Bump github.com/containers/buildah from 1.37.5 to 1.38.0

[dependabot]

Bumps github.com/containers/buildah from 1.37.5 to 1.38.0.

Release notes

Sourced from github.com/containers/buildah's releases.

v1.38.0

What's Changed

Notable changes

• Bump to Buildah v1.37.0 by @​TomSweeneyRedHat in containers/buildah#5651
• AddAndCopyOptions: add CertPath, InsecureSkipTLSVerify, Retry fields by @​nalind in containers/buildah#5646
• Add PrependedLinkedLayers/AppendedLinkedLayers to CommitOptions by @​nalind in containers/buildah#5647
• Use Epoch: 2 and respect the epoch in dependencies. by @​jnovy in containers/buildah#5654
• fix(deps): fix test/tools ginkgo typo by @​Asutorufa in containers/buildah#5455
• make vendor-in-container: use the caller's Go cache if it exists by @​nalind in containers/buildah#5667
• install: On Debian/Ubuntu, add installation of libbtrfs-dev and libdevmapper-dev by @​jelmer in containers/buildah#5541
• Drop the e2e test suite by @​nalind in containers/buildah#5668
• [CI:DOCS] Update tutorials to keep up with API changes in storage by @​nalind in containers/buildah#5665
• Update containerd by @​nalind in containers/buildah#5666
• conformance tests: use mirror.gcr.io for most images by @​nalind in containers/buildah#5673
• Add(): re-escape any globbed items that included escapes by @​nalind in containers/buildah#5676
• unit tests: use test-specific policy.json and registries.conf by @​nalind in containers/buildah#5672
• gofix, gofmt the code, add gofmt linter by @​kolyshkin in containers/buildah#5680
• conformance: move weirdly-named files out of the repository by @​nalind in containers/buildah#5684
• Commit(): retry committing to local storage on storage.LayerUnknown by @​nalind in containers/buildah#5686
• CI: enable the gofumpt and whitespace linters by @​nalind in containers/buildah#5689
• run: fix a nil pointer dereference on FreeBSD by @​dfr in containers/buildah#5694
• [CI:DOCS] buildah-build.1.md: expand the --layer-label description by @​nalind in containers/buildah#5701
• [CI:DOCS] update some godocs, use 0o to prefix an octal in a comment by @​nalind in containers/buildah#5702
• New VMs by @​edsantiago in containers/buildah#5703
• Add a validation script for Makefile $(SOURCES) by @​nalind in containers/buildah#5704
• imagebuildah: make scratch config handling toggleable by @​nalind in containers/buildah#5690
• copier: handle globbing with "**" path components by @​nalind in containers/buildah#5688
• Vendor c/common:9d025e4cb348 by @​Honny1 in containers/buildah#5710
• Update to go 1.22 by @​Luap99 in containers/buildah#5715
• make use of new pasta option from c/common by @​Luap99 in containers/buildah#5724
• add: add support for git sources by @​danishprakash in containers/buildah#5438
• manifest add --artifact: handle multiple values by @​nalind in containers/buildah#5728
• build: fall back to parsing a TARGETPLATFORM build-arg by @​nalind in containers/buildah#5731
• [skip-ci] Packit: Enable sidetags for bodhi updates by @​lsm5 in containers/buildah#5730
• imagebuildah.StageExecutor: clean up volumes/volumeCache by @​nalind in containers/buildah#5729
• In a container, try to register binfmt_misc by @​nalind in containers/buildah#5732
• Do not error on trying to write IMA xattr as rootless by @​mheon in containers/buildah#5741
• fix: remove duplicate conditions by @​cuishuang in containers/buildah#5745
• [CI:DOCS] Document how entrypoint is configured in buildah config by @​rhatdan in containers/buildah#5734
• buildah-manifest-create.1: Fix manpage section by @​siretart in containers/buildah#5757
• Document that zstd:chunked is downgraded to zstd when encrypting by @​mtrmac in containers/buildah#5759
• CVE-2024-9407: validate "bind-propagation" flag settings by @​nalind in containers/buildah#5761
• tests: add quotes to names by @​Luap99 in containers/buildah#5765
• Don't set ambient caps; switch to moby/sys/capability by @​kolyshkin in containers/buildah#5754
• vendor: update c/common to latest by @​Luap99 in containers/buildah#5763
• Make buildah manifest push --all true by default by @​k9withabone in containers/buildah#5755
• Audit and tidy OWNERS by @​baude in containers/buildah#5770
• [skip-ci] Packit: constrain koji job to fedora package to avoid dupes by @​lsm5 in containers/buildah#5774

... (truncated)

Changelog

Sourced from github.com/containers/buildah's changelog.

v1.38.0 (2024-11-08)

Bump to c/common v0.61.0, c/image v5.33.0, c/storage v1.56.0
fix(deps): update module golang.org/x/crypto to v0.29.0
fix(deps): update module github.com/moby/buildkit to v0.17.1
fix(deps): update module github.com/containers/storage to v1.56.0
tests: skip two ulimit tests
CI VMs: bump f40 -> f41
tests/tools: rebuild tools when we change versions
tests/tools: update golangci-lint to v1.61.0
fix(deps): update module github.com/moby/buildkit to v0.17.0
Handle RUN --mount with relative targets and no configured workdir
tests: bud: make parallel-safe
fix(deps): update module github.com/opencontainers/runc to v1.2.1
fix(deps): update golang.org/x/exp digest to f66d83c
fix(deps): update github.com/opencontainers/runtime-tools digest to 6c9570a
tests: blobcache: use unique image name
tests: sbom: never write to cwd
tests: mkcw: bug fixes, refactor
deps: bump runc to v1.2.0
deps: switch to moby/sys/userns
tests/test_runner.sh: remove some redundancies
Integration tests: run git daemon on a random-but-bind()able port
fix(deps): update module github.com/opencontainers/selinux to v1.11.1
go.mod: remove unnecessary replace
Document more buildah build --secret options
Add support for COPY --exclude and ADD --exclude options
fix(deps): update github.com/containers/luksy digest to e2530d6
chore(deps): update dependency containers/automation_images to v20241010
fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.4
Properly validate cache IDs and sources
[skip-ci] Packit: constrain koji job to fedora package to avoid dupes
Audit and tidy OWNERS
fix(deps): update module golang.org/x/crypto to v0.28.0
tests: add quotes to names
vendor: update c/common to latest
CVE-2024-9407: validate "bind-propagation" flag settings
vendor: switch to moby/sys/capability
Don't set ambient capabilities
Document that zstd:chunked is downgraded to zstd when encrypting
fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.3
buildah-manifest-create.1: Fix manpage section
chore(deps): update dependency ubuntu to v24
Make `buildah manifest push --all` true by default
chroot: add newlines at the end of printed error messages
Do not error on trying to write IMA xattr as rootless
fix: remove duplicate conditions
fix(deps): update module github.com/moby/buildkit to v0.16.0
fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.2
Document how entrypoint is configured in buildah config

... (truncated)

Commits

• 7aa3b5e Bump to Buildah v1.38.0
• e911fe4 Bump to c/common v0.61.0, c/image v5.33.0, c/storage v1.56.0
• b51c12c Merge pull request #5825 from containers/renovate/golang.org-x-crypto-0.x
• 356e4d4 fix(deps): update module golang.org/x/crypto to v0.29.0
• 7db27d2 Merge pull request #5824 from containers/renovate/github.com-moby-buildkit-0.x
• 6e1a389 Merge pull request #5823 from containers/renovate/github.com-containers-stora...
• 6b1e4a5 fix(deps): update module github.com/moby/buildkit to v0.17.1
• 6637987 Merge pull request #5820 from edsantiago/f41
• 3a583bf fix(deps): update module github.com/containers/storage to v1.56.0
• e395040 tests: skip two ulimit tests
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)