coredns/1.12.0-r1: cve remediation

coredns.yaml

@@ -1,7 +1,7 @@
 package:
   name: coredns
   version: 1.12.0
-  epoch: 1
+  epoch: 2
   description: CoreDNS is a DNS server that chains plugins
   copyright:
     - license: Apache-2.0
@@ -25,7 +25,7 @@ pipeline:
 
   - uses: go/bump
     with:
-      deps: github.com/quic-go/[email protected]
+      deps: github.com/quic-go/[email protected] golang.org/x/[email protected]
 
   - uses: go/build
     with:
@@ -40,6 +40,11 @@ subpackages:
     description: CoreDNS with plugins used by Kuma
     pipeline:
       - runs: |
+          # We need to explicitly set the GOLANG_VERSION since it's used by
+          # the make file below and if there are mismatches, things go bad.
+          # For more details: https://github.com/wolfi-dev/os/pull/36612#issuecomment-2547453359
+          export GOLANG_VERSION=`go version | sed -n 's/.*go\([0-9.]*\).*/\1/p'`
+
           # Build with plugins used by Kuma
           # Plugin list: https://github.com/kumahq/coredns-builds/blob/main/plugin.cfg
           mv kuma-plugin.cfg plugin.cfg