fix: [CI-21697]: resolve EoL components and security advisories

[abhay084]

Address End-of-Life (EoL) components and security vulnerabilities identified in CI-21697 for plugins/buildx Docker images.

Go Version Upgrade

• Upgrade Go from 1.23.0 to 1.25.0 (go1.23.x EOL: 2025-08-12)
• Upgrade toolchain from go1.24.2 to go1.25.8 (go1.24.x EOL: 2026-02-11)

Docker Base Image Upgrade

• Upgrade docker:28.1.1-dind to docker:29.3.1-dind
• Resolves EoL zfs 2.2.7-r0 (EOL: 2025-12-18)
• Resolves approaching EoL openssl 3.3.3-r0 (EOL: 2026-04-09)
• Resolves containerd/v2 security advisories (GHSA-cxfp-7pvr-95ff, GHSA-m6hq-p25p-ffr2, GHSA-pwhc-rpq9-4c8w)
• Resolves containernetworking/plugins advisories (GHSA-jv3w-x3r3-g6rm)

Buildx Plugin Upgrade

• Upgrade buildx from v0.23.0 to v0.32.1

Go Dependencies Updated

• github.com/aws/aws-sdk-go: v1.26.7 -> v1.55.8
• github.com/coreos/go-semver: v0.3.0 -> v0.3.1
• github.com/cpuguy83/go-md2man/v2: v2.0.2 -> v2.0.7
• github.com/inhies/go-bytesize: updated to latest
• github.com/jmespath/go-jmespath: v0.0.0 -> v0.4.0
• github.com/joho/godotenv: v1.3.0 -> v1.5.1
• github.com/sirupsen/logrus: v1.9.0 -> v1.9.4
• github.com/stretchr/testify: v1.7.0 -> v1.10.0
• github.com/urfave/cli: v1.22.2 -> v1.22.17
• golang.org/x/sys: v0.30.0 -> v0.42.0
• gopkg.in/yaml.v2: v2.2.8 -> v2.4.0
• gopkg.in/yaml.v3: updated to v3.0.1

Fixes: CI-21697

[Copilot]

Pull request overview

Updates the drone-buildx plugin’s build environment to address EoL components and security advisories by upgrading the Go toolchain, Docker-in-Docker base images, Buildx, and several Go dependencies.

Changes:

• Bump Go language/toolchain versions and refresh Go module dependencies (go.mod, go.sum).
• Upgrade Docker-in-Docker base images used for plugin images to docker:29.3.1-dind.
• Upgrade embedded Buildx binary download to v0.32.1 for both amd64 and arm64 images.

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated 1 comment.

File	Description
go.mod	Updates Go version/toolchain and bumps direct + indirect module dependencies.
go.sum	Updates dependency checksums to match the upgraded module graph.
docker/docker/Dockerfile.linux.amd64	Updates dind base image and Buildx download URL for amd64.
docker/docker/Dockerfile.linux.arm64	Updates dind base image and Buildx download URL for arm64.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

CI configs in this repo still pin golang:1.23 / golang:1.23.0 (see .drone.yml and .harness/harness.yaml). With go 1.25.0 + toolchain go1.25.8, those jobs will either fail if toolchain downloads are disallowed, or incur an implicit toolchain download. Consider updating the CI images to Go 1.25.x (or explicitly configuring GOTOOLCHAIN behavior) to keep builds deterministic and avoid CI breakages/timeouts.