Bump github.com/docker/docker from 20.10.10+incompatible to 20.10.11+incompatible

[dependabot]

Bumps github.com/docker/docker from 20.10.10+incompatible to 20.10.11+incompatible.

Release notes

Sourced from github.com/docker/docker's releases.

v20.10.11

20.10.11

IMPORTANT

Due to net/http changes in Go 1.16, HTTP proxies configured through the $HTTP_PROXY environment variable are no longer used for TLS (https://) connections. Make sure you also set an $HTTPS_PROXY environment variable for handling requests to https:// URLs.

Refer to the HTTP/HTTPS proxy section to learn how to configure the Docker Daemon to use a proxy server. {: .important }

Distribution

• Handle ambiguous OCI manifest parsing to mitigate CVE-2021-41190 / GHSA-mc8v-mgrf-8f4m. See GHSA-xmmx-7jpf-fx42 for details.

Windows

• Fix panic.log file having read-only attribute set moby/moby#42987.

Packaging

• Update containerd to v1.4.12 to mitigate CVE-2021-41190.
• Update Golang runtime to Go 1.16.10.

Commits

• 847da18 Merge pull request #43004 from AkihiroSuda/cherrypick-42152
• 4a27cd1 Merge pull request #43027 from thaJeztah/20.10_backport_update_image_spec
• 7568123 Merge pull request #43023 from thaJeztah/20.10_bump_buildkit
• c988693 Merge pull request #43024 from thaJeztah/20.10_containerd_1.4.12
• dc01597 vendor: github.com/opencontainers/image-spec v1.0.2
• 11b3bfe Merge pull request #43028 from thaJeztah/20.10_fix_vendor_conf
• e0108db [20.10] fix vendor validation
• d47de2a [20.10] update containerd binary to v1.4.12
• da9c983 [20.10] vendor: github.com/moby/buildkit v0.8.3-4-gbc07b2b8
• 10106a0 Merge pull request from GHSA-xmmx-7jpf-fx42
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov-commenter]

Codecov Report

Merging #510 (76633a3) into main (933e908) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #510   +/-   ##
=======================================
  Coverage   51.12%   51.12%           
=======================================
  Files          41       41           
  Lines        1950     1950           
=======================================
  Hits          997      997           
  Misses        794      794           
  Partials      159      159           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 933e908...76633a3. Read the comment docs.