SUSE-SU-2025:20535-1

This update for docker fixes the following issues:

• Update to Go 1.24 for builds, to match upstream.

• Update to Docker 28.3.2-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/28/#2832

• Update to Docker 28.3.1-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/28/#2831

• Update to Docker 28.3.0-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/28/#2830 bsc#1246556

• Update to docker-buildx v0.25.0. Upstream changelog: https://github.com/docker/buildx/releases/tag/v0.25.0

• CVE-2025-22872: golang.org/x/net/html: Fixed incorrectly interpreted tags causing content to be placed wrong scope during DOM construction (bsc#1241830)

• Do not try to inject SUSEConnect secrets when in Rootless Docker mode, as Docker does not have permission to access the host zypper credentials in this mode (and unprivileged users cannot disable the feature using /etc/docker/suse-secrets-enable.) bsc#1240150

• Always clear SUSEConnect suse_* secrets when starting containers regardless of whether the daemon was built with SUSEConnect support. Not doing this causes containers from SUSEConnect-enabled daemons to fail to start when running with SUSEConnect-disabled (i.e. upstream) daemons.

  This was a long-standing issue with our secrets support but until recently this would've required migrating from SLE packages to openSUSE packages (which wasn't supported). However, as SLE Micro 6.x and SLES 16 will move away from in-built SUSEConnect support, this is now a practical issue users will run into. bsc#1244035