Bump github.com/docker/buildx from 0.8.1 to 0.10.4

[dependabot]

Bumps github.com/docker/buildx from 0.8.1 to 0.10.4.

Release notes

Sourced from github.com/docker/buildx's releases.

v0.10.4

Welcome to the 0.10.4 release of buildx!

Please try out the release binaries and report any issues at https://github.com/docker/buildx/issues.

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and Lambda). You can optionally disable the default provenance attestation functionality using --provenance=false.

Notable changes

• Add BUILDX_NO_DEFAULT_ATTESTATIONS as alternative to --provenance false #1645
• Disable dirty Git checkout detection by default for performance. Can be enabled with BUILDX_GIT_CHECK_DIRTY opt-in #1650
• Strip credentials from VCS hint URL before sending to BuildKit #1664

v0.10.3

Welcome to the 0.10.3 release of buildx!

Please try out the release binaries and report any issues at https://github.com/docker/buildx/issues.

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and Lambda). You can optionally disable the default provenance attestation functionality using --provenance=false.

Notable changes

• Fix reachable commit and warnings on collecting Git provenance info #1592 #1634
• Fix a regression where docker context was not being validated #1596
• Fix function resolution with JSON bake definition #1605
• Fix case where original HCL bake diagnostic is discarded #1607
• Fix labels not correctly set with bake and compose file #1631

v0.10.2

Welcome to the 0.10.2 release of buildx!

Please try out the release binaries and report any issues at https://github.com/docker/buildx/issues.

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and Lambda). You can optionally disable the default provenance attestation functionality using --provenance=false.

Notable changes

• Fix preferred platforms order not taken into account in multi-node builds #1561
• Fix possible panic on handling SOURCE_DATE_EPOCH environment variable #1564
• Fix possible push error on multi-node manifest merge since BuildKit v0.11 on some registries #1566
• Improve warnings on collecting Git provenance info #1568

... (truncated)

Commits

• c513d34 Merge pull request #1664 from crazy-max/v0.10_backport_stripcreds
• d455c07 build: strip credentials from remote url on collecting Git provenance info
• 5ac3b4c Merge pull request #1662 from crazy-max/v0.10.4_picks
• b1440b0 build: makes git dirty check opt-in
• a3286a0 docs: added --platform=local example
• b79345c Merge pull request #1645 from cpuguy83/0.10_env_no_provenance
• 23eb3c3 Add env var to disable default attestations
• 79e156b Merge pull request #1636 from crazy-max/v0.10_backport_ci-update-ver
• c960d16 ci: update buildx and buildkit to latest
• b5b9de6 Merge pull request #1635 from crazy-max/v0.10_backport_fix-git-ambiguous
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)