chore(deps): bump github.com/moby/buildkit from 0.27.1 to 0.28.0

[dependabot]

Bumps github.com/moby/buildkit from 0.27.1 to 0.28.0.

Release notes

Sourced from github.com/moby/buildkit's releases.

v0.28.0

buildkit 0.28.0

Welcome to the v0.28.0 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Contributors

• Tõnis Tiigi
• CrazyMax
• Sebastiaan van Stijn
• Jonathan A. Sternberg
• Akihiro Suda
• Amr Mahdi
• Dan Duvall
• David Karlsson
• Jonas Geiler
• Kevin L.
• rsteube

Notable Changes

• Builtin Dockerfile frontend has been updated to v1.22.0 changelog
• The default provenance format has been switched to SLSA v1.0 from the previous v0.2. The old format can still be generated by setting the version attribute. #6526
• Provenance attestation for an image can now be directly pulled via Source metadata request. #6516 #6514 #6537
• Pushing result images and exporting build cache now happens in parallel, for better performance. #6451
• LLB definition now supports two new Source types for accessing raw blobs from image registries and from OCI layouts. New sources use identifier protocols docker-image+blob:// and oci-layout+blob://. #4286
• LLB API now supports custom checksum requests for HTTP sources, allowing fetching checksums for different algorithms than the default SHA256 and with optional suffixes. #6527 #6537
• LLB API now supports validating HTTP sources with PGP signatures, similarly to previous support for Git sources. #6527
• With the update to a newer version of the in-toto library, the provenance attestation key InvocationID has changed to InvocationId to strictly follow the SLSA spec. This change doesn't affect BuildKit/Buildx Golang tooling, but could affect 3rd party tools if they are using case-sensitive JSON parsing. #6533
• Embedded Qemu emulator support has been updated to v10.1.3 #6524
• Update BuildKit Cgroups implementation to work in (Kubernetes) environments that don't have their own Cgroup namespace. #6368
• Buildctl binary now supports bash completion. #6474
• PGP signature verification now supports combined public keys as input for defining the required signer. #6519
• Fix possible "failed to read expected number of bytes" error when reading attestation chains #6520
• Fix possible error from race condition when creating images in parallel #6477

Dependency Changes

• github.com/aws/aws-sdk-go-v2 v1.39.6 -> v1.41.1
• github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.2 -> v1.7.4
• github.com/aws/aws-sdk-go-v2/config v1.31.20 -> v1.32.7
• github.com/aws/aws-sdk-go-v2/credentials v1.18.24 -> v1.19.7
• github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.13 -> v1.18.17
• github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.13 -> v1.4.17

... (truncated)

Commits

• 5245d86 Merge pull request #6551 from tonistiigi/v0.28-cherry-picks
• 90ee5de vendor: update x/net to v0.51.0
• 3eab156 vendor: update cloudflare/circl v1.6.3
• ecde336 Merge pull request #6537 from tonistiigi/add-v0.28-sourcemeta-caps
• 8d58a58 gateway: add caps for source metadata extensions
• 373d0ad Merge pull request #6534 from jsternberg/copy-ignored-file-linter-negated-mat...
• 9a083f4 Merge pull request #6532 from crazy-max/update-aec
• 809fe38 Merge pull request #4286 from tonistiigi/imageblob
• d4e025a linter: do not attempt to check for copying ignored file when negated pattern...
• c5cee9e Merge pull request #6533 from crazy-max/update-intoto-golang
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)