Bump github.com/docker/docker from 20.10.8+incompatible to 20.10.9+incompatible

[dependabot]

Bumps github.com/docker/docker from 20.10.8+incompatible to 20.10.9+incompatible.

Release notes

Sourced from github.com/docker/docker's releases.

v20.10.9

This release is a security release with security fixes in the CLI, runtime, as well as updated versions of the containerd.io package and the Go runtime.

Client

• CVE-2021-41092 Ensure default auth config has address field set, to prevent credentials being sent to the default registry.

Runtime

• CVE-2021-41089 Create parent directories inside a chroot during docker cp to prevent a specially crafted container from changing permissions of existing files in the host’s filesystem.
• CVE-2021-41091 Lock down file permissions to prevent unprivileged users from discovering and executing programs in /var/lib/docker.

Packaging

• Update Golang runtime to Go 1.16.8, which contains fixes for CVE-2021-36221 and CVE-2021-39293
• Update static binaries and containerd.io rpm and deb packages to containerd v1.4.11 and runc v1.0.2 to address CVE-2021-41103.
• Update the bundled buildx version to v0.6.3 for rpm and deb packages.

Commits

• 79ea9d3 Merge pull request #5 from moby/20.10_bump_go_1.16.8
• fa78afe Update Go to 1.16.8
• bce32e5 Merge pull request #4 from moby/20.10-GHSA-v994-f8vw-g7j4-chroot-mkdir
• f0ab919 Merge pull request #2 from moby/20.10-GHSA-3fwx-pjgw-3558_0701-perms
• 80f1169 chrootarchive: don't create parent dirs outside of chroot
• 93ac040 Lock down docker root dir perms.
• d24c6dc Merge pull request #42721 from thaJeztah/20.10_backport_bump_go_1.16.7
• decb56a Update Go to 1.16.7
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

[lsm5]

@dependabot rebase

[dependabot]

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

[lsm5]

@dependabot recreate

[rhatdan]

LGTM