diff --git a/_vendor/github.com/docker/buildx/docs/bake-reference.md b/_vendor/github.com/docker/buildx/docs/bake-reference.md index a4f236fa52..e473b2d1ba 100644 --- a/_vendor/github.com/docker/buildx/docs/bake-reference.md +++ b/_vendor/github.com/docker/buildx/docs/bake-reference.md @@ -239,6 +239,7 @@ The following table shows the complete list of attributes that you can assign to | [`policy`](#targetpolicy) | List | Policies to validate build sources and metadata | | [`platforms`](#targetplatforms) | List | Target platforms | | [`pull`](#targetpull) | Boolean | Always pull images | +| [`resources`](#targetresources) | Map | Resource limits for build containers | | [`secret`](#targetsecret) | List | Secrets to expose to the build | | [`shm-size`](#targetshm-size) | List | Size of `/dev/shm` | | [`ssh`](#targetssh) | List | SSH agent sockets or keys to expose to the build | @@ -900,6 +901,10 @@ target "default" { } ``` +> [!NOTE] +> Local outputs with `mode=delete` require granting `--allow=buildx.local.delete` +> when invoking `docker buildx bake`. + ### `target.policy` Policies to validate build sources and metadata. Each entry uses the same keys @@ -939,6 +944,29 @@ target "default" { } ``` +### `target.resources` + +Sets cgroup resource limits for the containers that run `RUN` instructions +during the build. The supported keys are `memory`, `memory-swap`, `cpu-shares`, +`cpu-period`, `cpu-quota`, `cpuset-cpus`, and `cpuset-mems`. These map to the +equivalent `docker build` flags and to the +[`--resource`](https://docs.docker.com/reference/cli/docker/buildx/build/#resource) +flag for `docker buildx build`. + +```hcl +target "default" { + resources = { + memory = "2g" + memory-swap = "4g" + cpu-quota = 50000 + } +} +``` + +> [!NOTE] +> These limits require a BuildKit daemon that supports per-step resource limits +> and only take effect on Linux. They don't affect the build cache key. + ### `target.secret` Defines secrets to expose to the build target. diff --git a/_vendor/github.com/moby/buildkit/docs/attestations/attestation-storage.md b/_vendor/github.com/moby/buildkit/docs/attestations/attestation-storage.md index a42fab303a..784e6a4f2a 100644 --- a/_vendor/github.com/moby/buildkit/docs/attestations/attestation-storage.md +++ b/_vendor/github.com/moby/buildkit/docs/attestations/attestation-storage.md @@ -62,7 +62,7 @@ The contents of each layer will be a blob dependent on its `mediaType`. ```json { - "_type": "https://in-toto.io/Statement/v0.1", + "_type": "https://in-toto.io/Statement/v1", "subject": [ { "name": "", @@ -200,7 +200,7 @@ Attestation body containing the SBOM data listing the packages used during the b ```json { - "_type": "https://in-toto.io/Statement/v0.1", + "_type": "https://in-toto.io/Statement/v1", "predicateType": "https://spdx.dev/Document", "subject": [ { diff --git a/_vendor/github.com/moby/buildkit/docs/buildkitd.toml.md b/_vendor/github.com/moby/buildkit/docs/buildkitd.toml.md index a1d62f5033..6f037544a6 100644 --- a/_vendor/github.com/moby/buildkit/docs/buildkitd.toml.md +++ b/_vendor/github.com/moby/buildkit/docs/buildkitd.toml.md @@ -17,6 +17,9 @@ Note that some configuration options are only useful in edge cases. root = "/var/lib/buildkit" # insecure-entitlements allows insecure entitlements, disabled by default. insecure-entitlements = [ "network.host", "security.insecure", "device" ] +# proxyNetwork enables proxy network enforcement for all builds, disabled by default. +# It can also be enabled with buildkitd --proxy-network. +proxyNetwork = true # provenanceEnvDir is the directory where extra config is loaded that is added # to the provenance of builds: # slsa v0.2: invocation.environment.* @@ -212,6 +215,9 @@ provenanceEnvDir = "/etc/buildkit/provenance.d" [system] # how often buildkit scans for changes in the supported emulated platforms platformsCacheMaxAge = "1h" + # maxRegistryConcurrency sets the maximum number of concurrent connections + # per registry. If unset, the default concurrency limit is used. + maxRegistryConcurrency = 4 # optional signed cache configuration for GitHub Actions backend diff --git a/_vendor/github.com/moby/buildkit/frontend/dockerfile/docs/reference.md b/_vendor/github.com/moby/buildkit/frontend/dockerfile/docs/reference.md index 9ab5189743..5a366a1b90 100644 --- a/_vendor/github.com/moby/buildkit/frontend/dockerfile/docs/reference.md +++ b/_vendor/github.com/moby/buildkit/frontend/dockerfile/docs/reference.md @@ -1502,6 +1502,12 @@ If your URL files are protected using authentication, you need to use `RUN wget` `RUN curl` or use another tool from within the container as the `ADD` instruction doesn't support authentication. +##### Secrets + +You can use the `HTTP_AUTH_HEADER_` and `HTTP_AUTH_TOKEN_` secrets +to set credentials for remote sources. For more information, see +[Build secrets](https://docs.docker.com/build/building/secrets/#http-authentication-for-add). + #### Adding files from a Git repository To use a Git repository as the source for `ADD`, you can reference the @@ -1967,6 +1973,13 @@ path, using `--link` is always recommended. The performance of `--link` is equivalent or better than the default behavior and, it creates much better conditions for cache reuse. +When copying a path into a subdirectory, `--link` will always copy from the +root of the filesystem. When copying a directory, the existing mode is +overridden with the new mode from the copied path. If you need a specific mode +for a directory, such as the more permissive `/tmp` directory, you may need to +either avoid using `--link`, unroll the copy into its base components, or use +`--chmod` to ensure the overwriting directory contains the same permissions. + ### COPY --parents ```dockerfile @@ -2062,8 +2075,8 @@ COPY --exclude=*.txt hom* /mydir/ ``` You can specify the `--exclude` option multiple times for a `COPY` instruction. -Multiple `--excludes` are files matching its patterns not to be copied, -even if the files paths match the pattern specified in ``. +Files matching any of the specified `--exclude` patterns are not copied, +even if their paths match the pattern specified in ``. To add all files starting with "hom", excluding files with either `.txt` or `.md` extensions: ```dockerfile diff --git a/_vendor/modules.txt b/_vendor/modules.txt index a8f839c632..c9411f5fc7 100644 --- a/_vendor/modules.txt +++ b/_vendor/modules.txt @@ -1,6 +1,6 @@ # github.com/moby/moby/api v1.54.2 -# github.com/moby/buildkit v0.30.0 -# github.com/docker/buildx v0.34.1 +# github.com/moby/buildkit v0.31.0 +# github.com/docker/buildx v0.35.0 # github.com/docker/cli v29.5.3+incompatible # github.com/docker/compose/v5 v5.1.4 # github.com/docker/model-runner v1.1.36 diff --git a/data/cli/buildx/docker_buildx_bake.yaml b/data/cli/buildx/docker_buildx_bake.yaml index 7efde6cb06..a8e6bf33f0 100644 --- a/data/cli/buildx/docker_buildx_bake.yaml +++ b/data/cli/buildx/docker_buildx_bake.yaml @@ -274,6 +274,9 @@ examples: |- on the filesystem. Alternatively, you can pass a wildcard (`*`) to allow Bake to access the entire filesystem. + Bake also supports `--allow=buildx.local.delete` to grant local outputs + permission to delete stale files when `mode=delete` is set. + ### Example: fs.read Given the following Bake configuration, Bake would need to access the parent @@ -618,6 +621,7 @@ examples: |- $ docker buildx bake --set foo*.no-cache # bypass caching only for targets starting with 'foo' $ docker buildx bake --set target.platform+=linux/arm64 # appends 'linux/arm64' to the platform list $ docker buildx bake --set target.contexts.bar=../bar # overrides 'bar' named context + $ docker buildx bake --set target.resources.memory=2g # overrides memory resource limit ``` > [!NOTE] @@ -648,6 +652,7 @@ examples: |- * `platform` * `pull` * `push` + * `resources` * `secrets` * `ssh` * `tags` diff --git a/data/cli/buildx/docker_buildx_build.yaml b/data/cli/buildx/docker_buildx_build.yaml index 94a1df478c..650ddb52a9 100644 --- a/data/cli/buildx/docker_buildx_build.yaml +++ b/data/cli/buildx/docker_buildx_build.yaml @@ -21,7 +21,7 @@ options: value_type: stringArray default_value: '[]' description: | - Allow extra privileged entitlement (e.g., `network.host`, `security.insecure`, `device`) + Allow extra privileged entitlement (e.g., `network.host`, `security.insecure`, `device`, `buildx.local.delete`) details_url: '#allow' deprecated: false hidden: false @@ -139,8 +139,7 @@ options: kubernetes: false swarm: false - option: cpu-period - value_type: int64 - default_value: "0" + value_type: string description: Limit the CPU CFS (Completely Fair Scheduler) period deprecated: false hidden: true @@ -149,8 +148,7 @@ options: kubernetes: false swarm: false - option: cpu-quota - value_type: int64 - default_value: "0" + value_type: string description: Limit the CPU CFS (Completely Fair Scheduler) quota deprecated: false hidden: true @@ -160,8 +158,7 @@ options: swarm: false - option: cpu-shares shorthand: c - value_type: int64 - default_value: "0" + value_type: string description: CPU shares (relative weight) deprecated: false hidden: true @@ -406,6 +403,18 @@ options: experimentalcli: false kubernetes: false swarm: false + - option: resource + value_type: stringArray + default_value: '[]' + description: | + Resource limits for build containers (format: `memory=2g`, `cpu-quota=50000`) + details_url: '#resource' + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false - option: rm value_type: bool default_value: "true" @@ -651,9 +660,14 @@ examples: |- - `--allow device` - Grants access to all devices. - `--allow device=kind|name` - Grants access to a specific device. - `--allow device=kind|name,alias=kind|name` - Grants access to a specific device, with optional aliasing. + - `buildx.local.delete` - Allows local outputs using `mode=delete` to delete + stale destination files when the destination is the current working directory + or outside it. - For entitlements to be enabled, the BuildKit daemon also needs to allow them - with `--allow-insecure-entitlement` (see [`create --buildkitd-flags`](/reference/cli/docker/buildx/create/#buildkitd-flags)). + For BuildKit entitlements to be enabled, the BuildKit daemon also needs to allow + them with `--allow-insecure-entitlement` (see [`create --buildkitd-flags`](/reference/cli/docker/buildx/create/#buildkitd-flags)). + The `buildx.local.delete` entitlement is checked by Buildx and isn't sent to the + BuildKit daemon. ```console $ docker buildx create --use --name insecure-builder --buildkitd-flags '--allow-insecure-entitlement security.insecure' @@ -1225,6 +1239,11 @@ examples: |- Attribute key: - `dest` - destination directory where files will be written + - `mode` - write mode, either `copy` or `delete`. The default is `copy`. + `delete` removes stale files from the destination after exporting the build + result. It can be used without `--allow` when `dest` resolves to a + subdirectory of the current working directory. If `dest` is the current working + directory or resolves outside it, pass `--allow=buildx.local.delete`. For more information, see [Local and tar exporters](/build/exporters/local-tar/). @@ -1631,6 +1650,43 @@ examples: |- > In most cases, it is recommended to let the builder automatically determine > the appropriate configurations. Manual adjustments should only be considered > when specific performance tuning is required for complex build scenarios. + + ### Set CPU and memory limits for build containers (--resource) {#resource} + + The `--resource` flag constrains the resources available to the containers that + run your `RUN` instructions during the build. It's repeatable and takes + `key=value` pairs, where `key` is one of: + + | Key | Description | + |:--------------|:-----------------------------------------------------------------------------| + | `memory` | Memory limit (format: ``, e.g. `512m`, `2g`). | + | `memory-swap` | Total memory plus swap limit. Set to `-1` to allow unlimited swap. | + | `cpu-shares` | CPU shares (relative weight). | + | `cpu-period` | Length of a CPU CFS (Completely Fair Scheduler) period, in microseconds. | + | `cpu-quota` | CPU CFS quota, in microseconds, within each `cpu-period`. | + | `cpuset-cpus` | CPUs in which to allow execution (`0-3`, `0,1`). | + | `cpuset-mems` | Memory nodes (MEMs) in which to allow execution (`0-3`, `0,1`). | + + ```console + $ docker buildx build --resource memory=2g --resource cpu-quota=50000 --resource cpu-period=100000 . + ``` + + These map to the cgroup resource limits of the legacy `docker build` API and + only apply to individual build steps. They don't affect the build cache key. + + > [!NOTE] + > These limits require a BuildKit daemon that supports per-step resource limits + > (the `exec.meta.linux.resources` capability) and only take effect on Linux. + + > [!NOTE] + > Because BuildKit can run build steps in parallel, these limits apply to each + > step in isolation rather than to the build as a whole. When the same step is + > requested with different limits, the most relaxed limits are used. + + > [!NOTE] + > In most cases, it is recommended to let the builder automatically determine + > the appropriate configurations. Manual adjustments should only be considered + > when specific performance tuning is required for complex build scenarios. deprecated: false hidden: false experimental: false diff --git a/data/cli/buildx/docker_buildx_dap_build.yaml b/data/cli/buildx/docker_buildx_dap_build.yaml index 44596ceb36..21050c9dac 100644 --- a/data/cli/buildx/docker_buildx_dap_build.yaml +++ b/data/cli/buildx/docker_buildx_dap_build.yaml @@ -27,7 +27,7 @@ options: value_type: stringArray default_value: '[]' description: | - Allow extra privileged entitlement (e.g., `network.host`, `security.insecure`, `device`) + Allow extra privileged entitlement (e.g., `network.host`, `security.insecure`, `device`, `buildx.local.delete`) deprecated: false hidden: false experimental: false @@ -135,8 +135,7 @@ options: kubernetes: false swarm: false - option: cpu-period - value_type: int64 - default_value: "0" + value_type: string description: Limit the CPU CFS (Completely Fair Scheduler) period deprecated: false hidden: true @@ -145,8 +144,7 @@ options: kubernetes: false swarm: false - option: cpu-quota - value_type: int64 - default_value: "0" + value_type: string description: Limit the CPU CFS (Completely Fair Scheduler) quota deprecated: false hidden: true @@ -156,8 +154,7 @@ options: swarm: false - option: cpu-shares shorthand: c - value_type: int64 - default_value: "0" + value_type: string description: CPU shares (relative weight) deprecated: false hidden: true @@ -392,6 +389,17 @@ options: experimentalcli: false kubernetes: false swarm: false + - option: resource + value_type: stringArray + default_value: '[]' + description: | + Resource limits for build containers (format: `memory=2g`, `cpu-quota=50000`) + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false - option: rm value_type: bool default_value: "true" diff --git a/data/cli/buildx/docker_buildx_debug_build.yaml b/data/cli/buildx/docker_buildx_debug_build.yaml index e3e403930c..942cdaca39 100644 --- a/data/cli/buildx/docker_buildx_debug_build.yaml +++ b/data/cli/buildx/docker_buildx_debug_build.yaml @@ -20,7 +20,7 @@ options: value_type: stringArray default_value: '[]' description: | - Allow extra privileged entitlement (e.g., `network.host`, `security.insecure`, `device`) + Allow extra privileged entitlement (e.g., `network.host`, `security.insecure`, `device`, `buildx.local.delete`) deprecated: false hidden: false experimental: false @@ -128,8 +128,7 @@ options: kubernetes: false swarm: false - option: cpu-period - value_type: int64 - default_value: "0" + value_type: string description: Limit the CPU CFS (Completely Fair Scheduler) period deprecated: false hidden: true @@ -138,8 +137,7 @@ options: kubernetes: false swarm: false - option: cpu-quota - value_type: int64 - default_value: "0" + value_type: string description: Limit the CPU CFS (Completely Fair Scheduler) quota deprecated: false hidden: true @@ -149,8 +147,7 @@ options: swarm: false - option: cpu-shares shorthand: c - value_type: int64 - default_value: "0" + value_type: string description: CPU shares (relative weight) deprecated: false hidden: true @@ -385,6 +382,17 @@ options: experimentalcli: false kubernetes: false swarm: false + - option: resource + value_type: stringArray + default_value: '[]' + description: | + Resource limits for build containers (format: `memory=2g`, `cpu-quota=50000`) + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false - option: rm value_type: bool default_value: "true" diff --git a/go.mod b/go.mod index 07fc8322c8..e879693d06 100644 --- a/go.mod +++ b/go.mod @@ -8,11 +8,11 @@ go 1.26.0 // // Make sure to add an entry in the "tools" section when adding a new repository. require ( - github.com/docker/buildx v0.34.1 + github.com/docker/buildx v0.35.0 github.com/docker/cli v29.5.3+incompatible github.com/docker/compose/v5 v5.1.4 github.com/docker/model-runner v1.1.36 - github.com/moby/buildkit v0.30.0 + github.com/moby/buildkit v0.31.0 github.com/moby/moby/api v1.54.2 ) diff --git a/go.sum b/go.sum index 5e3c0a40c5..e59bade4fb 100644 --- a/go.sum +++ b/go.sum @@ -36,6 +36,7 @@ github.com/containerd/containerd/v2 v2.2.1/go.mod h1:NR70yW1iDxe84F2iFWbR9xfAN0N github.com/containerd/containerd/v2 v2.2.2 h1:mjVQdtfryzT7lOqs5EYUFZm8ioPVjOpkSoG1GJPxEMY= github.com/containerd/containerd/v2 v2.2.2/go.mod h1:5Jhevmv6/2J+Iu/A2xXAdUIdI5Ah/hfyO7okJ4AFIdY= github.com/containerd/containerd/v2 v2.2.3 h1:mOBRLaHGvmgy0bRo1Sg6OD8ugMKZIvCoWWMeMMygliA= +github.com/containerd/containerd/v2 v2.2.4 h1:8x2UdXqww7NYqGNabQ7i1nAgB5LegzjC9KQzO/900iA= github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI= github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE= @@ -55,6 +56,7 @@ github.com/containerd/stargz-snapshotter/estargz v0.17.0/go.mod h1:s06tWAiJcXQo9 github.com/containerd/stargz-snapshotter/estargz v0.18.2 h1:yXkZFYIzz3eoLwlTUZKz2iQ4MrckBxJjkmD16ynUTrw= github.com/containerd/typeurl/v2 v2.2.3 h1:yNA/94zxWdvYACdYO8zofhrTVuQY73fFU1y++dYSw40= github.com/containerd/typeurl/v2 v2.2.3/go.mod h1:95ljDnPfD3bAbDJRugOiShd/DlAAsxGtUBhJxIn7SCk= +github.com/containerd/typeurl/v2 v2.3.0 h1:HZHPhRWo5XMy3QGQoPrUzbW/2ckwjfweHmOwlkIrPAQ= github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -79,6 +81,8 @@ github.com/docker/buildx v0.34.0 h1:ivBYUNCMKMOwqCziC66p79dNkd8mv+DSrnyrY9PY9vQ= github.com/docker/buildx v0.34.0/go.mod h1:RG8352TWR2gg8P7uqu1ZvlSpqxUcnVvGfjqQsKpmSAY= github.com/docker/buildx v0.34.1 h1:gDnnCPmnbPt/5FTABZIhTlBc6kYibWNyVJzE29Mb5yM= github.com/docker/buildx v0.34.1/go.mod h1:RG8352TWR2gg8P7uqu1ZvlSpqxUcnVvGfjqQsKpmSAY= +github.com/docker/buildx v0.35.0 h1:5r/ZcAC0s2oZ1XOJHvYFYbj44I4rxRsIdfsRBeXClks= +github.com/docker/buildx v0.35.0/go.mod h1:kO/9ZBoZmhi1OsZbeLJqWclckB2TKu/yeW6aj6xxdt0= github.com/docker/cli v29.1.2+incompatible h1:s4QI7drXpIo78OM+CwuthPsO5kCf8cpNsck5PsLVTH8= github.com/docker/cli v29.1.2+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/cli v29.1.5+incompatible h1:GckbANUt3j+lsnQ6eCcQd70mNSOismSHWt8vk2AX8ao= @@ -117,6 +121,7 @@ github.com/docker/docker-credential-helpers v0.9.3 h1:gAm/VtF9wgqJMoxzT3Gj5p4AqI github.com/docker/docker-credential-helpers v0.9.3/go.mod h1:x+4Gbw9aGmChi3qTLZj8Dfn0TD20M/fuWy0E5+WDeCo= github.com/docker/docker-credential-helpers v0.9.5 h1:EFNN8DHvaiK8zVqFA2DT6BjXE0GzfLOZ38ggPTKePkY= github.com/docker/docker-credential-helpers v0.9.5/go.mod h1:v1S+hepowrQXITkEfw6o4+BMbGot02wiKpzWhGUZK6c= +github.com/docker/docker-credential-helpers v0.9.8 h1:bIREROb7So6PRlq6KTtdS9MPEjC29OQRkFNlvK2OX8Q= github.com/docker/go-connections v0.6.0 h1:LlMG9azAe1TqfR7sO+NJttz1gy6KO7VJBh+pMmjSD94= github.com/docker/go-connections v0.6.0/go.mod h1:AahvXYshr6JgfUJGdDCs2b5EZG/vmaMAntpSFH5BFKE= github.com/docker/go-connections v0.7.0 h1:6SsRfJddP22WMrCkj19x9WKjEDTB+ahsdiGYf0mN39c= @@ -170,6 +175,7 @@ github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69 github.com/google/go-containerregistry v0.20.6 h1:cvWX87UxxLgaH76b4hIvya6Dzz9qHB31qAwjAohdSTU= github.com/google/go-containerregistry v0.20.6/go.mod h1:T0x8MuoAoKX/873bkeSfLD2FAkwCDf9/HZgsFJ02E2Y= github.com/google/go-containerregistry v0.20.7 h1:24VGNpS0IwrOZ2ms2P1QE3Xa5X9p4phx0aUgzYzHW6I= +github.com/google/go-containerregistry v0.21.6 h1:T+yqQIlJXKrM98Om4DlW3GoWQAmhZuLMwoDOvVrtiUM= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -242,6 +248,8 @@ github.com/moby/buildkit v0.29.0 h1:wxLEFbCOJntEDjSNNN2YWd8zxltZxT5muDQ0LzpbtpU= github.com/moby/buildkit v0.29.0/go.mod h1:Dmv2FeDe34t75QuzeU87rBoZpAAkcpT5zeu4hXzmASc= github.com/moby/buildkit v0.30.0 h1:OsK8T3BaYH52UNStpKd7gytDtHWWt2Fawak/lAPWatU= github.com/moby/buildkit v0.30.0/go.mod h1:k2wuw5ddaOqzh58RLt+mBn2XhK34gi6+gd0faONQ1xU= +github.com/moby/buildkit v0.31.0 h1:hMUAbQGgjtzJDDOZ6o7MQk5XBZkBTyzLWEvnjguHHQI= +github.com/moby/buildkit v0.31.0/go.mod h1:YM5iNEbNCc6L1Zt3YWFB/aXNLufvf4Rcu0DPlc9HwQg= github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0= github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= @@ -264,6 +272,7 @@ github.com/moby/sys/atomicwriter v0.1.0 h1:kw5D/EqkBwsBFi0ss9v1VG3wIkVhzGvLklJ+w github.com/moby/sys/atomicwriter v0.1.0/go.mod h1:Ul8oqv2ZMNHOceF643P6FKPXeCmYtlQMvpizfsSoaWs= github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU= github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko= +github.com/moby/sys/sequential v0.7.0 h1:ASQNGNROJSuOO6LL6bPHbKvuZu6NU8P4ldPWk31zj/8= github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ= github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc= github.com/modelpack/model-spec v0.0.7 h1:3fAxau4xUqF0Pf1zzFC5lItF0gEaiXLxaCcPAH8PW8I= @@ -307,6 +316,7 @@ github.com/prometheus/procfs v0.16.1 h1:hZ15bTNuirocR6u0JZ6BAHHmwS1p8B4P6MRqxtzM github.com/prometheus/procfs v0.16.1/go.mod h1:teAbpZRB1iIAJYREa1LsoWUXykVXA1KlTmWl8x/U+Is= github.com/prometheus/procfs v0.17.0 h1:FuLQ+05u4ZI+SS/w9+BWEM2TXiHKsUQ9TADiRH7DuK0= github.com/prometheus/procfs v0.17.0/go.mod h1:oPQLaDAMRbA+u8H5Pbfq+dl3VDAvHxMUOVhe0wYB2zw= +github.com/prometheus/procfs v0.20.1 h1:XwbrGOIplXW/AU3YhIhLODXMJYyC1isLFfYCsTEycfc= github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= @@ -330,6 +340,7 @@ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UV github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/vbatts/tar-split v0.12.2 h1:w/Y6tjxpeiFMR47yzZPlPj/FcPLpXbTUi/9H7d3CPa4= github.com/vbatts/tar-split v0.12.2/go.mod h1:eF6B6i6ftWQcDqEn3/iGFRFRo8cBIMSJVOpnNdfTMFA= +github.com/vbatts/tar-split v0.12.3 h1:Cd46rkGXI3Td4yrVNwU8ripbxFaQbmesqhjBUUYAJSw= github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no= github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -348,6 +359,7 @@ go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbE go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 h1:RbKq8BG0FI8OiXhBfcRtqqHcZcka+gU3cskNuf05R18= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0/go.mod h1:h06DGIukJOevXaj/xrNjhi/2098RZzcLTbc0jDAUbsg= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.68.0 h1:CqXxU8VOmDefoh0+ztfGaymYbhdB/tT3zs79QaZTNGY= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.69.0 h1:8tvICD4vSTOOsNrsI4Ljf6C+6UKvpTEH5XY3JMoyPoo= go.opentelemetry.io/otel v1.38.0 h1:RkfdswUDRimDg0m2Az18RKOsnI8UDzppJAtj01/Ymk8= go.opentelemetry.io/otel v1.38.0/go.mod h1:zcmtmQ1+YmQM9wrNsTGV/q/uyusom3P8RxwExxkZhjM= go.opentelemetry.io/otel v1.40.0 h1:oA5YeOcpRTXq6NN7frwmwFR0Cn3RhTVZvXsP4duvCms= @@ -356,6 +368,7 @@ go.opentelemetry.io/otel v1.42.0 h1:lSQGzTgVR3+sgJDAU/7/ZMjN9Z+vUip7leaqBKy4sho= go.opentelemetry.io/otel v1.42.0/go.mod h1:lJNsdRMxCUIWuMlVJWzecSMuNjE7dOYyWlqOXWkdqCc= go.opentelemetry.io/otel v1.43.0 h1:mYIM03dnh5zfN7HautFE4ieIig9amkNANT+xcVxAj9I= go.opentelemetry.io/otel v1.43.0/go.mod h1:JuG+u74mvjvcm8vj8pI5XiHy1zDeoCS2LB1spIq7Ay0= +go.opentelemetry.io/otel v1.44.0 h1:JjwHmHpA4iZ3wBxluu2fbbE7j4kqlE8jXyAyPXH7HqU= go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.38.0 h1:vl9obrcoWVKp/lwl8tRE33853I8Xru9HFbw/skNeLs8= go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.38.0/go.mod h1:GAXRxmLJcVM3u22IjTg74zWBrRCKq8BnOqUVLodpcpw= go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.40.0 h1:NOyNnS19BF2SUDApbOKbDtWZ0IK7b8FJ2uAGdIWOGb0= @@ -373,6 +386,7 @@ go.opentelemetry.io/otel/metric v1.42.0 h1:2jXG+3oZLNXEPfNmnpxKDeZsFI5o4J+nz6xUl go.opentelemetry.io/otel/metric v1.42.0/go.mod h1:RlUN/7vTU7Ao/diDkEpQpnz3/92J9ko05BIwxYa2SSI= go.opentelemetry.io/otel/metric v1.43.0 h1:d7638QeInOnuwOONPp4JAOGfbCEpYb+K6DVWvdxGzgM= go.opentelemetry.io/otel/metric v1.43.0/go.mod h1:RDnPtIxvqlgO8GRW18W6Z/4P462ldprJtfxHxyKd2PY= +go.opentelemetry.io/otel/metric v1.44.0 h1:1w0gILTcHdr3YI+ixLyjemwrVnsMURbTZFrSYCdDdmc= go.opentelemetry.io/otel/sdk v1.38.0 h1:l48sr5YbNf2hpCUj/FoGhW9yDkl+Ma+LrVl8qaM5b+E= go.opentelemetry.io/otel/sdk v1.38.0/go.mod h1:ghmNdGlVemJI3+ZB5iDEuk4bWA3GkTpW+DOoZMYBVVg= go.opentelemetry.io/otel/sdk v1.40.0 h1:KHW/jUzgo6wsPh9At46+h4upjtccTmuZCFAc9OJ71f8= @@ -389,12 +403,14 @@ go.opentelemetry.io/otel/trace v1.42.0 h1:OUCgIPt+mzOnaUTpOQcBiM/PLQ/Op7oq6g4Len go.opentelemetry.io/otel/trace v1.42.0/go.mod h1:f3K9S+IFqnumBkKhRJMeaZeNk9epyhnCmQh/EysQCdc= go.opentelemetry.io/otel/trace v1.43.0 h1:BkNrHpup+4k4w+ZZ86CZoHHEkohws8AY+WTX09nk+3A= go.opentelemetry.io/otel/trace v1.43.0/go.mod h1:/QJhyVBUUswCphDVxq+8mld+AvhXZLhe+8WVFxiFff0= +go.opentelemetry.io/otel/trace v1.44.0 h1:jxF5CsGYCe74MCRx2X4g7WsY/VBKRqqpNvXlX/6gtIk= go.opentelemetry.io/proto/otlp v1.7.1 h1:gTOMpGDb0WTBOP8JaO72iL3auEZhVmAQg4ipjOVAtj4= go.opentelemetry.io/proto/otlp v1.7.1/go.mod h1:b2rVh6rfI/s2pHWNlB7ILJcRALpcNDzKhACevjI+ZnE= go.opentelemetry.io/proto/otlp v1.9.0 h1:l706jCMITVouPOqEnii2fIAuO3IVGBRPV5ICjceRb/A= go.opentelemetry.io/proto/otlp v1.10.0 h1:IQRWgT5srOCYfiWnpqUYz9CVmbO8bFmKcwYxpuCSL2g= go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0= go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8= +go.yaml.in/yaml/v2 v2.4.4 h1:tuyd0P+2Ont/d6e2rl3be67goVK4R6deVxCUX5vyPaQ= go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -408,8 +424,10 @@ golang.org/x/crypto v0.47.0/go.mod h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4 golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts= golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos= golang.org/x/crypto v0.50.0 h1:zO47/JPrL6vsNkINmLoo/PH1gcxpls50DNogFvB5ZGI= +golang.org/x/crypto v0.52.0 h1:RMs7fP2rXdep0CftQlK8Uf+kibLm7qkCcradZWYz988= golang.org/x/exp v0.0.0-20250911091902-df9299821621 h1:2id6c1/gto0kaHYyrixvknJ8tUK/Qs5IsmBtrc+FtgU= golang.org/x/exp v0.0.0-20250911091902-df9299821621/go.mod h1:TwQYMMnGpvZyc+JpB/UAuTNIsVJifOlSkrZkhcvpVUk= +golang.org/x/exp v0.0.0-20260603202125-055de637280b h1:v1uXiEBHo8QA0LiGCo7UgHMzHT4Kdfpl2zmtH5vaP1Q= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA= @@ -419,6 +437,7 @@ golang.org/x/mod v0.31.0/go.mod h1:43JraMp9cGx1Rx3AqioxrbrhNsLl2l/iNAvuBkrezpg= golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8= golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w= golang.org/x/mod v0.34.0 h1:xIHgNUUnW6sYkcM5Jleh05DvLOtwc6RitGHbDk4akRI= +golang.org/x/mod v0.36.0 h1:JJjpVx6myfUsUdAzZuOSTTmRE0PfZeNWzzvKrP7amb4= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -430,6 +449,7 @@ golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY= golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o= golang.org/x/net v0.51.0 h1:94R/GTO7mt3/4wIKpcR5gkGmRLOuE/2hNGeWq/GBIFo= golang.org/x/net v0.53.0 h1:d+qAbo5L0orcWAr0a9JweQpjXF19LMXJE8Ey7hwOdUA= +golang.org/x/net v0.55.0 h1:bcvxaJn3e1U6InsFWt1JUq1aSjnRxLzT2rtD2KfkDF8= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -461,6 +481,7 @@ golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI= golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= golang.org/x/sys v0.44.0 h1:ildZl3J4uzeKP07r2F++Op7E9B29JRUy+a27EibtBTQ= +golang.org/x/sys v0.45.0 h1:dO4czNzziLiiXplLQgBCEpCvXQ3dnkn0SdaZSYdQ+FY= golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU= golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254= golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q= @@ -468,6 +489,7 @@ golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg= golang.org/x/term v0.40.0 h1:36e4zGLqU4yhjlmxEaagx2KuYbJq3EwY8K943ZsHcvg= golang.org/x/term v0.41.0 h1:QCgPso/Q3RTJx2Th4bDLqML4W6iJiaXFq2/ftQF13YU= golang.org/x/term v0.42.0 h1:UiKe+zDFmJobeJ5ggPwOshJIVt6/Ft0rcfrXZDLWAWY= +golang.org/x/term v0.43.0 h1:S4RLU2sB31O/NCl+zFN9Aru9A/Cq2aqKpTZJ6B+DwT4= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM= @@ -477,6 +499,7 @@ golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY= golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE= golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk= golang.org/x/text v0.36.0 h1:JfKh3XmcRPqZPKevfXVpI1wXPTqbkE5f7JA92a55Yxg= +golang.org/x/text v0.37.0 h1:Cqjiwd9eSg8e0QAkyCaQTNHFIIzWtidPahFWR83rTrc= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= @@ -490,6 +513,7 @@ golang.org/x/tools v0.40.0/go.mod h1:Ik/tzLRlbscWpqqMRjyWYDisX8bG13FrdXp3o4Sr9lc golang.org/x/tools v0.41.0 h1:a9b8iMweWG+S0OBnlU36rzLp20z1Rp10w+IY2czHTQc= golang.org/x/tools v0.41.0/go.mod h1:XSY6eDqxVNiYgezAVqqCeihT4j1U2CCsqvH3WhQpnlg= golang.org/x/tools v0.43.0 h1:12BdW9CeB3Z+J/I/wj34VMl8X+fEXBxVR90JeMX5E7s= +golang.org/x/tools v0.45.0 h1:18qN3FAooORvApf5XjCXgsuayZOEtXf6JK18I3+ONa8= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=