search

CreMindES / whalelint

Dockerfile linter written in Go. It provides static analysis for Dockerfiles, identifying common mistakes and promotes best practices.
MIT License
13 stars 2 forks source link

build(deps): bump github.com/moby/buildkit from 0.9.3 to 0.11.2 #550

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps github.com/moby/buildkit from 0.9.3 to 0.11.2.

Release notes

Sourced from github.com/moby/buildkit's releases.

v0.11.2

Welcome to the 0.11.2 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Notable changes

  • Update containerd patches to fix regression in handling push errors #3531
  • Multiple fixes for History API #3530
  • Fix issue with parallel build requests using local cache imports #3493

Dependency Changes

  • github.com/containerd/containerd v1.6.14 -> 1709cfe273d9
  • github.com/pelletier/go-toml v1.9.4 -> v1.9.5

Previous release can be found at v0.11.1

v0.11.1

Welcome to the 0.11.1 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Notable changes

  • Builtin Dockerfile frontend has been updated to 1.5.1, fixing possible panic in certain warning condition #3505
  • Fix possible hang when closing down the SSH forwarding socket in v0.11.0 #3506
  • Fix typo in an environment variable used to configure OpenTelemetry endpoints #3508

v0.11.0

Welcome to the 0.11.0 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Notable Changes

  • Builtin Dockerfile frontend has been updated to v1.5.0 https://github.com/moby/buildkit/releases/tag/dockerfile%2F1.5.0

  • BuildKit and compatible frontends can now produce SBOM (Software Bill of Materials) attestations for the build results to show the dependencies of the build. These attestations can be added to images and locally exported files. Using Dockerfiles, SBOM information can be configured to be produced also based on files in intermediate build stages or build context, or run processes that manually define the SBOM dependencies. When exporting an image, layer mapping is also produced that allows tracing a SBOM package to a specific build step. #3258 #3290 #3249 #2983 #3358 #3312 #3407 #3408 #3410 #3414 #3422 Read documentation

  • BuildKit can now produce a Provenance attestation for the build result in SLSA format. Provenance attestations describe how a build was produced, and what sources/parameters were used. In addition to fields part of the SLSA specification, Buildkit's provenance also exports BuildKit-specific metadata like LLB steps with their source- and layer mapping. Provenance attestation will capture all the build sources visible to BuildKit, for example, not only the Git repository where the project's source is coming from but also the digests of all the container images used during the build. #3240 #3428 #3428 #3462 Read documentation

  • BuildKit now supports reproducible builds by setting SOURCE_DATE_EPOCH build argument or source-date-epoch exporter attribute. This deterministic date will be used in image metadata instead of the current time. #2918 #3262 #3152 Read documentation

  • OCI annotations can now be set to build results exported as images or OCI layouts. Annotations can be set on both image manifests and indexes, as well as descriptors to them. #3283 #3061 #2975 #2879 Read documentation

... (truncated)

Commits
  • 9449399 Merge pull request #3540 from tonistiigi/v0.11.2-picks2
  • b71812b Make local cache non-lazy
  • 2e5781e Merge pull request #3538 from tonistiigi/v0.11.2-picks
  • 7e3f6b8 vendor: update containerd to v1.6.16-0.1709cfe273d9
  • 926b2e5 control: send current timestamp header with event streams
  • 4896b62 buildctl: add ref-file to get history record for a build
  • 2445185 client: make sure ref is configurable for the history API
  • b3b0b85 history: save completed steps with cache stats
  • d23615c history: fix exporter key not being passed
  • 4659194 history: fix logs and traces are saving on canceled builds
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 1 year ago

Superseded by #559.