build(deps): bump github.com/docker/buildx from 0.8.2 to 0.10.1

[dependabot]

Bumps github.com/docker/buildx from 0.8.2 to 0.10.1.

Release notes

Sourced from github.com/docker/buildx's releases.

v0.10.0

Welcome to the 0.10.0 release of buildx!

Please try out the release binaries and report any issues at https://github.com/docker/buildx/issues.

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. GCR and Lambda). You can optionally disable the default provenance attestation functionality using --provenance=false.

Notable changes

• Build command supports new flags --attest and shorthands --sbom and --provenance for adding attestations for your current build. --attest type=sbom or --sbom=true will generate SBOM (Software Bill of Materials) attestation for your build result in SPDX format. --attest type=provenance or --provenance=true will generate SLSA provenance attestation for your build result with information about how the build was performed. When creating OCI images a minimal provenance attestation is included with the image by default. This feature requires BuildKit v0.11.0+. Read more about advanced SBOM options from BuildKit docs. #1412 #1475

• When building with BuildKit that supports provenance attestations Buildx will automatically share the version control information of your build context so it can be shown in provenance for later debugging. Previously this only happened when building from a Git URL directly. To opt-out of this behavior you can set BUILDX_GIT_INFO=0. Optionally you can also automatically define labels with VCS info by setting BUILDX_GIT_LABELS=1. #1462 #1297 #1341 #1468 #1477

• Named contexts with --build-context now support oci-layout:// protocol for initializing the context with a value of a local OCI layout directory. E.g. --build-context stagename=oci-layout://path/to/dir. This feature requires BuildKit v0.11.0+ and Dockerfile 1.5.0+. #1456

• Bake now supports resource interpolation where you can reuse the values from other target definitions. #1434

• Buildx will now automatically forward SOURCE_DATE_EPOCH build-arg if one is defined in your environment. This feature is meant to be used with updated reproducible builds support in BuildKit v0.11.0+ #1482

• Buildx will now remember the last activity for a builder for better organization of builder instances. #1439

• Bake now supports null values for build arguments and label to use the defaults set in Dockerfile #1449

• Imagetools inspect commands now supports showind SBOM and Provenance data #1444 #1498

• Increase performance of buildx ls and inspect flows #1430 #1454 #1455 #1345

• Adding extra hosts with Docker driver now supports Docker specific "host-gateway" special value #1446

• OCI exporter now supports tar=false option for exporting OCI format directly in a directory #1420

• Compose support has been updated to 1.6.0 #1387

• --invoke can now load default launch environment from the image metadata #1324

• Fix container driver behavior in regards to UserNS #1368

• Fix possible panic in Bake when using wrong variable value type #1442

• Fix possible panic in imagetools inspect #1441 #1406

• Fix sending empty --add-host value to BuildKit by default #1457

• Fix handling progress prefixes with progress groups #1305

• Fix recursively resolving groups in Bake #1313

... (truncated)

Commits

• 481796f Merge pull request #1556 from crazy-max/0.10.1_cherry_picks
• 0090d49 vendor: update buildkit to v0.11.2
• 389ac0c build: set remote origin url
• 2bb8ce2 build: create error group per opt
• 65cea45 build: reorder error group funcs
• f7bd5b9 build: use copy for BuildWithResultHandler loop vars
• 8c14407 imagetools: silence intoto warnings
• 5245a2b rm: do not check for context builders when removing inactive
• 44d99d4 build: mark capabilities request as internal
• 14942a2 docs: fix broken link in buildx_bake CLI reference
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #29.