build(deps): bump github.com/docker/buildx from 0.8.2 to 0.10.0

[dependabot]

Bumps github.com/docker/buildx from 0.8.2 to 0.10.0.

Release notes

Sourced from github.com/docker/buildx's releases.

v0.10.0

Welcome to the 0.10.0 release of buildx!

Please try out the release binaries and report any issues at https://github.com/docker/buildx/issues.

Notable changes

• Build command supports new flags --attest and shorthands --sbom and --provenance for adding attestations for your current build. --attest type=sbom or --sbom=true will generate SBOM (Software Bill of Materials) attestation for your build result in SPDX format. --attest type=provenance or --provenance=true will generate SLSA provenance attestation for your build result with information about how the build was performed. When creating OCI images a minimal provenance attestation is included with the image by default. This feature requires BuildKit v0.11.0+. Read more about advanced SBOM options from BuildKit docs. #1412 #1475

• When building with BuildKit that supports provenance attestations Buildx will automatically share the version control information of your build context so it can be shown in provenance for later debugging. Previously this only happened when building from a Git URL directly. To opt-out of this behavior you can set BUILDX_GIT_INFO=0. Optionally you can also automatically define labels with VCS info by setting BUILDX_GIT_LABELS=1. #1462 #1297 #1341 #1468 #1477

• Named contexts with --build-context now support oci-layout:// protocol for initializing the context with a value of a local OCI layout directory. E.g. --build-context stagename=oci-layout://path/to/dir. This feature requires BuildKit v0.11.0+ and Dockerfile 1.5.0+. #1456

• Bake now supports resource interpolation where you can reuse the values from other target definitions. #1434

• Buildx will now automatically forward SOURCE_DATE_EPOCH build-arg if one is defined in your environment. This feature is meant to be used with updated reproducible builds support in BuildKit v0.11.0+ #1482

• Buildx will now remember the last activity for a builder for better organization of builder instances. #1439

• Bake now supports null values for build arguments and label to use the defaults set in Dockerfile #1449

• Imagetools inspect commands now supports showind SBOM and Provenance data #1444 #1498

• Increase performance of buildx ls and inspect flows #1430 #1454 #1455 #1345

• Adding extra hosts with Docker driver now supports Docker specific "host-gateway" special value #1446

• OCI exporter now supports tar=false option for exporting OCI format directly in a directory #1420

• Compose support has been updated to 1.6.0 #1387

• --invoke can now load default launch environment from the image metadata #1324

• Fix container driver behavior in regards to UserNS #1368

• Fix possible panic in Bake when using wrong variable value type #1442

• Fix possible panic in imagetools inspect #1441 #1406

• Fix sending empty --add-host value to BuildKit by default #1457

• Fix handling progress prefixes with progress groups #1305

• Fix recursively resolving groups in Bake #1313

• Fix possible wrong indentation on multi-node builder manifests #1396

• Fix possible panic from missing OpenTelemetry configuration #1383

... (truncated)

Commits

• 8764628 Merge pull request #1501 from tonistiigi/v0.10-picks
• 583fe71 docs: update with new inspect output
• 9fb3ff1 inspect: change additional spdxs to not have duplicates
• 9d4f38c inspect: provide access to multiple spdx documents
• 793082f inspect: parse sbom and provenance into json structs
• fe6f697 inspect: break after first matching attestation
• fd3fb75 github: update CI to buildkit v0.11
• 7fcea64 Merge pull request #1496 from thaJeztah/0.10_backport_docs_updates
• 05e0ce4 go.mod: update cli-docs-tool v0.5.1 and re-generate docs
• f8d9d1e docs: update anchor links
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #27.