Nicolás Alonso

This solves https://github.com/lynndylanhurley/devise_token_auth/issues/1548

Instead of adding `extra_build_args: '--provenance=false'` you can create an Environment variable on the project or context with `BUILDX_NO_DEFAULT_ATTESTATIONS=1`. Doing it in this way you don't need to change the code...

@bjohnso5 Could you help me move this forward? Happy to receive comments. Thanks in advance!

Would it be possible to release this in version 3.5.1, as it addresses a security-related issue? https://security.snyk.io/vuln/SNYK-JS-COOKIE-8163060 https://www.cve.org/CVERecord?id=CVE-2024-47764 Also, there are new versions of `cookie`, `0.7.2`, `1.0.0` and `1.0.1` happy...