Update dependencies to include security patches reported by dependabot for agent

[yinyic]

Summary

Update dependencies to include security patches reported by dependabot for agent

Implementation details

Ran go get, go mod tidy and go mod vendor to updatedpackages that have security vulnerabilities called out by dependabot.

For amazon-ecs-agent/agent, affected packages are

• containernetworking/cni - upgrade to use 0.8.1

  • https://github.com/aws/amazon-ecs-agent/security/dependabot/12 requires 0.8.1
  • Changes to address updated API spec
    • Result.String() was removed from CNI API in this PR. We will simply print the struct instead. We also reran mock gen for ecscni package to address the API changes.
    • Network Name is now required to be non-empty during CNI invocation due to this PR. We will add a placeholder string to fulfill the spec.
    • Network ifname (interface name) now needs to be less than 14 characters due to this PR

• github.com/docker/docker - upgrade to use 1.6.1 - we are already using a newer version released in 2020, while 1.6.1 was released in year 2015
  

  • https://github.com/aws/amazon-ecs-agent/security/dependabot/11 requires 1.3.3
  • https://github.com/aws/amazon-ecs-agent/security/dependabot/10 requires 1.3.3
  • https://github.com/aws/amazon-ecs-agent/security/dependabot/6 requires 1.3.2
  • https://github.com/aws/amazon-ecs-agent/security/dependabot/4 requires 1.0.1
  • https://github.com/aws/amazon-ecs-agent/security/dependabot/13 requires 1.3.1
  • https://github.com/aws/amazon-ecs-agent/security/dependabot/7 requires 1.6.1
  • https://github.com/aws/amazon-ecs-agent/security/dependabot/5 requires 1.3.2

• github.com/containerd/containerd

  • https://github.com/aws/amazon-ecs-agent/security/dependabot/8 requires 1.4.13

Testing

make test
make release

New tests cover the changes: no

Description for the changelog

Update dependencies to include security patches reported by dependabot for agent

Licensing

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[Realmonia]

Looks good to me, thanks for the changes!

Q: Is the changes we made in this PR for CNI v0.8.1 compatible with CNI v1.x? I think we probably want to update to that as it is the latest supported major version

[fierlion]

Thank you for this -- these dependency fixes are a big hill to climb!

[fierlion]

The steps in the description are clear and most of the changes are in vendor. Again thanks for this.

[yinyic]

Looks good to me, thanks for the changes!

Q: Is the changes we made in this PR for CNI v0.8.1 compatible with CNI v1.x? I think we probably want to update to that as it is the latest supported major version

I've not looked into v1.x, but would expect to see maybe some more API changes that need to be addressed, considering it's a major version bump. It's probably better to take up a separate task for the upgrade. Also, it may be helpful to sync up with CNI version in https://github.com/aws/amazon-vpc-cni-plugins (currently at 0.8.1)