinks via file access methods of the
Gateway API
[#​6559](https://redirect.github.com/moby/buildkit/issues/6559)
- Fix possible "parent snapshot does not exist" error when exporting
images in parallel
[#​6558](https://redirect.github.com/moby/buildkit/issues/6558)
- Fix possible panic from zstd compression
[#​6599](https://redirect.github.com/moby/buildkit/issues/6599)
- Fix issue where cache imports from an uninitialized local cache tag
could fail the build
[#​6554](https://redirect.github.com/moby/buildkit/issues/6554)
- Included CNI plugins have been updated to v1.9.1
[#​6583](https://redirect.github.com/moby/buildkit/issues/6583)
- Included QEMU emulator support has been updated to v10.2.1
[#​6580](https://redirect.github.com/moby/buildkit/issues/6580)
- Runc container runtime has been updated to v1.3.5
[#​6625](https://redirect.github.com/moby/buildkit/issues/6625)
##### Dependency Changes
- **github.com/aws/aws-sdk-go-v2** v1.41.1 -> v1.41.4
- **github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream** v1.7.4 ->
v1.7.5
- **github.com/aws/aws-sdk-go-v2/config** v1.32.7 -> v1.32.12
- **github.com/aws/aws-sdk-go-v2/credentials** v1.19.7 -> v1.19.12
- **github.com/aws/aws-sdk-go-v2/feature/ec2/imds** v1.18.17 -> v1.18.20
- **github.com/aws/aws-sdk-go-v2/internal/configsources** v1.4.17 ->
v1.4.20
- **github.com/aws/aws-sdk-go-v2/internal/endpoints/v2** v2.7.17 ->
v2.7.20
- **github.com/aws/aws-sdk-go-v2/internal/ini** v1.8.4 -> v1.8.6
- **github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding**
v1.13.4 -> v1.13.7
- **github.com/aws/aws-sdk-go-v2/service/internal/presigned-url**
v1.13.17 -> v1.13.20
- **github.com/aws/aws-sdk-go-v2/service/signin** v1.0.5 -> v1.0.8
- **github.com/aws/aws-sdk-go-v2/service/sso** v1.30.9 -> v1.30.13
- **github.com/aws/aws-sdk-go-v2/service/ssooidc** v1.35.13 -> v1.35.17
- **github.com/aws/aws-sdk-go-v2/service/sts** v1.41.6 -> v1.41.9
- **github.com/aws/smithy-go** v1.24.0 -> v1.24.2
- **github.com/containerd/cgroups/v3** v3.1.2 -> v3.1.3
- **github.com/containerd/containerd/v2** v2.2.1 -> v2.2.2
- **github.com/containerd/nydus-snapshotter** v0.15.11 -> v0.15.13
- **github.com/containerd/ttrpc** v1.2.7 -> v1.2.8
- **github.com/containernetworking/plugins** v1.9.0 -> v1.9.1
- **github.com/docker/cli** v29.2.1 -> v29.3.1
- **github.com/go-openapi/analysis** v0.24.1 -> v0.24.3
- **github.com/go-openapi/errors** v0.22.6 -> v0.22.7
- **github.com/go-openapi/jsonpointer** v0.22.4 -> v0.22.5
- **github.com/go-openapi/jsonreference** v0.21.4 -> v0.21.5
- **github.com/go-openapi/loads** v0.23.2 -> v0.23.3
- **github.com/go-openapi/spec** v0.22.3 -> v0.22.4
- **github.com/go-openapi/strfmt** v0.25.0 -> v0.26.1
- **github.com/go-openapi/swag/conv** v0.25.4 -> v0.25.5
- **github.com/go-openapi/swag/fileutils** v0.25.4 -> v0.25.5
- **github.com/go-openapi/swag/jsonname** v0.25.4 -> v0.25.5
- **github.com/go-openapi/swag/jsonutils** v0.25.4 -> v0.25.5
- **github.com/go-openapi/swag/loading** v0.25.4 -> v0.25.5
- **github.com/go-openapi/swag/mangling** v0.25.4 -> v0.25.5
- **github.com/go-openapi/swag/stringutils** v0.25.4 -> v0.25.5
- **github.com/go-openapi/swag/typeutils** v0.25.4 -> v0.25.5
- **github.com/go-openapi/swag/yamlutils** v0.25.4 -> v0.25.5
- **github.com/go-openapi/validate** v0.25.1 -> v0.25.2
- **github.com/go-viper/mapstructure/v2** v2.4.0 -> v2.5.0
- **github.com/grpc-ecosystem/grpc-gateway/v2** v2.27.3 -> v2.27.7
- **github.com/klauspost/compress** v1.18.4 -> v1.18.5
- **github.com/moby/policy-helpers**
[`824747b`](https://redirect.github.com/moby/buildkit/commit/824747bfdd3c)
->
[`b7c0b99`](https://redirect.github.com/moby/buildkit/commit/b7c0b994300b)
- **github.com/oklog/ulid/v2** v2.1.1 ***new***
- **go.opentelemetry.io/otel** v1.38.0 -> v1.40.0
- **go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc**
v1.38.0 -> v1.40.0
- **go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp**
v1.38.0 -> v1.40.0
- **go.opentelemetry.io/otel/exporters/otlp/otlptrace** v1.38.0 ->
v1.40.0
- **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc**
v1.38.0 -> v1.40.0
- **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp**
v1.38.0 -> v1.40.0
- **go.opentelemetry.io/otel/metric** v1.38.0 -> v1.40.0
- **go.opentelemetry.io/otel/sdk** v1.38.0 -> v1.40.0
- **go.opentelemetry.io/otel/sdk/metric** v1.38.0 -> v1.40.0
- **go.opentelemetry.io/otel/trace** v1.38.0 -> v1.40.0
- **go.opentelemetry.io/proto/otlp** v1.7.1 -> v1.9.0
- **golang.org/x/sys** v0.41.0 -> v0.42.0
- **golang.org/x/term** v0.40.0 -> v0.41.0
- **google.golang.org/genproto/googleapis/api**
[`ff82c1b`](https://redirect.github.com/moby/buildkit/commit/ff82c1b0f217)
->
[`8636f87`](https://redirect.github.com/moby/buildkit/commit/8636f8732409)
- **google.golang.org/genproto/googleapis/rpc**
[`0a764e5`](https://redirect.github.com/moby/buildkit/commit/0a764e51fe1b)
->
[`8636f87`](https://redirect.github.com/moby/buildkit/commit/8636f8732409)
- **google.golang.org/grpc** v1.78.0 -> v1.79.3
Previous release can be found at
[v0.28.1](https://redirect.github.com/moby/buildkit/releases/tag/v0.28.1)
###
[`v0.28.1`](https://redirect.github.com/moby/buildkit/releases/tag/v0.28.1)
[Compare
Source](https://redirect.github.com/moby/buildkit/compare/v0.28.0...v0.28.1)
Welcome to the v0.28.1 release of buildkit!
Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.
##### Contributors
- Tõnis Tiigi
- CrazyMax
- Sebastiaan van Stijn
##### Notable Changes
- Fix insufficient validation of Git URL `#ref:subdir` fragments that
could allow access to restricted files outside the checked-out
repository root.
[GHSA-4vrq-3vrq-g6gg](https://redirect.github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg)
- Fix a vulnerability where an untrusted custom frontend could cause
files to be written outside the BuildKit state directory.
[GHSA-4c29-8rgm-jvjj](https://redirect.github.com/moby/buildkit/security/advisories/GHSA-4c29-8rgm-jvjj)
- Fix a panic when processing invalid `.dockerignore` patterns during
`COPY`.
[#​6610](https://redirect.github.com/moby/buildkit/issues/6610)
[moby/patternmatcher#9](https://redirect.github.com/moby/patternmatcher/issues/9)
##### Dependency Changes
- **github.com/moby/patternmatcher** v0.6.0 -> v0.6.1
Previous release can be found at
[v0.28.0](https://redirect.github.com/moby/buildkit/releases/tag/v0.28.0)
###
[`v0.28.0`](https://redirect.github.com/moby/buildkit/releases/tag/v0.28.0)
[Compare
Source](https://redirect.github.com/moby/buildkit/compare/v0.27.1...v0.28.0)
buildkit 0.28.0
Welcome to the v0.28.0 release of buildkit!
Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.
##### Contributors
- Tõnis Tiigi
- CrazyMax
- Sebastiaan van Stijn
- Jonathan A. Sternberg
- Akihiro Suda
- Amr Mahdi
- Dan Duvall
- David Karlsson
- Jonas Geiler
- Kevin L.
- rsteube
##### Notable Changes
- Builtin Dockerfile frontend has been updated to v1.22.0
[changelog](https://redirect.github.com/moby/buildkit/releases/tag/dockerfile%2F1.22.0)
- The default provenance format has been switched to SLSA v1.0 from the
previous v0.2. The old format can still be generated by setting the
`version` attribute.
[#​6526](https://redirect.github.com/moby/buildkit/issues/6526)
- Provenance attestation for an image can now be directly pulled via
Source metadata request.
[#​6516](https://redirect.github.com/moby/buildkit/issues/6516)
[#​6514](https://redirect.github.com/moby/buildkit/issues/6514)
[#​6537](https://redirect.github.com/moby/buildkit/issues/6537)
- Pushing result images and exporting build cache now happens in
parallel, for better performance.
[#​6451](https://redirect.github.com/moby/buildkit/issues/6451)
- LLB definition now supports two new Source types for accessing raw
blobs from image registries and from OCI layouts. New sources use
identifier protocols `docker-image+blob://` and `oci-layout+blob://`.
[#​4286](https://redirect.github.com/moby/buildkit/issues/4286)
- LLB API now supports custom checksum requests for HTTP sources,
allowing fetching checksums for different algorithms than the default
SHA256 and with optional suffixes.
[#​6527](https://redirect.github.com/moby/buildkit/issues/6527)
[#​6537](https://redirect.github.com/moby/buildkit/issues/6537)
- LLB API now supports validating HTTP sources with PGP signatures,
similarly to previous support for Git sources.
[#​6527](https://redirect.github.com/moby/buildkit/issues/6527)
- With the update to a newer version of the in-toto library, the
provenance attestation key `InvocationID` has changed to `InvocationId`
to strictly follow the SLSA spec. This change doesn't affect
BuildKit/Buildx Golang tooling, but could affect 3rd party tools if they
are using case-sensitive JSON parsing.
[#​6533](https://redirect.github.com/moby/buildkit/issues/6533)
- Embedded Qemu emulator support has been updated to v10.1.3
[#​6524](https://redirect.github.com/moby/buildkit/issues/6524)
- Update BuildKit Cgroups implementation to work in (Kubernetes)
environments that don't have their own Cgroup namespace.
[#​6368](https://redirect.github.com/moby/buildkit/issues/6368)
- Buildctl binary now supports bash completion.
[#​6474](https://redirect.github.com/moby/buildkit/issues/6474)
- PGP signature verification now supports combined public keys as input
for defining the required signer.
[#​6519](https://redirect.github.com/moby/buildkit/issues/6519)
- Fix possible "failed to read expected number of bytes" error when
reading attestation chains
[#​6520](https://redirect.github.com/moby/buildkit/issues/6520)
- Fix possible error from race condition when creating images in
parallel
[#​6477](https://redirect.github.com/moby/buildkit/issues/6477)
##### Dependency Changes
- **github.com/aws/aws-sdk-go-v2** v1.39.6 -> v1.41.1
- **github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream** v1.7.2 ->
v1.7.4
- **github.com/aws/aws-sdk-go-v2/config** v1.31.20 -> v1.32.7
- **github.com/aws/aws-sdk-go-v2/credentials** v1.18.24 -> v1.19.7
- **github.com/aws/aws-sdk-go-v2/feature/ec2/imds** v1.18.13 -> v1.18.17
- **github.com/aws/aws-sdk-go-v2/internal/configsources** v1.4.13 ->
v1.4.17
- **github.com/aws/aws-sdk-go-v2/internal/endpoints/v2** v2.7.13 ->
v2.7.17
- **github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding**
v1.13.3 -> v1.13.4
- **github.com/aws/aws-sdk-go-v2/service/internal/presigned-url**
v1.13.13 -> v1.13.17
- **github.com/aws/aws-sdk-go-v2/service/signin** v1.0.5 ***new***
- **github.com/aws/aws-sdk-go-v2/service/sso** v1.30.3 -> v1.30.9
- **github.com/aws/aws-sdk-go-v2/service/ssooidc** v1.35.7 -> v1.35.13
- **github.com/aws/aws-sdk-go-v2/service/sts** v1.40.2 -> v1.41.6
- **github.com/aws/smithy-go** v1.23.2 -> v1.24.0
- **github.com/cloudflare/circl** v1.6.1 -> v1.6.3
- **github.com/containerd/nydus-snapshotter** v0.15.10 -> v0.15.11
- **github.com/containerd/stargz-snapshotter** v0.17.0 -> v0.18.2
- **github.com/containerd/stargz-snapshotter/estargz** v0.17.0 ->
v0.18.2
- **github.com/coreos/go-systemd/v22** v22.6.0 -> v22.7.0
- **github.com/docker/cli** v29.1.4 -> v29.2.1
- **github.com/go-openapi/errors** v0.22.4 -> v0.22.6
- **github.com/go-openapi/jsonpointer** v0.22.1 -> v0.22.4
- **github.com/go-openapi/jsonreference** v0.21.3 -> v0.21.4
- **github.com/go-openapi/spec** v0.22.1 -> v0.22.3
- **github.com/go-openapi/swag** v0.25.3 -> v0.25.4
- **github.com/go-openapi/swag/cmdutils** v0.25.3 -> v0.25.4
- **github.com/go-openapi/swag/conv** v0.25.3 -> v0.25.4
- **github.com/go-openapi/swag/fileutils** v0.25.3 -> v0.25.4
- **github.com/go-openapi/swag/jsonname** v0.25.3 -> v0.25.4
- **github.com/go-openapi/swag/jsonutils** v0.25.3 -> v0.25.4
- **github.com/go-openapi/swag/loading** v0.25.3 -> v0.25.4
- **github.com/go-openapi/swag/mangling** v0.25.3 -> v0.25.4
- **github.com/go-openapi/swag/netutils** v0.25.3 -> v0.25.4
- **github.com/go-openapi/swag/stringutils** v0.25.3 -> v0.25.4
- **github.com/go-openapi/swag/typeutils** v0.25.3 -> v0.25.4
- **github.com/go-openapi/swag/yamlutils** v0.25.3 -> v0.25.4
- **github.com/google/go-containerregistry** v0.20.6 -> v0.20.7
- **github.com/hanwen/go-fuse/v2** v2.8.0 -> v2.9.0
- **github.com/in-toto/in-toto-golang** v0.9.0 -> v0.10.0
- **github.com/klauspost/compress** v1.18.3 -> v1.18.4
- **github.com/moby/policy-helpers**
[`eeebf1a`](https://redirect.github.com/moby/buildkit/commit/eeebf1a0ab2b)
->
[`824747b`](https://redirect.github.com/moby/buildkit/commit/824747bfdd3c)
- **github.com/morikuni/aec** v1.0.0 -> v1.1.0
- **github.com/pelletier/go-toml/v2** v2.2.4 ***new***
- **github.com/secure-systems-lab/go-securesystemslib** v0.9.1 ->
v0.10.0
- **github.com/sigstore/rekor** v1.4.3 -> v1.5.0
- **github.com/sigstore/sigstore** v1.10.0 -> v1.10.4
- **github.com/sigstore/sigstore-go**
[`b5fe07a`](https://redirect.github.com/moby/buildkit/commit/b5fe07a5a7d7)
-> v1.1.4
- **github.com/sigstore/timestamp-authority/v2** v2.0.2 -> v2.0.3
- **github.com/theupdateframework/go-tuf/v2** v2.3.0 -> v2.4.1
- **google.golang.org/genproto/googleapis/api**
[`f26f940`](https://redirect.github.com/moby/buildkit/commit/f26f9409b101)
->
[`ff82c1b`](https://redirect.github.com/moby/buildkit/commit/ff82c1b0f217)
- **google.golang.org/genproto/googleapis/rpc**
[`f26f940`](https://redirect.github.com/moby/buildkit/commit/f26f9409b101)
->
[`0a764e5`](https://redirect.github.com/moby/buildkit/commit/0a764e51fe1b)
- **google.golang.org/grpc** v1.76.0 -> v1.78.0
Previous release can be found at
[v0.27.1](https://redirect.github.com/moby/buildkit/releases/tag/v0.27.1)
</details>
<details>
<summary>moby/moby (github.com/moby/moby/client)</summary>
###
[`v0.4.0`](https://redirect.github.com/moby/moby/compare/v0.3.0...v0.4.0)
[Compare
Source](https://redirect.github.com/moby/moby/compare/v0.3.0...v0.4.0)
###
[`v0.3.0`](https://redirect.github.com/moby/moby/compare/v0.2.2...v0.3.0)
[Compare
Source](https://redirect.github.com/moby/moby/compare/v0.2.2...v0.3.0)
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "* 1 * * 1-5" (UTC), Automerge - At
any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).
<hr>This is an automatic backport of pull request #4352 done by
[Mergify](https://mergify.com).
---------
Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
Co-authored-by: Oleg Sucharevich <oleg.sucharevich@elastic.co>
1 parent 0ca1f2d commit e8b26ad
2 files changed
Lines changed: 85 additions & 91 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
183 | 183 | | |
184 | 184 | | |
185 | 185 | | |
186 | | - | |
187 | | - | |
188 | | - | |
189 | | - | |
190 | | - | |
191 | | - | |
| 186 | + | |
| 187 | + | |
| 188 | + | |
| 189 | + | |
| 190 | + | |
| 191 | + | |
192 | 192 | | |
193 | | - | |
194 | | - | |
195 | | - | |
| 193 | + | |
| 194 | + | |
| 195 | + | |
196 | 196 | | |
197 | 197 | | |
198 | 198 | | |
| |||
225 | 225 | | |
226 | 226 | | |
227 | 227 | | |
228 | | - | |
229 | | - | |
| 228 | + | |
| 229 | + | |
230 | 230 | | |
231 | 231 | | |
232 | 232 | | |
233 | | - | |
| 233 | + | |
234 | 234 | | |
235 | 235 | | |
236 | 236 | | |
237 | | - | |
238 | 237 | | |
239 | 238 | | |
240 | 239 | | |
| |||
278 | 277 | | |
279 | 278 | | |
280 | 279 | | |
281 | | - | |
282 | 280 | | |
283 | 281 | | |
284 | 282 | | |
| |||
381 | 379 | | |
382 | 380 | | |
383 | 381 | | |
384 | | - | |
| 382 | + | |
385 | 383 | | |
386 | 384 | | |
387 | 385 | | |
| |||
416 | 414 | | |
417 | 415 | | |
418 | 416 | | |
419 | | - | |
420 | | - | |
421 | | - | |
422 | | - | |
423 | | - | |
| 417 | + | |
| 418 | + | |
| 419 | + | |
| 420 | + | |
| 421 | + | |
424 | 422 | | |
425 | | - | |
426 | | - | |
| 423 | + | |
| 424 | + | |
427 | 425 | | |
428 | | - | |
| 426 | + | |
429 | 427 | | |
430 | 428 | | |
431 | 429 | | |
| |||
459 | 457 | | |
460 | 458 | | |
461 | 459 | | |
462 | | - | |
| 460 | + | |
463 | 461 | | |
464 | 462 | | |
465 | 463 | | |
| |||
474 | 472 | | |
475 | 473 | | |
476 | 474 | | |
477 | | - | |
| 475 | + | |
478 | 476 | | |
479 | 477 | | |
480 | 478 | | |
| |||
504 | 502 | | |
505 | 503 | | |
506 | 504 | | |
507 | | - | |
| 505 | + | |
508 | 506 | | |
509 | 507 | | |
510 | 508 | | |
| |||
580 | 578 | | |
581 | 579 | | |
582 | 580 | | |
583 | | - | |
| 581 | + | |
584 | 582 | | |
585 | 583 | | |
586 | 584 | | |
| |||
0 commit comments