Merge pull request #1030 from crazy-max/secret-file-rm-copy

buildx(build): preserve original paths for file secrets
Merge pull request #1032 from docker/dependabot/npm_and_yarn/csv-parse-6.2.1
2026-03-24 13:51:30 +01:00 · 2026-03-21 10:24:26 +01:00 · 2026-03-20 22:53:38 +00:00 · 2026-03-20 15:01:12 +01:00 · 2026-03-20 15:00:53 +01:00 · 2026-03-20 14:04:19 +01:00
5 changed files with 254 additions and 173 deletions
--- a/.github/compose-releases.json
+++ b/.github/compose-releases.json
@@ -1,65 +1,128 @@
 {
  "latest": {
-    "id": 289948555,
-    "tag_name": "v5.1.0",
-    "html_url": "https://github.com/docker/compose/releases/tag/v5.1.0",
+    "id": 299261182,
+    "tag_name": "v5.1.1",
+    "html_url": "https://github.com/docker/compose/releases/tag/v5.1.1",
    "assets": [
-      "https://github.com/docker/compose/releases/download/v5.1.0/checksums.txt",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-darwin-aarch64",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-darwin-aarch64.provenance.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-darwin-aarch64.sbom.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-darwin-aarch64.sha256",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-darwin-aarch64.sigstore.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-darwin-x86_64",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-darwin-x86_64.provenance.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-darwin-x86_64.sbom.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-darwin-x86_64.sha256",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-darwin-x86_64.sigstore.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-aarch64",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-aarch64.provenance.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-aarch64.sbom.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-aarch64.sha256",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-aarch64.sigstore.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-armv6",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-armv6.provenance.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-armv6.sbom.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-armv6.sha256",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-armv6.sigstore.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-armv7",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-armv7.provenance.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-armv7.sbom.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-armv7.sha256",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-armv7.sigstore.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-ppc64le",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-ppc64le.provenance.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-ppc64le.sbom.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-ppc64le.sha256",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-ppc64le.sigstore.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-riscv64",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-riscv64.provenance.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-riscv64.sbom.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-riscv64.sha256",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-riscv64.sigstore.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-s390x",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-s390x.provenance.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-s390x.sbom.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-s390x.sha256",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-s390x.sigstore.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-x86_64",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-x86_64.provenance.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-x86_64.sbom.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-x86_64.sha256",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-x86_64.sigstore.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-windows-aarch64.exe",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-windows-aarch64.exe.sha256",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-windows-aarch64.provenance.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-windows-aarch64.sbom.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-windows-aarch64.sigstore.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-windows-x86_64.exe",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-windows-x86_64.exe.sha256",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-windows-x86_64.provenance.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-windows-x86_64.sbom.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-windows-x86_64.sigstore.json"
+      "https://github.com/docker/compose/releases/download/v5.1.1/checksums.txt",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-darwin-aarch64",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-darwin-aarch64.provenance.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-darwin-aarch64.sbom.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-darwin-aarch64.sha256",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-darwin-aarch64.sigstore.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-darwin-x86_64",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-darwin-x86_64.provenance.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-darwin-x86_64.sbom.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-darwin-x86_64.sha256",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-darwin-x86_64.sigstore.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-aarch64",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-aarch64.provenance.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-aarch64.sbom.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-aarch64.sha256",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-aarch64.sigstore.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-armv6",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-armv6.provenance.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-armv6.sbom.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-armv6.sha256",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-armv6.sigstore.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-armv7",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-armv7.provenance.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-armv7.sbom.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-armv7.sha256",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-armv7.sigstore.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-ppc64le",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-ppc64le.provenance.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-ppc64le.sbom.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-ppc64le.sha256",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-ppc64le.sigstore.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-riscv64",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-riscv64.provenance.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-riscv64.sbom.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-riscv64.sha256",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-riscv64.sigstore.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-s390x",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-s390x.provenance.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-s390x.sbom.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-s390x.sha256",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-s390x.sigstore.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-x86_64",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-x86_64.provenance.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-x86_64.sbom.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-x86_64.sha256",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-x86_64.sigstore.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-windows-aarch64.exe",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-windows-aarch64.exe.sha256",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-windows-aarch64.provenance.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-windows-aarch64.sbom.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-windows-aarch64.sigstore.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-windows-x86_64.exe",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-windows-x86_64.exe.sha256",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-windows-x86_64.provenance.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-windows-x86_64.sbom.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-windows-x86_64.sigstore.json"
+    ]
+  },
+  "v5.1.1": {
+    "id": 299261182,
+    "tag_name": "v5.1.1",
+    "html_url": "https://github.com/docker/compose/releases/tag/v5.1.1",
+    "assets": [
+      "https://github.com/docker/compose/releases/download/v5.1.1/checksums.txt",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-darwin-aarch64",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-darwin-aarch64.provenance.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-darwin-aarch64.sbom.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-darwin-aarch64.sha256",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-darwin-aarch64.sigstore.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-darwin-x86_64",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-darwin-x86_64.provenance.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-darwin-x86_64.sbom.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-darwin-x86_64.sha256",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-darwin-x86_64.sigstore.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-aarch64",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-aarch64.provenance.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-aarch64.sbom.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-aarch64.sha256",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-aarch64.sigstore.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-armv6",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-armv6.provenance.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-armv6.sbom.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-armv6.sha256",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-armv6.sigstore.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-armv7",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-armv7.provenance.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-armv7.sbom.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-armv7.sha256",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-armv7.sigstore.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-ppc64le",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-ppc64le.provenance.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-ppc64le.sbom.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-ppc64le.sha256",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-ppc64le.sigstore.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-riscv64",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-riscv64.provenance.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-riscv64.sbom.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-riscv64.sha256",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-riscv64.sigstore.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-s390x",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-s390x.provenance.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-s390x.sbom.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-s390x.sha256",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-s390x.sigstore.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-x86_64",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-x86_64.provenance.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-x86_64.sbom.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-x86_64.sha256",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-x86_64.sigstore.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-windows-aarch64.exe",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-windows-aarch64.exe.sha256",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-windows-aarch64.provenance.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-windows-aarch64.sbom.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-windows-aarch64.sigstore.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-windows-x86_64.exe",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-windows-x86_64.exe.sha256",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-windows-x86_64.provenance.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-windows-x86_64.sbom.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-windows-x86_64.sigstore.json"
    ]
  },
  "v5.1.0": {
@@ -282,66 +345,66 @@
    ]
  },
  "edge": {
-    "id": 289948555,
-    "tag_name": "v5.1.0",
-    "html_url": "https://github.com/docker/compose/releases/tag/v5.1.0",
+    "id": 299261182,
+    "tag_name": "v5.1.1",
+    "html_url": "https://github.com/docker/compose/releases/tag/v5.1.1",
    "assets": [
-      "https://github.com/docker/compose/releases/download/v5.1.0/checksums.txt",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-darwin-aarch64",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-darwin-aarch64.provenance.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-darwin-aarch64.sbom.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-darwin-aarch64.sha256",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-darwin-aarch64.sigstore.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-darwin-x86_64",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-darwin-x86_64.provenance.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-darwin-x86_64.sbom.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-darwin-x86_64.sha256",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-darwin-x86_64.sigstore.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-aarch64",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-aarch64.provenance.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-aarch64.sbom.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-aarch64.sha256",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-aarch64.sigstore.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-armv6",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-armv6.provenance.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-armv6.sbom.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-armv6.sha256",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-armv6.sigstore.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-armv7",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-armv7.provenance.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-armv7.sbom.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-armv7.sha256",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-armv7.sigstore.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-ppc64le",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-ppc64le.provenance.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-ppc64le.sbom.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-ppc64le.sha256",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-ppc64le.sigstore.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-riscv64",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-riscv64.provenance.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-riscv64.sbom.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-riscv64.sha256",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-riscv64.sigstore.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-s390x",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-s390x.provenance.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-s390x.sbom.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-s390x.sha256",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-s390x.sigstore.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-x86_64",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-x86_64.provenance.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-x86_64.sbom.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-x86_64.sha256",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-linux-x86_64.sigstore.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-windows-aarch64.exe",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-windows-aarch64.exe.sha256",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-windows-aarch64.provenance.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-windows-aarch64.sbom.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-windows-aarch64.sigstore.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-windows-x86_64.exe",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-windows-x86_64.exe.sha256",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-windows-x86_64.provenance.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-windows-x86_64.sbom.json",
-      "https://github.com/docker/compose/releases/download/v5.1.0/docker-compose-windows-x86_64.sigstore.json"
+      "https://github.com/docker/compose/releases/download/v5.1.1/checksums.txt",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-darwin-aarch64",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-darwin-aarch64.provenance.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-darwin-aarch64.sbom.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-darwin-aarch64.sha256",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-darwin-aarch64.sigstore.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-darwin-x86_64",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-darwin-x86_64.provenance.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-darwin-x86_64.sbom.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-darwin-x86_64.sha256",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-darwin-x86_64.sigstore.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-aarch64",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-aarch64.provenance.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-aarch64.sbom.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-aarch64.sha256",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-aarch64.sigstore.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-armv6",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-armv6.provenance.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-armv6.sbom.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-armv6.sha256",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-armv6.sigstore.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-armv7",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-armv7.provenance.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-armv7.sbom.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-armv7.sha256",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-armv7.sigstore.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-ppc64le",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-ppc64le.provenance.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-ppc64le.sbom.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-ppc64le.sha256",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-ppc64le.sigstore.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-riscv64",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-riscv64.provenance.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-riscv64.sbom.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-riscv64.sha256",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-riscv64.sigstore.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-s390x",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-s390x.provenance.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-s390x.sbom.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-s390x.sha256",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-s390x.sigstore.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-x86_64",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-x86_64.provenance.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-x86_64.sbom.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-x86_64.sha256",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-linux-x86_64.sigstore.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-windows-aarch64.exe",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-windows-aarch64.exe.sha256",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-windows-aarch64.provenance.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-windows-aarch64.sbom.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-windows-aarch64.sigstore.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-windows-x86_64.exe",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-windows-x86_64.exe.sha256",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-windows-x86_64.provenance.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-windows-x86_64.sbom.json",
+      "https://github.com/docker/compose/releases/download/v5.1.1/docker-compose-windows-x86_64.sigstore.json"
    ]
  },
  "v5.0.0-rc.2": {
--- a/tests/buildx/build.test.ts
+++ b/tests/buildx/build.test.ts
@@ -267,44 +267,63 @@ describe('resolveProvenanceAttrs', () => {
 });

 describe('resolveSecret', () => {
+  // prettier-ignore
  test.each([
-    ['A_SECRET=abcdef0123456789', false, 'A_SECRET', 'abcdef0123456789', null],
-    ['GIT_AUTH_TOKEN=abcdefghijklmno=0123456789', false, 'GIT_AUTH_TOKEN', 'abcdefghijklmno=0123456789', null],
-    ['MY_KEY=c3RyaW5nLXdpdGgtZXF1YWxzCg==', false, 'MY_KEY', 'c3RyaW5nLXdpdGgtZXF1YWxzCg==', null],
-    ['aaaaaaaa', false, '', '', new Error('aaaaaaaa is not a valid secret')],
-    ['aaaaaaaa=', false, '', '', new Error('aaaaaaaa= is not a valid secret')],
-    ['=bbbbbbb', false, '', '', new Error('=bbbbbbb is not a valid secret')],
-    [`foo=${path.join(fixturesDir, 'secret.txt')}`, true, 'foo', 'bar', null],
-    [`notfound=secret`, true, '', '', new Error('secret file secret not found')]
-  ])('given %o key and %o secret', async (kvp: string, file: boolean, exKey: string, exValue: string, error: Error | null) => {
-    try {
-      let secret: string;
-      if (file) {
-        secret = Build.resolveSecretFile(kvp);
-      } else {
-        secret = Build.resolveSecretString(kvp);
-      }
-      expect(secret).toEqual(`id=${exKey},src=${tmpName}`);
-      expect(fs.readFileSync(tmpName, 'utf-8')).toEqual(exValue);
-    } catch (e) {
-      // eslint-disable-next-line vitest/no-conditional-expect
-      expect(e.message).toEqual(error?.message);
-    }
+    ['A_SECRET=abcdef0123456789', 'A_SECRET', 'abcdef0123456789'],
+    ['GIT_AUTH_TOKEN=abcdefghijklmno=0123456789', 'GIT_AUTH_TOKEN', 'abcdefghijklmno=0123456789'],
+    ['MY_KEY=c3RyaW5nLXdpdGgtZXF1YWxzCg==', 'MY_KEY', 'c3RyaW5nLXdpdGgtZXF1YWxzCg==']
+  ])('given %o key and string secret', (kvp: string, exKey: string, exValue: string) => {
+    const secret = Build.resolveSecretString(kvp);
+    expect(secret).toEqual(`id=${exKey},src=${tmpName}`);
+    expect(fs.readFileSync(tmpName, 'utf-8')).toEqual(exValue);
  });

+  // prettier-ignore
  test.each([
-    ['FOO=bar', 'FOO', 'bar', null],
-    ['FOO=', 'FOO', '', new Error('FOO= is not a valid secret')],
-    ['=bar', '', '', new Error('=bar is not a valid secret')],
-    ['FOO=bar=baz', 'FOO', 'bar=baz', null]
-  ])('given %o key and %o env', async (kvp: string, exKey: string, exValue: string, error: Error | null) => {
-    try {
-      const secret = Build.resolveSecretEnv(kvp);
-      expect(secret).toEqual(`id=${exKey},env=${exValue}`);
-    } catch (e) {
-      // eslint-disable-next-line vitest/no-conditional-expect
-      expect(e.message).toEqual(error?.message);
-    }
+    [`foo=${path.join(fixturesDir, 'secret.txt')}`, 'foo', path.join(fixturesDir, 'secret.txt')]
+  ])('given %o key and file secret', (kvp: string, exKey: string, exSrc: string) => {
+    const secret = Build.resolveSecretFile(kvp);
+    expect(secret).toEqual(`id=${exKey},src=${exSrc}`);
+  });
+
+  // prettier-ignore
+  test.each([
+    ['aaaaaaaa', false, 'aaaaaaaa is not a valid secret'],
+    ['aaaaaaaa=', false, 'aaaaaaaa= is not a valid secret'],
+    ['=bbbbbbb', false, '=bbbbbbb is not a valid secret'],
+    ['notfound=secret', true, 'secret file secret not found']
+  ])('given %o key and %o secret throws', (kvp: string, file: boolean, errorMessage: string) => {
+    const resolve = (): string => (file ? Build.resolveSecretFile(kvp) : Build.resolveSecretString(kvp));
+    expect(resolve).toThrow(errorMessage);
+  });
+
+  // prettier-ignore
+  test('preserves file-backed secret path and bytes', async () => {
+    fs.mkdirSync(tmpDir, {recursive: true});
+    const sourceFile = path.join(tmpDir, 'secret.bin');
+    const sourceBytes = Buffer.from([0x50, 0x4b, 0x03, 0x04, 0x00, 0xff, 0x41, 0x42, 0x43, 0x0a, 0x80]);
+    fs.writeFileSync(sourceFile, sourceBytes);
+    const secret = Build.resolveSecretFile(`foo=${sourceFile}`);
+    expect(secret).toEqual(`id=foo,src=${sourceFile}`);
+    expect(fs.readFileSync(sourceFile)).toEqual(sourceBytes);
+    expect(fs.existsSync(tmpName)).toBeFalsy();
+  });
+
+  // prettier-ignore
+  test.each([
+    ['FOO=bar', 'FOO', 'bar'],
+    ['FOO=bar=baz', 'FOO', 'bar=baz']
+  ])('given %o key and %o env', (kvp: string, exKey: string, exValue: string) => {
+    const secret = Build.resolveSecretEnv(kvp);
+    expect(secret).toEqual(`id=${exKey},env=${exValue}`);
+  });
+
+  // prettier-ignore
+  test.each([
+    ['FOO=', 'FOO= is not a valid secret'],
+    ['=bar', '=bar is not a valid secret']
+  ])('given %o key and %o env throws', (kvp: string, errorMessage: string) => {
+    expect(() => Build.resolveSecretEnv(kvp)).toThrow(errorMessage);
  });
 });

--- a/package.json
+++ b/package.json
@@ -55,7 +55,7 @@
    "@sigstore/tuf": "^4.0.2",
    "@sigstore/verify": "^3.1.0",
    "async-retry": "^1.3.3",
-    "csv-parse": "^6.2.0",
+    "csv-parse": "^6.2.1",
    "gunzip-maybe": "^1.4.2",
    "handlebars": "^4.7.8",
    "he": "^1.2.0",
--- a/src/buildx/build.ts
+++ b/src/buildx/build.ts
@@ -206,15 +206,14 @@ export class Build {

  public static resolveSecret(kvp: string, opts?: ResolveSecretsOpts): [string, string] {
    const [key, value] = Build.parseSecretKvp(kvp, opts?.redact);
-    const secretFile = Context.tmpName({tmpdir: Context.tmpDir()});
    if (opts?.asFile) {
      if (!fs.existsSync(value)) {
        throw new Error(`secret file ${value} not found`);
      }
-      fs.copyFileSync(value, secretFile);
-    } else {
-      fs.writeFileSync(secretFile, value);
+      return [key, value];
    }
+    const secretFile = Context.tmpName({tmpdir: Context.tmpDir()});
+    fs.writeFileSync(secretFile, value);
    return [key, secretFile];
  }

--- a/yarn.lock
+++ b/yarn.lock
@@ -395,7 +395,7 @@ __metadata:
    "@vitest/coverage-v8": "npm:^4.0.18"
    "@vitest/eslint-plugin": "npm:^1.6.9"
    async-retry: "npm:^1.3.3"
-    csv-parse: "npm:^6.2.0"
+    csv-parse: "npm:^6.2.1"
    eslint: "npm:^9.39.3"
    eslint-config-prettier: "npm:^10.1.8"
    eslint-plugin-prettier: "npm:^5.5.5"
@@ -2199,10 +2199,10 @@ __metadata:
  languageName: node
  linkType: hard

-"csv-parse@npm:^6.2.0":
-  version: 6.2.0
-  resolution: "csv-parse@npm:6.2.0"
-  checksum: 10/45d0659e11bf2126a2e9b63c2b4206ebaef6ffcaad9b0b98bf4863ad1d94656ad6e00c4cf87c6b0767b5edc1d1dd133d906f7181e689e62fd84b3a9947643eff
+"csv-parse@npm:^6.2.1":
+  version: 6.2.1
+  resolution: "csv-parse@npm:6.2.1"
+  checksum: 10/7fbde1225c6df6aaea01a202934e1f15ce16ed55e544ead0d066b0c4dc9ae1a2fc881b412889cbf115cd74cbf14ea17388b394e8a31e05cb412dd7dc6114bebd
  languageName: node
  linkType: hard

@@ -2686,15 +2686,15 @@ __metadata:
  linkType: hard

 "fast-xml-parser@npm:^5.0.7":
-  version: 5.5.6
-  resolution: "fast-xml-parser@npm:5.5.6"
+  version: 5.5.7
+  resolution: "fast-xml-parser@npm:5.5.7"
  dependencies:
    fast-xml-builder: "npm:^1.1.4"
    path-expression-matcher: "npm:^1.1.3"
-    strnum: "npm:^2.1.2"
+    strnum: "npm:^2.2.0"
  bin:
    fxparser: src/cli/cli.js
-  checksum: 10/91a42a0cf99c83b0e721ceef9c189509e96c91c1875901c6ce6017f78ad25284f646a77a541e96ee45a15c2f13b7780d090c906c3ec3f262db03e7feb1e62315
+  checksum: 10/b69e65cb1c6b43487f1702c5cdd6a67589e4760ba41c06826e56891594cb2d322a6b81cd15b4c01b88ef9bc58657c92cd7d86c6f0e078a2f94ede31533fbaf7e
  languageName: node
  linkType: hard

@@ -2740,9 +2740,9 @@ __metadata:
  linkType: hard

 "flatted@npm:^3.2.9":
-  version: 3.3.1
-  resolution: "flatted@npm:3.3.1"
-  checksum: 10/7b8376061d5be6e0d3658bbab8bde587647f68797cf6bfeae9dea0e5137d9f27547ab92aaff3512dd9d1299086a6d61be98e9d48a56d17531b634f77faadbc49
+  version: 3.4.2
+  resolution: "flatted@npm:3.4.2"
+  checksum: 10/a9e78fe5c2c1fcd98209a015ccee3a6caa953e01729778e83c1fe92e68601a63e1e69cd4e573010ca99eaf585a581b80ccf1018b99283e6cbc2117bcba1e030f
  languageName: node
  linkType: hard

@@ -4628,10 +4628,10 @@ __metadata:
  languageName: node
  linkType: hard

-"strnum@npm:^2.1.2":
-  version: 2.1.2
-  resolution: "strnum@npm:2.1.2"
-  checksum: 10/7d894dff385e3a5c5b29c012cf0a7ea7962a92c6a299383c3d6db945ad2b6f3e770511356a9774dbd54444c56af1dc7c435dad6466c47293c48173274dd6c631
+"strnum@npm:^2.2.0":
+  version: 2.2.1
+  resolution: "strnum@npm:2.2.1"
+  checksum: 10/c553d83e1adc223bc33c29c6e8b0c4a512d5d432ae636c6117a713c9e6d50d2bf2d3d6bc53cd8dc210c3cf27986904bee44e6d58ad8c767507a27d90400a572b
  languageName: node
  linkType: hard
Author	SHA1	Message	Date
CrazyMax	c6393e7db0	Merge pull request #1030 from crazy-max/secret-file-rm-copy Some checks failed publish / publish (push) Has been cancelled Details buildx(build): preserve original paths for file secrets	2026-03-24 13:51:30 +01:00
CrazyMax	ed92d5bfc1	Merge pull request #1032 from docker/dependabot/npm_and_yarn/csv-parse-6.2.1 build(deps): bump csv-parse from 6.2.0 to 6.2.1	2026-03-21 10:24:26 +01:00
dependabot[bot]	51b8539246	build(deps): bump csv-parse from 6.2.0 to 6.2.1 Bumps [csv-parse](https://github.com/adaltas/node-csv/tree/HEAD/packages/csv-parse) from 6.2.0 to 6.2.1. - [Changelog](https://github.com/adaltas/node-csv/blob/master/packages/csv-parse/CHANGELOG.md) - [Commits](https://github.com/adaltas/node-csv/commits/csv-parse@6.2.1/packages/csv-parse) --- updated-dependencies: - dependency-name: csv-parse dependency-version: 6.2.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-20 22:53:38 +00:00
CrazyMax	13b1e23099	Merge pull request #1029 from docker/dependabot/npm_and_yarn/fast-xml-parser-5.5.7 build(deps): bump fast-xml-parser from 5.5.6 to 5.5.7	2026-03-20 15:01:12 +01:00
CrazyMax	a77c02abb5	Merge pull request #1028 from docker/dependabot/npm_and_yarn/flatted-3.4.2 build(deps): bump flatted from 3.3.1 to 3.4.2	2026-03-20 15:00:53 +01:00
CrazyMax	e459d51261	Merge pull request #1031 from docker/bot/compose-releases-json Update `.github/compose-releases.json`	2026-03-20 14:04:19 +01:00
crazy-max	2c17edf5bb	github: update .github/compose-releases.json Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-03-20 12:21:44 +00:00
CrazyMax	8b5d8e53b6	buildx(build): preserve original paths for file secrets Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2026-03-20 10:47:59 +01:00
dependabot[bot]	0cad5b4863	build(deps): bump fast-xml-parser from 5.5.6 to 5.5.7 Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 5.5.6 to 5.5.7. - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.6...v5.5.7) --- updated-dependencies: - dependency-name: fast-xml-parser dependency-version: 5.5.7 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-20 01:28:29 +00:00
dependabot[bot]	a5c22330fd	build(deps): bump flatted from 3.3.1 to 3.4.2 Bumps [flatted](https://github.com/WebReflection/flatted) from 3.3.1 to 3.4.2. - [Commits](https://github.com/WebReflection/flatted/compare/v3.3.1...v3.4.2) --- updated-dependencies: - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-20 01:01:08 +00:00