build(deps): bump github.com/docker/buildx from 0.10.3 to 0.10.4

[dependabot]

Bumps github.com/docker/buildx from 0.10.3 to 0.10.4.

Release notes

Sourced from github.com/docker/buildx's releases.

v0.10.4

Welcome to the 0.10.4 release of buildx!

Please try out the release binaries and report any issues at https://github.com/docker/buildx/issues.

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and Lambda). You can optionally disable the default provenance attestation functionality using --provenance=false.

Notable changes

• Add BUILDX_NO_DEFAULT_ATTESTATIONS as alternative to --provenance false #1645
• Disable dirty Git checkout detection by default for performance. Can be enabled with BUILDX_GIT_CHECK_DIRTY opt-in #1650
• Strip credentials from VCS hint URL before sending to BuildKit #1664

Commits

• c513d34 Merge pull request #1664 from crazy-max/v0.10_backport_stripcreds
• d455c07 build: strip credentials from remote url on collecting Git provenance info
• 5ac3b4c Merge pull request #1662 from crazy-max/v0.10.4_picks
• b1440b0 build: makes git dirty check opt-in
• a3286a0 docs: added --platform=local example
• b79345c Merge pull request #1645 from cpuguy83/0.10_env_no_provenance
• 23eb3c3 Add env var to disable default attestations
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

Patch coverage has no change and project coverage change: -20.78 ⚠️

Comparison is base (62fbf20) 74.18% compared to head (f7a13ae) 53.41%.

Additional details and impacted files

@@             Coverage Diff             @@
##               v2   #10352       +/-   ##
===========================================
- Coverage   74.18%   53.41%   -20.78%     
===========================================
  Files           2      104      +102     
  Lines         275     8942     +8667     
===========================================
+ Hits          204     4776     +4572     
- Misses         60     3646     +3586     
- Partials       11      520      +509     

see 106 files with indirect coverage changes

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

[laurazard]

Do we actually still have a replace for this?