chore(deps): update moby (9.2)

[elastic-renovate-prod]

This PR contains the following updates:

Package	Type	Update	Change
github.com/moby/buildkit	indirect	minor	v0.23.2 -> v0.29.0
github.com/moby/moby/api	indirect	minor	v1.53.0 -> v1.54.2
github.com/moby/moby/client	indirect	minor	v0.2.2 -> v0.4.1
github.com/moby/spdystream	indirect	patch	v0.5.0 -> v0.5.1

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

moby/buildkit (github.com/moby/buildkit)

v0.29.0

Compare Source

Welcome to the v0.29.0 release of buildkit!

Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.

Contributors

• Tõnis Tiigi
• CrazyMax
• David Karlsson
• Akihiro Suda
• Sebastiaan van Stijn
• Brian Ristuccia
• Jonathan A. Sternberg
• Mateusz Gozdek
• Natnael Gebremariam

Notable Changes

• Builtin Dockerfile frontend has been updated to v1.23.0 changelog
• Git sources can now initialize all files from a Git checkout with commit time in the LLB API for better reproducibility. See Dockerfile changelog for how to enable this in the Dockerfile frontend #​6600
• Various file access operations in Git and HTTP sources have been hardened for improved security #​6613
• Frontends can now report updated SOURCE_DATE_EPOCH with result metadata that can be used by exporters #​6601
• Fix possible panic when listing build history after recent deletions #​6614
• Fix possible issue where builds from Git repositories could start to fail after submodule rename #​6563
• Fix possible process lifecycle event ordering issue in interactive container API that could cause deadlocks in the client #​6531
• Fix regression where build progress skipped the message about layers being pushed to the registry #​6587
• Fix possible cgroup initialization failure in BuildKit container image entrypoint on some environments #​6585
• Fix issue with resolving symlinks via file access methods of the Gateway API #​6559
• Fix possible "parent snapshot does not exist" error when exporting images in parallel #​6558
• Fix possible panic from zstd compression #​6599
• Fix issue where cache imports from an uninitialized local cache tag could fail the build #​6554
• Included CNI plugins have been updated to v1.9.1 #​6583
• Included QEMU emulator support has been updated to v10.2.1 #​6580
• Runc container runtime has been updated to v1.3.5 #​6625

Dependency Changes

• github.com/aws/aws-sdk-go-v2 v1.41.1 -> v1.41.4
• github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4 -> v1.7.5
• github.com/aws/aws-sdk-go-v2/config v1.32.7 -> v1.32.12
• github.com/aws/aws-sdk-go-v2/credentials v1.19.7 -> v1.19.12
• github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.17 -> v1.18.20
• github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.17 -> v1.4.20
• github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.17 -> v2.7.20
• github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 -> v1.8.6
• github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4 -> v1.13.7
• github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.17 -> v1.13.20
• github.com/aws/aws-sdk-go-v2/service/signin v1.0.5 -> v1.0.8
• github.com/aws/aws-sdk-go-v2/service/sso v1.30.9 -> v1.30.13
• github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.13 -> v1.35.17
• github.com/aws/aws-sdk-go-v2/service/sts v1.41.6 -> v1.41.9
• github.com/aws/smithy-go v1.24.0 -> v1.24.2
• github.com/containerd/cgroups/v3 v3.1.2 -> v3.1.3
• github.com/containerd/containerd/v2 v2.2.1 -> v2.2.2
• github.com/containerd/nydus-snapshotter v0.15.11 -> v0.15.13
• github.com/containerd/ttrpc v1.2.7 -> v1.2.8
• github.com/containernetworking/plugins v1.9.0 -> v1.9.1
• github.com/docker/cli v29.2.1 -> v29.3.1
• github.com/go-openapi/analysis v0.24.1 -> v0.24.3
• github.com/go-openapi/errors v0.22.6 -> v0.22.7
• github.com/go-openapi/jsonpointer v0.22.4 -> v0.22.5
• github.com/go-openapi/jsonreference v0.21.4 -> v0.21.5
• github.com/go-openapi/loads v0.23.2 -> v0.23.3
• github.com/go-openapi/spec v0.22.3 -> v0.22.4
• github.com/go-openapi/strfmt v0.25.0 -> v0.26.1
• github.com/go-openapi/swag/conv v0.25.4 -> v0.25.5
• github.com/go-openapi/swag/fileutils v0.25.4 -> v0.25.5
• github.com/go-openapi/swag/jsonname v0.25.4 -> v0.25.5
• github.com/go-openapi/swag/jsonutils v0.25.4 -> v0.25.5
• github.com/go-openapi/swag/loading v0.25.4 -> v0.25.5
• github.com/go-openapi/swag/mangling v0.25.4 -> v0.25.5
• github.com/go-openapi/swag/stringutils v0.25.4 -> v0.25.5
• github.com/go-openapi/swag/typeutils v0.25.4 -> v0.25.5
• github.com/go-openapi/swag/yamlutils v0.25.4 -> v0.25.5
• github.com/go-openapi/validate v0.25.1 -> v0.25.2
• github.com/go-viper/mapstructure/v2 v2.4.0 -> v2.5.0
• github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3 -> v2.27.7
• github.com/klauspost/compress v1.18.4 -> v1.18.5
• github.com/moby/policy-helpers 824747b -> b7c0b99
• github.com/oklog/ulid/v2 v2.1.1 new
• go.opentelemetry.io/otel v1.38.0 -> v1.40.0
• go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.38.0 -> v1.40.0
• go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.38.0 -> v1.40.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 -> v1.40.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0 -> v1.40.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.38.0 -> v1.40.0
• go.opentelemetry.io/otel/metric v1.38.0 -> v1.40.0
• go.opentelemetry.io/otel/sdk v1.38.0 -> v1.40.0
• go.opentelemetry.io/otel/sdk/metric v1.38.0 -> v1.40.0
• go.opentelemetry.io/otel/trace v1.38.0 -> v1.40.0
• go.opentelemetry.io/proto/otlp v1.7.1 -> v1.9.0
• golang.org/x/sys v0.41.0 -> v0.42.0
• golang.org/x/term v0.40.0 -> v0.41.0
• google.golang.org/genproto/googleapis/api ff82c1b -> 8636f87
• google.golang.org/genproto/googleapis/rpc 0a764e5 -> 8636f87
• google.golang.org/grpc v1.78.0 -> v1.79.3

Previous release can be found at v0.28.1

v0.28.1

Compare Source

Welcome to the v0.28.1 release of buildkit!

Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.

Contributors

• Tõnis Tiigi
• CrazyMax
• Sebastiaan van Stijn

Notable Changes

• Fix insufficient validation of Git URL #ref:subdir fragments that could allow access to restricted files outside the checked-out repository root. GHSA-4vrq-3vrq-g6gg
• Fix a vulnerability where an untrusted custom frontend could cause files to be written outside the BuildKit state directory. GHSA-4c29-8rgm-jvjj
• Fix a panic when processing invalid .dockerignore patterns during COPY. #​6610 moby/patternmatcher#9

Dependency Changes

• github.com/moby/patternmatcher v0.6.0 -> v0.6.1

Previous release can be found at v0.28.0

v0.28.0

Compare Source

buildkit 0.28.0

Welcome to the v0.28.0 release of buildkit!

Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.

Contributors

• Tõnis Tiigi
• CrazyMax
• Sebastiaan van Stijn
• Jonathan A. Sternberg
• Akihiro Suda
• Amr Mahdi
• Dan Duvall
• David Karlsson
• Jonas Geiler
• Kevin L.
• rsteube

Notable Changes

• Builtin Dockerfile frontend has been updated to v1.22.0 changelog
• The default provenance format has been switched to SLSA v1.0 from the previous v0.2. The old format can still be generated by setting the version attribute. #​6526
• Provenance attestation for an image can now be directly pulled via Source metadata request. #​6516 #​6514 #​6537
• Pushing result images and exporting build cache now happens in parallel, for better performance. #​6451
• LLB definition now supports two new Source types for accessing raw blobs from image registries and from OCI layouts. New sources use identifier protocols docker-image+blob:// and oci-layout+blob://. #​4286
• LLB API now supports custom checksum requests for HTTP sources, allowing fetching checksums for different algorithms than the default SHA256 and with optional suffixes. #​6527 #​6537
• LLB API now supports validating HTTP sources with PGP signatures, similarly to previous support for Git sources. #​6527
• With the update to a newer version of the in-toto library, the provenance attestation key InvocationID has changed to InvocationId to strictly follow the SLSA spec. This change doesn't affect BuildKit/Buildx Golang tooling, but could affect 3rd party tools if they are using case-sensitive JSON parsing. #​6533
• Embedded Qemu emulator support has been updated to v10.1.3 #​6524
• Update BuildKit Cgroups implementation to work in (Kubernetes) environments that don't have their own Cgroup namespace. #​6368
• Buildctl binary now supports bash completion. #​6474
• PGP signature verification now supports combined public keys as input for defining the required signer. #​6519
• Fix possible "failed to read expected number of bytes" error when reading attestation chains #​6520
• Fix possible error from race condition when creating images in parallel #​6477

Dependency Changes

• github.com/aws/aws-sdk-go-v2 v1.39.6 -> v1.41.1
• github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.2 -> v1.7.4
• github.com/aws/aws-sdk-go-v2/config v1.31.20 -> v1.32.7
• github.com/aws/aws-sdk-go-v2/credentials v1.18.24 -> v1.19.7
• github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.13 -> v1.18.17
• github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.13 -> v1.4.17
• github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.13 -> v2.7.17
• github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.3 -> v1.13.4
• github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.13 -> v1.13.17
• github.com/aws/aws-sdk-go-v2/service/signin v1.0.5 new
• github.com/aws/aws-sdk-go-v2/service/sso v1.30.3 -> v1.30.9
• github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.7 -> v1.35.13
• github.com/aws/aws-sdk-go-v2/service/sts v1.40.2 -> v1.41.6
• github.com/aws/smithy-go v1.23.2 -> v1.24.0
• github.com/cloudflare/circl v1.6.1 -> v1.6.3
• github.com/containerd/nydus-snapshotter v0.15.10 -> v0.15.11
• github.com/containerd/stargz-snapshotter v0.17.0 -> v0.18.2
• github.com/containerd/stargz-snapshotter/estargz v0.17.0 -> v0.18.2
• github.com/coreos/go-systemd/v22 v22.6.0 -> v22.7.0
• github.com/docker/cli v29.1.4 -> v29.2.1
• github.com/go-openapi/errors v0.22.4 -> v0.22.6
• github.com/go-openapi/jsonpointer v0.22.1 -> v0.22.4
• github.com/go-openapi/jsonreference v0.21.3 -> v0.21.4
• github.com/go-openapi/spec v0.22.1 -> v0.22.3
• github.com/go-openapi/swag v0.25.3 -> v0.25.4
• github.com/go-openapi/swag/cmdutils v0.25.3 -> v0.25.4
• github.com/go-openapi/swag/conv v0.25.3 -> v0.25.4
• github.com/go-openapi/swag/fileutils v0.25.3 -> v0.25.4
• github.com/go-openapi/swag/jsonname v0.25.3 -> v0.25.4
• github.com/go-openapi/swag/jsonutils v0.25.3 -> v0.25.4
• github.com/go-openapi/swag/loading v0.25.3 -> v0.25.4
• github.com/go-openapi/swag/mangling v0.25.3 -> v0.25.4
• github.com/go-openapi/swag/netutils v0.25.3 -> v0.25.4
• github.com/go-openapi/swag/stringutils v0.25.3 -> v0.25.4
• github.com/go-openapi/swag/typeutils v0.25.3 -> v0.25.4
• github.com/go-openapi/swag/yamlutils v0.25.3 -> v0.25.4
• github.com/google/go-containerregistry v0.20.6 -> v0.20.7
• github.com/hanwen/go-fuse/v2 v2.8.0 -> v2.9.0
• github.com/in-toto/in-toto-golang v0.9.0 -> v0.10.0
• github.com/klauspost/compress v1.18.3 -> v1.18.4
• github.com/moby/policy-helpers eeebf1a -> 824747b
• github.com/morikuni/aec v1.0.0 -> v1.1.0
• github.com/pelletier/go-toml/v2 v2.2.4 new
• github.com/secure-systems-lab/go-securesystemslib v0.9.1 -> v0.10.0
• github.com/sigstore/rekor v1.4.3 -> v1.5.0
• github.com/sigstore/sigstore v1.10.0 -> v1.10.4
• github.com/sigstore/sigstore-go b5fe07a -> v1.1.4
• github.com/sigstore/timestamp-authority/v2 v2.0.2 -> v2.0.3
• github.com/theupdateframework/go-tuf/v2 v2.3.0 -> v2.4.1
• google.golang.org/genproto/googleapis/api f26f940 -> ff82c1b
• google.golang.org/genproto/googleapis/rpc f26f940 -> 0a764e5
• google.golang.org/grpc v1.76.0 -> v1.78.0

Previous release can be found at v0.27.1

v0.27.1

Compare Source

Welcome to the v0.27.1 release of buildkit!

Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.

Contributors

• CrazyMax
• Sebastiaan van Stijn
• Tõnis Tiigi

Notable Changes

• Fix possible panic when verifying signature of GitHub Actions cache moby/policy-helpers#21

Dependency Changes

• github.com/klauspost/compress v1.18.2 -> v1.18.3
• github.com/moby/policy-helpers 9fcc1a9 -> eeebf1a

Previous release can be found at v0.27.0

v0.27.0

Compare Source

buildkit 0.27.0

Welcome to the v0.27.0 release of buildkit!

Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.

Contributors

• Tõnis Tiigi
• CrazyMax
• Akihiro Suda
• Sebastiaan van Stijn
• Justin Chadwell
• Jonathan A. Sternberg
• David Karlsson
• Dawei Wei
• Natnael Gebremariam
• Aleksandr Karpinskii
• Amr Mahdi
• Brian Goff
• Joyal George K J
• Matt Coster
• Roberto Villarreal
• Rodolfo Carvalho
• Silvin Lubecki
• Tiger Kaovilai

Notable Changes

• Built-in Dockerfile frontend has been updated to v1.21.0
• This is a first version of BuildKit with signed release images and artifacts built using Docker Github Builder
• Allow convert decisions from Session Source Policy implementations #​6427
• Github Cache backend now support optional signed cache that is cryptographically verified on import #​6397
• Provide a gateway interface for reading container filesystems during builds #​6262
• Push registry remote cache blobs in parallel for faster uploads #​6455
• Cache attestation chain pull-through responses for better performance #​6435
• Allow custom AuthConfig providers in client #​6408
• Surface policy deny messages in build errors #​6458
• Fix Git 2.52 support for matching some error conditions #​6452
• Expose the build reference in exporter buildinfo #​6424
• Improve expired keys handling in Git signature verification #​6412
• Cache gateway forwarder mounts and deduplicate snapshot responses #​6387
• Remove development gateway frontend options in favor of build-contexts #​6350
• Prevent status stream from closing too early by using an inactivity timeout #​6396
• Recover from history.db corruption #​6371
• Fix xattr copy failures on SELinux systems #​6015
• Fix error return when requesting attestation from non-index image #​6473
• Fix possible "digest not found" error when fetching attestation chain due to missing lease #​6464
• Fix Windows copy operations around protected files #​6369
• Fix possible race condition in gateway bridge forwarder #​6355
• Fix concurrency in source policy evaluation to prevent parallel panics #​6448

Dependency Changes

• cyphar.com/go-pathrs v0.2.1 new
• github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.2 -> v1.20.0
• github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.11.0 -> v1.13.1
• github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2 -> v1.6.0
• github.com/asaskevich/govalidator a9d515a new
• github.com/aws/aws-sdk-go-v2 v1.38.1 -> v1.39.6
• github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.0 -> v1.7.2
• github.com/aws/aws-sdk-go-v2/config v1.31.3 -> v1.31.20
• github.com/aws/aws-sdk-go-v2/credentials v1.18.7 -> v1.18.24
• github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.4 -> v1.18.13
• github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.4 -> v1.4.13
• github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.4 -> v2.7.13
• github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 -> v1.8.4
• github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.4 -> v1.4.12
• github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.0 -> v1.13.3
• github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.8.4 -> v1.9.3
• github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.4 -> v1.13.13
• github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.4 -> v1.19.12
• github.com/aws/aws-sdk-go-v2/service/s3 v1.87.1 -> v1.89.1
• github.com/aws/aws-sdk-go-v2/service/sso v1.28.2 -> v1.30.3
• github.com/aws/aws-sdk-go-v2/service/ssooidc v1.34.0 -> v1.35.7
• github.com/aws/aws-sdk-go-v2/service/sts v1.38.0 -> v1.40.2
• github.com/aws/smithy-go v1.22.5 -> v1.23.2
• github.com/blang/semver v3.5.1 new
• github.com/cloudflare/circl v1.6.0 -> v1.6.1
• github.com/containerd/cgroups/v3 v3.1.0 -> v3.1.2
• github.com/containerd/containerd/v2 v2.2.0 -> v2.2.1
• github.com/containerd/fuse-overlayfs-snapshotter/v2 v2.1.6 -> v2.1.7
• github.com/containerd/nydus-snapshotter v0.15.4 -> v0.15.10
• github.com/cyberphone/json-canonicalization 19d51d7 new
• github.com/cyphar/filepath-securejoin v0.6.0 new
• github.com/digitorus/pkcs7 3a137a8 new
• github.com/digitorus/timestamp 220c5c2 new
• github.com/docker/cli v28.5.0 -> v29.1.4
• github.com/docker/docker-credential-helpers v0.9.3 -> v0.9.5
• github.com/go-openapi/analysis v0.24.1 new
• github.com/go-openapi/errors v0.22.4 new
• github.com/go-openapi/jsonpointer v0.22.1 new
• github.com/go-openapi/jsonreference v0.21.3 new
• github.com/go-openapi/loads v0.23.2 new
• github.com/go-openapi/runtime v0.29.2 new
• github.com/go-openapi/spec v0.22.1 new
• github.com/go-openapi/strfmt v0.25.0 new
• github.com/go-openapi/swag v0.25.3 new
• github.com/go-openapi/swag/cmdutils v0.25.3 new
• github.com/go-openapi/swag/conv v0.25.3 new
• github.com/go-openapi/swag/fileutils v0.25.3 new
• github.com/go-openapi/swag/jsonname v0.25.3 new
• github.com/go-openapi/swag/jsonutils v0.25.3 new
• github.com/go-openapi/swag/loading v0.25.3 new
• github.com/go-openapi/swag/mangling v0.25.3 new
• github.com/go-openapi/swag/netutils v0.25.3 new
• github.com/go-openapi/swag/stringutils v0.25.3 new
• github.com/go-openapi/swag/typeutils v0.25.3 new
• github.com/go-openapi/swag/yamlutils v0.25.3 new
• github.com/go-openapi/validate v0.25.1 new
• github.com/go-viper/mapstructure/v2 v2.4.0 new
• github.com/google/certificate-transparency-go v1.3.2 new
• github.com/google/go-containerregistry v0.20.6 new
• github.com/grafana/regexp a468a5b new
• github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2 -> v2.27.3
• github.com/in-toto/attestation v1.1.2 new
• github.com/klauspost/compress v1.18.1 -> v1.18.2
• github.com/moby/go-archive v0.1.0 -> v0.2.0
• github.com/moby/policy-helpers bcaa71c -> 9fcc1a9
• github.com/oklog/ulid v1.3.1 new
• github.com/opencontainers/runtime-spec v1.2.1 -> v1.3.0
• github.com/opencontainers/runtime-tools 0ea5ed0 -> edf4cb3
• github.com/opencontainers/selinux v1.12.0 -> v1.13.1
• github.com/prometheus/otlptranslator v0.0.2 new
• github.com/prometheus/procfs v0.16.1 -> v0.17.0
• github.com/sigstore/protobuf-specs v0.5.0 new
• github.com/sigstore/rekor v1.4.3 new
• github.com/sigstore/rekor-tiles/v2 v2.0.1 new
• github.com/sigstore/sigstore v1.10.0 new
• github.com/sigstore/sigstore-go b5fe07a new
• github.com/sigstore/timestamp-authority/v2 v2.0.2 new
• github.com/sirupsen/logrus v1.9.3 -> v1.9.4
• github.com/spdx/tools-golang v0.5.5 -> v0.5.7
• github.com/theupdateframework/go-tuf/v2 v2.3.0 new
• github.com/tonistiigi/fsutil 586307a -> a2aa163
• github.com/tonistiigi/go-actions-cache 378c5ed -> 54bc28c
• github.com/transparency-dev/formats 404c0d5 new
• github.com/transparency-dev/merkle v0.0.2 new
• go.mongodb.org/mongo-driver v1.17.6 new
• go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 -> v0.63.0
• go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.61.0 -> v0.63.0
• go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 -> v0.63.0
• go.opentelemetry.io/otel/exporters/prometheus v0.42.0 -> v0.60.0
• go.yaml.in/yaml/v2 v2.4.2 -> v2.4.3
• go.yaml.in/yaml/v3 v3.0.4 new
• golang.org/x/term v0.38.0 new
• google.golang.org/genproto/googleapis/api c5933d9 -> f26f940
• google.golang.org/genproto/googleapis/rpc c5933d9 -> f26f940
• kernel.org/pub/linux/libs/security/libcap/cap v1.2.76 -> v1.2.77
• kernel.org/pub/linux/libs/security/libcap/psx v1.2.76 -> v1.2.77
• tags.cncf.io/container-device-interface v1.0.1 -> v1.1.0
• tags.cncf.io/container-device-interface/specs-go v1.0.0 -> v1.1.0

Previous release can be found at v0.26.3

v0.26.3

Compare Source

Welcome to the v0.26.3 release of buildkit!

Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.

Contributors

• Sebastiaan van Stijn
• Jonathan A. Sternberg
• Tõnis Tiigi

Notable Changes

• Fix session policy metadata resolution for git attributes and image attestations #​6383

Dependency Changes

• github.com/containernetworking/plugins v1.8.0 -> v1.9.0

Previous release can be found at v0.26.2

v0.26.2

Compare Source

Welcome to the v0.26.2 release of buildkit!

Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.

Contributors

• CrazyMax
• Tõnis Tiigi

Notable Changes

• Fix possible error when uploading big files to S3 cache exporter #​6373

Dependency Changes

This release has no dependency changes

Previous release can be found at v0.26.1

v0.26.1

Compare Source

Welcome to the v0.26.1 release of buildkit!

Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.

Contributors

• Tõnis Tiigi

Notable Changes

• Fix excessive chunking when fetching blobs #​6366

Dependency Changes

This release has no dependency changes

Previous release can be found at v0.26.0

v0.26.0

Compare Source

buildkit 0.26.0

Welcome to the v0.26.0 release of buildkit!

Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.

Contributors

• Tõnis Tiigi
• CrazyMax
• Akihiro Suda
• Sebastiaan van Stijn
• Jonathan A. Sternberg
• Brian Goff
• Dawei Wei
• Alberto Garcia Hierro
• Damon Holden
• David Karlsson
• Justin Chadwell
• Mikhail Dmitrichenko
• bpascard

Notable Changes

• Change how file checksum is calculated when wildcards and include/exclude patterns are involved to better align with how they are calculated in the non-wildcard path. #​6238
• LLB Copy operation now allows specifying required paths to be included in the copy. #​6229
• Fixed race condition between cache and snapshot for the Git source. #​6281
• Fixed race condition in HTTP cache key digest computation that could cause duplicate requests and digest mismatch errors. #​6292
• Runc container runtime has been updated to v1.3.3. #​6331
• Source metadata requests via ResolveSourceMeta, previously available for image sources, can now be performed for Git sources. This can be used to resolve Git commit and tag checksums and also to access the raw commit and tag objects for further verification. #​6283
• Source metadata requests via ResolveSourceMeta, previously available for image sources, can now be performed for HTTP sources. This can be used to access artifact checksums, last-modified time etc. #​6285
• Git sources can now perform verification of GPG or SSH signatures on commits and tags. Enable git signature checks via source policy. #​6300 #​6344
• contentutil package now supports moving referrer objects when using CopyChain function. #​6336
• Fix fetch by commit for git source when tags change or branch names are updated. #​6259
• Fix http connection leak when resolving metadata from http source on non-2xx HTTP status codes. #​6313
• A new type of source policies has been added that supports making policy decisions on the client side via session tunnel. #​6276
• Add buildkit capability for detecting if source policy decisions can be made via session tunnel. #​6345
• Avoid intermediate type wrappers for custom fields in provenance. #​6275
• Add raw commit/tag object access when resolving git source metadata. #​6298
• Move image source resolver away from the ResolveImageConfig type to ResolveSourceMetadata. #​6330 # probably not needed for changelog
• Fix inline cache used with multiple exporters. #​6263
• Fix handling multiple inline cache exporters configured for single build. #​6272
• Fix handling of annotated Git tags. The pin of the annotated tag should be the SHA of the tag and not the commit it is pointing to. #​6251
• Fix source policy attributes validation when multiple rules use the same identifier. #​6342

Dependency Changes

• github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 -> v1.18.2
• github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 -> v1.11.0
• github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 -> v1.11.2
• github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2 -> v1.4.2
• github.com/Microsoft/hcsshim v0.13.0 -> v0.14.0-rc.1
• github.com/ProtonMail/go-crypto v1.3.0 new
• github.com/aws/aws-sdk-go-v2 v1.30.3 -> v1.38.1
• github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.3 -> v1.7.0
• github.com/aws/aws-sdk-go-v2/config v1.27.27 -> v1.31.3
• github.com/aws/aws-sdk-go-v2/credentials v1.17.27 -> v1.18.7
• github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11 -> v1.18.4
• github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.8 -> v1.17.10
• github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15 -> v1.4.4
• github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15 -> v2.7.4
• github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 -> v1.8.3
• github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.15 -> v1.4.4
• github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 -> v1.13.0
• github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.17 -> v1.8.4
• github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17 -> v1.13.4
• github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.15 -> v1.19.4
• github.com/aws/aws-sdk-go-v2/service/s3 v1.58.2 -> v1.87.1
• github.com/aws/aws-sdk-go-v2/service/sso v1.22.4 -> v1.28.2
• github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4 -> v1.34.0
• github.com/aws/aws-sdk-go-v2/service/sts v1.30.3 -> v1.38.0
• github.com/aws/smithy-go v1.20.3 -> v1.22.5
• github.com/cenkalti/backoff/v5 v5.0.3 new
• github.com/cloudflare/circl v1.6.0 new
• github.com/containerd/cgroups/v3 v3.0.5 -> v3.1.0
• github.com/containerd/containerd/api v1.9.0 -> v1.10.0
• github.com/containerd/containerd/v2 v2.1.4 -> v2.2.0
• github.com/containerd/go-cni v1.1.12 -> v1.1.13
• github.com/containerd/nydus-snapshotter v0.15.2 -> v0.15.4
• github.com/containerd/platforms v1.0.0-rc.1 -> v1.0.0-rc.2
• github.com/containerd/stargz-snapshotter v0.16.3 -> v0.17.0
• github.com/containerd/stargz-snapshotter/estargz v0.16.3 -> v0.17.0
• github.com/containernetworking/plugins v1.7.1 -> v1.8.0
• github.com/coreos/go-systemd/v22 v22.5.0 -> v22.6.0
• github.com/docker/cli v28.4.0 -> v28.5.0
• github.com/fatih/color v1.18.0 new
• github.com/go-logr/logr v1.4.2 -> v1.4.3
• github.com/gofrs/flock v0.12.1 -> v0.13.0
• github.com/golang-jwt/jwt/v5 v5.2.2 -> v5.3.0
• github.com/golang/groupcache 41bb18b -> 2c02b82
• github.com/google/pprof 27863c8 -> f64d9cf
• github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.1 -> v2.27.2
• github.com/hanwen/go-fuse/v2 v2.6.3 -> v2.8.0
• github.com/hashicorp/go-retryablehttp v0.7.7 -> v0.7.8
• github.com/hiddeco/sshsig v0.2.0 new
• github.com/klauspost/compress v1.18.0 -> v1.18.1
• github.com/mattn/go-colorable v0.1.14 new
• github.com/moby/policy-helpers bcaa71c new
• github.com/moby/sys/capability v0.4.0 new
• github.com/opencontainers/runtime-tools 2e043c6 -> 0ea5ed0
• github.com/prometheus/client_golang v1.22.0 -> v1.23.2
• github.com/prometheus/client_model v0.6.1 -> v0.6.2
• github.com/prometheus/common v0.62.0 -> v0.66.1
• github.com/prometheus/procfs v0.15.1 -> v0.16.1
• github.com/secure-systems-lab/go-securesystemslib v0.6.0 -> v0.9.1
• github.com/stretchr/testify v1.10.0 -> v1.11.1
• github.com/vbatts/tar-split v0.12.1 -> v0.12.2
• go.opentelemetry.io/auto/sdk v1.1.0 -> v1.2.1
• go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 -> v0.61.0
• go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.60.0 -> v0.61.0
• go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 -> v0.61.0
• go.opentelemetry.io/otel v1.35.0 -> v1.38.0
• go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.35.0 -> v1.38.0
• go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.35.0 -> v1.38.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0 -> v1.38.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0 -> v1.38.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.35.0 -> v1.38.0
• go.opentelemetry.io/otel/metric v1.35.0 -> v1.38.0
• go.opentelemetry.io/otel/sdk v1.35.0 -> v1.38.0
• go.opentelemetry.io/otel/sdk/metric v1.35.0 -> v1.38.0
• go.opentelemetry.io/otel/trace v1.35.0 -> v1.38.0
• go.opentelemetry.io/proto/otlp v1.5.0 -> v1.7.1
• go.yaml.in/yaml/v2 v2.4.2 new
• golang.org/x/crypto v0.37.0 -> v0.42.0
• golang.org/x/exp 7e4ce0a -> df92998
• golang.org/x/mod v0.24.0 -> v0.29.0
• golang.org/x/net v0.39.0 -> v0.44.0
• golang.org/x/sync v0.16.0 -> v0.17.0
• golang.org/x/sys v0.33.0 -> v0.37.0
• golang.org/x/text v0.24.0 -> v0.29.0
• golang.org/x/time v0.11.0 -> v0.14.0
• google.golang.org/genproto/googleapis/api 56aae31 -> c5933d9
• google.golang.org/genproto/googleapis/rpc 56aae31 -> c5933d9
• google.golang.org/grpc v1.72.2 -> v1.76.0
• google.golang.org/protobuf v1.36.9 -> v1.36.10
• sigs.k8s.io/yaml v1.4.0 -> v1.6.0

Previous release can be found at v0.25.2

v0.25.2

Compare Source

Welcome to the v0.25.2 release of buildkit!

Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.

Contributors

• CrazyMax
• Tõnis Tiigi

Notable Changes

• Update Runc to v1.3.3 #​6332

Dependency Changes

This release has no dependency changes

Previous release can be found at v0.25.1

v0.25.1

Compare Source

buildkit 0.25.1

Welcome to the v0.25.1 release of buildkit!

Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.

Contributors

• Tõnis Tiigi
• CrazyMax

Notable Changes

• Fix possible cache export failure when previously exported cache blob has been deleted #​6261
• Fix possible cache corruption or error when using inline cache with multiple exporters #​6263
• Fix intermediate wrapper for custom provenance attestation fields #​6275

Dependency Changes

This release has no dependency changes

Previous release can be found at v0.25.0

v0.25.0

Compare Source

buildkit 0.25.0

Welcome to the v0.25.0 release of buildkit!

Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.

Contributors

• Tõnis Tiigi
• CrazyMax
• Jonathan A. Sternberg
• Akihiro Suda
• Brian Goff
• greggu
• Sebastiaan van Stijn
• Søren Hansen
• Vigilans
• Sam Oluwalana
• Shivam
• Tianon Gravi
• nikelborm

Notable Changes

• Git sources now support working with SHA-256 based code repositories. #​6194
• New Checksum has been added to llb.Image to specify verification digest of the image. Unlike the existing digest in the image reference, where digest overrides the tag if both are set, in this mode, the image is resolved by the tag and only verified by checksum. #​6234
• The remote cache exporter (also used in provenance creation) has been completely rewritten to solve various concurrency and loop issues. There should be no user-visible changes in the cache format itself. #​6129
• BuildKit daemon now supports a way to add custom fields to the provenance attestation to specify the environment BuildKit is running in. Additional field are picked up from config files in /etc/buildkitd/provenance.d directory. #​6210
• Containerd executor on Windows now supports HyperVIsolation option. #​6224
• Included runc container runtime has been updated to v1.3.1 #​6236
• CNI plugins have been updated to v1.8.0 #​6185
• Qemu emulation binaries have been updated to v10.0.4. #​6215
• Fix possible infinite loop when exporting cache #​6186
• Fix issue where some errors could lose their source or stack information when wrapped with errors.Join. #​6226
• Multiple fixes to how the builds from Git context are recorded in provenance. #​6213
• Fix issue where build arguments could be missing in the history record's provenance attestation. #​6221
• Fix issue where materials=false could be incorrectly set in provenance attestation for a build that used frontend inputs. #​6203
• Fix not setting the platform in the subject descriptor of the OCI artifact-style attestation manifest. This confused some registries. #​6191
• Fix some improper formatting in error messages. #​6192
• Fix issue with checking out annotated tags by full reference. #​6244

Dependency Changes

• github.com/docker/cli v28.3.3 -> v28.4.0
• google.golang.org/protobuf v1.36.6 -> v1.36.9

Previous release can be found at v0.24.0

v0.24.0

Compare Source

Welcome to the v0.24.0 release of buildkit!

Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.

Contributors

• Tõnis Tii

---

Configuration

📅 Schedule: Branch creation - "* 1 * * 1-5" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[elastic-renovate-prod]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 63 additional dependencies were updated

Details:

Package	Change
github.com/aws/aws-sdk-go-v2	v1.41.1 -> v1.41.4
github.com/aws/aws-sdk-go-v2/config	v1.32.7 -> v1.32.12
github.com/aws/aws-sdk-go-v2/credentials	v1.19.7 -> v1.19.12
github.com/aws/aws-sdk-go-v2/feature/ec2/imds	v1.18.17 -> v1.18.20
github.com/aws/aws-sdk-go-v2/service/sts	v1.41.6 -> v1.41.9
github.com/aws/smithy-go	v1.24.0 -> v1.24.2
dario.cat/mergo	v1.0.1 -> v1.0.2
github.com/aws/aws-sdk-go-v2/service/signin	v1.0.5 -> v1.0.8
github.com/containerd/cgroups/v3	v3.0.5 -> v3.1.3
github.com/containerd/containerd/api	v1.9.0 -> v1.10.0
github.com/containerd/containerd/v2	v2.1.5 -> v2.2.2
github.com/containerd/platforms	v1.0.0-rc.1 -> v1.0.0-rc.2
github.com/cyberphone/json-canonicalization	v0.0.0-20231011164504-785e29786b46 -> v0.0.0-20241213102144-19d51d7fe467
github.com/go-openapi/swag/conv	v0.25.4 -> v0.25.5
github.com/go-openapi/swag/fileutils	v0.25.4 -> v0.25.5
github.com/go-openapi/swag/jsonname	v0.25.4 -> v0.25.5
github.com/go-openapi/swag/jsonutils	v0.25.4 -> v0.25.5
github.com/go-openapi/swag/loading	v0.25.4 -> v0.25.5
github.com/go-openapi/swag/mangling	v0.25.4 -> v0.25.5
github.com/go-openapi/swag/stringutils	v0.25.4 -> v0.25.5
github.com/go-openapi/swag/typeutils	v0.25.4 -> v0.25.5
github.com/go-openapi/swag/yamlutils	v0.25.4 -> v0.25.5
github.com/google/certificate-transparency-go	v1.1.8 -> v1.3.2
github.com/morikuni/aec	v1.0.0 -> v1.1.0
kernel.org/pub/linux/libs/security/libcap/cap	v1.2.76 -> v1.2.77
kernel.org/pub/linux/libs/security/libcap/psx	v1.2.76 -> v1.2.77
github.com/Microsoft/hcsshim	v0.13.0 -> v0.14.0-rc.1
github.com/anchore/go-struct-converter	v0.0.0-20221118182256-c68fdcfa2092 -> v0.1.0
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream	v1.7.4 -> v1.7.5
github.com/aws/aws-sdk-go-v2/internal/configsources	v1.4.17 -> v1.4.20
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2	v2.7.17 -> v2.7.20
github.com/aws/aws-sdk-go-v2/internal/ini	v1.8.4 -> v1.8.6
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding	v1.13.4 -> v1.13.7
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url	v1.13.17 -> v1.13.20
github.com/aws/aws-sdk-go-v2/service/sso	v1.30.9 -> v1.30.13
github.com/aws/aws-sdk-go-v2/service/ssooidc	v1.35.13 -> v1.35.17
github.com/cloudflare/circl	v1.6.1 -> v1.6.3
github.com/containerd/stargz-snapshotter/estargz	v0.18.1 -> v0.18.2
github.com/containerd/ttrpc	v1.2.7 -> v1.2.8
github.com/cyphar/filepath-securejoin	v0.5.1 -> v0.6.0
github.com/docker/cli	v29.0.3+incompatible -> v29.3.1+incompatible
github.com/docker/docker-credential-helpers	v0.9.3 -> v0.9.5
github.com/docker/go-connections	v0.6.0 -> v0.7.0
github.com/emicklei/go-restful/v3	v3.12.2 -> v3.13.0
github.com/go-openapi/analysis	v0.24.1 -> v0.24.3
github.com/go-openapi/errors	v0.22.6 -> v0.22.7
github.com/go-openapi/jsonpointer	v0.22.4 -> v0.22.5
github.com/go-openapi/jsonreference	v0.21.4 -> v0.21.5
github.com/go-openapi/loads	v0.23.2 -> v0.23.3
github.com/go-openapi/spec	v0.22.3 -> v0.22.4
github.com/go-openapi/strfmt	v0.25.0 -> v0.26.1
github.com/go-openapi/validate	v0.25.1 -> v0.25.2
github.com/gofrs/flock	v0.12.1 -> v0.13.0
github.com/in-toto/in-toto-golang	v0.9.0 -> v0.10.0
github.com/jonboulle/clockwork	v0.4.0 -> v0.5.0
github.com/klauspost/compress	v1.18.4 -> v1.18.5
github.com/opencontainers/runtime-spec	v1.2.1 -> v1.3.0
github.com/sirupsen/logrus	v1.9.3 -> v1.9.4
github.com/spdx/tools-golang	v0.5.5 -> v0.5.7
github.com/tetratelabs/wazero	v1.9.0 -> v1.10.1
golang.org/x/mod	v0.32.0 -> v0.33.0
golang.org/x/sys	v0.41.0 -> v0.42.0
golang.org/x/term	v0.40.0 -> v0.41.0