Bump github.com/docker/docker from 17.12.0-ce-rc1.0.20200505174321-1655290016ac+incompatible to 20.10.11+incompatible

[dependabot]

Bumps github.com/docker/docker from 17.12.0-ce-rc1.0.20200505174321-1655290016ac+incompatible to 20.10.11+incompatible.

Release notes

Sourced from github.com/docker/docker's releases.

v20.10.11

20.10.11

IMPORTANT

Due to net/http changes in Go 1.16, HTTP proxies configured through the $HTTP_PROXY environment variable are no longer used for TLS (https://) connections. Make sure you also set an $HTTPS_PROXY environment variable for handling requests to https:// URLs.

Refer to the HTTP/HTTPS proxy section to learn how to configure the Docker Daemon to use a proxy server. {: .important }

Distribution

• Handle ambiguous OCI manifest parsing to mitigate CVE-2021-41190 / GHSA-mc8v-mgrf-8f4m. See GHSA-xmmx-7jpf-fx42 for details.

Windows

• Fix panic.log file having read-only attribute set moby/moby#42987.

Packaging

• Update containerd to v1.4.12 to mitigate CVE-2021-41190.
• Update Golang runtime to Go 1.16.10.

v20.10.10

20.10.10

IMPORTANT

Due to net/http changes in Go 1.16, HTTP proxies configured through the $HTTP_PROXY environment variable are no longer used for TLS (https://) connections. Make sure you also set an $HTTPS_PROXY environment variable for handling requests to https:// URLs.

Refer to the HTTP/HTTPS proxy section to learn how to configure the Docker Daemon to use a proxy server.

Builder

• Fix platform-matching logic to fix docker build using not finding images in the local image cache on Arm machines when using BuildKit moby/moby#42954

Runtime

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)