Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump github.com/moby/buildkit from 0.10.4 to 0.10.6 #3173

Merged
merged 1 commit into from
Jan 3, 2023
Merged

chore(deps): bump github.com/moby/buildkit from 0.10.4 to 0.10.6 #3173

merged 1 commit into from
Jan 3, 2023

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 13, 2022
edited
Loading

Bumps github.com/moby/buildkit from 0.10.4 to 0.10.6.

Release notes

Sourced from github.com/moby/buildkit's releases.

v0.10.6

https://hub.docker.com/r/moby/buildkit

Notable changes:

v0.10.5

https://hub.docker.com/r/moby/buildkit

Notable changes:

This release contains two security fixes.

  • Provide mitigation for Git vulnerability CVE-2022-39253. In systems with Git version lower than 2.38.1 invoking a build of a maliciously crafted Git repository with BUILDKIT_CONTEXT_KEEP_GIT_DIR=1 build-arg could lead to copying arbitrary file system paths into resulting containers/images.
  • Add additional validation when loading content for image@digest references from the local build cache. The new validation makes sure that the same repository name populated the local data and invalid name and digest combinations are detected.
Commits
  • 0c9b5ae Merge pull request #3272 from tonistiigi/v0.10-fsutil-go
  • 9cf3b35 Merge pull request #3255 from AkihiroSuda/cherry-pick-3203
  • cd96f90 v0.10: update main Dockerfile to Go 1.18
  • 5cb269a vendor: update fsutil to 9ed61262
  • 1e5948b Make SELinux labels opt-in (--oci-worker-selinux=\<BOOL>)
  • f6c40a4 worker: move labels const to its own package
  • e27c8e2 Merge pull request #3205 from thaJeztah/0.10_test_skips
  • b34da50 testNamedImageContextPlatform skip direct push with dockerd
  • d5dc1a3 ci(dockerd): fix symlink with dockerd bundle
  • 2e035f3 ci: update buildx to 0.9.1
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot requested a review from knqyf263 as a code owner November 13, 2022 13:09
@dependabot dependabot bot mentioned this pull request Nov 13, 2022
Closed
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/moby/buildkit-0.10.6 branch 5 times, most recently from 8905dec to 6b3f4c9 Compare November 17, 2022 16:15
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/moby/buildkit-0.10.6 branch from 6b3f4c9 to cf1a882 Compare November 27, 2022 10:06
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/moby/buildkit-0.10.6 branch 4 times, most recently from 6eecdbd to 99cd7e1 Compare December 13, 2022 17:49
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/moby/buildkit-0.10.6 branch from 99cd7e1 to 747c777 Compare December 15, 2022 14:32
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/moby/buildkit-0.10.6 branch 2 times, most recently from 8d5c065 to 64c057f Compare December 25, 2022 10:41
@dependabot
chore(deps): bump github.com/moby/buildkit from 0.10.4 to 0.10.6
8eff2f6 
Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.10.4 to 0.10.6.
- [Release notes](https://github.com/moby/buildkit/releases)
- [Commits](moby/buildkit@v0.10.4...v0.10.6)

---
updated-dependencies:
- dependency-name: github.com/moby/buildkit
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/moby/buildkit-0.10.6 branch from 64c057f to 8eff2f6 Compare December 29, 2022 17:48
@knqyf263 knqyf263 merged commit 066f277 into main Jan 3, 2023
@dependabot dependabot bot deleted the dependabot/go_modules/github.com/moby/buildkit-0.10.6 branch January 3, 2023 12:44
umax pushed a commit to umax/trivy that referenced this pull request Jan 4, 2023
@dependabot @umax
chore(deps): bump github.com/moby/buildkit from 0.10.4 to 0.10.6 (aqu…
28b640d 
…asecurity#3173)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@knqyf263 knqyf263 knqyf263 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@knqyf263