KubeHound icon indicating copy to clipboard operation
KubeHound copied to clipboard
verified publisher icon DataDog

chore(deps): bump github.com/docker/buildx from 0.21.1 to 0.21.3

Open dependabot[bot] opened this issue 9 months ago • 1 comments

Bumps github.com/docker/buildx from 0.21.1 to 0.21.3.

Release notes

Sourced from github.com/docker/buildx's releases.

v0.21.3

Welcome to the v0.21.3 release of buildx!

Please try out the release binaries and report any issues at https://github.com/docker/buildx/issues.

Contributors

  • CrazyMax
  • Tõnis Tiigi

Notable Changes

[!IMPORTANT] This release contains security fixes.

  • Fix possible credential leakage to telemetry endpoint. GHSA-m4gq-fm9h-8q75
  • Remove unused fields from local state group that could potentially leak credentials.

Dependency Changes

This release has no dependency changes

v0.21.2

Welcome to the v0.21.2 release of buildx!

Please try out the release binaries and report any issues at https://github.com/docker/buildx/issues.

Contributors

  • Laurent Goderre
  • CrazyMax
  • Jonathan A. Sternberg

Notable Changes

  • Fix handling of attestation extra arguments #3027
  • Fix the cache attribute not being skipped when empty with Bake overrides #3021

Dependency Changes

This release has no dependency changes

Previous release can be found at v0.21.1

Commits
  • 7b5fecb Merge pull request #3067 from crazy-max/0.21_picks_0.21.3
  • 05f75a5 localstate: remove definition and inputs fields from group
  • 0982070 otel: avoid tracing raw os arguments
  • 1360a9e Merge pull request #3037 from crazy-max/0.21_picks_0.21.2
  • 6019a2b buildflags: skip empty cache entries when parsing
  • 6da88e1 Fix handling of attest extra arguments
  • 41f8e5c Add attest extra args tests
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.

dependabot[bot] avatar Mar 18 '25 00:03 dependabot[bot]

@dependabot rebase

Zenithar avatar Apr 01 '25 12:04 Zenithar