chore(deps): bump github.com/moby/buildkit from 0.13.2 to 0.21.1

[dependabot]

Bumps github.com/moby/buildkit from 0.13.2 to 0.21.1.

Release notes

Sourced from github.com/moby/buildkit's releases.

v0.21.0

Welcome to the v0.21.0 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Contributors

• Tõnis Tiigi
• CrazyMax
• Akihiro Suda
• Jonathan A. Sternberg
• Anthony Nandaa
• Sebastiaan van Stijn
• Dan Duvall
• Austin Vazquez
• Billy Owire
• Derek McGowan
• Gleb Nebolyubov
• Michael Korn

Notable Changes

• Builtin Dockerfile frontend has been updated to v1.15.0. changelog
• Runc container runtime has been updated to v1.2.6. #5845
• The cache manifest created by --cache-to now defaults to OCI artifact manifest (instead of OCI image index). For old behavior, set image-manifest=false. #5864
• The cache timeout for registry credentials has been reduced from 10 min to 5 min. #5859
• Buildctl --tlsdir option now allows filenames compatible with cert-manager.io. #5886
• Update free-space filter GC/prune filter to not remove all data when no max-space value is set. #5827
• Mitigate GitHub Actions cache v2 flakiness. #5805
• Add autoallow and entitlements support to CDI devices. #5742
• Support authentication in LLB for Git and HTTP. #5733
• Support for adding additional request header fields for HTTP sources. #5732
• OpenTelemetry traces now contain spans for layer extraction. #5831
• containerd image exporter creates dangling images by default. #5858
• Add support for bind and cache mounts for WCOW. #5708
• Add session exporter capability. #5907 #5908
• Add metadata-only transfer option for local source. #5897
• Fix X mode to be Linux-compatible for file operations using chmod. #5850
• Fix --chmod when applied to parent directories. #5788
• Fix missing user-agent when buildkit requests layers from the registry. #5834
• Fix missing user-agent for GitHub Actions importer. #5759 #5760
• Fix reading secrets from any session on parallel build requests. #5833
• Fix race condition causing "file used by another process" errors with WCOW. #5885

Dependency Changes

• github.com/docker/cli v27.5.1 -> v28.0.4

... (truncated)

Commits

• 66735c6 Merge pull request #5952 from jsternberg/v0.21.1-picks
• 73bda6d buildctl: fix tlsdir handling logic for cert-manager.io
• f0c85bf dockerui: update platforms key calculation
• 869d97b frontend/dockerui/build: fix "no scan targets for linux/arm64/v8"
• ebd9734 frontend/dockerui/build.go: split normalizePlatform()
• 0ded51e control: make sure sending nil cache options does not panic
• 52b004d Merge pull request #5909 from crazy-max/v0.21-picks-rc2
• a55f22d source: add metadata-only transfer option for local source
• c27d431 exporter: allow session exporter to access refs
• 571d411 exporter: add session exporter capability
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)