chore(deps): github.com/docker/cli v29.6.0, github.com/docker/buildx v0.35.0, buildkit v0.31.0

[thaJeztah]

• stacked on chore(deps): github.com/docker/cli v29.5.3, github.com/docker/buildx v0.34.1, buildkit v0.30.0 #13841
• stacked on chore(deps): golang.org/x/crypto v0.53.0 #13844
• stacked on pkg/e2e: fix malformed JWT in fixtures #13857
• stacked on chore(deps): bump github.com/golang-jwt/jwt/v5 to v5.3.1 #13847

What I did

Related issue

(not mandatory) A picture of a cute animal, if possible in relation to what you did

[thaJeztah]

Failure looks consistent, but not sure if it's my PR, or if something broken on main;

=== Failed
=== FAIL: pkg/e2e TestPublishChecks/detect_sensitive_data (0.03s)
    publish_test.go:152: assertion failed: expression is false: strings.Contains(output, "JSON Web Token\n\"\": ***"+"eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw"): you are about to publish sensitive data within your OCI artifact.
        please double check that you are not leaking sensitive data
        AWS Client ID
        "services.serviceA.environment.AWS_ACCESS_KEY_ID": A3TX1234567890ABCDEF
        AWS Secret Key
        "services.serviceA.environment.AWS_SECRET_ACCESS_KEY": aws"12345+67890/abcdefghijklm+NOPQRSTUVWXYZ+"
        Keyword Detector
        "secrets.mysecret.file": /home/runner/work/compose/compose/pkg/e2e/fixtures/publish/secret.txt
        Github authentication
        "GITHUB_TOKEN": ***
        Private Key
        "": -----BEGIN DSA PRIVATE KEY-----
        wxyz+ABC=
        -----END DSA PRIVATE KEY-----
        Are you ok to publish these sensitive data?warning: GOCOVERDIR not set, no coverage data emitted
        
        
    --- FAIL: TestPublishChecks/detect_sensitive_data (0.03s)

[thaJeztah]

Maybe changes in this? golang-jwt/jwt@v5.3.0...v5.3.1

[thaJeztah]

☝️ it was! #13857

[codecov]

Codecov Report

❌ Patch coverage is 0% with 15 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
pkg/mocks/mock_docker_api.go	0.00%	13 Missing ⚠️
pkg/dryrun/dryrunclient.go	0.00%	2 Missing ⚠️

📢 Thoughts on this report? Let us know!

[Copilot]

Pull request overview

Updates Docker-related Go module dependencies (Docker CLI, Buildx, BuildKit, Moby client) and aligns internal wrappers/mocks with newly introduced Docker API surface so the codebase continues to compile against the upgraded client interfaces.

Changes:

• Bump core dependencies: github.com/docker/cli to v29.6.0, github.com/docker/buildx to v0.35.0, and github.com/moby/buildkit to v0.31.0 (plus related indirect updates via go.mod/go.sum).
• Add ImageAttestations support to the dry-run client to satisfy the updated client.APIClient interface.
• Regenerate/update the GoMock APIClient mock to include ImageAttestations.

Reviewed changes

Copilot reviewed 2 out of 4 changed files in this pull request and generated no comments.

File	Description
pkg/mocks/mock_docker_api.go	Updates generated client.APIClient gomock with the new ImageAttestations method.
pkg/dryrun/dryrunclient.go	Adds DryRunClient.ImageAttestations delegating to the underlying API client.
go.mod	Bumps Docker/Buildx/BuildKit + related dependency versions and adjusts indirect requirements.
go.sum	Updates dependency checksums to match the new module versions.

Files not reviewed (1)

• pkg/mocks/mock_docker_api.go: Generated file

[docker-agent]

Assessment: 🟢 APPROVE

Dependency bump review for github.com/docker/cli v29.6.0, github.com/docker/buildx v0.35.0, github.com/moby/buildkit v0.31.0.

Summary of code changes:

• pkg/dryrun/dryrunclient.go: Added ImageAttestations method to satisfy the updated client.APIClient interface from github.com/moby/moby/client v0.5.0. The implementation correctly delegates to the underlying apiClient, consistent with other read-only methods on DryRunClient. The compile-time assertion (var _ client.APIClient = &DryRunClient{}) ensures interface completeness.

• pkg/mocks/mock_docker_api.go: Added the corresponding gomock stub for ImageAttestations, following the same variadic pattern used by ImageHistory and other methods. Recorder method is also correctly added.

• go.mod / go.sum: Routine version bumps with correctly matched hash pairs.

No bugs, logic errors, missing implementations, resource leaks, or security issues were found in the added code.