chore(deps): bump the moby group with 3 updates

[dependabot]

Bumps the moby group with 3 updates: github.com/docker/cli, github.com/docker/docker and github.com/moby/buildkit.

Updates github.com/docker/cli from 28.0.4+incompatible to 28.1.0+incompatible

Commits

• 4d8c241 Merge pull request #6018 from thaJeztah/use_api_socket_no_empty
• 711fcae cli/command/container: --use-api-socket: don't write empty credentials
• ed694db Merge pull request #5868 from thaJeztah/bump_go_version
• 79ab3cb Merge pull request #6017 from thaJeztah/bump_engine_28.1
• 1d768f8 update go:build tags to go1.23 to align with vendor.mod
• 0e75283 Merge pull request #6016 from thaJeztah/context_completion
• a5b6efa vendor: github.com/docker/docker v28.1.0-rc.2
• 6fd72c6 context: add shell-completion for context-names
• 659b026 Merge pull request #6015 from Benehiko/fix-login-hints
• 6c27116 Fix login hints should only show on hub registry
• Additional commits viewable in compare view

Updates github.com/docker/docker from 28.0.4+incompatible to 28.1.0+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v28.1.0

28.1.0

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 28.1.0 milestone
• moby/moby, 28.1.0 milestone
• Changes to the Engine API, see API version history.

New

• Add docker bake sub-command as alias for docker buildx bake. docker/cli#5947
• Experimental: add a new --use-api-socket flag on docker run and docker create to enable access to Docker socket from inside a container and to share credentials from the host with the container. docker/cli#5858
• docker image inspect now supports a --platform flag to inspect a specific platform of a multi-platform image. docker/cli#5934

Bug fixes and enhancements

• Add CLI shell-completion for context names. docker/cli#6016
• Fix docker images --tree not including non-container images content size in the total image content size. docker/cli#6000
• Fix docker load not preserving replaced images. moby/moby#49650
• Fix docker login hints when logging in to a custom registry. docker/cli#6015
• Fix docker stats not working properly on machines with high CPU core count. moby/moby#49734
• Fix a regression causing docker pull/push to fail when interacting with a private repository. docker/cli#5964
• Fix an issue preventing rootless Docker setup on a host with no ip_tables kernel module. moby/moby#49727
• Fix an issue that could lead to unwanted iptables rules being restored and never deleted following a firewalld reload. moby/moby#49728
• Improve CLI completion of docker service scale. docker/cli#5968
• docker images --tree now hides both untagged and dangling images by default. docker/cli#5924
• docker system info will provide an exit code if a connection cannot be established to the Docker daemon. docker/cli#5918
• containerd image store: Fix image tag event not being emitted when building with BuildKit. moby/moby#49678
• containerd image store: Improve docker push/pull handling of remote registry errors. moby/moby#49770
• containerd image store: Show pull progress for non-layer image blobs. moby/moby#49746

Packaging updates

• Add Debian "Trixie" packages. docker/docker-ce-packaging#1181
• Add Fedora 42 packages. docker/containerd-packaging#418, docker/docker-ce-packaging#1169
• Add Ubuntu 25.04 "Plucky Puffin" packages. docker/containerd-packaging#419, docker/docker-ce-packaging#1177
• Update BuildKit to v0.21.0. moby/moby#49809
• Update Compose to v2.35.0. docker/docker-ce-packaging#1183
• Update Go runtime to 1.23.8. docker/cli#5986, docker/docker-ce-packaging#1180, moby/moby#49737

Networking

• Fix a bug causing host port-mappings on Swarm containers to be duplicated on docker ps and docker inspect. moby/moby#49724
• Fix an issue that caused container network attachment to fail with error "Bridge port not forwarding". moby/moby#49705
• Fix an issue with removal of a --link from a container in the default bridge network. moby/moby#49778
• Improve how network-endpoint relationships are tracked to reduce the chance of the "has active endpoints" error to be wrongfully returned. moby/moby#49736
• Improve the "has active endpoints" error message by including the name of endpoints still connected to the network being deleted. moby/moby#49773

API

... (truncated)

Commits

• 3f46cad Merge pull request #49805 from thaJeztah/vendor_goarchive
• b57d41c Merge pull request #49799 from thaJeztah/apparmor_cleanups
• 29edd17 Merge pull request #49815 from z63d/docs-api-image-tarball-format
• fd55034 vendor: github.com/moby/go-archive v0.1.0
• 2834da8 Merge pull request #49814 from thaJeztah/initlayer_rm_idtools
• 1f43ad3 Merge pull request #49782 from thaJeztah/container_rm_idtools
• b8067d1 docs/api: update image tarball format
• a38ca9a daemon/initlayer: Setup: remove uses of idtools.Identity
• 9c9a6cb Merge pull request #49812 from robmry/endpoint_count_for_downgrade
• 380ded6 Store an endpoint count for networks, for downgrade
• Additional commits viewable in compare view

Updates github.com/moby/buildkit from 0.20.2 to 0.21.0

Release notes

Sourced from github.com/moby/buildkit's releases.

v0.21.0

Welcome to the v0.21.0 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Contributors

• Tõnis Tiigi
• CrazyMax
• Akihiro Suda
• Jonathan A. Sternberg
• Anthony Nandaa
• Sebastiaan van Stijn
• Dan Duvall
• Austin Vazquez
• Billy Owire
• Derek McGowan
• Gleb Nebolyubov
• Michael Korn

Notable Changes

• Builtin Dockerfile frontend has been updated to v1.15.0. changelog
• Runc container runtime has been updated to v1.2.6. #5845
• The cache manifest created by --cache-to now defaults to OCI artifact manifest (instead of OCI image index). For old behavior, set image-manifest=false. #5864
• The cache timeout for registry credentials has been reduced from 10 min to 5 min. #5859
• Buildctl --tlsdir option now allows filenames compatible with cert-manager.io. #5886
• Update free-space filter GC/prune filter to not remove all data when no max-space value is set. #5827
• Mitigate GitHub Actions cache v2 flakiness. #5805
• Add autoallow and entitlements support to CDI devices. #5742
• Support authentication in LLB for Git and HTTP. #5733
• Support for adding additional request header fields for HTTP sources. #5732
• OpenTelemetry traces now contain spans for layer extraction. #5831
• containerd image exporter creates dangling images by default. #5858
• Add support for bind and cache mounts for WCOW. #5708
• Add session exporter capability. #5907 #5908
• Add metadata-only transfer option for local source. #5897
• Fix X mode to be Linux-compatible for file operations using chmod. #5850
• Fix --chmod when applied to parent directories. #5788
• Fix missing user-agent when buildkit requests layers from the registry. #5834
• Fix missing user-agent for GitHub Actions importer. #5759 #5760
• Fix reading secrets from any session on parallel build requests. #5833
• Fix race condition causing "file used by another process" errors with WCOW. #5885

Dependency Changes

• github.com/docker/cli v27.5.1 -> v28.0.4

... (truncated)

Commits

• 52b004d Merge pull request #5909 from crazy-max/v0.21-picks-rc2
• a55f22d source: add metadata-only transfer option for local source
• c27d431 exporter: allow session exporter to access refs
• 571d411 exporter: add session exporter capability
• 40a5c2d Merge pull request #5855 from AkihiroSuda/deps
• 889f438 Merge pull request #5892 from tonistiigi/image-manifest-default
• 11d0efb go.mod: golang.org/x/* latest
• f8c1909 Merge pull request #5880 from crazy-max/contrib-nvidia-nopci
• f6a7201 remotecache: enable image-manifest by default
• e2bf281 Merge pull request #5851 from tonistiigi/dockerfile-target-suggest
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions