lucas/forgejo-actions-buildkit-image
lucas/forgejo-actions-buildkit-image
1
Fork 0
Code Issues 1 Pull requests Packages 1 Wiki Activity Actions

Update dependency buildkit to v0.29.0 #12

Merged
renovate-bot merged 1 commit from renovate/buildkit-0.x into master 2026-04-01 17:48:41 +02:00
Conversation 0 Commits 1 Files changed 2 +2 -2
renovate-bot bot commented 2026-01-22 00:01:57 +01:00
Collaborator
Copy link

This PR contains the following updates:

Package Update Change
buildkit minor 0.26.30.29.0

Release Notes

moby/buildkit (buildkit)

v0.29.0

Compare Source

v0.28.1

Compare Source

Welcome to the v0.28.1 release of buildkit!

Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.

Contributors
  • Tõnis Tiigi
  • CrazyMax
  • Sebastiaan van Stijn
Notable Changes
  • Fix insufficient validation of Git URL #ref:subdir fragments that could allow access to restricted files outside the checked-out repository root. GHSA-4vrq-3vrq-g6gg
  • Fix a vulnerability where an untrusted custom frontend could cause files to be written outside the BuildKit state directory. GHSA-4c29-8rgm-jvjj
  • Fix a panic when processing invalid .dockerignore patterns during COPY. #​6610 moby/patternmatcher#9
Dependency Changes
  • github.com/moby/patternmatcher v0.6.0 -> v0.6.1

Previous release can be found at v0.28.0

v0.28.0

Compare Source

buildkit 0.28.0

Welcome to the v0.28.0 release of buildkit!

Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.

Contributors
  • Tõnis Tiigi
  • CrazyMax
  • Sebastiaan van Stijn
  • Jonathan A. Sternberg
  • Akihiro Suda
  • Amr Mahdi
  • Dan Duvall
  • David Karlsson
  • Jonas Geiler
  • Kevin L.
  • rsteube
Notable Changes
  • Builtin Dockerfile frontend has been updated to v1.22.0 changelog
  • The default provenance format has been switched to SLSA v1.0 from the previous v0.2. The old format can still be generated by setting the version attribute. #​6526
  • Provenance attestation for an image can now be directly pulled via Source metadata request. #​6516 #​6514 #​6537
  • Pushing result images and exporting build cache now happens in parallel, for better performance. #​6451
  • LLB definition now supports two new Source types for accessing raw blobs from image registries and from OCI layouts. New sources use identifier protocols docker-image+blob:// and oci-layout+blob://. #​4286
  • LLB API now supports custom checksum requests for HTTP sources, allowing fetching checksums for different algorithms than the default SHA256 and with optional suffixes. #​6527 #​6537
  • LLB API now supports validating HTTP sources with PGP signatures, similarly to previous support for Git sources. #​6527
  • With the update to a newer version of the in-toto library, the provenance attestation key InvocationID has changed to InvocationId to strictly follow the SLSA spec. This change doesn't affect BuildKit/Buildx Golang tooling, but could affect 3rd party tools if they are using case-sensitive JSON parsing. #​6533
  • Embedded Qemu emulator support has been updated to v10.1.3 #​6524
  • Update BuildKit Cgroups implementation to work in (Kubernetes) environments that don't have their own Cgroup namespace. #​6368
  • Buildctl binary now supports bash completion. #​6474
  • PGP signature verification now supports combined public keys as input for defining the required signer. #​6519
  • Fix possible "failed to read expected number of bytes" error when reading attestation chains #​6520
  • Fix possible error from race condition when creating images in parallel #​6477
Dependency Changes
  • github.com/aws/aws-sdk-go-v2 v1.39.6 -> v1.41.1
  • github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.2 -> v1.7.4
  • github.com/aws/aws-sdk-go-v2/config v1.31.20 -> v1.32.7
  • github.com/aws/aws-sdk-go-v2/credentials v1.18.24 -> v1.19.7
  • github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.13 -> v1.18.17
  • github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.13 -> v1.4.17
  • github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.13 -> v2.7.17
  • github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.3 -> v1.13.4
  • github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.13 -> v1.13.17
  • github.com/aws/aws-sdk-go-v2/service/signin v1.0.5 new
  • github.com/aws/aws-sdk-go-v2/service/sso v1.30.3 -> v1.30.9
  • github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.7 -> v1.35.13
  • github.com/aws/aws-sdk-go-v2/service/sts v1.40.2 -> v1.41.6
  • github.com/aws/smithy-go v1.23.2 -> v1.24.0
  • github.com/cloudflare/circl v1.6.1 -> v1.6.3
  • github.com/containerd/nydus-snapshotter v0.15.10 -> v0.15.11
  • github.com/containerd/stargz-snapshotter v0.17.0 -> v0.18.2
  • github.com/containerd/stargz-snapshotter/estargz v0.17.0 -> v0.18.2
  • github.com/coreos/go-systemd/v22 v22.6.0 -> v22.7.0
  • github.com/docker/cli v29.1.4 -> v29.2.1
  • github.com/go-openapi/errors v0.22.4 -> v0.22.6
  • github.com/go-openapi/jsonpointer v0.22.1 -> v0.22.4
  • github.com/go-openapi/jsonreference v0.21.3 -> v0.21.4
  • github.com/go-openapi/spec v0.22.1 -> v0.22.3
  • github.com/go-openapi/swag v0.25.3 -> v0.25.4
  • github.com/go-openapi/swag/cmdutils v0.25.3 -> v0.25.4
  • github.com/go-openapi/swag/conv v0.25.3 -> v0.25.4
  • github.com/go-openapi/swag/fileutils v0.25.3 -> v0.25.4
  • github.com/go-openapi/swag/jsonname v0.25.3 -> v0.25.4
  • github.com/go-openapi/swag/jsonutils v0.25.3 -> v0.25.4
  • github.com/go-openapi/swag/loading v0.25.3 -> v0.25.4
  • github.com/go-openapi/swag/mangling v0.25.3 -> v0.25.4
  • github.com/go-openapi/swag/netutils v0.25.3 -> v0.25.4
  • github.com/go-openapi/swag/stringutils v0.25.3 -> v0.25.4
  • github.com/go-openapi/swag/typeutils v0.25.3 -> v0.25.4
  • github.com/go-openapi/swag/yamlutils v0.25.3 -> v0.25.4
  • github.com/google/go-containerregistry v0.20.6 -> v0.20.7
  • github.com/hanwen/go-fuse/v2 v2.8.0 -> v2.9.0
  • github.com/in-toto/in-toto-golang v0.9.0 -> v0.10.0
  • github.com/klauspost/compress v1.18.3 -> v1.18.4
  • github.com/moby/policy-helpers eeebf1a -> 824747b
  • github.com/morikuni/aec v1.0.0 -> v1.1.0
  • github.com/pelletier/go-toml/v2 v2.2.4 new
  • github.com/secure-systems-lab/go-securesystemslib v0.9.1 -> v0.10.0
  • github.com/sigstore/rekor v1.4.3 -> v1.5.0
  • github.com/sigstore/sigstore v1.10.0 -> v1.10.4
  • github.com/sigstore/sigstore-go b5fe07a -> v1.1.4
  • github.com/sigstore/timestamp-authority/v2 v2.0.2 -> v2.0.3
  • github.com/theupdateframework/go-tuf/v2 v2.3.0 -> v2.4.1
  • google.golang.org/genproto/googleapis/api f26f940 -> ff82c1b
  • google.golang.org/genproto/googleapis/rpc f26f940 -> 0a764e5
  • google.golang.org/grpc v1.76.0 -> v1.78.0

Previous release can be found at v0.27.1

v0.27.1

Compare Source

Welcome to the v0.27.1 release of buildkit!

Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.

Contributors
  • CrazyMax
  • Sebastiaan van Stijn
  • Tõnis Tiigi
Notable Changes
Dependency Changes
  • github.com/klauspost/compress v1.18.2 -> v1.18.3
  • github.com/moby/policy-helpers 9fcc1a9 -> eeebf1a

Previous release can be found at v0.27.0

v0.27.0

Compare Source

buildkit 0.27.0

Welcome to the v0.27.0 release of buildkit!

Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.

Contributors
  • Tõnis Tiigi
  • CrazyMax
  • Akihiro Suda
  • Sebastiaan van Stijn
  • Justin Chadwell
  • Jonathan A. Sternberg
  • David Karlsson
  • Dawei Wei
  • Natnael Gebremariam
  • Aleksandr Karpinskii
  • Amr Mahdi
  • Brian Goff
  • Joyal George K J
  • Matt Coster
  • Roberto Villarreal
  • Rodolfo Carvalho
  • Silvin Lubecki
  • Tiger Kaovilai
Notable Changes
  • Built-in Dockerfile frontend has been updated to v1.21.0
  • This is a first version of BuildKit with signed release images and artifacts built using Docker Github Builder
  • Allow convert decisions from Session Source Policy implementations #​6427
  • Github Cache backend now support optional signed cache that is cryptographically verified on import #​6397
  • Provide a gateway interface for reading container filesystems during builds #​6262
  • Push registry remote cache blobs in parallel for faster uploads #​6455
  • Cache attestation chain pull-through responses for better performance #​6435
  • Allow custom AuthConfig providers in client #​6408
  • Surface policy deny messages in build errors #​6458
  • Fix Git 2.52 support for matching some error conditions #​6452
  • Expose the build reference in exporter buildinfo #​6424
  • Improve expired keys handling in Git signature verification #​6412
  • Cache gateway forwarder mounts and deduplicate snapshot responses #​6387
  • Remove development gateway frontend options in favor of build-contexts #​6350
  • Prevent status stream from closing too early by using an inactivity timeout #​6396
  • Recover from history.db corruption #​6371
  • Fix xattr copy failures on SELinux systems #​6015
  • Fix error return when requesting attestation from non-index image #​6473
  • Fix possible "digest not found" error when fetching attestation chain due to missing lease #​6464
  • Fix Windows copy operations around protected files #​6369
  • Fix possible race condition in gateway bridge forwarder #​6355
  • Fix concurrency in source policy evaluation to prevent parallel panics #​6448
Dependency Changes
  • cyphar.com/go-pathrs v0.2.1 new
  • github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.2 -> v1.20.0
  • github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.11.0 -> v1.13.1
  • github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2 -> v1.6.0
  • github.com/asaskevich/govalidator a9d515a new
  • github.com/aws/aws-sdk-go-v2 v1.38.1 -> v1.39.6
  • github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.0 -> v1.7.2
  • github.com/aws/aws-sdk-go-v2/config v1.31.3 -> v1.31.20
  • github.com/aws/aws-sdk-go-v2/credentials v1.18.7 -> v1.18.24
  • github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.4 -> v1.18.13
  • github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.4 -> v1.4.13
  • github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.4 -> v2.7.13
  • github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 -> v1.8.4
  • github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.4 -> v1.4.12
  • github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.0 -> v1.13.3
  • github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.8.4 -> v1.9.3
  • github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.4 -> v1.13.13
  • github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.4 -> v1.19.12
  • github.com/aws/aws-sdk-go-v2/service/s3 v1.87.1 -> v1.89.1
  • github.com/aws/aws-sdk-go-v2/service/sso v1.28.2 -> v1.30.3
  • github.com/aws/aws-sdk-go-v2/service/ssooidc v1.34.0 -> v1.35.7
  • github.com/aws/aws-sdk-go-v2/service/sts v1.38.0 -> v1.40.2
  • github.com/aws/smithy-go v1.22.5 -> v1.23.2
  • github.com/blang/semver v3.5.1 new
  • github.com/cloudflare/circl v1.6.0 -> v1.6.1
  • github.com/containerd/cgroups/v3 v3.1.0 -> v3.1.2
  • github.com/containerd/containerd/v2 v2.2.0 -> v2.2.1
  • github.com/containerd/fuse-overlayfs-snapshotter/v2 v2.1.6 -> v2.1.7
  • github.com/containerd/nydus-snapshotter v0.15.4 -> v0.15.10
  • github.com/cyberphone/json-canonicalization 19d51d7 new
  • github.com/cyphar/filepath-securejoin v0.6.0 new
  • github.com/digitorus/pkcs7 3a137a8 new
  • github.com/digitorus/timestamp 220c5c2 new
  • github.com/docker/cli v28.5.0 -> v29.1.4
  • github.com/docker/docker-credential-helpers v0.9.3 -> v0.9.5
  • github.com/go-openapi/analysis v0.24.1 new
  • github.com/go-openapi/errors v0.22.4 new
  • github.com/go-openapi/jsonpointer v0.22.1 new
  • github.com/go-openapi/jsonreference v0.21.3 new
  • github.com/go-openapi/loads v0.23.2 new
  • github.com/go-openapi/runtime v0.29.2 new
  • github.com/go-openapi/spec v0.22.1 new
  • github.com/go-openapi/strfmt v0.25.0 new
  • github.com/go-openapi/swag v0.25.3 new
  • github.com/go-openapi/swag/cmdutils v0.25.3 new
  • github.com/go-openapi/swag/conv v0.25.3 new
  • github.com/go-openapi/swag/fileutils v0.25.3 new
  • github.com/go-openapi/swag/jsonname v0.25.3 new
  • github.com/go-openapi/swag/jsonutils v0.25.3 new
  • github.com/go-openapi/swag/loading v0.25.3 new
  • github.com/go-openapi/swag/mangling v0.25.3 new
  • github.com/go-openapi/swag/netutils v0.25.3 new
  • github.com/go-openapi/swag/stringutils v0.25.3 new
  • github.com/go-openapi/swag/typeutils v0.25.3 new
  • github.com/go-openapi/swag/yamlutils v0.25.3 new
  • github.com/go-openapi/validate v0.25.1 new
  • github.com/go-viper/mapstructure/v2 v2.4.0 new
  • github.com/google/certificate-transparency-go v1.3.2 new
  • github.com/google/go-containerregistry v0.20.6 new
  • github.com/grafana/regexp a468a5b new
  • github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2 -> v2.27.3
  • github.com/in-toto/attestation v1.1.2 new
  • github.com/klauspost/compress v1.18.1 -> v1.18.2
  • github.com/moby/go-archive v0.1.0 -> v0.2.0
  • github.com/moby/policy-helpers bcaa71c -> 9fcc1a9
  • github.com/oklog/ulid v1.3.1 new
  • github.com/opencontainers/runtime-spec v1.2.1 -> v1.3.0
  • github.com/opencontainers/runtime-tools 0ea5ed0 -> edf4cb3
  • github.com/opencontainers/selinux v1.12.0 -> v1.13.1
  • github.com/prometheus/otlptranslator v0.0.2 new
  • github.com/prometheus/procfs v0.16.1 -> v0.17.0
  • github.com/sigstore/protobuf-specs v0.5.0 new
  • github.com/sigstore/rekor v1.4.3 new
  • github.com/sigstore/rekor-tiles/v2 v2.0.1 new
  • github.com/sigstore/sigstore v1.10.0 new
  • github.com/sigstore/sigstore-go b5fe07a new
  • github.com/sigstore/timestamp-authority/v2 v2.0.2 new
  • github.com/sirupsen/logrus v1.9.3 -> v1.9.4
  • github.com/spdx/tools-golang v0.5.5 -> v0.5.7
  • github.com/theupdateframework/go-tuf/v2 v2.3.0 new
  • github.com/tonistiigi/fsutil 586307a -> a2aa163
  • github.com/tonistiigi/go-actions-cache 378c5ed -> 54bc28c
  • github.com/transparency-dev/formats 404c0d5 new
  • github.com/transparency-dev/merkle v0.0.2 new
  • go.mongodb.org/mongo-driver v1.17.6 new
  • go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 -> v0.63.0
  • go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.61.0 -> v0.63.0
  • go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 -> v0.63.0
  • go.opentelemetry.io/otel/exporters/prometheus v0.42.0 -> v0.60.0
  • go.yaml.in/yaml/v2 v2.4.2 -> v2.4.3
  • go.yaml.in/yaml/v3 v3.0.4 new
  • golang.org/x/term v0.38.0 new
  • google.golang.org/genproto/googleapis/api c5933d9 -> f26f940
  • google.golang.org/genproto/googleapis/rpc c5933d9 -> f26f940
  • kernel.org/pub/linux/libs/security/libcap/cap v1.2.76 -> v1.2.77
  • kernel.org/pub/linux/libs/security/libcap/psx v1.2.76 -> v1.2.77
  • tags.cncf.io/container-device-interface v1.0.1 -> v1.1.0
  • tags.cncf.io/container-device-interface/specs-go v1.0.0 -> v1.1.0

Previous release can be found at v0.26.3

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [buildkit](https://github.com/moby/buildkit) | minor | `0.26.3` → `0.29.0` | --- ### Release Notes <details> <summary>moby/buildkit (buildkit)</summary> ### [`v0.29.0`](https://github.com/moby/buildkit/compare/v0.28.1...v0.29.0-rc1) [Compare Source](https://github.com/moby/buildkit/compare/v0.28.1...v0.29.0-rc1) ### [`v0.28.1`](https://github.com/moby/buildkit/releases/tag/v0.28.1) [Compare Source](https://github.com/moby/buildkit/compare/v0.28.0...v0.28.1) Welcome to the v0.28.1 release of buildkit! Please try out the release binaries and report any issues at <https://github.com/moby/buildkit/issues>. ##### Contributors - Tõnis Tiigi - CrazyMax - Sebastiaan van Stijn ##### Notable Changes - Fix insufficient validation of Git URL `#ref:subdir` fragments that could allow access to restricted files outside the checked-out repository root. [GHSA-4vrq-3vrq-g6gg](https://github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg) - Fix a vulnerability where an untrusted custom frontend could cause files to be written outside the BuildKit state directory. [GHSA-4c29-8rgm-jvjj](https://github.com/moby/buildkit/security/advisories/GHSA-4c29-8rgm-jvjj) - Fix a panic when processing invalid `.dockerignore` patterns during `COPY`. [#&#8203;6610](https://github.com/moby/buildkit/issues/6610) [moby/patternmatcher#9](https://github.com/moby/patternmatcher/issues/9) ##### Dependency Changes - **github.com/moby/patternmatcher** v0.6.0 -> v0.6.1 Previous release can be found at [v0.28.0](https://github.com/moby/buildkit/releases/tag/v0.28.0) ### [`v0.28.0`](https://github.com/moby/buildkit/releases/tag/v0.28.0) [Compare Source](https://github.com/moby/buildkit/compare/v0.27.1...v0.28.0) buildkit 0.28.0 Welcome to the v0.28.0 release of buildkit! Please try out the release binaries and report any issues at <https://github.com/moby/buildkit/issues>. ##### Contributors - Tõnis Tiigi - CrazyMax - Sebastiaan van Stijn - Jonathan A. Sternberg - Akihiro Suda - Amr Mahdi - Dan Duvall - David Karlsson - Jonas Geiler - Kevin L. - rsteube ##### Notable Changes - Builtin Dockerfile frontend has been updated to v1.22.0 [changelog](https://github.com/moby/buildkit/releases/tag/dockerfile%2F1.22.0) - The default provenance format has been switched to SLSA v1.0 from the previous v0.2. The old format can still be generated by setting the `version` attribute. [#&#8203;6526](https://github.com/moby/buildkit/issues/6526) - Provenance attestation for an image can now be directly pulled via Source metadata request. [#&#8203;6516](https://github.com/moby/buildkit/issues/6516) [#&#8203;6514](https://github.com/moby/buildkit/issues/6514) [#&#8203;6537](https://github.com/moby/buildkit/issues/6537) - Pushing result images and exporting build cache now happens in parallel, for better performance. [#&#8203;6451](https://github.com/moby/buildkit/issues/6451) - LLB definition now supports two new Source types for accessing raw blobs from image registries and from OCI layouts. New sources use identifier protocols `docker-image+blob://` and `oci-layout+blob://`. [#&#8203;4286](https://github.com/moby/buildkit/issues/4286) - LLB API now supports custom checksum requests for HTTP sources, allowing fetching checksums for different algorithms than the default SHA256 and with optional suffixes. [#&#8203;6527](https://github.com/moby/buildkit/issues/6527) [#&#8203;6537](https://github.com/moby/buildkit/issues/6537) - LLB API now supports validating HTTP sources with PGP signatures, similarly to previous support for Git sources. [#&#8203;6527](https://github.com/moby/buildkit/issues/6527) - With the update to a newer version of the in-toto library, the provenance attestation key `InvocationID` has changed to `InvocationId` to strictly follow the SLSA spec. This change doesn't affect BuildKit/Buildx Golang tooling, but could affect 3rd party tools if they are using case-sensitive JSON parsing. [#&#8203;6533](https://github.com/moby/buildkit/issues/6533) - Embedded Qemu emulator support has been updated to v10.1.3 [#&#8203;6524](https://github.com/moby/buildkit/issues/6524) - Update BuildKit Cgroups implementation to work in (Kubernetes) environments that don't have their own Cgroup namespace. [#&#8203;6368](https://github.com/moby/buildkit/issues/6368) - Buildctl binary now supports bash completion. [#&#8203;6474](https://github.com/moby/buildkit/issues/6474) - PGP signature verification now supports combined public keys as input for defining the required signer. [#&#8203;6519](https://github.com/moby/buildkit/issues/6519) - Fix possible "failed to read expected number of bytes" error when reading attestation chains [#&#8203;6520](https://github.com/moby/buildkit/issues/6520) - Fix possible error from race condition when creating images in parallel [#&#8203;6477](https://github.com/moby/buildkit/issues/6477) ##### Dependency Changes - **github.com/aws/aws-sdk-go-v2** v1.39.6 -> v1.41.1 - **github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream** v1.7.2 -> v1.7.4 - **github.com/aws/aws-sdk-go-v2/config** v1.31.20 -> v1.32.7 - **github.com/aws/aws-sdk-go-v2/credentials** v1.18.24 -> v1.19.7 - **github.com/aws/aws-sdk-go-v2/feature/ec2/imds** v1.18.13 -> v1.18.17 - **github.com/aws/aws-sdk-go-v2/internal/configsources** v1.4.13 -> v1.4.17 - **github.com/aws/aws-sdk-go-v2/internal/endpoints/v2** v2.7.13 -> v2.7.17 - **github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding** v1.13.3 -> v1.13.4 - **github.com/aws/aws-sdk-go-v2/service/internal/presigned-url** v1.13.13 -> v1.13.17 - **github.com/aws/aws-sdk-go-v2/service/signin** v1.0.5 ***new*** - **github.com/aws/aws-sdk-go-v2/service/sso** v1.30.3 -> v1.30.9 - **github.com/aws/aws-sdk-go-v2/service/ssooidc** v1.35.7 -> v1.35.13 - **github.com/aws/aws-sdk-go-v2/service/sts** v1.40.2 -> v1.41.6 - **github.com/aws/smithy-go** v1.23.2 -> v1.24.0 - **github.com/cloudflare/circl** v1.6.1 -> v1.6.3 - **github.com/containerd/nydus-snapshotter** v0.15.10 -> v0.15.11 - **github.com/containerd/stargz-snapshotter** v0.17.0 -> v0.18.2 - **github.com/containerd/stargz-snapshotter/estargz** v0.17.0 -> v0.18.2 - **github.com/coreos/go-systemd/v22** v22.6.0 -> v22.7.0 - **github.com/docker/cli** v29.1.4 -> v29.2.1 - **github.com/go-openapi/errors** v0.22.4 -> v0.22.6 - **github.com/go-openapi/jsonpointer** v0.22.1 -> v0.22.4 - **github.com/go-openapi/jsonreference** v0.21.3 -> v0.21.4 - **github.com/go-openapi/spec** v0.22.1 -> v0.22.3 - **github.com/go-openapi/swag** v0.25.3 -> v0.25.4 - **github.com/go-openapi/swag/cmdutils** v0.25.3 -> v0.25.4 - **github.com/go-openapi/swag/conv** v0.25.3 -> v0.25.4 - **github.com/go-openapi/swag/fileutils** v0.25.3 -> v0.25.4 - **github.com/go-openapi/swag/jsonname** v0.25.3 -> v0.25.4 - **github.com/go-openapi/swag/jsonutils** v0.25.3 -> v0.25.4 - **github.com/go-openapi/swag/loading** v0.25.3 -> v0.25.4 - **github.com/go-openapi/swag/mangling** v0.25.3 -> v0.25.4 - **github.com/go-openapi/swag/netutils** v0.25.3 -> v0.25.4 - **github.com/go-openapi/swag/stringutils** v0.25.3 -> v0.25.4 - **github.com/go-openapi/swag/typeutils** v0.25.3 -> v0.25.4 - **github.com/go-openapi/swag/yamlutils** v0.25.3 -> v0.25.4 - **github.com/google/go-containerregistry** v0.20.6 -> v0.20.7 - **github.com/hanwen/go-fuse/v2** v2.8.0 -> v2.9.0 - **github.com/in-toto/in-toto-golang** v0.9.0 -> v0.10.0 - **github.com/klauspost/compress** v1.18.3 -> v1.18.4 - **github.com/moby/policy-helpers** [`eeebf1a`](https://github.com/moby/buildkit/commit/eeebf1a0ab2b) -> [`824747b`](https://github.com/moby/buildkit/commit/824747bfdd3c) - **github.com/morikuni/aec** v1.0.0 -> v1.1.0 - **github.com/pelletier/go-toml/v2** v2.2.4 ***new*** - **github.com/secure-systems-lab/go-securesystemslib** v0.9.1 -> v0.10.0 - **github.com/sigstore/rekor** v1.4.3 -> v1.5.0 - **github.com/sigstore/sigstore** v1.10.0 -> v1.10.4 - **github.com/sigstore/sigstore-go** [`b5fe07a`](https://github.com/moby/buildkit/commit/b5fe07a5a7d7) -> v1.1.4 - **github.com/sigstore/timestamp-authority/v2** v2.0.2 -> v2.0.3 - **github.com/theupdateframework/go-tuf/v2** v2.3.0 -> v2.4.1 - **google.golang.org/genproto/googleapis/api** [`f26f940`](https://github.com/moby/buildkit/commit/f26f9409b101) -> [`ff82c1b`](https://github.com/moby/buildkit/commit/ff82c1b0f217) - **google.golang.org/genproto/googleapis/rpc** [`f26f940`](https://github.com/moby/buildkit/commit/f26f9409b101) -> [`0a764e5`](https://github.com/moby/buildkit/commit/0a764e51fe1b) - **google.golang.org/grpc** v1.76.0 -> v1.78.0 Previous release can be found at [v0.27.1](https://github.com/moby/buildkit/releases/tag/v0.27.1) ### [`v0.27.1`](https://github.com/moby/buildkit/releases/tag/v0.27.1) [Compare Source](https://github.com/moby/buildkit/compare/v0.27.0...v0.27.1) Welcome to the v0.27.1 release of buildkit! Please try out the release binaries and report any issues at <https://github.com/moby/buildkit/issues>. ##### Contributors - CrazyMax - Sebastiaan van Stijn - Tõnis Tiigi ##### Notable Changes - Fix possible panic when verifying signature of GitHub Actions cache [moby/policy-helpers#21](https://github.com/moby/policy-helpers/pull/21) ##### Dependency Changes - **github.com/klauspost/compress** v1.18.2 -> v1.18.3 - **github.com/moby/policy-helpers** [`9fcc1a9`](https://github.com/moby/buildkit/commit/9fcc1a9ec5c9) -> [`eeebf1a`](https://github.com/moby/buildkit/commit/eeebf1a0ab2b) Previous release can be found at [v0.27.0](https://github.com/moby/buildkit/releases/tag/v0.27.0) ### [`v0.27.0`](https://github.com/moby/buildkit/releases/tag/v0.27.0) [Compare Source](https://github.com/moby/buildkit/compare/v0.26.3...v0.27.0) buildkit 0.27.0 Welcome to the v0.27.0 release of buildkit! Please try out the release binaries and report any issues at <https://github.com/moby/buildkit/issues>. ##### Contributors - Tõnis Tiigi - CrazyMax - Akihiro Suda - Sebastiaan van Stijn - Justin Chadwell - Jonathan A. Sternberg - David Karlsson - Dawei Wei - Natnael Gebremariam - Aleksandr Karpinskii - Amr Mahdi - Brian Goff - Joyal George K J - Matt Coster - Roberto Villarreal - Rodolfo Carvalho - Silvin Lubecki - Tiger Kaovilai ##### Notable Changes - Built-in Dockerfile frontend has been updated to [v1.21.0](https://github.com/moby/buildkit/releases/tag/dockerfile%2F1.21.0) - This is a first version of BuildKit with signed release images and artifacts built using [Docker Github Builder](https://github.com/docker/github-builder-experimental) - Allow convert decisions from Session Source Policy implementations [#&#8203;6427](https://github.com/moby/buildkit/issues/6427) - Github Cache backend now support optional signed cache that is cryptographically verified on import [#&#8203;6397](https://github.com/moby/buildkit/issues/6397) - Provide a gateway interface for reading container filesystems during builds [#&#8203;6262](https://github.com/moby/buildkit/issues/6262) - Push registry remote cache blobs in parallel for faster uploads [#&#8203;6455](https://github.com/moby/buildkit/issues/6455) - Cache attestation chain pull-through responses for better performance [#&#8203;6435](https://github.com/moby/buildkit/issues/6435) - Allow custom `AuthConfig` providers in client [#&#8203;6408](https://github.com/moby/buildkit/issues/6408) - Surface policy deny messages in build errors [#&#8203;6458](https://github.com/moby/buildkit/issues/6458) - Fix Git 2.52 support for matching some error conditions [#&#8203;6452](https://github.com/moby/buildkit/issues/6452) - Expose the build reference in exporter buildinfo [#&#8203;6424](https://github.com/moby/buildkit/issues/6424) - Improve expired keys handling in Git signature verification [#&#8203;6412](https://github.com/moby/buildkit/issues/6412) - Cache gateway forwarder mounts and deduplicate snapshot responses [#&#8203;6387](https://github.com/moby/buildkit/issues/6387) - Remove development gateway frontend options in favor of build-contexts [#&#8203;6350](https://github.com/moby/buildkit/issues/6350) - Prevent status stream from closing too early by using an inactivity timeout [#&#8203;6396](https://github.com/moby/buildkit/issues/6396) - Recover from history.db corruption [#&#8203;6371](https://github.com/moby/buildkit/issues/6371) - Fix xattr copy failures on SELinux systems [#&#8203;6015](https://github.com/moby/buildkit/issues/6015) - Fix error return when requesting attestation from non-index image [#&#8203;6473](https://github.com/moby/buildkit/issues/6473) - Fix possible "digest not found" error when fetching attestation chain due to missing lease [#&#8203;6464](https://github.com/moby/buildkit/issues/6464) - Fix Windows copy operations around protected files [#&#8203;6369](https://github.com/moby/buildkit/issues/6369) - Fix possible race condition in gateway bridge forwarder [#&#8203;6355](https://github.com/moby/buildkit/issues/6355) - Fix concurrency in source policy evaluation to prevent parallel panics [#&#8203;6448](https://github.com/moby/buildkit/issues/6448) ##### Dependency Changes - **cyphar.com/go-pathrs** v0.2.1 ***new*** - **github.com/Azure/azure-sdk-for-go/sdk/azcore** v1.18.2 -> v1.20.0 - **github.com/Azure/azure-sdk-for-go/sdk/azidentity** v1.11.0 -> v1.13.1 - **github.com/AzureAD/microsoft-authentication-library-for-go** v1.4.2 -> v1.6.0 - **github.com/asaskevich/govalidator** [`a9d515a`](https://github.com/moby/buildkit/commit/a9d515a09cc2) ***new*** - **github.com/aws/aws-sdk-go-v2** v1.38.1 -> v1.39.6 - **github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream** v1.7.0 -> v1.7.2 - **github.com/aws/aws-sdk-go-v2/config** v1.31.3 -> v1.31.20 - **github.com/aws/aws-sdk-go-v2/credentials** v1.18.7 -> v1.18.24 - **github.com/aws/aws-sdk-go-v2/feature/ec2/imds** v1.18.4 -> v1.18.13 - **github.com/aws/aws-sdk-go-v2/internal/configsources** v1.4.4 -> v1.4.13 - **github.com/aws/aws-sdk-go-v2/internal/endpoints/v2** v2.7.4 -> v2.7.13 - **github.com/aws/aws-sdk-go-v2/internal/ini** v1.8.3 -> v1.8.4 - **github.com/aws/aws-sdk-go-v2/internal/v4a** v1.4.4 -> v1.4.12 - **github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding** v1.13.0 -> v1.13.3 - **github.com/aws/aws-sdk-go-v2/service/internal/checksum** v1.8.4 -> v1.9.3 - **github.com/aws/aws-sdk-go-v2/service/internal/presigned-url** v1.13.4 -> v1.13.13 - **github.com/aws/aws-sdk-go-v2/service/internal/s3shared** v1.19.4 -> v1.19.12 - **github.com/aws/aws-sdk-go-v2/service/s3** v1.87.1 -> v1.89.1 - **github.com/aws/aws-sdk-go-v2/service/sso** v1.28.2 -> v1.30.3 - **github.com/aws/aws-sdk-go-v2/service/ssooidc** v1.34.0 -> v1.35.7 - **github.com/aws/aws-sdk-go-v2/service/sts** v1.38.0 -> v1.40.2 - **github.com/aws/smithy-go** v1.22.5 -> v1.23.2 - **github.com/blang/semver** v3.5.1 ***new*** - **github.com/cloudflare/circl** v1.6.0 -> v1.6.1 - **github.com/containerd/cgroups/v3** v3.1.0 -> v3.1.2 - **github.com/containerd/containerd/v2** v2.2.0 -> v2.2.1 - **github.com/containerd/fuse-overlayfs-snapshotter/v2** v2.1.6 -> v2.1.7 - **github.com/containerd/nydus-snapshotter** v0.15.4 -> v0.15.10 - **github.com/cyberphone/json-canonicalization** [`19d51d7`](https://github.com/moby/buildkit/commit/19d51d7fe467) ***new*** - **github.com/cyphar/filepath-securejoin** v0.6.0 ***new*** - **github.com/digitorus/pkcs7** [`3a137a8`](https://github.com/moby/buildkit/commit/3a137a874352) ***new*** - **github.com/digitorus/timestamp** [`220c5c2`](https://github.com/moby/buildkit/commit/220c5c2851b7) ***new*** - **github.com/docker/cli** v28.5.0 -> v29.1.4 - **github.com/docker/docker-credential-helpers** v0.9.3 -> v0.9.5 - **github.com/go-openapi/analysis** v0.24.1 ***new*** - **github.com/go-openapi/errors** v0.22.4 ***new*** - **github.com/go-openapi/jsonpointer** v0.22.1 ***new*** - **github.com/go-openapi/jsonreference** v0.21.3 ***new*** - **github.com/go-openapi/loads** v0.23.2 ***new*** - **github.com/go-openapi/runtime** v0.29.2 ***new*** - **github.com/go-openapi/spec** v0.22.1 ***new*** - **github.com/go-openapi/strfmt** v0.25.0 ***new*** - **github.com/go-openapi/swag** v0.25.3 ***new*** - **github.com/go-openapi/swag/cmdutils** v0.25.3 ***new*** - **github.com/go-openapi/swag/conv** v0.25.3 ***new*** - **github.com/go-openapi/swag/fileutils** v0.25.3 ***new*** - **github.com/go-openapi/swag/jsonname** v0.25.3 ***new*** - **github.com/go-openapi/swag/jsonutils** v0.25.3 ***new*** - **github.com/go-openapi/swag/loading** v0.25.3 ***new*** - **github.com/go-openapi/swag/mangling** v0.25.3 ***new*** - **github.com/go-openapi/swag/netutils** v0.25.3 ***new*** - **github.com/go-openapi/swag/stringutils** v0.25.3 ***new*** - **github.com/go-openapi/swag/typeutils** v0.25.3 ***new*** - **github.com/go-openapi/swag/yamlutils** v0.25.3 ***new*** - **github.com/go-openapi/validate** v0.25.1 ***new*** - **github.com/go-viper/mapstructure/v2** v2.4.0 ***new*** - **github.com/google/certificate-transparency-go** v1.3.2 ***new*** - **github.com/google/go-containerregistry** v0.20.6 ***new*** - **github.com/grafana/regexp** [`a468a5b`](https://github.com/moby/buildkit/commit/a468a5bfb3bc) ***new*** - **github.com/grpc-ecosystem/grpc-gateway/v2** v2.27.2 -> v2.27.3 - **github.com/in-toto/attestation** v1.1.2 ***new*** - **github.com/klauspost/compress** v1.18.1 -> v1.18.2 - **github.com/moby/go-archive** v0.1.0 -> v0.2.0 - **github.com/moby/policy-helpers** [`bcaa71c`](https://github.com/moby/buildkit/commit/bcaa71c99f14) -> [`9fcc1a9`](https://github.com/moby/buildkit/commit/9fcc1a9ec5c9) - **github.com/oklog/ulid** v1.3.1 ***new*** - **github.com/opencontainers/runtime-spec** v1.2.1 -> v1.3.0 - **github.com/opencontainers/runtime-tools** [`0ea5ed0`](https://github.com/moby/buildkit/commit/0ea5ed0382a2) -> [`edf4cb3`](https://github.com/moby/buildkit/commit/edf4cb3d2116) - **github.com/opencontainers/selinux** v1.12.0 -> v1.13.1 - **github.com/prometheus/otlptranslator** v0.0.2 ***new*** - **github.com/prometheus/procfs** v0.16.1 -> v0.17.0 - **github.com/sigstore/protobuf-specs** v0.5.0 ***new*** - **github.com/sigstore/rekor** v1.4.3 ***new*** - **github.com/sigstore/rekor-tiles/v2** v2.0.1 ***new*** - **github.com/sigstore/sigstore** v1.10.0 ***new*** - **github.com/sigstore/sigstore-go** [`b5fe07a`](https://github.com/moby/buildkit/commit/b5fe07a5a7d7) ***new*** - **github.com/sigstore/timestamp-authority/v2** v2.0.2 ***new*** - **github.com/sirupsen/logrus** v1.9.3 -> v1.9.4 - **github.com/spdx/tools-golang** v0.5.5 -> v0.5.7 - **github.com/theupdateframework/go-tuf/v2** v2.3.0 ***new*** - **github.com/tonistiigi/fsutil** [`586307a`](https://github.com/moby/buildkit/commit/586307ad452f) -> [`a2aa163`](https://github.com/moby/buildkit/commit/a2aa163d723f) - **github.com/tonistiigi/go-actions-cache** [`378c5ed`](https://github.com/moby/buildkit/commit/378c5ed1ddd9) -> [`54bc28c`](https://github.com/moby/buildkit/commit/54bc28c26fd2) - **github.com/transparency-dev/formats** [`404c0d5`](https://github.com/moby/buildkit/commit/404c0d5b696c) ***new*** - **github.com/transparency-dev/merkle** v0.0.2 ***new*** - **go.mongodb.org/mongo-driver** v1.17.6 ***new*** - **go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc** v0.61.0 -> v0.63.0 - **go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace** v0.61.0 -> v0.63.0 - **go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp** v0.61.0 -> v0.63.0 - **go.opentelemetry.io/otel/exporters/prometheus** v0.42.0 -> v0.60.0 - **go.yaml.in/yaml/v2** v2.4.2 -> v2.4.3 - **go.yaml.in/yaml/v3** v3.0.4 ***new*** - **golang.org/x/term** v0.38.0 ***new*** - **google.golang.org/genproto/googleapis/api** [`c5933d9`](https://github.com/moby/buildkit/commit/c5933d9347a5) -> [`f26f940`](https://github.com/moby/buildkit/commit/f26f9409b101) - **google.golang.org/genproto/googleapis/rpc** [`c5933d9`](https://github.com/moby/buildkit/commit/c5933d9347a5) -> [`f26f940`](https://github.com/moby/buildkit/commit/f26f9409b101) - **kernel.org/pub/linux/libs/security/libcap/cap** v1.2.76 -> v1.2.77 - **kernel.org/pub/linux/libs/security/libcap/psx** v1.2.76 -> v1.2.77 - **tags.cncf.io/container-device-interface** v1.0.1 -> v1.1.0 - **tags.cncf.io/container-device-interface/specs-go** v1.0.0 -> v1.1.0 Previous release can be found at [v0.26.3](https://github.com/moby/buildkit/releases/tag/v0.26.3) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS40My43IiwidXBkYXRlZEluVmVyIjoiNDMuOTYuMCIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6W119-->
renovate-bot bot scheduled this pull request to auto merge when all checks succeed 2026-01-22 00:01:58 +01:00
renovate-bot bot changed title from Update dependency buildkit to v0.27.0 to Update dependency buildkit to v0.27.1 2026-01-29 12:17:25 +01:00
renovate-bot bot force-pushed renovate/buildkit-0.x from 4d0180b7d6
Some checks failed
/ check (pull_request) Failing after 10s
Details
to c5f9bfaf9c
Some checks failed
/ check (pull_request) Failing after 7s
Details
2026-01-29 12:17:37 +01:00 Compare
renovate-bot bot changed title from Update dependency buildkit to v0.27.1 to Update dependency buildkit to v0.28.0 2026-03-03 21:01:37 +01:00
renovate-bot bot force-pushed renovate/buildkit-0.x from c5f9bfaf9c
Some checks failed
/ check (pull_request) Failing after 7s
Details
to 83c0da2783
Some checks failed
/ check (pull_request) Failing after 11s
Details
2026-03-03 21:01:38 +01:00 Compare
renovate-bot bot force-pushed renovate/buildkit-0.x from 83c0da2783
Some checks failed
/ check (pull_request) Failing after 11s
Details
to 68ee84c067
Some checks failed
/ check (pull_request) Failing after 7s
Details
2026-03-25 14:32:10 +01:00 Compare
renovate-bot bot changed title from Update dependency buildkit to v0.28.0 to Update dependency buildkit to v0.28.1 2026-03-25 14:32:10 +01:00
renovate-bot bot changed title from Update dependency buildkit to v0.28.1 to Update dependency buildkit to v0.29.0 2026-03-31 14:47:24 +02:00
renovate-bot bot force-pushed renovate/buildkit-0.x from 68ee84c067
Some checks failed
/ check (pull_request) Failing after 7s
Details
to 1965019fcc
All checks were successful
/ check (pull_request) Successful in 42s
Details
2026-03-31 14:47:24 +02:00 Compare
renovate-bot bot merged commit cd18bde58d into master 2026-04-01 17:48:41 +02:00
renovate-bot bot deleted branch renovate/buildkit-0.x 2026-04-01 17:48:41 +02:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
lucas/forgejo-actions-buildkit-image!12
No description provided.