ossf / scorecard

OpenSSF Scorecard - Security health metrics for Open Source
https://scorecard.dev
Apache License 2.0
4.62k stars 503 forks source link

:seedling: Bump github.com/moby/buildkit from 0.15.1 to 0.16.0 #4344

Closed dependabot[bot] closed 2 months ago

dependabot[bot] commented 2 months ago

Bumps github.com/moby/buildkit from 0.15.1 to 0.16.0.

Release notes

Sourced from github.com/moby/buildkit's releases.

v0.16.0

Welcome to the v0.16.0 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Contributors

  • CrazyMax
  • Tõnis Tiigi
  • Sebastiaan van Stijn
  • Akihiro Suda
  • David Karlsson
  • Shaun Thompson
  • Talon Bowler
  • Arkadiusz Drabczyk
  • Craig Andrews
  • Justin Chadwell
  • Mitsuru Kariya
  • Anthony Nandaa
  • Bertrand Paquet
  • Ignas Mikalajūnas
  • Jonathan A. Sternberg
  • Billy Owire
  • Debosmit Ray
  • Kai Takac
  • Marat Radchenko
  • a-palchikov

Notable changes

  • Builtin Dockerfile frontend has been updated to v1.10.0 changelog
  • Remote cache export to S3 backend can now happen with parallel requests and can be controlled with new upload_parallelism option #5270
  • Remote cache export to S3 backend now supports layers larger than 5GB #5266
  • History records now contain information about the number of warnings that were generated during the build #5166
  • Printing check results with library now allows source mapping modifications #5295
  • Unconditionally use /etc/resolv.conf rather than systemd's config in host networking mode #5207
  • Certain history, graph consistency, and some syscall errors as now marked as internal and use corresponding gRPC error code #5163 #5182
  • Output of errors produced by the container executor has been improved #5179
  • Stack traces produced by build errors are now clearer and avoid duplicates #5180
  • Build containers killed by OOMKiller are now detected and shown to the user in the error message #5260
  • Runc container runtime has been updated to v1.1.14 #5300
  • Pre-defined OCI annotations are now set to the BuildKit image #3554
  • Fix pruning cache mounts that use uid/gid/mode/from on no-cache builds #5306
  • Fix issue where --import-cache flag could be ignored for buildctl #5143
  • Fix OTEL trace ID being missing from logs #5315

Dependency Changes

... (truncated)

Commits
  • 0865fcc Merge pull request #5320 from crazy-max/v0.16.0-picks2
  • 74116a2 fix windows area label when modifications are under the vendor folder
  • 5c5dc59 vendor: github.com/docker/docker v27.2.1
  • c9d08dd Merge pull request #5315 from jsternberg/trace-id-in-log
  • b2b8b1c Merge pull request #5313 from tonistiigi/grpc-v1.62
  • 366c355 bklog: always enable trace id if it exists
  • e89d391 vendor: update grpc to v1.62.0
  • a1993e8 Merge pull request #5306 from tonistiigi/cache-mount-mode-prune
  • 85668ff Merge pull request #5307 from thompson-shaun/update-labeler
  • 436609d Merge pull request #5302 from crazy-max/dockerfile-rootless-cache
  • Additional commits viewable in compare view


Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot will merge this PR once CI passes on it, as requested by @spencerschrock.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
codecov[bot] commented 2 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 66.80%. Comparing base (353ed60) to head (58670e9). Report is 12 commits behind head on main.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #4344 +/- ## ======================================= Coverage 66.80% 66.80% ======================================= Files 230 230 Lines 16602 16602 ======================================= Hits 11091 11091 Misses 4808 4808 Partials 703 703 ```