- update to 0.11.2:
* Update containerd patches to fix regression in handling push errors
* Multiple fixes for History API #3530
* Fix issue with parallel build requests using local cache imports #3493
* Builtin Dockerfile frontend has been updated to 1.5.1, fixing possible
panic in certain warning condition #3505
* Fix possible hang when closing down the SSH forwarding socket in v0.11.0
* Fix typo in an environment variable used to configure OpenTelemetry
endpoints #3508
* Builtin Dockerfile frontend has been updated to v1.5.0
https://github.com/moby/buildkit/releases/tag/dockerfile%2F1.5.0
* BuildKit and compatible frontends can now produce SBOM (Software Bill of
Materials) attestations for the build results to show the dependencies
of the build. These attestations can be added to images and locally
exported files. Using Dockerfiles, SBOM information can be configured to
be produced also based on files in intermediate build stages or build
context, or run processes that manually define the SBOM dependencies.
When exporting an image, layer mapping is also produced that allows
tracing a SBOM package to a specific build step. #3258 #3290 #3249 #2983
#3358 #3312 #3407 #3408 #3410 #3414 #3422
* BuildKit can now produce a Provenance attestation for the build result
in SLSA format. Provenance attestations describe how a build was
produced, and what sources/parameters were used. In addition to fields
part of the SLSA specification, Buildkit's provenance also exports
BuildKit-specific metadata like LLB steps with their source- and layer
mapping. Provenance attestation will capture all the build sources
visible to BuildKit, for example, not only the Git repository where the
project's source is coming from but also the digests of all the
container images used during the build. #3240 #3428 #3428 #3462
* BuildKit now supports reproducible builds by setting `SOURCE_DATE_EPOCH`