Skip to content

Bump the go-dependencies group across 1 directory with 6 updates#1680

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-dependencies-d7ec95a2bd
Open

Bump the go-dependencies group across 1 directory with 6 updates#1680
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-dependencies-d7ec95a2bd

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 23, 2026

Copy link
Copy Markdown
Contributor

Bumps the go-dependencies group with 6 updates in the / directory:

Package From To
github.com/moby/buildkit 0.30.0 0.31.0
github.com/moby/moby/api 1.54.2 1.55.0
github.com/moby/moby/client 0.4.1 0.5.0
github.com/osscontainertools/kaniko 1.27.5 1.27.6
golang.org/x/sync 0.20.0 0.21.0
golang.org/x/sys 0.45.0 0.46.0

Updates github.com/moby/buildkit from 0.30.0 to 0.31.0

Release notes

Sourced from github.com/moby/buildkit's releases.

v0.31.0

buildkit 0.31.0

Welcome to the v0.31.0 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Contributors

  • Tõnis Tiigi
  • CrazyMax
  • Sebastiaan van Stijn
  • Bjorn Neergaard
  • Jonathan A. Sternberg
  • Akihiro Suda
  • Bryce Gibson
  • Ava Barron
  • Brian Goff
  • Jiří Moravčík
  • ZRHann
  • Kevin NZUGUEM
  • Maya Chen
  • Natnael Gebremariam
  • Sai Kiran Maggidi
  • okhowang(王沛文)

Notable Changes

  • Built-in Dockerfile frontend has been updated to v1.25.0 changelog
  • Exec steps now support a network proxy feature where all container traffic will be routed through an HTTP proxy server. This allows capturing the network traffic for inspection in build progress and provenance attestation. Source policies can define the requests that build containers are allowed to make and the ones that should be blocked. Network proxy can be enabled for the whole BuildKit daemon or enabled on a per-build basis. #6858 #6816 #6740 #6863
  • The local exporter now supports a mode=delete attribute which will replace the destination directory with the contents of the build result instead of merging it. Similar to the --delete flag in rsync. #6561 #6864
  • LLB APIs now support per-step resource limits for CPU and memory. #6569
  • LLB APIs support a new Passthrough operation that allows defining dependency build graph branches that are required to be built but do not add any outputs to the final result. The state.Requires() client helper can be used to define such dependencies in the build graph. #6829
  • All image results now default to using OCI media types. Previously this was applied based on whether annotations or attestations were needed. oci-mediatypes=false can be used for legacy Docker media types. This change raises the compatibility version of BuildKit v0.31.0 to 30. #6824
  • Local cache exporter now supports the reset option to clear the unreferenced existing cache. #6612
  • The local build result outputs now use a new implementation with better security guarantees in case the destination directory is mutated externally during the transfer. #6561
  • New build metrics about build counts and durations have been added to the OTEL provider. #6736
  • Parallel request limits for registry connections can now be set via configuration file. #6776
  • In special modes where the client does not expose the session connection to transfer credentials, builds can now still fall back to anonymous registry auth instead of erroring. #6760
  • Embedded binfmt emulators in the release image have been updated to QEMU v10.2.3. #6846
  • Runc container runtime has been updated to v1.3.6
  • Created attestations now use in-toto v1 statement format. #6823
  • Due to the upgraded CLI library, the internal buildctl completion scripts flag --generate-bash-completion is no longer supported and has been replaced with --generate-shell-completion. #6848
  • Fix an issue in default GC policy rules where the first rule for prioritizing releasing cache mounts and local sources did not apply. #6856
  • Fix an issue where parent directories could be created with incorrect permissions due to system umask when using BuildKit embedded in Dockerd. #6828
  • Fix possible segfault from race condition when HTTP server returned 401 error. #6791
  • Fix source policy exact match rules losing the destination value during conversion. #6861

... (truncated)

Commits
  • c411f0a Merge pull request #6876 from thaJeztah/bump_runc
  • f292e5c Dockerfile: update runc binary to v1.3.6
  • d31ba4a Merge pull request #6867 from okhowang/fix/platforms-data-race
  • e819928 Merge pull request #6869 from crazy-max/update-policy-helpers
  • e4d0dba chore: update generated files
  • c13539b vendor: update policy-helpers to d5411a945cfc
  • f4f035c Merge pull request #6864 from crazy-max/mode-delete-old-daemon
  • e26b5d4 fix: add mutex to protect Worker.Platforms from data race
  • 9176018 Merge pull request #6861 from ZRHann/fix-sourcepolicy-exact-convert
  • 128c322 Merge pull request #6863 from tonistiigi/exec-proxy-cni-dial-update
  • Additional commits viewable in compare view

Updates github.com/moby/moby/api from 1.54.2 to 1.55.0

Release notes

Sourced from github.com/moby/moby/api's releases.

api/v1.55.0

1.55.0

Changelog

  • POST /containers/{id}/update now supports per-device blkio resource settingss. moby/moby#52651
  • The new GET /images/{name}/attestations endpoint returns in-toto attestation statements (such as SLSA provenance and SPDX SBOM) attached to an image, with optional platform selection, predicate type filtering, and an opt-in statement query parameter for retrieving the verbatim statement bodies. Tools can now retrieve attestation metadata and content directly from the daemon instead of performing additional registry round-trips. moby/moby#52636
  • docs: clarify swarm join required fields. moby/moby#52763

api/v1.55.0-rc.1

1.55.0-rc.1

Changelog

  • POST /containers/{id}/update now supports per-device blkio resource settingss. moby/moby#52651
  • The new GET /images/{name}/attestations endpoint returns in-toto attestation statements (such as SLSA provenance and SPDX SBOM) attached to an image, with optional platform selection, predicate type filtering, and an opt-in statement query parameter for retrieving the verbatim statement bodies. Tools can now retrieve attestation metadata and content directly from the daemon instead of performing additional registry round-trips. moby/moby#52636
  • docs: clarify swarm join required fields. moby/moby#52763
Commits
  • b6c53c2 Merge pull request #52773 from vvoland/c8d-amd64-variants
  • 01115e8 Merge pull request #52906 from vvoland/fix-TestContainerWithConflictingNoneNe...
  • b36296f Merge pull request #52913 from thaJeztah/windows_does_stats
  • a81aa78 TestContainerWithConflictingNoneNetwork: Extend Windows timeout
  • 908a35a Merge pull request #52914 from thaJeztah/no_stderr
  • 04d33b5 Merge pull request #52912 from thaJeztah/cleanup_GenerateRandomAlphaOnlyString
  • 3b2f557 Merge pull request #52722 from notandruu/integration/migrate-TestInspectAPIIm...
  • 62b3aae Merge pull request #52901 from vvoland/c8d-imageusage
  • 11d3342 integration-cli: un-skip stats tests on Windows
  • a47b1b2 Merge pull request #52891 from smerkviladze/attestations-clearer-blob-missing...
  • Additional commits viewable in compare view

Updates github.com/moby/moby/client from 0.4.1 to 0.5.0

Release notes

Sourced from github.com/moby/moby/client's releases.

client/0.5.0

0.5.0

Changelog

  • The new GET /images/{name}/attestations endpoint returns in-toto attestation statements (such as SLSA provenance and SPDX SBOM) attached to an image, with optional platform selection, predicate type filtering, and an opt-in statement query parameter for retrieving the verbatim statement bodies. Tools can now retrieve attestation metadata and content directly from the daemon instead of performing additional registry round-trips. moby/moby#52636

client/v0.5.0-rc.1

0.5.0-rc.1

Changelog

  • The new GET /images/{name}/attestations endpoint returns in-toto attestation statements (such as SLSA provenance and SPDX SBOM) attached to an image, with optional platform selection, predicate type filtering, and an opt-in statement query parameter for retrieving the verbatim statement bodies. Tools can now retrieve attestation metadata and content directly from the daemon instead of performing additional registry round-trips. moby/moby#52636
Changelog

Sourced from github.com/moby/moby/client's changelog.

0.5.0 (2013-07-17)

  • Runtime: List all processes running inside a container with 'docker top'
  • Runtime: Host directories can be mounted as volumes with 'docker run -v'
  • Runtime: Containers can expose public UDP ports (eg, '-p 123/udp')
  • Runtime: Optionally specify an exact public port (eg. '-p 80:4500')
  • Registry: New image naming scheme inspired by Go packaging convention allows arbitrary combinations of registries
  • Builder: ENTRYPOINT instruction sets a default binary entry point to a container
  • Builder: VOLUME instruction marks a part of the container as persistent data
  • Builder: 'docker build' displays the full output of a build by default
  • Runtime: 'docker login' supports additional options
  • Runtime: Dont save a container's hostname when committing an image.
  • Registry: Fix issues when uploading images to a private registry

0.4.8 (2013-07-01)

  • Builder: New build operation ENTRYPOINT adds an executable entry point to the container.
  • Runtime: Fix a bug which caused 'docker run -d' to no longer print the container ID.
  • Tests: Fix issues in the test suite

0.4.7 (2013-06-28)

  • Registry: easier push/pull to a custom registry
  • Remote API: the progress bar updates faster when downloading and uploading large files
  • Remote API: fix a bug in the optional unix socket transport
  • Runtime: improve detection of kernel version
  • Runtime: host directories can be mounted as volumes with 'docker run -b'
  • Runtime: fix an issue when only attaching to stdin
  • Runtime: use 'tar --numeric-owner' to avoid uid mismatch across multiple hosts
  • Hack: improve test suite and dev environment
  • Hack: remove dependency on unit tests on 'os/user'
  • Documentation: add terminology section

0.4.6 (2013-06-22)

  • Runtime: fix a bug which caused creation of empty images (and volumes) to crash.

0.4.5 (2013-06-21)

  • Builder: 'docker build git://URL' fetches and builds a remote git repository
  • Runtime: 'docker ps -s' optionally prints container size
  • Tests: Improved and simplified
  • Runtime: fix a regression introduced in 0.4.3 which caused the logs command to fail.
  • Builder: fix a regression when using ADD with single regular file.

0.4.4 (2013-06-19)

  • Builder: fix a regression introduced in 0.4.3 which caused builds to fail on new clients.

0.4.3 (2013-06-19)

  • Builder: ADD of a local file will detect tar archives and unpack them
  • Runtime: Remove bsdtar dependency
  • Runtime: Add unix socket and multiple -H support
  • Runtime: Prevent rm of running containers
  • Runtime: Use go1.1 cookiejar
  • Builder: ADD improvements: use tar for copy + automatically unpack local archives

... (truncated)

Commits
  • 51f6c4a Merge pull request #1227 from dotcloud/bump_0.5.0
  • f4eaec3 Merge pull request #1226 from metalivedev/easydockerfile
  • b083418 change -b -> -v and add udp example
  • 5794857 Merge pull request #1169 from crosbymichael/buildfile-tests
  • e7f3f6f Add unit tests for buildfile config instructions
  • aa56714 Make dockerfile docs easier to find. Clean up formatting.
  • f8dfd0a Merge pull request #1225 from dotcloud/hotfix_docker_rmi
  • 3dbf9c6 Merge pull request #1219 from metalivedev/docs-repoupdate
  • de563a3 Merge pull request #1194 from crosbymichael/build-verbose
  • 9cf2b41 change rm usage in docs
  • Additional commits viewable in compare view

Updates github.com/osscontainertools/kaniko from 1.27.5 to 1.27.6

Release notes

Sourced from github.com/osscontainertools/kaniko's releases.

v1.27.6

Community Update

@​vidbregar made their first contribution in osscontainertools/kaniko#763

Also many thanks to @​cmellazchy, @​pstoeckle, @​nphantasm, and @​YevheniiSemendiak for reporting issues fixed in this release.

An extraordinary thank you to @​0hlov3 for reviewing 11 PRs this cycle.

What's Changed

Security

Bugfixes

Standardization

Caching

Usability

Maintenance

... (truncated)

Changelog

Sourced from github.com/osscontainertools/kaniko's changelog.

v1.27.6 Release 2026-06-05

Community Update

@​vidbregar made their first contribution in osscontainertools/kaniko#763

Also many thanks to @​cmellazchy, @​pstoeckle, @​nphantasm, and @​YevheniiSemendiak for reporting issues fixed in this release.

An extraordinary thank you to @​0hlov3 for reviewing 11 PRs this cycle.

What's Changed

Security

Bugfixes

Standardization

Caching

Usability

Maintenance

... (truncated)

Commits
  • 08e7e84 Merge pull request #765 from osscontainertools/release-v1.27.6
  • 50a43e0 release
  • 9ac990d Merge pull request #766 from osscontainertools/bump-x-crypto-0.52.0
  • 240a690 build(deps): bump golang.org/x/crypto from 0.51.0 to 0.52.0
  • c7d82c6 Merge pull request #764 from osscontainertools/dependabot/go_modules/gomod-7c...
  • dd21c19 build(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager
  • da03cd3 mz762: don't match absolute paths outside build context in ExcludesFile (#763)
  • 63b3309 Merge pull request #732 from osscontainertools/mz731-reproducible-preserves-b...
  • cee0bf0 build(deps): bump the gomod group across 1 directory with 4 updates (#761)
  • e4df449 cache lookahead - part 2 (#674)
  • Additional commits viewable in compare view

Updates golang.org/x/sync from 0.20.0 to 0.21.0

Commits

Updates golang.org/x/sys from 0.45.0 to 0.46.0

Commits

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
github.com/moby/buildkit [>= 0.20.a, < 0.21]
github.com/moby/buildkit [>= 0.30.a, < 0.31]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the go-dependencies group across 1 directory with 6 updates
ff47341 
Bumps the go-dependencies group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/moby/buildkit](https://github.com/moby/buildkit) | `0.30.0` | `0.31.0` |
| [github.com/moby/moby/api](https://github.com/moby/moby) | `1.54.2` | `1.55.0` |
| [github.com/moby/moby/client](https://github.com/moby/moby) | `0.4.1` | `0.5.0` |
| [github.com/osscontainertools/kaniko](https://github.com/osscontainertools/kaniko) | `1.27.5` | `1.27.6` |
| [golang.org/x/sync](https://github.com/golang/sync) | `0.20.0` | `0.21.0` |
| [golang.org/x/sys](https://github.com/golang/sys) | `0.45.0` | `0.46.0` |



Updates `github.com/moby/buildkit` from 0.30.0 to 0.31.0
- [Release notes](https://github.com/moby/buildkit/releases)
- [Commits](moby/buildkit@v0.30.0...v0.31.0)

Updates `github.com/moby/moby/api` from 1.54.2 to 1.55.0
- [Release notes](https://github.com/moby/moby/releases)
- [Commits](moby/moby@api/v1.54.2...api/v1.55.0)

Updates `github.com/moby/moby/client` from 0.4.1 to 0.5.0
- [Release notes](https://github.com/moby/moby/releases)
- [Changelog](https://github.com/moby/moby/blob/v0.5.0/CHANGELOG.md)
- [Commits](moby/moby@v0.4.1...v0.5.0)

Updates `github.com/osscontainertools/kaniko` from 1.27.5 to 1.27.6
- [Release notes](https://github.com/osscontainertools/kaniko/releases)
- [Changelog](https://github.com/osscontainertools/kaniko/blob/main/CHANGELOG.md)
- [Commits](osscontainertools/kaniko@v1.27.5...v1.27.6)

Updates `golang.org/x/sync` from 0.20.0 to 0.21.0
- [Commits](golang/sync@v0.20.0...v0.21.0)

Updates `golang.org/x/sys` from 0.45.0 to 0.46.0
- [Commits](golang/sys@v0.45.0...v0.46.0)

---
updated-dependencies:
- dependency-name: github.com/moby/buildkit
  dependency-version: 0.31.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/moby/moby/api
  dependency-version: 1.55.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/moby/moby/client
  dependency-version: 0.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/osscontainertools/kaniko
  dependency-version: 1.27.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: golang.org/x/sync
  dependency-version: 0.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: golang.org/x/sys
  dependency-version: 0.46.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 23, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 23, 2026 23:13
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants