ossf / scorecard

OpenSSF Scorecard - Security health metrics for Open Source
https://scorecard.dev
Apache License 2.0
4.6k stars 500 forks source link

:seedling: Bump github.com/moby/buildkit from 0.14.1 to 0.15.0 #4236

Closed dependabot[bot] closed 4 months ago

dependabot[bot] commented 4 months ago

Bumps github.com/moby/buildkit from 0.14.1 to 0.15.0.

Release notes

Sourced from github.com/moby/buildkit's releases.

v0.15.0

Welcome to the v0.15.0 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Contributors

  • Tõnis Tiigi
  • Akihiro Suda
  • Sebastiaan van Stijn
  • Talon Bowler
  • CrazyMax
  • David Karlsson
  • Aleksa Sarai
  • Anthony Nandaa
  • Erik Sipsma
  • Jonathan A. Sternberg
  • Justin Chadwell
  • Alano Terblanche
  • Brian Goff
  • Jesper Noordsij
  • Moritz "WanzenBug" Wanzenböck
  • Nobi
  • Paweł Gronowski
  • Shaun Thompson
  • fanjiyun.fjy
  • retornam

Notable Changes

  • Builtin Dockerfile frontend has been updated to v1.9.0 changelog
  • History API now puts typed error information on a separate blob to reduce the size of the main record #5093 #5142
  • History API supports new Finalize call for completing collection of tracing instead of waiting for time based expiration #5109
  • Typed errors with source information now contain all description fields from failing vertex #5108
  • Windows now supports exporting results that contain certain privileged files #4994
  • Improve performance on calculating file-based checksums on certain cases #5060
  • TOML config now allows configuring cgroup parent for containerd worker #5033
  • Fix issue where files checked out from Git could have incorrect permission bits because of non-standard umask (regression from v0.13+) #5096
  • Fix pulling Git commits by SHA if they point to unreferenced tags #5072
  • Fix possible issue where result record could leak in cache database and not get released #5116
  • Fix possible nil dereference on cancelling build on a specific time #5111
  • Fix possible resource leak on cancelling build on a specific time #5031
  • Fix possible issue where cancelling build on a specific time could have still kept the container step running #5106
  • Fix theoretical telemetry record leak in case of database error #5136

... (truncated)

Commits
  • e83d79a Merge pull request #5135 from daghack/copy-ignored-file-check
  • 07fe324 Adds a rule check for copying files which match the .dockerignore patterns
  • 62ba6fe Merge pull request #5150 from tonistiigi/dockerfile-no-stage-error
  • 2a78bd3 Merge pull request #5149 from tonistiigi/update-gocsvvalue
  • 262634c dockerfile: avoid frontend panic when no stages defined
  • e38c064 Merge pull request #5141 from tonistiigi/testutil-mirror-fixes
  • fcb9a53 vendor: update go-csvvalue to ddb21b71
  • b6e33bc Merge pull request #5142 from tonistiigi/externalerr-release-fix
  • 4096e93 Merge pull request #5140 from jsternberg/lint-constant-platform-disallowed
  • 58753e8 checks: add check for constant in from platform flag
  • Additional commits viewable in compare view


Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)