chore(deps): bump github.com/moby/buildkit from 0.28.1 to 0.29.0 by dependabot[bot] · Pull Request #389 · stacklok/frizbee

dependabot · 2026-04-01T05:59:09Z

Bumps github.com/moby/buildkit from 0.28.1 to 0.29.0.

Release notes

Sourced from github.com/moby/buildkit's releases.

v0.29.0

Welcome to the v0.29.0 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Contributors

Tõnis Tiigi

CrazyMax

David Karlsson

Akihiro Suda

Sebastiaan van Stijn

Brian Ristuccia

Jonathan A. Sternberg

Mateusz Gozdek

Natnael Gebremariam

Notable Changes

Builtin Dockerfile frontend has been updated to v1.23.0 changelog

Git sources can now initialize all files from a Git checkout with commit time in the LLB API for better reproducibility. See Dockerfile changelog for how to enable this in the Dockerfile frontend #6600

Various file access operations in Git and HTTP sources have been hardened for improved security #6613

Frontends can now report updated SOURCE_DATE_EPOCH with result metadata that can be used by exporters #6601

Fix possible panic when listing build history after recent deletions #6614

Fix possible issue where builds from Git repositories could start to fail after submodule rename #6563

Fix possible process lifecycle event ordering issue in interactive container API that could cause deadlocks in the client #6531

Fix regression where build progress skipped the message about layers being pushed to the registry #6587

Fix possible cgroup initialization failure in BuildKit container image entrypoint on some environments #6585

Fix issue with resolving symlinks via file access methods of the Gateway API #6559

Fix possible "parent snapshot does not exist" error when exporting images in parallel #6558

Fix possible panic from zstd compression #6599

Fix issue where cache imports from an uninitialized local cache tag could fail the build #6554

Included CNI plugins have been updated to v1.9.1 #6583

Included QEMU emulator support has been updated to v10.2.1 #6580

Runc container runtime has been updated to v1.3.5 #6625

Dependency Changes

github.com/aws/aws-sdk-go-v2 v1.41.1 -> v1.41.4

github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4 -> v1.7.5

github.com/aws/aws-sdk-go-v2/config v1.32.7 -> v1.32.12

github.com/aws/aws-sdk-go-v2/credentials v1.19.7 -> v1.19.12

github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.17 -> v1.18.20

github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.17 -> v1.4.20

github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.17 -> v2.7.20

github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 -> v1.8.6

github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4 -> v1.13.7

... (truncated)

Commits

8543ce4 Merge pull request #6634 from moby/dependabot/github_actions/crazy-max-dot-gi...
1154c7e Merge pull request #6635 from moby/dependabot/github_actions/codecov/codecov-...
326e4d1 Merge pull request #6637 from moby/dependabot/github_actions/github/codeql-ac...
676cdfa Merge pull request #6636 from moby/dependabot/github_actions/actions/setup-go...
1dd2e50 build(deps): bump github/codeql-action from 4.34.1 to 4.35.1
21fb771 build(deps): bump actions/setup-go from 6.3.0 to 6.4.0
06b36e5 build(deps): bump codecov/codecov-action from 5.5.4 to 6.0.0
969f5e4 build(deps): bump the crazy-max-dot-github group with 2 updates
f8fd302 Merge pull request #6623 from crazy-max/zizmor
a103fb6 Merge pull request #6625 from thaJeztah/bump_runc_1.3
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.28.1 to 0.29.0. - [Release notes](https://github.com/moby/buildkit/releases) - [Commits](moby/buildkit@v0.28.1...v0.29.0) --- updated-dependencies: - dependency-name: github.com/moby/buildkit dependency-version: 0.29.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Apr 1, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump github.com/moby/buildkit from 0.28.1 to 0.29.0#389

chore(deps): bump github.com/moby/buildkit from 0.28.1 to 0.29.0#389
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/github.com/moby/buildkit-0.29.0

dependabot bot commented on behalf of github Apr 1, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Apr 1, 2026

v0.29.0

Contributors

Notable Changes

Dependency Changes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants