Skip to content

build(deps): bump github.com/docker/buildx from 0.8.2 to 0.10.2#29

Closed
dependabot[bot] wants to merge 1 commit intov2from
dependabot/go_modules/github.com/docker/buildx-0.10.2
Closed

build(deps): bump github.com/docker/buildx from 0.8.2 to 0.10.2#29
dependabot[bot] wants to merge 1 commit intov2from
dependabot/go_modules/github.com/docker/buildx-0.10.2

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Jan 31, 2023

Bumps github.com/docker/buildx from 0.8.2 to 0.10.2.

Release notes

Sourced from github.com/docker/buildx's releases.

v0.10.2

Welcome to the 0.10.2 release of buildx!

Please try out the release binaries and report any issues at https://github.com/docker/buildx/issues.

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and Lambda). You can optionally disable the default provenance attestation functionality using --provenance=false.

Notable changes

  • Fix preferred platforms order not taken into account in multi-node builds #1561
  • Fix possible panic on handling SOURCE_DATE_EPOCH environment variable #1564
  • Fix possible push error on multi-node manifest merge since BuildKit v0.11 on some registries #1566
  • Improve warnings on collecting Git provenance info #1568

v0.10.1

Welcome to the 0.10.1 release of buildx!

Please try out the release binaries and report any issues at https://github.com/docker/buildx/issues.

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and Lambda). You can optionally disable the default provenance attestation functionality using --provenance=false.

Notable changes

  • Fix sending the correct origin URL as vsc:source metadata #1548
  • Fix possible panic from data-race #1504
  • Fix regression with rm --all-inactive #1547
  • Improve attestation access in imagetools inspect by lazily loading data #1546
  • Correctly mark capabilities request as internal #1538
  • Detect invalid attestation configuration #1545
  • Update containerd patches to fix possible push regression affecting imagetools commands #1559

Dependency Changes

  • github.com/containerd/containerd v1.6.14 -> 1709cfe273d9
  • github.com/moby/buildkit v0.11.0 -> v0.11.2

Previous release can be found at v0.10.0

v0.10.0

Welcome to the 0.10.0 release of buildx!

Please try out the release binaries and report any issues at https://github.com/docker/buildx/issues.

... (truncated)

Commits
  • 00ed17d Merge pull request #1569 from tonistiigi/v0.10.2-picks
  • cfb71fa build: better message output for git provenance
  • f623427 build: silently fail if git remote not found
  • 7776652 build: fix multi-node merge to read descriptor from result
  • 5a4f80f bake: SOURCE_DATE_EPOCH: fix panic: assignment to entry in nil map
  • b5ea79e build: fix preferred platform not taken account
  • 481796f Merge pull request #1556 from crazy-max/0.10.1_cherry_picks
  • 0090d49 vendor: update buildkit to v0.11.2
  • 389ac0c build: set remote origin url
  • 2bb8ce2 build: create error group per opt
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump github.com/docker/buildx from 0.8.2 to 0.10.2
9c55c49 
Bumps [github.com/docker/buildx](https://github.com/docker/buildx) from 0.8.2 to 0.10.2.
- [Release notes](https://github.com/docker/buildx/releases)
- [Commits](docker/buildx@v0.8.2...v0.10.2)

---
updated-dependencies:
- dependency-name: github.com/docker/buildx
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jan 31, 2023
@dependabot dependabot bot mentioned this pull request Jan 31, 2023
Closed
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Feb 17, 2023

Superseded by #33.

@dependabot dependabot bot closed this Feb 17, 2023
@dependabot dependabot bot deleted the dependabot/go_modules/github.com/docker/buildx-0.10.2 branch February 17, 2023 01:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants