Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build(deps): bump github.com/moby/buildkit from 0.9.3 to 0.10.0 #4958

Merged

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 9, 2022

Bumps github.com/moby/buildkit from 0.9.3 to 0.10.0.

Release notes

Sourced from github.com/moby/buildkit's releases.

v0.10.0

Welcome to the v0.10.0 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Notable changes:

  • New LLB operation MergeOp allows efficiently chaining groups of layers together without the need to access the individual files. This allows to build layers separately and merge them together later without making them depend on each other. MergeOp can work with remote references, for example, it can be used to rebase an image on top of a newer base image without ever pulling or pushing any layers. #2335 #2614

  • New LLB operation DiffOp allows computing a difference between two points in LLB graph containing the files that have been added and whiteouts for files that have been removed. When DiffOp inputs are based on the same layer chain DiffOp can work directly with remote layer references and doesn't need to pull layers to access individual files. Files of the DiffOp result can be accessed directly or used as input to a MergeOp. #2517 #2434 #2563

  • New build information structures are generated with build metadata that allows you to see all the sources (images, git repositories) that were used by the build with their exact versions and also the configuration that was passed to the build. This information can also be embedded into the image configuration if one is generated. Build sources are added to the image config by default. The build configuration is not currently embedded by default to avoid credential leaks in poorly written Dockerfiles but the intention is to enable it in the future. #2311 #2476 #2654 #2657 #2645 #2684

  • Empty layer removal feature on exporting images has been removed because it caused history to change after remote cache import #2651

  • When possible, blobs are now created with native OverlayFS differ with increased performance. This Differ can directly use files in OverlayFS upper directory instead of scanning for differences between snapshots. #2181 #2491 #2480 #2388 #2390 #2662

  • Frontends can now send warning messages that are shown on the progressbar. Warnings can be associated with specific LLB vertex and contain additional information like URL to documentation or location in original source code. #2482 #2498

  • Layer blobs can now be exported in Zstd compression format with -o compression=zstd. Zstd provides smaller files and faster decompression than gzip. #2344

  • Layers can now be exported with eStargz compression type -o compression=estargz #2246 #2603 #2352 #2674

  • A compression level can be set with -o compression-level=N to configure the compressor when new layer blobs are created. This can be used to create smaller blobs by spending more time on the compression step. #2591

  • Remote cache inlined in image configuration now supports arbitrary configuration of image layers as cache sources #2501

  • Enable eStargz-based lazy pulling on registry cache importer #2648

  • Support exporting non-distributable blob descriptors. -o prefer-nondist-layers=true exports layer with a non-distributable mediatype and external URL if such URL was provided when blob was pulled from the remote registry. Descriptors with non-distributable mediatypes are skipped on push. #2561

  • Build metadata now provides access to OCI descriptor of the result if one was generated. Previously only digest of the descriptor could be accessed. #2610

  • Builder now understands AMD64 Microarchitecture levels, e.g. linux/amd64/v2, linux/amd64/v4. The default variant remains v1 and is normalized to linux/amd64. These variants allow creating more optimized versions of your images that run when the container is running on a more modern CPU. #2588

  • LLB now supports progress groups for grouping multiple steps together so they appear as the same row in build progress #2513

  • LLB ExecOp now supports build secrets that are exposed as environment variables #2579

  • Interactive container API now supports sending signals to processes from the client #2590

  • Logs now use a rolling buffer to show the last logs for a process that ended with an error even if regular logs have been clipped because they have reached the max-logs limit. #2577

  • Remote cache exporting now support setting the same compression options available to image outputs #2685

  • Frontends can now access their own definition and call additional processes on their own image #2443

... (truncated)

Commits
  • 068cf68 Merge pull request #2684 from crazy-max/fix-buildinfo-deps-sources
  • 49aa39c buildinfo: merge build sources for deps
  • bffd728 Merge pull request #2712 from ktock/fixcachecleanup
  • c7f2e40 Apply ensurePruneAll to other tests as well
  • bbf149b Merge pull request #2710 from sipsma/fix-diffapply-overwrite
  • 53722cc diffapply: make overwritten dirs opaque.
  • fdecd0a Merge pull request #2708 from sipsma/fix-plain-progress
  • e0304db test: deflake CacheImportExport tests
  • f2ccccc Merge pull request #2709 from ktock/stargz-snapshotter-v0.11.2
  • 823c76b Bump stargz-snapshotter to v0.11.2
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.9.3 to 0.10.0.
- [Release notes](https://github.com/moby/buildkit/releases)
- [Commits](moby/buildkit@v0.9.3...v0.10.0)

---
updated-dependencies:
- dependency-name: github.com/moby/buildkit
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 9, 2022
@kicsbot
Copy link
Contributor

kicsbot commented Mar 9, 2022

Scan submitted to Checkmarx

@kicsbot
Copy link
Contributor

kicsbot commented Mar 9, 2022

Logo
Checkmarx SAST - Scan Summary & Details

Cx-SAST Summary

Total of 5 vulnerabilities
High 0 High
Medium 0 Medium
Low 5 Low
Info 0 Info

Violation Summary

No policy violation found

@joaoReigota1 joaoReigota1 merged commit 77bd77c into master Mar 10, 2022
@joaoReigota1 joaoReigota1 deleted the dependabot/go_modules/github.com/moby/buildkit-0.10.0 branch March 10, 2022 09:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants